Privacy Policy

Impact Week OÜ (“we”, “us”, or “our”) is committed to protecting the privacy of our attendees, partners, and website visitors. This Privacy Policy explains how we collect, use, and protect your personal data when you interact with CORE Summit via our website coresummit.eu.

Privacy Policy for Commercial Activities

Our privacy policy was last updated on 1 April 2026. This update clarifies that, under the conditions set out in this Privacy Policy, participant contact details may also be shared with event partners based on how participants use the separate event application.

Impact Week OÜ is the organiser of CORE Summit. This privacy policy applies to all external commercial activities by Impact Week OÜ, its managed brands, and to all websites operated by the company, including but not limited to coresummit.eu.

We pledge to honor the following privacy protection policy, designed with our customers in mind. We collect information responsibly, in accordance with the applicable data protection legislation. We ask for personal information only for our own customer registration process as well as marketing activities, and to give you access to information pertaining to our events, such as newsletters and updates related to CORE Summit.

The name, organisation, title and country of attendees of each event can be shared with event partners and published on the event website only with the attendees’ prior explicit consent. We will NOT distribute any additional information to third parties without your permission. This consent can be given during the registration process and can be withdrawn at any time by contacting info@coresummit.eu.

The use of most of our services requires you to provide us with personal data, such as the use of an online platform account or accessing our physical events, but you may visit our public websites without disclosing your personal data.

1. Data Controller

The data controller responsible for your personal data is:

  • Name: Impact Week OÜ
  • Registry Code: 16817818
  • Email: info@coresummit.eu
2. Filing Systems

This privacy policy describes how we process the personal data of our customers, potential customers, and interest groups.

3. For what purposes do we use your personal data?

Personal data is collected and used within limits defined by the applicable data protection legislation to take care of and develop customer relationships and to offer, sell, market, deliver orders, and develop the services and products of the CORE Summit and, subject to your consent, its event partners.

Personal data is used to help us better understand our customers and to help us conduct regular research into the trends and preferences of our customers. This market research and its raw data will be held within Impact Week OÜ and will never be sold, distributed, or forwarded to third parties without our customers’ explicit consent.

Information collected from the data subjects will be used for direct marketing purposes, unless the data subject prohibits such use.

4. What is our data processing based on?

Processing of your personal data is based on the following grounds of the EU’s General Data Protection Regulation (one or more purposes may apply simultaneously):

  • a) Processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract.
  • b) Processing is necessary for compliance with a legal obligation (e.g., Accounting Act).
  • c) Processing is necessary for the purposes of the legitimate interests pursued by Impact Week OÜ.
  • d) You have given consent to the processing.

The legitimate interests of Impact Week OÜ or a third party referred to in point c) above may include, amongst others, the following matters:

  • The right to promote the sales of Impact Week OÜ’s products and services by way of direct marketing, including profiling for the purposes of marketing and sales;
  • Business development;
  • Investigation of possible malpractice.
5. Information Content

The filing systems include the following information, either in part or in full:

  • Customer first and last name
  • Company information and professional title
  • Email address, postal address, and phone number
  • Nationality / Country
  • Dietary requirements (if it includes health data, such data is given to us by the customer based on your consent)
  • Invoicing and payment details (excluding credit card numbers)
  • Any follow-up information pertaining to the customer’s purchases
  • Feedback given by the customer
  • Feedback and notes on customer activities
  • Notes of discussions with customers and other activities of the customer when the customer’s data was put into the filing system
    • Campaigns, promotions, and other communication directed to the customer, as well as their use, including participation in events
    • Interests and other information or survey data provided by the customer
    • Direct marketing choices
    • Use of the customer’s rights related to the customer’s personal data (such as the right to rectification and the right to data portability)
    • Information on the use of our digital services and digital services of the software providers of our choice (such as the event app(s) that we use for our events), as well as digital content created by the customer
    • Automatically collected data (such as IP Address, the customer’s device’s operating system, browser type, and language)
    • Mobile device identifiers (such as the customer’s unique device ID and device name)
    • Recordings of customer service telephone conversations, as well as e-mail and chat correspondence

As stated on our Terms and Conditions, by attending any of our events, our attendees consent to be filmed and/or photographed, and for your/their image and likeness to be used in our future promotional material without compensation.

We do not collect credit card information from our customers. If a customer chooses to pay with a credit card or online bank, etc., the payment is done through an external site from the credit card payment processor, or the bank, etc.

6. Where do we collect the personal data from?

Our filing system is derived from information given by our customers when registering for our newsletters or events and/or application or other software related to our events or services (such as an event app). This information is collected using an online form, as well as on paper, by phone, by email, or during the purchasing process of a service and/or product.

The information is collected, for example:

  • through all websites operated by Impact Week OÜ, including but not limited to coresummit.eu domain.
  • through an application and other software related to our events or services (such as an event app)
  • by phone,
  • by email, and
  • during face-to-face meetings

We may gather personal data from business-to-business customers when the representative of the company gives personal data of other employees to us. We may also obtain and update the personal data in our filing systems from officials and companies offering personal data services.

7. With whom might we share your personal data

Impact Week OÜ does not sell, lease, or otherwise disclose your personal data to third parties unless otherwise stated below:

  • Event Attendees: The name, title, organisation, and country of attendees of each event can be shared only if the attendee has given their prior explicit consent during the registration process. If you have given consent and wish to withdraw it, please contact us at info@coresummit.eu.
  • Badge Scanning & App: If you allow your badge to be scanned at partner or sponsor stands, or if you interact with them via the event application, your contact details (such as email) and expressed interests may be shared with that respective partner.
  • Authorised Third Parties: We may share data with third parties that perform services for us (customer service, software services, market research, marketing campaigns). We do not allow these companies to use your data for any other purpose and require them to protect it consistently with this policy.
  • Payments & Collections: Data may be shared when obtaining payment for products, including the transfer of delinquent accounts to third parties for collection.
  • Direct Marketing: We may share data with carefully considered third parties for joint marketing purposes, provided that the data subject has given their explicit consent for such sharing.
  • Legal Requirements: Data may be shared based on a valid order from a court or official body with sufficient authority.
  • Corporate Transactions: Data may be shared as part of any merger, acquisition, sale of assets, or transition of service to another provider, including insolvency proceedings.
  • Cooperating Partners: When a customer buys a product from a CORE Summit partner, we have the right to give the relevant data required for the purchase to that partner.
8. How long do we process your personal data?

Customer data is processed until the end of the year of the last purchase plus 7 years (to comply with Estonian accounting laws). Potential customers’ data is kept until the data subject asks for deletion.

9. Your Rights (Erasure, Portability, and Review)

The data subject has the right to check, review, and update or correct his/her information maintained in the filing system at any time. Customers must inform us if any personal data changes in order to keep their record in the filing system up-to-date. For additional questions, or to review, update, or correct personal data, please email info@coresummit.eu.

10. The right of erasure (“right to be forgotten”)

If a customer violates our terms of use, misuses the service, or conducts illegal activity, Impact Week OÜ reserves the right to delete the associated personal data. 

You have the right to obtain the erasure of personal data that concerns you from CORE Summit without undue delay on any of the following grounds:

  • (a) your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • (b) you withdraw consent on which the processing is based and where there is no other legal ground for the processing;
  • (c) you object to the processing, and there are no overriding legitimate grounds for the processing;
  • (d) your personal data has been unlawfully processed.
  • (e) your personal data has to be erased for compliance with a legal obligation in Union or member state law to which Impact Week OÜ is subject;
  • (f) the personal data have been collected in relation to the offer of information society services.

However, you do not have the right of erasure if the processing is necessary:

  • (a) for exercising the right of freedom of expression and information;
  • (b) for compliance with a legal obligation which requires processing by Union or member state law to which Impact Week OÜ is subject; or
  • (c) for the establishment, exercise, or defence of legal claims.
11. Right to data portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and transmit that data to another controller where processing is based on consent or contract.

12. Automated decision-making

Impact Week OÜ does not make decisions based solely on automated processing, which produces legal effects concerning you or similarly significantly affects you.

13. Principles of protection

The name, organisation, title, and country of attendees of each event can be shared only with the attendees’ explicit consent, as selected during the registration process. If you have given consent and wish to withdraw it, please contact us at info@coresummit.eu. All other personal information is kept confidential.

Access to any personal information by Impact Week OÜ will be restricted to designated individuals with a username and password. Access to this database will be given only to specifically appointed people. The individuals managing the filing system are bound by professional secrecy.

Impact Week OÜ’s services may be provided using resources and servers located in various countries around the world. Therefore, Impact Week OÜ may transfer your personal data outside the country where you use our services, including to countries outside the EU and EEA that do not have laws providing specific protection for personal data or that have different legal rules on data protection. In such cases, Impact Week OÜ will ensure that a legal basis for such a transfer exists and that adequate protection for your personal data is provided, as required by applicable law, for example, by using standard agreements approved by relevant authorities (where necessary) and by requiring the use of other appropriate technical and organisational information security measures.

Impact Week OÜ is concerned with protecting your privacy and data, but we cannot ensure or warrant the security of any information you transmit to us or guarantee that your information stored by Impact Week OÜ may not be accessed, disclosed, altered, or destroyed by breach of any of our industry-standard physical, technical, or managerial safeguards. When you enter information (such as login credentials) on our registration or order forms, we encrypt all transmitted data using HTTPS with TLS (Transport Layer Security). While we implement all appropriate technical and organisational measures required by law to protect your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.

We do not collect credit card information from our customers. If a customer chooses to pay with a credit card or online bank, the payment is done through an external site from the credit card payment processor or the bank, and they protect it.

We may modify this privacy policy, and if we make material changes to it, we will provide notice on our website or by other means to provide you with the opportunity to review the changes before they become effective. Your continued use of our products and services after we publish or send a notice about our changes to this privacy policy means that you have become bound by the updated privacy policy.

14. Other terms

We, our suppliers, or third parties who have granted us permission to reproduce their content on our websites, own all copyright, trademarks, and all other intellectual property rights in the content on the websites. With the exception of copyright belonging to third parties and unless otherwise stated, copyright in the content of the websites and all other material available through them belongs to Impact Week OÜ.

Our websites and the content are provided for general information purposes only, and nothing in the content is intended to provide legal or other professional advice. We do not accept any responsibility for any expenses or loss which may arise from reliance on information or materials published on our websites. We do not endorse nor are we responsible for the contents of websites operated by others that link to our websites or that are accessible from our websites.

We are not responsible or liable for any matter relating to you or any third parties using our websites and the content. Nothing here stated excludes or limits our liability for any matter in respect of which it would be unlawful to exclude or limit liability.

You understand and agree that you are personally responsible for your behaviour on our websites. You agree to indemnify, defend and hold harmless Impact Week OÜ, its subsidiaries, affiliated companies, joint ventures, business partners, licensors, employees, agents, and any third-party information providers from and against all claims, losses, expenses, damages, and costs (including, but not limited to, direct, incidental, consequential, exemplary and indirect damages), and reasonable attorneys’ fees, resulting from or arising out of your use, misuse, or inability to use our websites or the content, or any violation by you of this Privacy Policy.

Do you have any questions? We are happy to answer any questions regarding our privacy protection! Please contact us at info@coresummit.eu.