GDPR & CCPA Disclosure
Last updated · July 14, 2026
This disclosure supplements our Privacy Policy for residents of the European Economic Area, United Kingdom, and California. QCI is the controller of personal information collected through this site and the Summit.
Rights of EU / UK residents (GDPR / UK GDPR)
- Access the personal information we hold about you.
- Rectification of inaccurate information.
- Erasure ("right to be forgotten"), subject to legal retention.
- Restriction of processing.
- Portability in a common machine-readable format.
- Objection to processing based on legitimate interests, including direct marketing.
- Withdraw consent at any time where processing is based on consent.
- Lodge a complaint with your national supervisory authority.
A Data Processing Addendum (DPA) is available on request for sponsors and enterprise attendees at privacy@quantumcoreinstitute.com.
Rights of California residents (CCPA / CPRA)
- Right to know what personal information we collect, use, and disclose.
- Right to correct inaccurate personal information.
- Right to delete personal information, subject to legal exceptions.
- Right to opt out of any "sale" or "share" of personal information.
- Right to limit use of sensitive personal information.
- Right to non-discrimination for exercising your rights.
We do not sell or share personal information as those terms are defined by the CCPA/CPRA. We do not process sensitive personal information for the purpose of inferring characteristics.
Categories collected (past 12 months)
- Identifiers: name, email, IP address.
- Commercial information: ticket and sponsorship purchases.
- Professional information: employer, role, tier eligibility.
- Internet activity: pages viewed, session, and analytics data.
- Audio/visual: photos or recordings captured on-site — see Photography & Recording.
How to exercise your rights
Email privacy@quantumcoreinstitute.com from the address associated with your registration or newsletter subscription. We will respond within the time required by applicable law (generally 30 days for GDPR and 45 days for CCPA, extendable once when needed). We may need to verify your identity before acting on a request. You may use an authorized agent where permitted by law.
