WIBCF

PRIVACY POLICY

PRIVACY POLICY

1. Introduction
1.1. Purpose of the Privacy Policy
The World Islamic Blockchain Federation – International Islamic Blockchain Beratung e.V. (“WIBCF”, “we”,
“our”, or “us”) is committed to safeguarding the privacy and personal data of our users, partners, stakeholders,
and any individual who interacts with our services (“Users”, “you”, or “your”). This Privacy Policy outlines how
WIBCF collects, uses, discloses, and protects your personal data in accordance with all applicable data
protection and privacy laws and regulations.
The primary purpose of this Privacy Policy is to provide transparency regarding our data handling practices and
to inform you about your rights and choices concerning your personal data. We recognize the importance of
privacy as a fundamental right and are dedicated to ensuring that all data processing activities are conducted in
a lawful, fair, and transparent manner.
This Privacy Policy also aims to:
a. Clarify the types of personal data we collect and process.
b. Explain the purposes for which your personal data is collected and used.
c. Outline the legal bases upon which we rely to process your data.
d. Detail the rights you have under applicable data protection laws.
e. Highlight the security measures we implement to safeguard your personal data.


1.2. Scope of the Privacy Policy
This Privacy Policy applies to all personal data collected and processed by WIBCF in connection with its
operations, whether through our website (https://wibcf.com), mobile applications, online platforms, or through
any other means of communication, including but not limited to email, telephone, or in-person interactions.
The Policy applies to the following categories of individuals:
a. Visitors to our website and users of our online services.
b. Members, affiliates, and partners of WIBCF.
c. Participants in events, conferences, and webinars organized by WIBCF.
d. Individuals who communicate with us or engage with our services in any capacity.
This Privacy Policy governs personal data processing activities carried out in all jurisdictions where WIBCF
operates, including but not limited to the European Union, the United Arab Emirates, and any other countries
where WIBCF has legal presence or conducts business activities.
Please note that this Privacy Policy does not apply to third-party websites, applications, or services that may be
linked through our platforms. We encourage you to review the privacy policies of such third parties before
providing any personal data.


1.3. Legal Framework and Compliance
WIBCF is committed to complying with all applicable data protection and privacy laws across the jurisdictions in
which it operates. Our data processing practices are designed to align with the highest global privacy standards,
including but not limited to:
a. General Data Protection Regulation (GDPR) (EU) 2016/679.
b. Federal Data Protection Act – Germany.
c. Personal Data Protection Laws in Other Jurisdictions – Including but not limited to laws in the USA, United
Kingdom (UK GDPR), UAE, Switzerland, and other countries where WIBCF operates.
We implement robust data protection principles as outlined in these regulations, including:
a. Lawfulness, fairness, and transparency in data processing.
b. Purpose limitation and data minimization.
c. Accuracy and integrity of personal data.
d. Storage limitation and accountability.
e. Implementation of technical and organizational security measures.
Where data transfers across borders are required, WIBCF ensures that appropriate safeguards are in place,
such as Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs), to ensure an adequate level
of data protection in line with GDPR and other international data transfer standards.


1.4. Definitions
For the purposes of this Privacy Policy, the following terms shall have the meanings ascribed to them below:
a. “Personal Data” refers to any information relating to an identified or identifiable natural person (“Data
Subject”). An identifiable natural person is one who can be identified, directly or indirectly, by reference to
identifiers such as a name, identification number, location data, online identifier, or one or more factors
specific to the individual’s physical, physiological, genetic, mental, economic, cultural, or social identity.
b. “Processing” means any operation or set of operations performed on personal data, whether by
automated means or otherwise, including but not limited to collection, recording, organization, structuring,
storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, erasure, or
destruction.
c. “Data Controller” refers to the natural or legal person, public authority, agency, or other body which,
alone or jointly with others, determines the purposes and means of the processing of personal data.
WIBCF acts as the Data Controller for the personal data collected under this Privacy Policy.
d. “Data Processor” means any natural or legal person, public authority, agency, or other body which
processes personal data on behalf of the Data Controller.
e. “Data Subject” refers to the individual whose personal data is being collected and processed.
f. “Consent” means any freely given, specific, informed, and unambiguous indication of the Data Subject’s
wishes, by which they signify agreement to the processing of their personal data.
g. “Third Party” means any individual or entity that is not the Data Subject, Data Controller, or Data
Processor, nor an individual authorized to process data under the direct authority of the Data Controller or
Processor.
h. “Applicable Laws” refers to all laws, regulations, guidelines, and rules relating to data protection and
privacy applicable in the jurisdictions where WIBCF operates.
i. “Cookies” are small text files placed on a user’s device by websites to collect standard internet log
information and visitor behaviour information.
By using our website or engaging with our services, you acknowledge that you have read and understood this
Privacy Policy and consent to the practices described herein, in accordance with applicable laws.


2. Data Controller and Contact Information
2.1. Identity and Contact Details of Data Controller
WIBCF acts as the Data Controller for the personal data collected and processed in accordance with this
Privacy Policy. As the Data Controller, WIBCF is responsible for determining the purposes and means of
processing your personal data in compliance with all applicable data protection and privacy laws.
Data Controller Information:
a. Entity Name: World Islamic Blockchain Federation – International Islamic Blockchain Beratung e.V.
b. Legal Form: Registered Association under German Law (eingetragener Verein)
c. Website: https://wibcf.com
d. Email: legal@wibcf.com
WIBCF is committed to processing your personal data lawfully, fairly, and transparently, in strict adherence to all
data privacy laws and regulations in jurisdictions where WIBCF operates.


2.2. Data Protection Officer (if applicable)
In compliance with the General Data Protection Regulation (GDPR) and other relevant data protection
frameworks, WIBCF has appointed a Data Protection Officer (DPO) to oversee and ensure the organization’s
adherence to data privacy laws and to serve as a point of contact for any data protection inquiries or concerns.
Data Protection Officer Contact Details:
a. Name: [Insert DPO’s Full Name]
b. Position: Data Protection Officer
c. Email: [Insert DPO Email]
The Data Protection Officer is responsible for:
a. Monitoring WIBCF’s compliance with applicable data protection laws and regulations.
b. Advising WIBCF and its staff on data protection obligations.
c. Acting as a point of contact for data subjects regarding the processing of their personal data and the
exercise of their rights under applicable laws.
d. Cooperating with supervisory authorities, such as the German Data Protection Authority or other
relevant data protection regulators in jurisdictions where WIBCF operates.
If WIBCF operates in jurisdictions where local laws mandate the appointment of a local representative or
equivalent role, we ensure compliance with such legal requirements and provide the relevant contact details
upon request.


Submitting Data Subject Requests:
To exercise your rights under applicable data protection laws, such as your right to access, rectify, erase, or
restrict processing of your personal data, or to object to processing or request data portability, please contact
us using the contact information provided herein. To ensure the protection of your personal data, we may
require proof of identity before processing your request.
Supervisory Authority Contact:
If you believe that WIBCF has not adequately addressed your data protection concerns, you have the right to
lodge a complaint with your local data protection authority. In Germany, you may contact:
German Federal Commissioner for Data Protection and Freedom of Information (BfDI)
a. Website: https://www.bfdi.bund.de
b. Email: poststelle@bfdi.bund.de
c. Phone: +49 (0)228 997799-0
For users located outside of Germany, you may contact your relevant local data protection authority in
accordance with the applicable laws of your jurisdiction.
We are committed to responding to all data protection inquiries and requests in a timely manner, typically
within 30 days as mandated by the GDPR and similar data privacy regulations. In complex cases, where
more time is required, we will inform you of any delays and provide updates on the progress of your request.


3. Types of Personal Data Collected
This section outlines the types of personal data that WIBCF collects, processes, and stores. The specific
categories of data collected may vary depending on your interactions with us, such as visiting our website,
attending our events, or using our services.


3.1. Personal Identification Information
We may collect personally identifiable information that allows us to directly or indirectly identify you. This
information is typically provided voluntarily when you interact with our services, such as signing up for events,
registering on our website, or subscribing to newsletters.


3.2. Technical and Usage Data
We collect certain technical information and usage data automatically when you visit our website, interact with
our online services, or use our applications. This data helps us improve the performance, security, and user
experience of our services.


We use cookies and similar technologies in compliance with the ePrivacy Directive and other applicable
regulations. Users can manage their cookie preferences through their browser settings or our cookie consent
management tool.


3.3. Financial and Transactional Data (if applicable)
In certain circumstances, particularly when processing payments, donations, or membership fees, we may
collect financial and transactional data. This data is processed securely and in compliance with applicable
financial regulations, including PCI DSS standards for payment card data. We do not store payment card
information on our servers. All financial data is processed by secure, PCI-compliant third-party payment
processors.


3.4. Sensitive Personal Data (if applicable under local laws)
In some jurisdictions, data protection laws recognize certain types of personal data as “Sensitive Personal
Data” (also known as “special categories of personal data” under GDPR). WIBCF will only collect and
process sensitive data where it is strictly necessary and with your explicit consent, unless otherwise permitted
or required by law. Sensitive personal data is handled with the highest level of security and confidentiality, in
accordance with Article 9 of the GDPR and other relevant data protection laws.


3.5. Data from Third Parties
WIBCF may receive personal data about you from third-party sources, including but not limited to:
a. Affiliates and Partner Organizations.
b. Publicly Available Sources/
c. Social Media Platforms.
d. Third-Party Data Providers.
e. Payment Processors.
Third-Party Data Compliance:
All data obtained from third parties is processed in accordance with applicable data protection laws. We ensure
that such third parties have lawful grounds for sharing your personal data with us.


3.6. Anonymized and Aggregated Data
In addition to personal data, WIBCF may collect, process, and use anonymized or aggregated data that does
not directly or indirectly identify you. This data is used for statistical analysis, research, and improving our
services.
Such data is not considered “Personal Data” under data protection laws, as it cannot be used to identify an
individual.
WIBCF is committed to transparency in data collection and adheres to the principle of data minimization,
ensuring that we only collect personal data that is necessary for the purposes outlined in this Privacy Policy.


4. Methods of Data Collection
This section outlines the methods by which WIBCF collects personal data, whether directly from you, automatically
through technology, or from third-party sources.


4.1. Direct Collection
WIBCF collects personal data directly from you when you voluntarily provide it while interacting with our
services, websites, platforms, or representatives. This method ensures that you have control over the
information you choose to share with us and allows for transparency in how your data is collected.


4.2. Automated Collection
WIBCF also collects certain data automatically when you interact with our websites, platforms, or online
services. This data helps us improve the performance, functionality, and security of our platforms and ensures a
better user experience.


4.3. Third-Party Sources
WIBCF may collect personal data about you from trusted third-party sources in accordance with applicable laws
and with appropriate safeguards in place. We only obtain data from third parties who have a lawful basis to
share such information with us.


4.4. Legal Basis for Data Collection:
In accordance with data protection laws inter alia GDPR, CCPA, and UAE Data Protection Laws, WIBCF
ensures that personal data is collected based on lawful grounds, including:
a. Consent: When you voluntarily provide data or agree to cookies and tracking technologies.
b. Contractual Necessity: To fulfil agreements, such as event registrations or memberships.
c. Legitimate Interests: For purposes such as improving user experience or analysing website usage, while
ensuring that your rights and freedoms are not overridden.
d. Legal Obligations: To comply with applicable legal and regulatory requirements.


4.5. User Rights and Transparency:
WIBCF is committed to transparency in data collection practices. You have the right to know what data we
collect, how we use it, and with whom it is shared. You may exercise your rights under applicable laws to
access, rectify, or delete personal data collected through any of the methods outlined above. For more
information on how to exercise your rights, please refer to the User Rights section of this Privacy Policy.


4.6. Transparency and User Control:
WIBCF is committed to transparency regarding the legal bases for data processing. You have the right to
request information about the specific legal basis that applies to your personal data at any time. To exercise
your rights or request further information, please contact us at privacy@wibcf.com.
This legal framework ensures that WIBCF’s data processing practices are fully compliant with international and
local regulations, safeguarding your privacy rights while enabling us to provide high-quality services and fulfil
our organizational objectives.


5. Purpose of Data Processing
This section outlines the specific purposes for which WIBCF collects, uses, and processes personal data. We
ensure that personal data is only processed for clear, legitimate purposes and is not used in a manner
incompatible with these stated objectives.


5.1. Service Delivery and Account Management
We process personal data to provide, maintain, and improve our services, ensuring seamless and secure user
experiences. This includes the management of user accounts, memberships, and access to WIBCF’s platforms
and services.


5.2. Communication and Customer Support
We process personal data to communicate with you and provide support related to our services, events, and
community initiatives. Effective communication is essential for resolving issues, responding to inquiries, and
maintaining a positive relationship with our users and members.


5.3. Marketing and Promotional Activities
We may use your personal data for marketing purposes, including the promotion of WIBCF events, services,
partnerships, and initiatives. Our marketing practices are designed to be transparent and compliant with data
protection laws, ensuring that your privacy choices are respected.


5.4. Analytics and Performance Monitoring
To improve our services, optimize user experience, and ensure the effectiveness of our platforms, WIBCF
collects and processes data for analytical and performance monitoring purposes. This helps us understand how
users interact with our services and allows us to make data-driven improvements.


5.5. Legal and Regulatory Compliance
WIBCF processes personal data to comply with legal obligations, regulatory requirements, and internal
governance standards. We are committed to adhering to international and local laws applicable to data
protection, corporate governance, taxation, and other relevant areas.


5.6. Fraud Prevention and Security
WIBCF takes data security seriously and processes personal data to protect its platforms, users, and services
from unauthorized access, fraudulent activities, and security breaches. We implement technical and
organizational measures to safeguard personal data in accordance with best practices and legal standards.


5.7. Data Minimization and Purpose Limitation
WIBCF follows the principles of data minimization and purpose limitation, ensuring that we only collect and
process personal data that is necessary for the specific purposes outlined above. We do not process personal
data for purposes that are incompatible with the original purpose without obtaining additional consent or
ensuring a lawful basis for such processing.


5.8. Changes to the Purpose of Processing
If WIBCF intends to use personal data for a new purpose that is not covered by this Privacy Policy, we will:
a. Notify you in advance.
b. Explain the new purpose and the legal basis for processing.
c. Obtain your consent where required by applicable laws.
By clearly outlining the purposes for which personal data is processed, WIBCF ensures compliance with
international data protection laws and maintains transparency with users regarding how their information is
used. If you have any questions or wish to exercise your rights regarding the processing of your personal data,
please contact us at privacy@wibcf.com.


6. Data Sharing and Disclosure
This section outlines the circumstances under which WIBCF may share or disclose personal data and the
safeguards in place to protect your privacy during such transfers.


6.1. Internal Data Sharing
To ensure efficient service delivery and organizational operations, WIBCF may share personal data internally
among its authorized personnel and departments. Access to personal data is strictly limited to employees,
contractors, and volunteers who require the information to fulfil their job responsibilities and who are bound by
confidentiality obligations.


Examples of Internal Data Sharing:
a. Sharing user data between departments such as membership services, event coordination, marketing,
legal, and IT for service delivery and support.
b. Access by administrative personnel for account management, billing, and customer support purposes.
c. Sharing personal data within WIBCF’s leadership team to analyse service performance and strategic
decision-making.
Safeguards for Internal Sharing:
a. Role-based access controls ensure that only authorized individuals can access specific data.
b. Internal data sharing is governed by strict confidentiality agreements and policies to protect your privacy.
c. Regular training is provided to all WIBCF personnel on data protection principles and responsibilities.
Safeguards for Third-Party Processing:
a. All third-party providers are subject to Data Processing Agreements (DPAs) to ensure compliance with
applicable data protection regulations.
b. Providers are prohibited from using personal data for purposes beyond those specified in our contracts.
c. Security audits and assessments are conducted to ensure that third-party providers adhere to appropriate
data protection standards.


6.2. Affiliates and Business Partners
WIBCF may collaborate with affiliates, strategic partners, and business associates to expand our services,
organize events, and promote shared initiatives. In these cases, limited personal data may be shared when
necessary for specific purposes, such as joint event coordination or co-branded marketing activities.
Your Rights and Control:
a. Personal data will only be shared with affiliates and partners when there is a legitimate
interest, contractual necessity, or your explicit consent (where required by law).
b. You can opt-out of marketing or promotional communications involving third-party partners by contacting
us at privacy@wibcf.com.


6.3. Legal and Regulatory Authorities
WIBCF may disclose personal data to public authorities, regulatory agencies, or law enforcement bodies when
legally required or where there is a legitimate need to protect the rights and interests of WIBCF, its members, or
the public.
Safeguards for Legal Disclosures:
a. Disclosures will be made only to the extent required by law and will be limited to the specific information
requested.
b. Where legally permissible, WIBCF will notify affected individuals prior to such disclosures.


6.4. Data Transfers to Third Countries
As a global organization, WIBCF may transfer personal data across borders to jurisdictions outside
the European Economic Area (EEA) or other regions with comprehensive data protection laws. These
transfers are conducted in compliance with applicable laws to ensure the continued protection of your personal
data.


6.5. Public Disclosures (if applicable)
WIBCF does not publicly disclose personal data without explicit consent. However, certain information may be
published or made available in specific contexts where it aligns with our mission, services, or community
engagement initiatives.
Safeguards for Public Disclosures:
a. Public disclosures will only occur with your explicit consent, which can be withdrawn at any time.
b. Sensitive personal data will never be publicly disclosed without a clear and specific legal basis or your
express permission.


6.6. General Safeguards for Data Sharing and Disclosure
WIBCF ensures that all data sharing and disclosure activities adhere to the following principles:
a. Data Minimization: We only share the minimum amount of personal data necessary for the intended
purpose.
b. Purpose Limitation: Data is shared exclusively for purposes compatible with those outlined in this
Privacy Policy.
c. Security Measures: Appropriate technical and organizational measures are implemented to protect data
during transfer and while in the possession of third parties.
d. Accountability: All recipients of personal data are contractually obligated to handle it in compliance with
applicable data protection laws and WIBCF’s policies.


6.7. Exercising Your Rights and Additional Information
You have the right to request details about how your personal data has been shared, including information
about recipients and safeguards in place. To exercise your rights or obtain further information about data
sharing and disclosures, please contact us at privacy@wibcf.com.
By outlining our data sharing and disclosure practices, WIBCF aims to maintain transparency and ensure that
your personal data is handled securely, ethically, and in compliance with all relevant legal requirements.


7. International Data Transfers
This section explains how WIBCF ensures that all international data transfers comply with applicable data
protection laws and outlines the safeguards in place to protect your personal data during such transfers. We are
committed to maintaining the privacy, security, and integrity of your personal data in accordance with global data
protection standards and applicable data protection regulations.


7.1. Jurisdictions Involved
Given our global reach, WIBCF may transfer your personal data across other jurisdictions with comprehensive
data protection laws. These transfers are made to facilitate service delivery, internal operations, partnerships,
and other legitimate organizational purposes.


7.2. Safeguards Implemented
To ensure that your personal data receives an adequate level of protection when transferred internationally,
WIBCF implements a range of legal, technical, and organizational safeguards. These safeguards are designed
to comply with the requirements of data protection laws such as the GDPR, UK GDPR, UAE Data Protection
Law, and others.
I. Legal Mechanisms for Data Transfers
When transferring personal data to countries outside the EEA, UK, or other jurisdictions with adequate data
protection standards, WIBCF relies on one or more of the following legal mechanisms:
a. Adequacy Decisions: Transfers may be made to countries deemed by the European Commission, UK
Information Commissioner’s Office (ICO), or other relevant authorities to provide an adequate level of
data protection (e.g., countries under GDPR adequacy decisions).
b. Standard Contractual Clauses (SCCs): In the absence of an adequacy decision, WIBCF
employs European Commission-approved SCCs or UK International Data Transfer Agreements
(IDTAs) to govern data transfers. These contractual clauses ensure that recipients of personal data
outside the EEA/UK commit to upholding data protection standards equivalent to GDPR requirements.
c. Binding Corporate Rules (BCRs): Where applicable, WIBCF may adopt BCRs to facilitate intraorganizational
data transfers across jurisdictions, ensuring a consistent level of data protection within the
organization.
d. Data Transfer Impact Assessments (DTIAs): WIBCF conducts DTIAs to assess and document potential
risks associated with specific international data transfers and to implement supplementary measures as
needed.
II. Technical and Organizational Safeguards
In addition to legal mechanisms, WIBCF implements technical and organizational measures to safeguard your
personal data during international transfers:
a. Encryption: Personal data is encrypted during transit and at rest using industry-standard encryption
protocols (e.g., SSL/TLS, AES-256) to prevent unauthorized access.
b. Access Controls: Strict role-based access controls limit data access to authorized personnel only, based
on the principle of least privilege.
c. Anonymization and Pseudonymization: Where feasible, data is anonymized or pseudonymized before
transfer to minimize privacy risks.
d. Data Minimization: We ensure that only the minimum amount of personal data necessary for the
intended purpose is transferred.
e. Audit and Monitoring: Regular audits and monitoring of data transfer activities are conducted to ensure
compliance with internal policies and legal requirements.


7.3. User Rights Regarding Cross-Border Transfers
WIBCF respects your rights concerning international data transfers and is committed to ensuring that you
maintain control over your personal data, regardless of where it is processed or stored.
Your Rights Include:
a. Right to Information: You have the right to be informed about whether your personal data will be
transferred to a third country or an international organization, and the safeguards in place to protect your
data.
b. Right to Access: You may request confirmation as to whether your data has been transferred
internationally and obtain a copy of the specific safeguards (e.g., SCCs) that govern such transfers.
c. Right to Object: In certain circumstances, you may object to the transfer of your personal data to a third
country, especially where such transfers are based on legitimate interests rather than legal obligations or
consent.
d. Right to Withdraw Consent: Where data transfers are based on your explicit consent, you have the right
to withdraw that consent at any time without affecting the lawfulness of processing prior to the withdrawal.
e. Right to Lodge a Complaint: If you believe that your personal data has not been handled in accordance
with applicable data protection laws, you have the right to lodge a complaint with your local Data
Protection Authority (DPA) or the relevant authority in the jurisdiction where WIBCF operates.


7.4. Updates to International Data Transfer Practices
WIBCF continuously monitors developments in global data protection laws and will update this section of the
Privacy Policy as necessary to reflect changes in legal requirements, data transfer mechanisms, or
organizational practices.
We will notify you of any significant changes that may affect your data rights or the security of your personal
data, and, where required by law, seek your consent before implementing such changes.


8. Data Retention and Storage
This section outlines how WIBCF retains and stores personal data, the timeframes for retaining specific types of
data, and the secure practices employed for data deletion or anonymization after the retention period has expired.


8.1. Retention Periods for Different Data Types
WIBCF retains personal data only for as long as necessary to fulfill the purposes for which it was collected,
including compliance with legal, regulatory, contractual, and operational obligations. The specific retention
periods vary based on the type of personal data and the applicable legal or business requirements. Retention
periods may be extended where necessary for the establishment, exercise, or defense of legal claims or to
comply with specific regulatory obligations.


8.2. Criteria for Determining Retention Periods
WIBCF follows a data minimization principle, ensuring that personal data is not retained longer than
necessary. The determination of appropriate retention periods for personal data is based on several key criteria:
a. Purpose of Collection: The primary factor is the original purpose for which the data was collected. Data
is retained only as long as necessary to fulfill these purposes (e.g., service delivery, communication, legal
compliance).
b. Legal and Regulatory Obligations: Certain laws and regulations impose minimum retention periods for
specific types of data. For example, financial and tax records are typically retained for 7 years to comply
with tax and accounting regulations.
c. Contractual Requirements: Data may be retained as long as necessary to fulfill contractual obligations
with users, partners, or service providers.
d. Consent and User Preferences: Where data is processed based on user consent (e.g., for marketing
communications), it is retained until the user withdraws consent or after a reasonable period of inactivity
(e.g., 2 years).
e. Legitimate Interests: WIBCF may retain certain data to serve its legitimate interests, such as improving
services, fraud prevention, or legal defense, provided that such interests do not override the rights and
freedoms of data subjects.
f. Risk Management and Legal Claims: Data may be retained for longer periods to protect against
potential legal claims or disputes, in accordance with applicable statutes of limitations.
g. Anonymization Potential: Where possible, data may be anonymized for research, analysis, or statistical
purposes, allowing for longer retention without privacy risks.


8.3. Secure Deletion and Anonymization Practices
Once the applicable retention period expires, or the data is no longer required for the purposes for which it was
collected, WIBCF ensures that personal data is securely deleted or anonymized in accordance with legal
obligations and industry best practices.
I. Secure Deletion
WIBCF employs technical and organizational measures to securely delete or destroy personal data to prevent
unauthorized access or data breaches.
Secure Deletion Practices Include:
a. Data Wiping: Secure overwriting of data on servers, databases, and storage devices to ensure complete
erasure.
b. Physical Destruction: Shredding of physical documents or media (e.g., hard drives, USBs) containing
personal data.
c. Automated Deletion Protocols: Implementation of automated workflows to trigger data deletion based
on predefined retention schedules.
d. Third-Party Deletion Certifications: Ensuring that third-party service providers handling data deletion
provide certifications or evidence of secure data destruction.
II. Anonymization and Pseudonymization
In cases where data may be retained for analytical or research purposes beyond the retention period, WIBCF
may anonymize or pseudonymize personal data to minimize privacy risks.
a. Anonymization: Data is irreversibly altered so that it can no longer be associated with an identifiable
individual. Anonymized data is no longer considered personal data under data protection laws and may be
retained indefinitely.
b. Pseudonymization: Identifiable elements are replaced with unique identifiers, allowing for reduced
privacy risks while still enabling data analysis. Pseudonymized data remains subject to data protection
regulations.
III. Exceptions to Deletion
WIBCF may retain personal data beyond the established retention periods in specific circumstances,
including:
a. Legal Obligations: When required by law, regulation, or legal process.
b. Legal Claims: For the establishment, exercise, or defence of legal claims.
c. Public Interest: For archiving purposes in the public interest, scientific or historical research, or statistical
purposes, in accordance with GDPR Article 89.


8.4. User Rights Regarding Data Retention and Deletion
WIBCF respects your rights concerning the retention and deletion of your personal data. Under applicable data
protection laws, you have the following rights:
a. Right to Access: Request information about the data we hold about you and how long it will be retained.
b. Right to Rectification: Request corrections to any inaccurate or incomplete personal data.
c. Right to Erasure (“Right to be Forgotten”): Request the deletion of your personal data when it is no
longer necessary for its intended purpose, or if you withdraw consent (where consent is the legal basis for
processing).
d. Right to Object: Object to the retention or continued processing of your personal data based on
legitimate interests.
e. Right to Restrict Processing: Request restrictions on data processing during the review of a correction
or deletion request.
We will respond to your request within the timeframes mandated by applicable data protection laws (typically
within 30 days) and may require identity verification before processing your request.


8.5. Updates to Data Retention and Storage Practices
WIBCF regularly reviews and updates its data retention and storage practices to ensure compliance with
evolving legal requirements and industry standards. We will inform users of any significant changes to these
practices through updates to this Privacy Policy.
By maintaining strict data retention and storage protocols, WIBCF ensures that your personal data is handled
responsibly, securely, and in compliance with applicable legal and regulatory requirements.


9. Data Security Measures
This section outlines the security measures implemented by WIBCF, our procedures for handling data breaches,
and user responsibilities in maintaining the security of their personal data.


9.1. Technical and Organizational Security Measures
WIBCF implements comprehensive Technical and Organizational Measures (TOMs) to ensure the highest
level of protection for your personal data. These measures are designed to prevent unauthorized access,
accidental loss, or unlawful processing, taking into account the nature of the data, the risks involved, and
technological advancements.
I. Technical Security Measures
a. Encryption: All personal data is encrypted both in transit and at rest using industry-standard encryption
protocols (e.g., SSL/TLS, AES-256), ensuring data cannot be read or modified during transmission or
storage without authorization.
b. Access Controls:
i. Role-Based Access Control (RBAC): Access to personal data is limited based on the principle
of least privilege, ensuring only authorized personnel can access specific data sets.
ii. Multi-Factor Authentication (MFA): MFA is required for all users and administrators accessing
sensitive data or systems.
c. Network and Infrastructure Security:
i. Firewalls and Intrusion Detection and Prevention Systems (IDPS) are employed to safeguard
network perimeters against unauthorized access and malicious activities.
ii. Regular Security Patching and Updates: All systems and software are regularly updated to address
known vulnerabilities and security flaws.
d. Data Backup and Recovery: Regular automated backups are performed to ensure data can be
recovered in case of accidental loss, corruption, or system failure. Backup data is encrypted and stored in
geographically diverse, secure data centers with robust disaster recovery protocols.
e. Secure Software Development: WIBCF follows Secure Development Lifecycle (SDL) practices,
including code reviews, vulnerability testing, and static/dynamic code analysis to minimize security risks in
software and platform development.
II. Organizational Security Measures
a. Data Protection Policies: WIBCF maintains comprehensive data protection policies that outline protocols
for data handling, storage, and security, ensuring compliance with applicable laws.
b. Employee Training and Awareness: Regular data protection and cybersecurity training sessions are
provided to all employees, contractors, and stakeholders to foster awareness and adherence to security
best practices. Employees handling personal data are required to sign confidentiality agreements and
undergo specialized privacy and security training.
c. Vendor and Third-Party Risk Management: All third-party service providers that process personal data
on WIBCF’s behalf undergo rigorous security assessments and are bound by Data Processing
Agreements (DPAs) to ensure compliance with security and privacy standards.
d. Physical Security: Physical access to WIBCF’s offices, data centers, and storage facilities is strictly
controlled and monitored using security measures such as keycard access, surveillance cameras, and
security personnel.
e. Data Minimization and Retention Policies: Personal data is retained only for as long as necessary to
fulfil its intended purposes, in line with our Data Retention and Storage provisions, and is securely deleted
or anonymized thereafter.


9.2. User Responsibilities for Security
While WIBCF employs stringent security measures, the protection of personal data is a shared responsibility.
Users are encouraged to adopt safe practices to help safeguard their data and ensure the integrity of WIBCF’s
platforms and services.
I. Account Security
a. Strong Passwords: Users should create strong, unique passwords that combine upper- and lowercase
letters, numbers, and special characters.
b. Password Confidentiality: Do not share your passwords with others.
c. Two-Factor Authentication (2FA): Enable 2FA where available to add an extra layer of security to your
accounts.
d. Regular Updates: Update your password regularly and immediately change it if you suspect
unauthorized access.
II. Safe Usage Practices
a. Phishing Awareness: Be cautious of unsolicited emails, messages, or phone calls requesting personal
information or login credentials. WIBCF will never ask for your password or sensitive information via
email.
b. Secure Connections: Always use secure and trusted networks when accessing WIBCF’s platforms.
Avoid using public Wi-Fi networks without a VPN when accessing sensitive information.
c. Software and Device Security: Keep your devices and software up to date with the latest security
patches and antivirus protection. Use firewalls and anti-malware tools to protect against unauthorized
access and malicious attacks.
III. Reporting Security Concerns
a. Suspicious Activity: If you notice any suspicious activity related to your WIBCF account or suspect a
potential security issue, report it immediately to us.
b. Phishing and Fraud Alerts: Report any phishing attempts or fraudulent communications claiming to be
from WIBCF to our security team at the same contact details above.


9.3. Continuous Improvement and Security Audits
WIBCF is committed to continuous improvement in its data security practices and regularly reviews and
updates its technical and organizational measures to align with evolving security standards, industry best
practices, and legal requirements.
a. Regular Security Audits: Independent security audits and vulnerability assessments are conducted
periodically to evaluate and strengthen WIBCF’s data protection measures.
b. Penetration Testing: Penetration tests are performed on WIBCF’s platforms and systems to identify and
remediate security vulnerabilities before they can be exploited.
c. Compliance Monitoring: WIBCF ensures ongoing compliance with international data protection laws and
maintains detailed records of all security-related incidents and actions.
By implementing these comprehensive data security measures and fostering a culture of privacy and security
awareness, WIBCF is dedicated to protecting your personal data and maintaining the trust and confidence of
our community. If you have any questions about our data security practices, please contact us
at privacy@wibcf.com.


10. User Rights Under Applicable Laws
This section outlines the rights you have regarding your personal data, how you can exercise these rights, and the
processes we have in place to ensure that your requests are addressed in a timely and lawful manner.


10.1. Right to Access
Under Article 15 of the GDPR and equivalent provisions in other data protection laws, you have the right to
access the personal data that WIBCF holds about you.
What This Means:
a. You can request confirmation as to whether or not your personal data is being processed.
b. You are entitled to receive a copy of your personal data along with details regarding:
i. The categories of personal data processed.
ii. The purposes of the processing.
iii. The recipients or categories of recipients to whom your data has been disclosed.
iv. The retention period or the criteria used to determine that period.
v. Your rights regarding rectification, erasure, or restriction of processing.
vi. Information about data transfers to third countries and the safeguards in place.


10.2. Right to Rectification
Under Article 16 of the GDPR and similar laws, you have the right to rectification if any of the personal data
we hold about you is inaccurate or incomplete.
What This Means:
a. You can request that we correct any inaccuracies in your personal data.
b. You can also provide supplementary information to complete any incomplete data.


10.3. Right to Erasure (Right to be Forgotten)
Under Article 17 of the GDPR, CCPA, and other privacy regulations, you have the right to erasure of your
personal data in certain circumstances.
When You Can Request Erasure:
a. When your personal data is no longer necessary for the purposes for which it was collected.
b. When you withdraw your consent (where processing is based on consent) and there is no other legal
basis for processing.
c. When you object to processing based on legitimate interests, and no overriding legitimate grounds exist.
d. When your personal data has been unlawfully processed.
e. When deletion is required to comply with a legal obligation.
Exemptions to Erasure:
a. Data necessary for compliance with legal obligations (e.g., tax or accounting records).
b. Data required for the establishment, exercise, or defense of legal claims.
c. Data processed for public interest, research, or statistical purposes under certain conditions.


10.4. Right to Restriction of Processing
Under Article 18 of the GDPR, you have the right to restrict the processing of your personal data in specific
circumstances.
When You Can Request Restriction:
a. If you contest the accuracy of your personal data, we will restrict processing while verifying its accuracy.
b. If the processing is unlawful, but you prefer restriction over erasure.
c. If we no longer need the data, but you require it to establish, exercise, or defend legal claims.
d. If you have objected to processing based on legitimate interests, pending verification of overriding
grounds.
Effects of Restriction: Your data will be stored but not further processed without your consent, except for legal
claims or public interest purposes.


10.5. Right to Data Portability
Under Article 20 of the GDPR, you have the right to data portability, enabling you to receive your personal
data in a structured, commonly used, and machine-readable format.
What This Means:
a. You can request a copy of your personal data to transfer it to another controller.
b. This applies when:
i. Processing is based on consent or a contract.
ii. Processing is carried out by automated means.


10.6. Right to Object
Under Article 21 of the GDPR and other laws, you have the right to object to the processing of your personal
data in certain situations.
When You Can Object:
a. Processing based on legitimate interests: You can object if your personal situation justifies it, unless
we have compelling legitimate grounds to continue processing.
b. Direct marketing purposes: You can object to marketing communications at any time, including profiling
related to marketing.
c. Processing for research or statistical purposes: Unless processing is necessary for public interest.


10.7. Rights Related to Automated Decision Making and Profiling
Under Article 22 of the GDPR, you have rights concerning automated decision-making, including profiling,
which may significantly affect you.
Your Rights Include:
a. The right not to be subject to decisions based solely on automated processing, including profiling, that
produce legal or similarly significant effects.
b. The right to request human intervention in automated decisions.
c. The right to express your point of view and contest decisions.
When Automated Decisions May Apply: Credit checks, profiling for marketing, or eligibility assessments, if
applicable. The exemptions to this are automated decisions necessary for a contract, authorized by law, or
based on explicit consent.


10.8. Verification and Identity Confirmation
To protect your personal data and comply with legal requirements, WIBCF must verify your identity before
processing certain rights requests.
Verification Methods May Include:
a. Email Verification: A confirmation link sent to your registered email address.
b. Document Verification: A request for official identification (e.g., passport, driver’s license) for sensitive or
high-risk data requests.
c. Knowledge-Based Authentication: Security questions or account-related verification.
Denial of Requests:
Requests may be denied if:
a. Identity verification fails.
b. The request is manifestly unfounded or excessive.
c. Legal exemptions apply.
By respecting and facilitating your privacy rights, WIBCF ensures transparency, fairness, and accountability in
all data processing activities. If you have questions about your rights or need assistance in submitting a request,
please contact us at privacy@wibcf.com.


11. Consent and Choice
This section outlines how WIBCF obtains, manages, and respects your choices regarding consent, how you can
withdraw consent at any time, and the options available for managing preferences and opting out of specific data
processing activities.


11.1. Obtaining and Withdrawing Consent
IV. Obtaining Consent
WIBCF seeks your explicit, freely given, specific, informed, before collecting or processing before
collecting or processing your personal data in situations where consent is required by law. Consent is
requested in a manner that ensures clarity and allows you to make an informed choice.
When We Obtain Consent:
a. When collecting personal identification data for marketing, newsletters, or promotional activities.
b. Before processing sensitive personal data (e.g., religious beliefs, health information) where required,
especially when ensuring Shariah compliance in blockchain projects.
c. When using non-essential cookies or similar tracking technologies (e.g., for analytics, personalized
content) on our website.
d. Prior to sharing your data with third parties (e.g., affiliates, business partners, Shariah advisory boards)
for purposes beyond core service delivery.
e. When using personal data for automated decision-making or profiling that could significantly affect
you.


How Consent is Collected:
a. Electronic Forms: Through checkboxes or toggle buttons on registration forms, subscription pages, or
event sign-up sheets.
b. Cookie Consent Banners: Clear banners on our website explaining the use of cookies and tracking
technologies, with options to accept, reject, or customize preferences.
c. Written or Verbal Agreements: For offline events or services, consent may be obtained through written
forms or verbal confirmation (e.g., recorded calls, event registration desks).


Key Principles of Consent:
a. Granularity: Separate consent is sought for different data processing activities, ensuring users can
choose specific preferences.
b. No Pre-Ticked Boxes: Consent forms never include pre-selected options; users must actively choose to
consent.
c. Right to Refuse: You can refuse consent without experiencing any detriment to your ability to access
essential services.
Withdrawing Consent
You have the right to withdraw your consent at any time, without affecting the lawfulness of any processing
that occurred prior to the withdrawal. WIBCF makes it simple for you to revoke consent for any data
processing activity you have previously agreed to.


How to Withdraw Consent:
a. Email Request: Contact us at privacy@wibcf.com with the subject line “Consent Withdrawal – [Your
Name].”
b. Unsubscribe Links: Use the “unsubscribe” or “opt-out” link provided in marketing emails or newsletters.
c. User Account Settings: Log in to your user account and navigate to the privacy settings to adjust or
revoke consents.
d. Cookie Settings: Access our Cookie Consent Manager to withdraw consent for non-essential cookies
and tracking technologies.
e. Verbal or Written Requests: At WIBCF events or in direct interactions, you may verbally or in writing
inform staff of your desire to withdraw consent.
Effect of Withdrawing Consent:
a. Upon withdrawal, WIBCF will cease processing the relevant data for the specific purposes for which
consent was given.
b. In cases where consent withdrawal affects service delivery (e.g., opting out of essential notifications), we
will inform you of potential limitations or impacts.
c. Where feasible, data previously collected based on consent will be deleted or anonymized.


11.2. Opt-Out Mechanisms
WIBCF respects your right to opt out of certain data processing activities, particularly those related to
marketing, profiling, and non-essential data sharing.


11.3. Commitment to Informed Choice
At WIBCF, we prioritize transparency and ethical data practices, ensuring that your choices
are respected and honoured in accordance with Islamic principles and global privacy laws. We will never use
deceptive practices or “dark patterns” to obtain or retain your consent and will always provide you with the tools
necessary to make informed decisions about your data.


12. Minors and Data Collection
This section outlines WIBCF’s policies and practices regarding the collection, use, and protection of personal data
from minors, including parental consent requirements and adherence to special provisions under relevant
laws.


12.1. Policy on Collecting Data from Minors
WIBCF’s platforms, services, and offerings are generally not directed at minors under the age of 16 (or as
defined by local laws) unless explicitly stated otherwise (e.g., educational initiatives or workshops designed for
youth).
I. Age Thresholds for Data Collection:
a. European Union (GDPR): The default minimum age for valid consent is 16 years. Member states may
set this threshold as low as 13 years.
b. United States (COPPA): For children under the age of 13, verifiable parental consent is required before
collecting personal data.
c. United Arab Emirates (UAE): The minimum age for providing lawful consent is 18, unless otherwise
stipulated.
d. Other Jurisdictions: We comply with local legal requirements regarding the age of consent in the
jurisdictions where we operate.
II. Data Collection Practices for Minors:
a. No Intentional Collection Without Consent: WIBCF does not knowingly collect personal data from
minors below the applicable age threshold without obtaining verifiable parental or guardian consent.
b. Age Verification Measures: Where necessary, we implement age verification mechanisms (e.g., selfdeclaration,
technical controls) to ensure compliance with age-related data protection requirements.
c. Limited Data Collection: In cases where minors participate in WIBCF activities (e.g., educational
programs, workshops), we only collect essential information required for participation and ensure that
data is processed with heightened security and privacy safeguards.
III. If You Are a Minor:
a. If you are below the age of consent in your jurisdiction, please do not provide any personal data to
WIBCF without the involvement and permission of your parent or legal guardian.
b. If WIBCF becomes aware that personal data has been collected from a minor without appropriate
consent, we will take immediate steps to delete the data and, where feasible, notify the parent or
guardian.


12.2. Parental Consent Requirements
WIBCF adheres to strict parental consent requirements for the collection, use, and disclosure of personal data
from minors, as mandated by global data protection regulations.


12.3. Educational Programs and Shariah-Compliant Considerations
WIBCF may offer educational initiatives, workshops, or seminars tailored to minors interested
in blockchain and Islamic finance. In such cases, we ensure:
a. Shariah-compliant data collection and usage, respecting the ethical and cultural principles of Islamic law.
b. Parental consent is obtained for minors’ participation, with full transparency on how personal data is
processed.
c. Privacy notices for minors are written in clear and simple language to facilitate understanding.


By strictly adhering to these practices, WIBCF ensures the protection, privacy, and security of minors’ personal
data, in line with international legal standards and ethical principles, including Shariah
compliance considerations.


13. Marketing and Communication Preferences
Our marketing efforts are designed to align with ethical standards, including Shariah-compliant principles,
ensuring that our communications are respectful, purposeful, and provide value to our community.
Direct Marketing Practices
WIBCF engages in direct marketing to keep you informed about our latest initiatives, events, services,
educational programs, and other updates related to blockchain technology, Islamic finance, and Shariahcompliant
solutions. We are committed to conducting all marketing activities in compliance with legal standards
and your expressed preferences.


13.1. Types of Marketing Communications:
a. Email Newsletters: Regular updates about WIBCF events, conferences, educational content, industry
news, and community initiatives.
b. Promotional Emails: Information on upcoming webinars, workshops, or new service offerings.
c. Event Invitations: Exclusive invitations to WIBCF-hosted or partnered events, including Shariahcompliant
blockchain seminars, training programs, and networking opportunities.
d. Surveys and Feedback Requests: Occasional invitations to participate in surveys, polls, or feedback
initiatives to help us improve our services.
e. Partnership Announcements: Notifications regarding collaborations with strategic partners, affiliates,
and Shariah advisory boards.


13.2. Legal Basis for Direct Marketing:
a. Consent (GDPR Article 6(1)(a)): We will obtain your explicit consent before sending any marketing
communications, especially to users based in jurisdictions like the EEA, UK, and UAE, where consent is
required.
b. Legitimate Interests (GDPR Article 6(1)(f)): In certain jurisdictions, we may rely on our legitimate
interests to send marketing communications to existing customers or members, provided such
communications relate to similar services and you have not opted out.
c. CCPA/ CPRA Compliance: For California residents, we comply with the CCPA/CPRA by providing clear
opt-out options and respecting user preferences regarding marketing communications.


13.3. Ethical and Shariah-Compliant Marketing:
We ensure that all marketing content adheres to ethical guidelines and respects Islamic values. No marketing
materials will promote products, services, or content that conflicts with Shariah principles (e.g., interest-based
financial products, gambling-related content, or unethical blockchain projects).


14. Data Breach and Incident Response
We are committed to managing data breaches responsibly, ethically, and in line with legal requirements while
ensuring the protection of individual rights and adhering to Shariah-compliant principles.


14.1. Procedures for Handling Data Breaches
WIBCF has established a Data Breach and Incident Response Plan that ensures a swift, organized, and
effective approach to managing data breaches. Our procedures focus on minimizing harm, containing the
breach, and preventing future incidents.
I. Definition of a Data Breach:
A personal data breach refers to any incident leading to the accidental or unlawful destruction, loss,
alteration, unauthorized disclosure of, or access to personal data, whether through internal or external
causes. This includes, but is not limited to:
a. Unauthorized access by hackers or malicious insiders.
b. Accidental loss or deletion of data.
c. Data leaks due to system vulnerabilities.
d. Theft or misplacement of physical devices containing personal data.
e. Ransomware or malware attacks leading to data exposure.


II. Incident Detection and Reporting:
a. Real-Time Monitoring: WIBCF employs intrusion detection systems (IDS), firewalls, and continuous
monitoring tools to detect and alert security teams of suspicious activities.
b. Employee Awareness: All employees, contractors, and partners are trained to recognize and report
potential data breaches immediately to the Data Protection Officer (DPO) or the Incident Response
Team (IRT).
c. Reporting Mechanism: Internal stakeholders can report incidents through a dedicated Incident
Reporting Portalor by contacting the DPO directly.


III. Incident Response Steps:
Once a breach is identified, WIBCF follows a structured response plan:
a. Containment: Immediate action is taken to stop further unauthorized access or data loss. This may
include disconnecting affected systems, revoking credentials, or disabling compromised accounts.
b. Assessment:
i. The Incident Response Team (IRT) assesses the scope, nature, and impact of the breach.
ii. Key factors considered include the type of data involved, the number of individuals affected, potential
consequences, and whether sensitive or Shariah-compliant data was compromised.
c. Remediation:
i. Technical fixes are applied to resolve vulnerabilities.
ii. Systems are restored using secure backups where necessary.
iii. Affected security controls are strengthened to prevent future incidents.
d. Documentation:
i. A Data Breach Report is prepared, detailing the breach timeline, causes, actions taken, and lessons
learned.
ii. This documentation is maintained in compliance with GDPR Article 33(5) and similar regulatory
requirements.
IV. Post-Incident Review and Improvements:
Following incident resolution, WIBCF conducts a post-incident review to:
a. Analyse root causes.
b. Assess the effectiveness of the response.
c. Implement new security measures and update policies as needed.
d. Provide additional training to employees if the breach was caused by human error.


14.2. User Notification Protocols
In line with global data protection laws, WIBCF has established clear protocols for notifying affected users
promptly and transparently in the event of a personal data breach that may pose a risk to their rights and
freedoms.


14.3. Contacting Authorities
WIBCF is legally obligated to report certain data breaches to regulatory authorities and will do so in full
compliance with applicable data protection laws.


14.4. User Responsibilities and Best Practices
While WIBCF implements rigorous security measures, users also play a crucial role in protecting their data. We
encourage users to:
a. Use Strong Passwords: Create complex passwords and change them regularly.
b. Enable Two-Factor Authentication (2FA): Where available, use 2FA for enhanced security.
c. Be Cautious with Phishing Attempts: Avoid clicking on suspicious links or providing sensitive
information to unverified sources.
d. Monitor Accounts: Regularly review your accounts and report any suspicious activity to WIBCF.
e. Report Security Concerns: Notify us immediately if you suspect a breach or unauthorized access to
your account.


15. Changes to This Privacy Policy
This section outlines how we will communicate changes to this Privacy Policy, your rights concerning such
changes, and how you can stay informed about updates, in compliance with global data protection laws such as
the General Data Protection Regulation (GDPR), Federal Data Protection Act (BDSG), UAE Data Protection
Law, California Consumer Privacy Act (CCPA), and other relevant international and local privacy regulations.
1. How Changes Will Be Communicated
WIBCF is dedicated to ensuring that any changes to this Privacy Policy are communicated in a clear,
transparent, and timely manner. We will use multiple channels to inform users of significant updates to ensure
that you remain aware of how your personal data is being managed.
2. Notification Methods:
When updates are made to this Privacy Policy, WIBCF will notify you using one or more of the following
methods:
a. Website Updates.
b. Email Notifications.
c. In-App or Platform Notifications.
d. Social Media Announcements.
3. User Rights Regarding Changes
We respect your right to be informed and to exercise control over how your personal data is handled, especially
when changes are made to this Privacy Policy. Depending on the nature of the changes and the applicable
legal frameworks, you may have specific rights and options.
I. Right to Review and Accept Changes:
a. When material changes are introduced, WIBCF may require you to review and actively accept the
updated Privacy Policy before continuing to use certain services (e.g., by clicking an “I Agree” button).
b. This ensures that you are fully aware of any new data processing practices that may impact your rights.
II. Right to Object to Changes:
a. Under data protection laws such as the GDPR and CCPA, you have the right to object to certain changes
that affect how your personal data is processed.
b. For example, if WIBCF introduces new data sharing practices with third parties or changes the legal basis
for data processing, you may opt out or refuse consent for those specific practices.
c. Instructions for objecting to changes will be included in the notification or email sent to you.
III. Right to Withdraw Consent:
a. If changes to the Privacy Policy involve new uses of personal data based on consent, you have the right
to withdraw your consent at any time without affecting the lawfulness of prior processing.
b. You can exercise this right by contacting us at privacy@wibcf.com or by using the consent management
tools available in your user account.
IV. Right to Delete Your Data:
a. If you disagree with the updated Privacy Policy and no longer wish for WIBCF to process your personal
data, you may request the deletion of your data and the termination of your account, where applicable.
b. Deletion requests can be submitted by emailing privacy@wibcf.com with the subject line “Data Deletion
Request – [Your Name].”


16. Jurisdiction-Specific Provisions
This section outlines jurisdiction-specific provisions that apply to individuals based in certain regions, including
the European Union (EU), United States (US), United Arab Emirates (UAE), and other relevant jurisdictions.
Where local laws offer additional rights or impose stricter obligations, WIBCF ensures compliance and respects the
rights of individuals under those legal frameworks.


17. Dispute Resolution and Governing Law
In the event of a dispute, claim, or controversy arising from this Policy, WIBCF has established a structured
resolution framework as specified in its Terms of Use, which is incorporated by reference in the present Policy.


18. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy, our data processing activities, or
your rights as a Data Subject, you can contact us through any of the following methods:
General Inquiries:
a. Email: privacy@wibcf.com
b. Phone: [Insert Contact Number]
For Data Protection-Related Inquiries:
a. Data Protection Officer Email: [Insert DPO Email]
b. Subject Line: “Data Protection Inquiry – [Your Name]”