Privacy Policy

1. Data collected: We collect name, email, phone number, educational institution, student ID, registration category, event choices, and payment details necessary to process conference registration.
2. Payment details handling: We do not store full card numbers or CVV on our servers; card data is collected and processed through the chosen payment gateway.
3. Third-party payment processors: Payment processing is performed by third-party gateways; we share only the data required to complete the transaction (name, email, amount, and masked payment reference).
4. Sensitive data minimization: We collect only the minimum sensitive information required for registration and billing and do not request unnecessary sensitive personal data.
5. Consent: By registering and paying, users consent to the collection, processing, and sharing of their personal data as described in this policy.
6. Lawful basis: Processing of personal data for registration and payments is carried out on the lawful basis of contract performance and legitimate interest in administering the event.
7. Encryption in transit: All data transmitted during registration and payment is encrypted using TLS/SSL to protect information in transit.
8. Data at rest protection: Personal data stored by the conference site is protected with industry-standard technical and organisational measures, including access controls and encryption where appropriate.
9. Access controls: Access to registrant data is limited to authorised staff and service providers who need the information to fulfil registration, payment reconciliation, or event administration.
10. Payment gateway security compliance: We partner with payment processors that maintain industry security standards (such as PCI DSS compliance) and require those processors to protect cardholder data.
11. Masked and tokenized data: Where possible, stored payment references and tokens are masked or tokenized so that raw card details are never exposed to our systems or staff.
12. Fraud prevention and verification: We may share registration and payment information with fraud-prevention services and the payment gateway to detect and prevent fraudulent transactions.
13. Retention period: Registrant personal and payment-related records are retained only for as long as necessary for legal, tax, or event administration purposes and then securely deleted or anonymized.
14. Refunds and chargebacks: Refunds, chargebacks, and payment disputes require processing of transaction data; we retain the necessary records to investigate and resolve these requests.
15. Sharing with third parties: We will not sell personal data; we disclose registrant data to third parties only for payment processing, event delivery (badges, catering), legal compliance, or with explicit consent.
16. International transfers: If data is transferred outside the registrant's country for processing (including to payment processors), appropriate safeguards such as standard contractual clauses or equivalent protections will be applied.
17. Registrant rights: Registrants have the right to access, correct, or request deletion of their personal data, to object to processing, and to request portability where applicable; contact details for exercising rights are provided below.
18. Breach notification: In the event of a confirmed data breach affecting registrant personal data, we will notify affected individuals and relevant authorities in accordance with applicable law.
19. Children and student status: If a registrant is under any legal age threshold requiring parental consent, we will request and record appropriate consent and process data in line with applicable protections for minors.
20. Contact and policy changes: We provide a clear contact point for privacy inquiries and complaints; we will publish updates to this policy and notify registrants of material changes prior to implementation.

Contact for privacy requests: admin@atoms.org.in