Privacy Policy · Global Trust Summit 2026

1. Introduction

This Privacy Policy explains how personal information is collected, used, stored, and protected when you visit the Global Trust Summit 2026 holding website (the “Site”) at globaltrustsummit.org, including pages served from /holding/.

The Global Trust Summit (“GTS”, “Summit”, “we”, “us”, “our”) is a high-level international conference convened in Nairobi, Kenya on 22–23 October 2026, jointly convened by Strathmore University and the Ministry of Foreign and Diaspora Affairs, Government of the Republic of Kenya (together, the “Conveners”).

We are committed to handling personal data responsibly and in accordance with applicable law, including the Kenya Data Protection Act, 2019 and its regulations, and—where applicable—international data-protection standards such as the EU General Data Protection Regulation (GDPR) for visitors from the European Economic Area.

2. Scope

This policy applies to personal information processed through:

the holding Site and its sub-pages (including programme, speakers, and privacy pages);
the Register Your Interest newsletter signup;
the Make an Inquiry contact form;
email and telephone contact details published on the Site; and
technical data generated when you browse the Site (e.g. server logs, cookies).

This policy does not govern third-party websites linked from the Site (e.g. partner organisations). Those sites have their own privacy policies.

3. Data controllers and contact

For the purposes of data protection law, the Conveners act as joint controllers for Summit-related processing described in this policy. Day-to-day correspondence is handled by the GTS Secretariat.

Contact	Role	Email
Mr. Awel Uwihanganye	Summit Coordinator & Programme Director	awel.u@globaltrustsummit.org
Ms. Beverly Muthoki	Head Secretariat	beverly.m@globaltrustsummit.org
General correspondence	Secretariat	info@globaltrustsummit.org

For privacy-specific requests (access, correction, deletion, objection), email info@globaltrustsummit.org with the subject line Privacy Request — Global Trust Summit. We aim to respond within 30 days.

4. Information we collect

4.1 Information you provide

Activity	Data collected	Purpose
Newsletter / Register Your Interest	Email address; optional browser-stored signup record (localStorage backup on your device)	To send Summit updates and announcements you request
Inquiry form	Organisation name, contact person, email, country (ISO code), inquiry type, optional website URL, message content	To receive, route, and respond to partnership, media, delegation, sponsorship, and general inquiries
Direct email / phone	Information you choose to include in your correspondence	To respond to your enquiry and manage Summit business

4.2 Information collected automatically

Server and security logs: IP address, date/time, requested URL, HTTP status, user-agent, referrer. Used for security, abuse prevention, and troubleshooting.
Rate-limiting records: IP address and submission timestamps for inquiry forms (to prevent spam and automated abuse).
Cookies and similar technologies: described in Section 8.

We do not use third-party advertising trackers, social-media pixels, or analytics platforms on the holding Site.

5. How we use your information

We use personal information to:

send Summit updates to subscribers who have registered their interest;
process and respond to inquiries submitted through the Site or by email;
coordinate partnerships, media, delegation, and sponsorship discussions;
protect the Site against fraud, abuse, and security incidents;
comply with legal obligations and lawful requests from authorities; and
plan and administer the Summit (including delegate and speaker programmes, where relevant to your inquiry).

6. Legal bases for processing

Depending on your location and the type of processing, we rely on one or more of the following legal bases:

Consent — e.g. when you submit the newsletter signup or inquiry form and agree to this policy.
Legitimate interests — e.g. responding to unsolicited business inquiries, securing the Site, and administering the Summit, balanced against your rights.
Contract / pre-contractual steps — e.g. processing partnership or sponsorship discussions you initiate.
Legal obligation — e.g. retaining records required by law.

7. How information is shared

We do not sell personal information. We may share data with:

GTS Secretariat staff and authorised Conveners’ personnel who need access to respond to your inquiry or manage Summit operations.
Service providers who process data on our behalf under contract, including:
- Formspree (newsletter signup processing) — Formspree Privacy Policy;
- Hosting and email infrastructure (VPS, SMTP, and administrative backend at admin.globaltrustsummit.org) used to deliver inquiry notifications to info@globaltrustsummit.org;
- Strathmore University and Ministry systems where necessary for Summit administration.
Law enforcement or regulators when required by applicable law or to protect rights, safety, and security.

Inquiry submissions may be forwarded to our administrative API (POST /api/public/partner-inquiries) and/or sent by email to the Secretariat mailbox. Message content and contact details are included in those transmissions.

8. Cookies and local storage

Name / type	Purpose	Duration
gts_bypass (cookie)	When issued via the authorised unlock flow, allows access to the full Summit site behind the holding wall. Contains a signed token (not personal profile data).	As set by the unlock service (session or short-lived)
gts_signups (localStorage)	Browser-only backup of newsletter signups on your device if the remote signup request fails. Not transmitted unless you submit the form successfully.	Until you clear browser storage
Strictly necessary session data	Load balancing, security, and form anti-abuse (e.g. minimum time-on-form checks).	Session / short-term

You can control cookies through your browser settings. Disabling cookies may limit access to parts of the Site (including bypass of the holding wall).

9. International transfers

Our servers and service providers may process data in Kenya and in other countries where our processors operate (e.g. United States for Formspree or email relay providers). Where required, we implement appropriate safeguards such as contractual data-processing terms and processor due diligence.

10. Retention

Newsletter subscribers: until you unsubscribe or ask us to delete your record, plus a reasonable period for suppression lists.
Inquiries: typically up to 24 months after the Summit, or longer if needed for partnership records, disputes, or legal obligations.
Server logs: typically 30–90 days, unless extended for security investigations.
Rate-limit / abuse records: up to 10 minutes (active window) with aggregated logs as above.

11. Security

We apply administrative, technical, and organisational measures appropriate to the risk, including HTTPS transport encryption, access controls, input validation, honeypot and dwell-time checks on forms, per-IP rate limiting, and restricted deploy credentials. No method of transmission over the Internet is completely secure; we cannot guarantee absolute security.

12. Your rights

Subject to applicable law (including the Kenya Data Protection Act), you may have the right to:

be informed about processing (this policy);
access a copy of your personal data;
request correction of inaccurate data;
request deletion or restriction of processing;
object to processing based on legitimate interests;
withdraw consent where processing is consent-based (without affecting prior lawful processing);
data portability, where applicable; and
lodge a complaint with the Office of the Data Protection Commissioner (Kenya) or your local supervisory authority.

To exercise these rights, contact info@globaltrustsummit.org. We may need to verify your identity before fulfilling a request.

13. Children

The Site is intended for adults engaged in professional, institutional, or civic capacities. We do not knowingly collect personal information from children under 18 without appropriate parental or guardian consent. If you believe we have collected a child’s data in error, please contact us and we will delete it promptly.

14. Automated decision-making

We do not use automated decision-making or profiling that produces legal or similarly significant effects. Anti-spam checks (honeypot fields, minimum form completion time, rate limits) are rule-based and do not profile individuals.

15. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top will change when we do. Material changes will be highlighted on the Site where practicable. Continued use of the Site after changes constitutes acceptance of the updated policy.

16. Governing law

This policy is governed by the laws of the Republic of Kenya, without prejudice to mandatory protections in your country of residence where applicable.