Privacy Notice

LAST UPDATED: 3rd May 2026

1. Overview and Scope

World Cyber Security Forum (a unit of DIDAPRO CONSULTING) (“WCSF”, “we”, “our”, or “us”) is committed to protecting and respecting your privacy. This Privacy Notice explains how we collect, use, disclose, and safeguard your personal data when you visit or use our website at www.worldcybersecurities.com (the “Website”), purchase or enrol in our events, training programmes, or online courses, or otherwise interact with us.

This notice applies to all current and former visitors to our website and to our online customers. By accessing or using our website, you acknowledge that you have read and agree to the terms of this Privacy Notice.

WCSF acts as the Data Fiduciary for the purposes of the Digital Personal Data Protection Act, 2023 (“DPDPA”) of India, and as the Data Controller for the purposes of any applicable international data protection laws where relevant.

Note: This policy should be read alongside our Terms of Use. Defined terms not explained here carry the meanings given in our ToU.

2. Information We Collect

2.1 Information You Provide Directly

We collect the following categories of personal data that you provide to us:

Account and registration details: name, postal address, contact number, email address, username, password (we don’t store it), and event/course registration information.
Payment and billing information: billing name and billing email address. We do not collect, store, or process your credit card, debit card, or any other payment card numbers, expiry dates, CVV, or related details on our Website. All payment transactions are handled exclusively by our third-party payment gateway provider (see Section 8).
User-generated content: information you post in public areas of our Website, in comment sections, or on our affiliated social media pages.
Communications: the content of any emails, messages, or enquiries you send us, including information provided when reporting a problem or submitting a grievance.
Demographic information: information about your preferences, interests, events you intend to attend, or courses you are enrolled in, which you provide during registration, surveys, or the use of our services.

2.2 Information We Collect Automatically

When you use our Website, we automatically collect certain technical and usage data through cookies and similar technologies. We use only two categories of cookies:

Essential Cookies: These are strictly necessary for the Website to function. They enable core features such as page navigation, secure session management, and access to payment processing. These cookies cannot be disabled without affecting site functionality.
Analytical Cookies: These help us understand how visitors interact with our Website by collecting information on pages visited, time spent, traffic sources, and navigation paths. This data is aggregated and anonymised and is used solely to improve the Website. Providers include Google Analytics and Google Search Console.

Cookie Type	Purpose	Provider	Retention
Essential	Enable core website functionality: navigation, forms, secure login sessions, and payment processing.	Internal / Payment Gateway	Session / up to 1 year
Analytical	Measure website traffic, page performance, and user journeys via Google Analytics to help us improve the site.	Google Analytics, Google Webmaster	Up to 26 months (Google Analytics default)

We do not use advertising, targeting, social media, or any other cookie categories. A cookie cannot read data from your computer’s hard drive. If you have voluntarily registered, a cookie may associate session data with your account only with your knowledge.

You can disable or manage cookies through your browser settings. Disabling analytical cookies will not impair Website functionality. Disabling essential cookies may limit certain features.

2.3 Information from Third Parties

We may receive personal data about you from the following third parties:

Social media platforms: if you interact with our content on a third-party social media site, that platform may share certain information such as your name or email address with us, subject to your privacy settings on that platform.
Syteme.io: our marketing automation and course platform may pass enrolment and preference data to us when you interact with our campaigns or access course content.
Tutor LMS: our learning management system collects your learning progress, course completion, and assessment data once you are enrolled in a course.

3. Analytics, Technical Data, and IP Addresses

We use Google Analytics and Google Search Console (Google Webmaster) to understand how our Website is used. These tools collect data including IP Address (browser type, device type, operating system version, pages visited, referral sources, and approximate geographic location (country or city level).

Google Analytics is configured on our Website to not capture IP addresses (anonymizes it by default upon collection and using them only for geolocation data (city, country) before discarding them) where technically feasible. The data collected is aggregated and used only to improve our Website and services. Additionally, we don’t have access to your IP Address.

Important: Although our Website does not directly store your IP address in a user-facing database, third-party analytics tools (Google Analytics, Google Search Console) do process IP and device data as part of their service. Please refer to Google’s Privacy Policy at https://policies.google.com/privacy for full details of how Google processes this data. However, you always have the option to disable the “Analytical Cookie” in Cookie Banner.

4. How We Use Your Personal Data

We process your personal data only for the purposes described below and only on a valid lawful basis under the DPDPA and applicable law:

Purpose	Details	Lawful Basis (DPDPA)
Order and transaction confirmations	Sending you confirmation of purchases, registrations, or enrolments.	Performance of contract
Account and service management	Creating and managing your account; responding to enquiries, complaints, and grievances.	Performance of contract and Legitimate interest
Course and event delivery	Providing access to purchased courses via Tutor LMS and events via Systeme.io; tracking progress and issuing certificates.	Performance of contract
Marketing communications	Sending you promotional offers, newsletters, new event announcements, and product updates. You will only receive marketing emails if you have given consent, or where we have a legitimate interest as a prior customer.	Consent
Website improvement	Analysing usage patterns to improve the Website’s performance and usability through Google Analytics data.	Consent
Security and fraud prevention	Protecting our Website, customers, and business from fraudulent or unlawful activities.	Legitimate interest and Legal obligation
Legal compliance	Complying with applicable laws, court orders, regulatory requirements, or statutory authority requests.	Legal obligation
Business transfers	In the event of a merger, acquisition, or sale of assets, transferring relevant customer data to the successor entity.	Legitimate interest

5. Third-Party Processors and Service Providers

We share your personal data with selected third-party processors who perform services on our behalf. All such processors are bound by data processing agreements that restrict their use of your data to the purposes for which it was shared.

Third-Party Processor	Purpose	Data Shared	Location
Payment Gateway	Secure payment processing for event registrations and purchases	Billing name, email, transaction amount, UPI ID (no card numbers stored by us)	India / as per gateway policy
Systeme.io	Marketing automation, email campaigns, sales funnels, course hosting	Name, email address, contact number, consent record	France / EU (GDPR-compliant)
Tutor LMS	Course delivery, learner progress tracking, certificates for purchased courses	Name, email, course enrolment, progress data	India / as per hosting provider
Google Analytics	Website traffic analytics and performance measurement	Anonymised usage data, device type, approximate location	USA (SCCs applied)
Google Webmaster (Search Console)	Search performance and indexation monitoring	Anonymised search query and click data	USA (SCCs applied)

We do not sell your personal data to third parties. We do not share your data with advertisers or ad networks.

We may also share your personal data:

With event co-sponsors or venue operators, where you have registered for an event they are involved in. Such partners are required to handle your data in accordance with their own privacy policies.
With statutory authorities, courts, or law enforcement agencies, to comply with a legal obligation or respond to a lawful request.
With a successor entity in the event of a merger, acquisition, or sale of all or part of our business, subject to the successor maintaining equivalent data protection obligations.
Where required or permitted by law, or as otherwise disclosed to you at the time of collection.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including any legal, regulatory, or reporting requirements. The following indicative retention periods apply:

Data Category	Retention Period	Reason
Account and registration data	Duration of account + 3 years of last inactivity	Contractual obligation and grievance resolution
Transaction and billing records	7 years	Statutory requirement under Indian tax and accounting laws
Course enrolment and progress data	Duration of enrolment + 3 years of last inactivity	Certificate validity and learner queries
Marketing consent records	Until consent is withdrawn + 3 years	Evidencing lawful basis for marketing
Grievance and communication records	3 years from resolution	Legal defence and regulatory compliance
Google Analytics data	Up to 26 months (Google default)	Website improvement and traffic analysis

After the applicable retention period expires, your personal data will be securely deleted or anonymised. We will notify you if any change to the expected retention period materially affects your data.

7. Data Principal Rights

As a Data Principal under the DPDPA, you have the following rights with respect to your personal data processed by us:

Right to Access: You have the right to obtain a summary of the personal data we hold about you and the processing activities carried out with respect to such data.
Right to Correction and Erasure: You have the right to request correction of inaccurate or incomplete personal data, and to request erasure of personal data where it is no longer necessary for the purpose for which it was collected, or where consent has been withdrawn.
Right to Grievance Redressal: You have the right to a prompt, fair, and accessible mechanism to raise grievances about our handling of your personal data. See Section 11 for details.
Right to Nominate: You have the right to nominate another individual to exercise these rights on your behalf in the event of your death or incapacity.
Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing carried out before withdrawal. Withdrawal may affect our ability to provide certain services to you.

To exercise any of the above rights, please submit a request using the form at: https://forms.gle/awDTE4gQa4zJq3f17

Acknowledgement will be provided within 48 hours of receipt. Resolution will be completed within 30 calendar days, subject to identity verification. Where a request is complex or involves multiple data categories, this period may be extended; we will notify you if an extension is required.

8. International Transfers of Personal Data

Some of our third-party processors (including Systeme.io, which is based in France, and Google, which is based in the USA) are located outside India. Where we transfer your personal data outside India, we take steps to ensure that such transfers are carried out in compliance with applicable law, including the DPDPA and any rules or notifications issued thereunder.

Transfers to countries notified by the Government of India as providing adequate protection will rely on that adequacy determination. Transfers to other countries will be subject to appropriate safeguards, such as Standard Contractual Clauses (SCCs) or other contractual protections as required under applicable law.

Once your personal data has been transferred to and received by a third-party processor outside India, the processing of that data by that processor will be governed by that processor’s own privacy policy and the applicable laws of their jurisdiction. We encourage you to review the privacy policies of the third-party processors listed in Section 5.

9. Minors

Our Website and services are not directed at individuals under the age of 18 years (“minors”). We do not knowingly collect personal data from minors.

If you are a minor, you must obtain the prior consent of a parent or legal guardian before using our Website, registering for an event, or purchasing a course. By using the Website, you represent that you are at least 18 years of age, or that you are using the Website with the consent and supervision of a parent or legal guardian who has agreed to this Privacy Policy on your behalf.

If we become aware that we have inadvertently collected personal data from a minor without appropriate consent, we will take prompt steps to delete such data. If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact us at the details in Section 11.

10. Marketing Communications and Opt-Out

We may send you promotional emails, event announcements, and updates about our courses and services where you have provided consent or where we have a legitimate interest to do so.

You can opt out of marketing communications at any time by:

Clicking the “unsubscribe” link in any marketing email we send you; or
Sending an email to info@worldcybersecurities.com with the subject line “Marketing Opt-Out”.

We will process your opt-out request within 5 business days. Please note that even after opting out of marketing communications, you will continue to receive transactional messages via email, SMS, and WhatsApp that are necessary to fulfil your purchase or course enrolment (such as booking confirmations, course access links, and receipts).

11. Grievance Redressal

If you have any concerns, complaints, or queries relating to this Privacy Policy or the handling of your personal data, you may contact our designated Privacy Officer:

Privacy Officer: Paakhhi Garg | Email: pakhi.garg@worldcybersecurities.com | Phone: +91 8587865004

When submitting a grievance, please include:

Your full name and contact information.
A clear and detailed description of your grievance or concern.
Any supporting documents or evidence.

We will acknowledge your grievance within 48 hours of receipt and aim to resolve it within 30 calendar days. If we require additional information or verification, the resolution period may be extended, and we will inform you accordingly. If you remain dissatisfied with our response, you may escalate the matter to the Data Protection Board of India in accordance with the DPDPA, once the Board is constituted and operational.

12. Third-Party Websites

Our Website may contain links to third-party websites. Clicking on such links will take you to websites that we do not operate or control. This Privacy Policy does not apply to the privacy practices of those websites. We encourage you to read the privacy policy of any third-party website you visit. We are not responsible for the privacy practices, content, or security of third-party websites.

13. Managing Your Cookie Preferences

Our Website uses only Essential and Analytical cookies (described in Section 2.2). You may manage your cookie preferences as follows:

Essential Cookies cannot be disabled as they are necessary for the Website to function.
Analytical Cookies can be disabled using our cookie banner, or you may use the Google Analytics Opt-out Browser Add-on available at https://tools.google.com/dlpage/gaoptout.

Instructions for managing cookies in common browsers: please refer to your browser’s help documentation. Note that disabling cookies may affect the functionality of certain features of our Website.

14. Updates to This Policy

We may update this Privacy Notice from time to time to reflect changes in our practices, services, or applicable law. When we make material changes, we will:

Post the updated notice on our Website with a revised “Effective Date” at the top; and
Notify you by email (where we hold your email address) or by a prominent notice on our Website.

We encourage you to review this policy periodically. Your continued use of our Website after any changes constitutes your acceptance of the updated policy.

15. Governing Law and Jurisdiction

This Privacy Policy and any disputes arising under it are governed by the laws of India, including the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, and the rules and regulations made thereunder. Any disputes shall be subject to the exclusive jurisdiction of the courts of the Kashipur (Uttarakhand), India, unless otherwise required by applicable law.

16. Contact Us

If you have any questions about this Privacy Policy, or wish to exercise any of your rights, please contact us: info@worldcybersecurities.com