Privacy Policy

Privacy Policy

Global Diplomatic Forum

Last updated: 30 May 2026

 

The Global Diplomatic Forum ("GDF", "we", "us", "our") is a registered UK charity (No. 1149226) and company (No. 07566163). We are committed to protecting your personal data and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy explains what personal data we collect, how we use it, and your rights in relation to it. It applies to all personal data collected through our website (gdforum.org), event applications, course enrolments, and membership sign-ups.

 

1. Who is the Data Controller?

The Global Diplomatic Forum is the data controller for the personal data described in this policy.

Data Controller Contact:

G. Smith

Global Diplomatic Forum

Email: g.smith@gdforum.org

 

2. What Personal Data We Collect

We collect the following categories of personal data depending on how you interact with us:

 

When you apply to a GDF event (e.g. Young Diplomats Forum):

●      Full name

●      Email address

●      Nationality and country of residence

●      Date of birth (to verify eligibility)

●      CV / résumé

●      Personal statement

●      Payment information (processed via Stripe — we do not store card details)

 

When you enrol in a GDF Academy course:

●      Full name

●      Email address

●      Payment information (processed via Stripe)

 

When you become a GDF Member:

●      Full name

●      Email address

●      Payment information (processed via Stripe)

 

When you contact us or sign up to our mailing list:

●      Full name

●      Email address

●      Any information you choose to include in your message

 

Automatically collected data:

●      Website usage data and cookies (via Squarespace analytics)

●      IP address and browser information

 

3. How We Use Your Personal Data

We use your personal data for the following purposes and on the following legal bases:

 

To process your event application or course enrolment

Legal basis: Contract — processing is necessary to take steps prior to entering into a contract with you, and to perform that contract.

 

To process payments

Legal basis: Contract — processing is necessary to fulfil your purchase. Payments are handled by Stripe. We do not store your card details. Please see Stripe's privacy policy at stripe.com/gb/privacy.

 

To send you updates about your application, enrolment, or membership

Legal basis: Contract — we need to communicate with you about the services you have signed up for.

 

To send you marketing communications about GDF events, courses, and news

Legal basis: Legitimate interests or Consent — we may send marketing emails to existing participants or members where we have a legitimate interest in doing so. Where required, we will ask for your consent. You can unsubscribe at any time.

 

To improve our website and services

Legal basis: Legitimate interests — we use anonymised analytics data to understand how our website is used and improve it.

 

To comply with legal obligations

Legal basis: Legal obligation — we may process your data where required to comply with applicable law.

 

4. Who We Share Your Data With

We do not sell your personal data. We share it only with the following third parties where necessary:

 

Stripe

Our payment processor. Stripe processes payment information securely. See: stripe.com/gb/privacy

 

Squarespace

Our website and email marketing platform. Squarespace hosts our website and may process data as part of delivering our services. See: squarespace.com/privacy

 

Partner institutions

In some cases, we may share delegate lists (name and country only) with host institutions (e.g. NATO, the European Parliament) for security and access purposes. This will only occur where necessary and will be communicated to you in advance.

 

Legal and regulatory bodies

Where required by law or to protect our legal rights.

 

5. International Data Transfers

Some of our third-party service providers (including Stripe and Squarespace) may process your data outside the UK. Where this occurs, we ensure that appropriate safeguards are in place, such as standard contractual clauses approved by the UK Information Commissioner's Office (ICO).

 

6. How Long We Keep Your Data

We retain your personal data only for as long as necessary for the purposes set out in this policy:

 

●      Event application data: retained for up to 3 years after the event date

●      Course enrolment data: retained for up to 3 years after enrolment

●      Membership data: retained for the duration of membership plus 2 years

●      Payment records: retained for 7 years to comply with financial regulations

●      Marketing contact data: retained until you unsubscribe or request deletion

 

7. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

 

●      Right of access — you can request a copy of the personal data we hold about you

●      Right to rectification — you can ask us to correct inaccurate or incomplete data

●      Right to erasure — you can ask us to delete your personal data in certain circumstances

●      Right to restrict processing — you can ask us to limit how we use your data

●      Right to data portability — you can ask us to provide your data in a portable format

●      Right to object — you can object to us processing your data for marketing or legitimate interests purposes

●      Right to withdraw consent — where processing is based on consent, you can withdraw it at any time

 

To exercise any of these rights, please contact us at g.smith@gdforum.org.

We will respond to all requests within one month. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

 

8. Cookies

Our website uses cookies to ensure it functions correctly and to understand how visitors use it. Cookies are small text files stored on your device.

 

We use the following types of cookies:

●      Essential cookies — necessary for the website to function (e.g. shopping cart, login sessions)

●      Analytics cookies — used by Squarespace to understand website traffic and usage patterns

 

You can control cookies through your browser settings. Please note that disabling certain cookies may affect website functionality.

 

9. Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. Payments are handled entirely by Stripe and are protected by industry-standard encryption. We do not store card details on our systems.

 

10. Third-Party Links

Our website may contain links to third-party websites (e.g. partner institutions, LinkedIn). We are not responsible for the privacy practices of those websites and encourage you to read their privacy policies.

 

11. Children's Data

Our programmes are open to individuals aged 18 and over. We do not knowingly collect personal data from anyone under the age of 18. If you believe we have inadvertently collected data from a minor, please contact us immediately at g.smith@gdforum.org.

 

12. Changes to This Policy

We may update this Privacy Policy from time to time. The most current version will always be available on our website at gdforum.org/privacy-policy. We will notify you of significant changes where we are able to do so.

 

13. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact:

 

G. Smith

Global Diplomatic Forum

Email: g.smith@gdforum.org

Website: www.gdforum.org