APPLY NOW!

Privacy Policy

Privacy Policy — One Future Conference Inc.

Updated on: 11/05/2025
Legal entity: One Future Incorporated (“One Future”, “we”, “us”, “our”)
Contact: hello@one-future.org

1) Scope & who this applies to

This Policy explains how we collect, use, disclose, and protect personal information when you interact with One Future—including when you visit our websites, apply/register for programs or conferences, receive our communications, attend our events, or engage with our social channels. It applies to all individuals worldwide whose data we process, with region-specific rights noted below (Canada, EU/EEA, UK, US—California, and Québec).
We follow the PIPEDA principles across our Canadian operations, which set the ground rules for private-sector privacy practices. 

2) The information we collect

A. You provide directly

  • Identity & contact: name, age/date of birth, nationality/citizenship, postal address, email, phone, emergency contact
  • Application data: résumé/CV, profile links, essays/statements, professional role, organization, interests, demographic info (if voluntarily provided), references
  • Travel & logistics (event-related): passport details (where needed for visa support), dietary needs, accessibility requirements, arrival/departure info, accommodation preferences
  • Payment data: amounts paid, method, limited payment metadata (card details are handled by our PCI-compliant payment processors; we do not store full card numbers)
  • Communications: emails, support requests, feedback, survey responses
  • Media: photographs, video, audio recordings collected at events (see §13)

B. Collected automatically

  • Device, log, and usage data (IP, browser, device type, timestamps, pages viewed), cookies, and similar technologies used for site performance, security, analytics, and marketing (see §12 Cookies & analytics).

C. From third parties

  • Identity/verification, fraud prevention, visa letter issuance support, ticketing/registration vendors, payment processors, analytics providers, social platforms, and partners (only as needed and in line with this Policy).

3) Why we use your information (purposes)

We collect and use personal information to:

  • Run our programs & events: application intake and review, selection, registration, ticketing, scheduling, on-site operations, and post-event follow-up
  • Provide visa invitation support: preparing invitation letters, embassy coordination, travel documentation guidance (see §10 International transfers)
  • Communicate with you: confirmations, updates, logistics, security notices, customer support, surveys, certificates
  • Marketing (consent-based): newsletters, event updates, and opportunities (unsubscribe anytime; see §11 CASL & marketing)
  • Safety, security, fraud prevention: identity verification, protecting attendees and systems
  • Legal & compliance: tax/audit records, regulatory requests, dispute resolution

These purposes align with PIPEDA’s fair information principles (identifying purposes, consent, limiting use, safeguards, openness, individual access, etc.). 

4) Legal bases we rely on (when GDPR/UK GDPR applies)

For individuals in the EU/EEA or UK, we process personal data under:

  • Contract necessity: to review applications, register you, and deliver the event/services you requested
  • Legitimate interests: to secure our services; communicate operational updates; improve programs; protect safety (balanced against your rights) 
  • Consent: for optional marketing emails/SMS and certain cookies/analytics
  • Legal obligation: to meet compliance and reporting duties
    You may withdraw consent at any time where consent was the basis (see §9/§11).

5) Children & minors

Our programs are open to ages 17 to 50. Where local law treats under 18 as a minor, we may request parental/guardian authorization for certain processing (e.g., travel or media releases). We do not knowingly collect data from children under 16.

6) What we share and with whom

We share personal information only as needed with:

  • Service providers / processors: application & event platforms, payment processors, cloud hosting, email/SMS tools, analytics, on-site production, hotels/venues, logistics and security vendors—bound by confidentiality and data-protection terms
  • Visa & travel support: we may share essential details in invitation letters or official correspondence to support your visa application where requested/required
  • Partners or sponsors (limited): if a session or mentorship requires coordination, we will disclose the minimum necessary and, for marketing uses, only with your consent
  • Legal authorities: to comply with law, court orders, or protect rights/safety

We do not sell your personal information.

7) How long we retain information

We keep personal information only as long as necessary to fulfill the purposes described above, to meet legal, audit, tax, or reporting obligations, and to resolve disputes. When retention is no longer required, we securely delete or anonymize data consistent with PIPEDA’s limiting retention principle. 

8) Security

We implement administrative, technical, and physical safeguards appropriate to the sensitivity of the data (e.g., access controls, encryption in transit and at rest where applicable, logging and monitoring, vendor due diligence, and employee training). No method is 100% secure; we continuously improve our controls.

Breach response: Where required, we will notify affected individuals and regulators of privacy breaches posing a real risk of significant harm (PIPEDA), and comply with Québec Law 25 thresholds for breach notification if applicable. 

9) Your privacy rights

Canada (PIPEDA): Request access and correction of your personal information; challenge compliance; complain to the Office of the Privacy Commissioner of Canada (OPC) if unresolved. 

EU/EEA & UK (GDPR/UK GDPR): Rights to access, rectification, erasure, restriction, portability, object, and to withdraw consent where applicable; and to lodge a complaint with your supervisory authority. 

California (CCPA/CPRA): Subject to applicability thresholds, California residents may have rights to know/access, delete, correct, opt-out of certain sharing/sale, and non-discrimination

To exercise rights, contact info@one-future.org. We will verify your identity and respond within the timelines required by applicable law.

10) International data transfers

We operate from Canada and may store/process data in Canada, the US, the EU, the UK, or other countries where our trusted vendors are located. When transferring EU/EEA/UK personal data internationally, we use appropriate safeguards, such as the EU Standard Contractual Clauses (SCCs) and UK transfer mechanisms, plus transfer risk assessments as appropriate. 

11) Email/SMS marketing (CASL compliance)

We send commercial electronic messages (CEMs) only with consent (express or implied) and include sender identification and an easy unsubscribe. We keep consent records as required by CASL. You can opt out any time via the link in our messages or by contacting us. 

12) Cookies, analytics & tracking

We use cookies and similar technologies to operate, secure, and improve our sites, and to understand campaign performance. Where required, we request consent for non-essential cookies. You can manage cookies through your browser or our cookie settings. For EU/UK visitors, we align with GDPR transparency and consent expectations (and respond to rights requests as noted above).

13) Photographs, video & media at events

We document our events (photo/video/audio) for security, archival, storytelling, and promotional purposes. By entering an event space, you may be included in recordings.

  • Badges/opt-out: If you prefer not to be prominently featured, ask for an opt-out indicator at registration or notify staff at the venue; we will make reasonable efforts to accommodate.
  • Speaker sessions: Presenters’ sessions may be recorded/streamed; joining may include your image/voice.

14) Automated decision-making & profiling

We do not engage in solely automated decisions that produce legal or similarly significant effects about you. We may use basic ranking or scoring during application review to streamline workflows, but final decisions involve human judgment.

15) Third-party links & social platforms

Our sites may contain links to external sites or plugins (e.g., social media). Their privacy practices are governed by their own policies; please review those separately.

16) Québec residents (Law 25) — additional notes

For individuals in Québec, we maintain a public, clear, and simple privacy policy, designate a privacy officer, adopt governance rules for personal information, and provide breach notices in accordance with Law 25. Where we collect personal information through technological means, we publish this policy on our website and notify of material changes. 

17) How to contact us & complaints

Privacy Officer — One Future Incorporated
Email: hello@one-future.org 

If we cannot resolve your concern, you may contact the Office of the Privacy Commissioner of Canada and, if applicable, your local supervisory authority (EU/UK) or provincial commissioner. 

18) Changes to this Policy

We may update this Policy to reflect legal, technical, or operational changes. We will post the “Effective date” above and, where required by law, provide additional notice.