Privacy & Data Protection Policy

Last updated: January 26, 2026

This Privacy & Data Protection Policy explains how “İPSEİ” Limited Liability Company (LLC) (“IPSEI”, “we”, “us”) collects, uses, shares, and protects personal information when you visit ipsei.org or use IPSEI’s online platform and services (together, the “Platform” and “Services”).

IPSEI operates globally. This Policy is designed to be broadly applicable internationally and is intended to be read alongside the privacy and data protection laws that apply to you based on your location.

 

Quick summary

 

→ Most of our website is public and can be read without registration.

→ HUBS content (details of all 3 HUBS) is available only to registered and paid users.

→ Submitting/publishing material in the NEWSROOM is available only to registered and paid users.

→ We process personal information to operate the Platform, provide access, administer participation/subscription, maintain security, and improve services.

→ We do not sell personal information.

→ You have rights and choices depending on applicable law.

 

1) Controller (Data Controller) and how to contact us

 

Data Controller: The “İPSEİ” Limited Liability Company (LLC), incorporated under the laws of the Republic of Azerbaijan
Registered Address: Azerbaijan, AZ1018, Baku, 6 Nakhimov street, Apt. 42
Email: secretariat@ipsei.org
Phone: +994 55 777 17 77

For clarity: “Data Controller” refers only to responsibility for personal data processing. It does not imply any regulatory authority or enforcement role in clean sport.

For privacy questions or requests, contact us using the details above.

 

2) What personal information means

 

Personal information (personal data) is information that identifies you or can reasonably be linked to you, such as your name, email address, organization, job title, account identifiers, and online identifiers like an IP address.

 

3) What we collect

 

We collect personal information in three ways: (A) you provide it, (B) it is collected automatically, and (C) it comes from service partners (limited).

A) Information you provide

• Account and profile information: name, email, password (stored securely in hashed form), organization, role/title, country, and optional profile details.

• Participation/subscription administration: billing contact details, organization details, invoice details, and payment confirmations/transaction references.

• Content you submit or publish (where your access allows): posts, events, announcements, documents, images, and any information you include in such submissions.

• Communications: information you provide when contacting us (support requests, emails, forms).

B) Information collected automatically

When you visit or use our website/Platform, our systems may process:

• Technical data: IP address, device type, browser type/settings, operating system, referrer URL, timestamps.

• Usage data: logins, pages/features used, and activity related to platform operation, security, and performance.

C) Information from service partners (limited)

• Payment providers/channels: payment status confirmation and limited transaction references. We do not store full payment card details. Where payments are processed via a payment provider, payment card information is handled directly by that provider in accordance with its own security standards.

• Infrastructure and security tools: limited technical logs and security signals (e.g., spam/fraud indicators).

 

4) Why we collect and use personal information

 

We process personal information for the following purposes:

1. To provide and operate the Services
   Create and manage accounts, authenticate users, provide access to registered areas, and deliver platform functionality.

2. To manage participation/subscription and payments
   Administer participation/subscription access, generate invoices/records, confirm payments, and activate access where applicable.

3. To communicate with you
   Respond to inquiries, provide support, and send administrative or service-related messages (e.g., important account notices).

4. To maintain security and integrity
   Prevent fraud, spam, abuse, unauthorized access; investigate incidents; enforce platform rules and protect users and IPSEI.

5. To improve and develop the Platform
   Performance monitoring, troubleshooting, analytics (where enabled), service improvement, and feature development.

6. To comply with legal obligations and protect rights
   Accounting/tax compliance (where applicable), responding to lawful requests, and establishing/exercising/defending legal claims.

 

5) Public website vs. restricted Platform areas

 

Public website content

Most content on ipsei.org is public and can be viewed without registration.

Restricted access areas (Registered & Paid)

The following are restricted and available only to registered and paid users:

• All 3 HUBS (details and access)

• Submitting/publishing material to the NEWSROOM

Access control is enforced through account authentication and participation/subscription status.

 

6) Legal bases for processing (global-friendly)

 

Depending on applicable law, we rely on one or more of the following:

• Contract / service necessity: to provide Services you request (account access, paid access features, platform operations).

• Consent: where required (e.g., certain non-essential cookies; optional communications).

• Legitimate interests: to secure and improve the Platform, prevent abuse, and maintain service quality (balanced against your rights).

• Legal obligations: to comply with accounting/tax and other legal requirements.

 

7) Publishing and user responsibility (NEWSROOM and submissions)

 

If your account permits submission/publishing, you are responsible for the content you upload or publish.

• Do not upload personal information about others unless you have a lawful basis to do so and, where required, appropriate permissions/consent.

• Avoid sensitive personal information (including “special category” data such as health data) and identity documents unless strictly necessary and lawful.

• IPSEI may restrict or remove content where necessary to comply with law, protect users, enforce platform rules, or prevent abuse.

 

8) When and where we share personal information

 

We do not sell personal information.

We may share personal information only as necessary:

• Within IPSEI: access is limited to authorized personnel on a need-to-know basis and subject to confidentiality.

• Service providers (processors): Categories of service providers may include website hosting and infrastructure providers, email delivery services, payment processing providers, security and anti-spam tools, customer support tools, and (where enabled) analytics providers. We authorize such providers only to process personal information on our behalf for the purposes described in this Policy, subject to contractual confidentiality and security obligations.

• Legal and compliance: where required by law or valid legal process, or to protect rights, safety, and security.

• Business transfers: if IPSEI is involved in a merger, acquisition, reorganization, or asset transfer, personal information may be transferred with appropriate safeguards.

 

9) International processing and cross-border transfers

 

Because IPSEI serves users worldwide, personal information may be processed in countries other than your own (for example, where service providers or infrastructure are located).

Where applicable law requires, IPSEI uses appropriate safeguards for cross-border transfers (such as contractual protections and recognized transfer mechanisms) and applies security controls designed to protect personal information.

Where EU/UK data protection law applies, we rely on recognized transfer mechanisms and contractual safeguards (such as Standard Contractual Clauses and, where applicable, the UK International Data Transfer Addendum) to protect personal information when it is transferred internationally.

 

10) Cookies and similar technologies

 

We use cookies and similar technologies to operate and secure the website and Platform.

Types of cookies we may use:

• Strictly necessary cookies (essential): security, login sessions, site functionality.

• Preferences cookies (where enabled): remember choices/settings.

• Analytics cookies (where enabled and lawful): understand performance and improve the Platform.

Where required by applicable law, we use a cookie consent mechanism for non-essential cookies (such as analytics cookies) and you can update your preferences at any time through our cookie settings (where available).

If you disable cookies, some Platform functions may not work correctly.

If we embed third-party content (e.g., videos, sharing tools), those providers may collect technical data in accordance with their own privacy policies.

 

11) Safeguards and security

 

We implement appropriate technical and organizational measures to protect personal information against unauthorized access, loss, misuse, alteration, or disclosure. Measures may include access controls, encryption in transit, monitoring, and internal security procedures.

No system is completely secure. If we become aware of a significant personal data incident, we will take appropriate steps consistent with applicable law.

 

12) Retention (how long we keep information)

 

We keep personal information only as long as necessary for the purposes described in this Policy, including:

• Account data: while your account is active and for a limited period afterward, unless longer retention is required or justified (e.g., legal compliance, security, dispute resolution).

• Billing/payment records: as required by accounting and tax laws.

• Security logs: for a limited period to prevent and investigate abuse and incidents.

• Submitted/published content: retained according to Platform settings, user actions, and legal requirements.

When information is no longer needed, we delete or anonymize it, unless retention is legally required.

 

13) Your rights and choices

 

Depending on where you live and applicable law, you may have rights such as:

1. access to your personal information,

2. correction of inaccurate data,

3. deletion (where applicable),

4. restriction or objection to certain processing,

5. withdrawal of consent (where processing is based on consent),

6. portability of certain data,

7. lodging a complaint with a competent authority.

To exercise your rights, contact secretariat@ipsei.org. We may request verification to protect your account and prevent unauthorized access.

We aim to respond to verified requests within a reasonable timeframe and in accordance with applicable law. In some cases, we may decline or limit a request where permitted by law (for example, to protect the rights of others, security, or legal compliance).

Email preferences: where we offer optional updates, you may unsubscribe using the method provided in the message or by contacting us.

 

14) Children

 

The Platform is intended for professional/organizational use and is not directed to children. If you believe a child has provided personal information to IPSEI, please contact us.

 

15) Controller vs. Processor (for organizations)

 

In many cases, IPSEI acts as an independent Controller (e.g., account management, platform operations, security).
In some cases, where an organization provides personal information and instructs IPSEI to process it for a specific purpose, IPSEI may act as a Processor. Where required, IPSEI can provide additional processor terms (e.g., a Data Processing Addendum) describing processing instructions, sub-processors, security, and deletion/return.

 

16) Updates to this Policy

 

We may update this Policy from time to time. The revised version will be posted on this page and the “Last updated” date will be changed accordingly. The updated Policy applies from that date.