Privacy Policy

Protecting the privacy of users of the website www.ursummit.com ("Website") is of particular importance to us. This Privacy Policy explains how we collect, use, and share personal information, and what rights users have in this regard.

The Data Controller of your personal data is:

In this Privacy Policy, "we", "us" or "our" refers to US for Ukraine LLC.

We process your personal data in accordance with the applicable data protection laws, including the General Data Protection Regulation (GDPR) for users from the European Economic Area (EEA) and applicable federal and state privacy laws in the United States.

We may collect and process the following categories of personal data:

• Information provided directly by you, including your name, email address, billing details, and other contact information during registration, ticket purchase, or when contacting us
• Login data and credentials if you create an account on the Website
• IP address, device data, browser type, and cookies – automatically collected when you browse the Website

The provision of your personal data is voluntary but necessary to register, log in, and purchase a ticket for our events.

Your personal data will be processed for the following purposes:

• Registration and Account Management – to allow you to create and manage a user account on the Website. Legal basis: Art. 6(1)(b) GDPR (contract performance)
• Ticket Purchase – to enable you to purchase and receive access to the event. Legal basis: Art. 6(1)(b) GDPR
• Communication – to respond to your inquiries and provide customer service. Legal basis: Art. 6(1)(f) GDPR (our legitimate interest in communicating with users)
• Newsletter (if applicable) – to send you updates about the event and related topics. Legal basis: Art. 6(1)(a) GDPR (your consent)
• Compliance with legal obligations – such as tax and accounting rules. Legal basis: Art. 6(1)(c) GDPR
• Website operation, analytics, and security – to ensure performance, analyze traffic, and prevent abuse. Legal basis: Art. 6(1)(f) GDPR
• Marketing (if applicable) – to promote our events and services, including through email or online ads. Legal basis: Art. 6(1)(f) GDPR; and, where required, Art. 6(1)(a) GDPR (consent)

We may share your personal data with the following categories of recipients:

• Hosting providers and IT service providers supporting the Website
• Payment processors handling ticket transactions
• Marketing and analytics providers (where applicable)
• Public authorities if legally required

All such service providers process your data based on a data processing agreement and only in accordance with our instructions.

The personal data of the users of the Website may be disclosed also by the Data Controllers to:

• The staff authorised by the Data Controller
• Our partners and external companies that provide services to the Data Controller and are processed by them to enable them to provide the services by the Data Controller
• To public authorities or bodies entitled to receive data under applicable law, such as courts, law enforcement agencies or government institutions, if they make a request based on the relevant legal basis. In the event of a data security breach, certain personal data may be subject to disclosure to the authorities responsible for its protection

The above-mentioned entities may receive personal data if they are separate data Data Controllers, provided that they have a separate and valid legal basis for processing personal data.

For users from the EEA, your personal data may be transferred to and processed in the United States.

We rely on the EU-U.S. Data Privacy Framework as the legal basis for such transfers, ensuring that your data benefits from an adequate level of protection in accordance with Article 45 of the GDPR.

As a data subject, you have the following rights:

• The right to access the user's personal data
• The right to rectify the user's personal data if it is inaccurate or incomplete
• The right to have your personal data deleted
• The right to object to the processing of your personal data. You have the right to object if the Data Controller's processing of your data is based on the Data Controller's legitimate interest, e.g. to profile your data for marketing purposes. The Data Controller will cease processing the data for those purposes unless there are compelling legitimate grounds overriding the interests, rights and freedoms of the user or the user's data is necessary for the Data Controller to establish, assert or defend any claim
• Where you have consented to the processing of personal data, you may withdraw your consent to further processing at any time. Withdrawal of consent shall not affect the lawfulness of any processing carried out by the Data Controller prior to the withdrawal of consent by the user
• The right to data portability of the user's personal data
• The right to restrict the processing of your personal data
• Right to lodge a complaint with a supervisory authority – for EEA users: the data protection authority in your country; for U.S. residents: as provided by applicable state or federal law

To exercise your rights, please contact us at: privacy@ursummit.com.

If the processing of your personal data is based on your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

You may withdraw your consent for marketing communications:

• by contacting us at the email address provided in Section I of this Privacy Policy, or
• by using the unsubscribe link included in each marketing message you receive from us

Please note that withdrawing your consent does not affect the processing of your data where we rely on a different legal basis (e.g., performance of a contract or legal obligations).

We will retain your personal data only for as long as necessary to:

• Provide you with access to the Website and event services
• Fulfill our contractual or legal obligations
• Respond to your inquiries or complaints
• Comply with applicable retention periods under the law

If you have created an account, we will retain your data for as long as the account is active or until you request deletion. Data collected based on consent will be retained until you withdraw your consent.

Cookies are small text files that the website stores on a user's computer or mobile device when the user browses the website. Cookies typically contain the name of the originating domain, the time of storage on the terminal, and a unique, randomly selected number that identifies the file. The information collected by these cookies helps us to tailor the Website to the individual preferences and real needs of users. They also make it possible to compile general statistics on the use of the site and to maintain a user's session. The Data Controller is the entity that places cookies on the user's terminal and gains access to them.

The information collected by means of cookies is used solely to ensure the correct functioning of the Website and for analytical, statistical and marketing purposes, as well as to tailor information to the User's use of the Website.

The Website uses the following types of cookies:

• "Necessary" cookies that enable the use of services available on the Website, e.g. authentication cookies used for services requiring authentication on the Website
• "Performance/analytical" cookies that collect information about the use of a site, such as the pages visited by a particular user and any error messages; they do not collect information that identifies the user and the data collected is aggregated in such a way as to make it anonymous. Analytical cookies are used to improve the performance of the site
• "Functional" cookies that allow the Website to remember any choices you make on the pages (such as changing the font size, customising the page)
• "Advertising" cookies – in order to promote certain products, items or services, we may use advertisements that appear on other websites. This type of cookie is used to make advertising messages more relevant and tailored to the preferences of website users

In many cases, web browser software allows cookies to be stored on the user's terminal equipment by default. Website users can change their cookie settings at any time. In particular, these settings can be modified in order to block the automatic handling of cookies in the web browser settings or to notify the user each time a cookie is placed on the user's equipment.

The user may limit or disable access to cookies on his/her computer; however, the Data Controller reserves the right that, despite all the care taken, in certain cases the lack of use of cookies may lead to a reduction in the functionality of the website.

The Data Controller reserves the right to use the services of third parties to compile statistics on the use of the Website. No data identifying users will be transmitted to such entities.

You can manage your cookie preferences through your browser settings. More detailed information about the cookies used can be found in our Cookie Policy (if published separately).

We do not make decisions based solely on automated processing, including profiling, that would produce legal effects concerning you or similarly significantly affect you.

The Data Controller shall implement appropriate and reasonable technical and organisational measures to ensure an adequate level of security and integrity of Users' personal data, using proven technological standards to prevent unauthorised access to Users' personal data.

Providing personal data is voluntary, but necessary to:

• Register and create an account
• Purchase a ticket
• Contact us or subscribe to updates
• Receive a newsletter related to the event and the activities of the Data Controller

Failure to provide such data may prevent you from using specific Website functionalities.

We may update this Privacy Policy from time to time. When we do, we will publish the new version on the Website with the updated effective date.