1. Overview
Jordan AI Summit 2026 ("JAIS", "we", "us", or "our") is committed to protecting the personal data of all individuals who interact with our website, register for our events, or engage with our services.
This Privacy Policy is issued in compliance with:
- Jordan Personal Data Protection Law No. (24) of 2023 ("PDPL"), effective 17 March 2024, published in the Official Gazette on 17 September 2023
- General Data Protection Regulation (EU) 2016/679 ("GDPR"), for individuals located in the European Economic Area
- California Consumer Privacy Act (Civil Code § 1798.100 et seq.) as amended by the CPRA 2020, for California residents
- Jordan Electronic Transactions Law No. (15) of 2015, governing electronic consent and record-keeping
2. Data Controller
The data controller responsible for your personal data is:
In accordance with Article 11 of the Jordan PDPL, where our core activities involve processing personal data at scale, we have designated a Data Protection Officer (DPO). You may contact our DPO at [email protected].
3. Data We Collect
We collect personal data in the following categories, as defined under Article 2 of the Jordan PDPL and GDPR Article 4:
3.1 Registration & Identity Data
- Full name, job title, organisation / university
- Email address, phone number, country of residence
- Professional role and industry sector
- Networking preferences and areas of interest
- LinkedIn profile URL (speakers only)
3.2 Technical & Usage Data
- IP address (recognised as evidence under Article 35 of Jordan Cybercrime Law No. 17/2023)
- Browser type, operating system, device identifiers
- Pages visited, time on site, referral sources
- Cookie identifiers and session tokens
3.3 Communications Data
- Email correspondence with our team
- Survey responses and feedback submissions
- Speaker proposal content and abstracts
3.4 Data We Do Not Collect
We do not collect sensitive personal data as defined in Article 2 of the Jordan PDPL (racial or ethnic origin, political opinions, religious beliefs, health data, genetic or biometric data, criminal records) unless explicitly required and separately consented to for specific accessibility or dietary accommodation purposes.
4. Legal Basis for Processing
Under Article 4(A) and Article 7 of the Jordan PDPL, and Article 6 of the GDPR, we process your personal data on the following lawful bases:
Consent
Jordan PDPL Art. 4(A) · GDPR Art. 6(1)(a)
For marketing communications and optional cookie categories. Consent is freely given, specific, informed, documented electronically, and withdrawable at any time.
Contract Performance
GDPR Art. 6(1)(b)
Processing registration data is necessary to deliver the event services you have registered for and to fulfil our contractual obligations to you.
Legal Obligation
Jordan PDPL Art. 7 · GDPR Art. 6(1)(c)
We may process data where required by Jordanian law, court order, or regulatory authority, including in compliance with the Cybercrime Law No. 17/2023.
Legitimate Interests
GDPR Art. 6(1)(f)
For website analytics, fraud prevention, and improving our services, where these interests are not overridden by your fundamental rights and freedoms.
5. How We Use Your Data
In accordance with the purpose limitation principle under Article 9 of the Jordan PDPL and GDPR Article 5(1)(b), we use your data exclusively for the following purposes:
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Event registration & access management | Name, email, organisation, role | Contract; Jordan PDPL Art. 4(A) |
| Sending event confirmations & updates | Email, name | Contract; Consent |
| Generating delegate badge & networking profile | Name, title, organisation, industry | Contract; Legitimate interests |
| Marketing communications (opt-in only) | Email, name, interests | Consent (withdrawable) |
| Website analytics & performance | IP, cookies, usage data | Consent; Legitimate interests |
| Fraud prevention & security | IP address, technical data | Legal obligation; Legitimate interests |
| Regulatory compliance | Registration records | Legal obligation |
7. International Data Transfers
Under Article 15 of the Jordan PDPL, transfers of personal data outside the Hashemite Kingdom of Jordan are prohibited where the recipient jurisdiction provides a lower level of protection than the PDPL, unless one of the enumerated exceptions applies.
Where we transfer data to service providers located outside Jordan (including within the European Union, United States, or other jurisdictions), we ensure adequate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission for EU-bound transfers
- Binding Corporate Rules or equivalent contractual protections for other transfers
- Your explicit informed consent, where required by Article 15(e) of the Jordan PDPL
For EU residents, transfers outside the EEA comply with GDPR Chapter V requirements.
8. Data Retention
In accordance with the storage limitation principle under Article 9(4) of the Jordan PDPL and GDPR Article 5(1)(e), we retain personal data only for as long as necessary for the stated purpose:
| Data Category | Retention Period |
|---|---|
| Registration & attendee records | 3 years after the event date |
| Marketing consent records | Until consent is withdrawn, then 1 year for compliance audit |
| Website analytics data | 13 months (anonymised thereafter) |
| Financial / payment records | 7 years (Jordanian commercial law requirement) |
| Speaker submissions | 2 years after the event date |
| Security & access logs | 12 months |
Upon expiry of the retention period, data is securely deleted or anonymised in accordance with Article 12 of the Jordan PDPL.
9. Your Rights
Under Articles 4(B) and 10 of the Jordan PDPL, and the GDPR (for EEA residents) and CCPA (for California residents), you have the following rights regarding your personal data:
Right of Access
Request a copy of the personal data we hold about you. Jordan PDPL Art. 10 · GDPR Art. 15 · CCPA § 1798.110
Right to Correction
Request correction of inaccurate or outdated personal data. Jordan PDPL Art. 4(B)(1) · GDPR Art. 16 · CCPA § 1798.106
Right to Erasure
Request deletion of your personal data where it is no longer necessary. Jordan PDPL Art. 4(B)(2) · GDPR Art. 17 · CCPA § 1798.105
Right to Restrict Processing
Limit processing to a defined scope while a dispute is resolved. Jordan PDPL Art. 4(B)(3) · GDPR Art. 18
Right to Object
Object to processing based on legitimate interests, including profiling. Jordan PDPL Art. 4(B)(4) · GDPR Art. 21
Right to Portability
Receive your data in a structured, machine-readable format. Jordan PDPL Art. 14 · GDPR Art. 20
Right to Breach Notification
Be notified within 24 hours of any breach affecting your data. Jordan PDPL Art. 4(B)(8) · Art. 20
Right to Opt-Out (CCPA)
California residents may opt out of the sale or sharing of personal information. CCPA § 1798.120
9.1 Right to Lodge a Complaint
If you believe we have not adequately addressed your privacy concern, you have the right to lodge a complaint with:
- Jordan: The Personal Data Protection Council (under the Council of Ministers)
- EU residents: Your local Data Protection Authority (DPA)
- California residents: The California Privacy Protection Agency (CPPA)
10. Data Security
In accordance with Article 8 of the Jordan PDPL and GDPR Article 32, we implement appropriate technical and organisational security measures proportionate to the risk, including:
- TLS/SSL encryption for all data transmitted to and from our website
- Encrypted storage of sensitive data at rest
- Access controls limiting data access to authorised personnel only
- Regular security assessments and vulnerability testing
- Staff training on data protection and information security
10.1 Data Breach Response
In the event of a personal data breach, we will:
- Notify affected data subjects within 24 hours of discovery, as required by Article 20 of the Jordan PDPL
- Notify the regulatory authority within 72 hours of discovery, including details of the breach, affected individuals, and remediation measures
- Provide compensation where gross negligence or misconduct on our part caused the breach, in accordance with Jordan PDPL Article 20
11. Children's Privacy
JAIS 2026 is a professional AI summit intended for adults aged 18 and over. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that we have inadvertently collected data from a minor, we will promptly delete such data in accordance with Article 10(A)(2) of the Jordan PDPL.
If you are a parent or guardian and believe your child has submitted personal data to us, please contact [email protected] immediately.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in law, our practices, or our services. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page
- Notify registered users by email where required by law
- Display a prominent notice on our website for 30 days following material changes
Continued use of our website following notification of changes constitutes acceptance of the updated policy, in accordance with Article 11 of the Electronic Transactions Law No. 15/2015.