This Privacy Policy sets forth the principles and legal framework pursuant to which the Quantum Maritime Conference (hereinafter referred to as the “Conference”), executed and managed by Vernewell Management Consultancies LLC, a limited liability company duly incorporated and existing under the laws of the United Arab Emirates, with commercial registration issued by the Department of Economic Development in Dubai (DED), and having its principal place of business located at Dubai Real Estate Corporation, Office 442-9, F13 City Bank Building, Healthcare City, Umm Al Hurair Second, P.O. Box 414919, Dubai, United Arab Emirates (hereinafter referred to as “Vernewell,” “we,” “us,” or “our”), collects, processes, uses, stores, shares, and protects personal data of individuals (hereinafter “Data Subjects” or “Users”) who access, interact with, register for, or otherwise engage with the Conference or any of its affiliated services, including through the QIS App.

This Policy aligns with applicable data protection frameworks and legislation, including without limitation, Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data in the UAE, the General Data Protection Regulation (EU Regulation 2016/679 – “GDPR”), the California Consumer Privacy Act (CCPA), and any other laws applicable to the data controller, processors, or data subjects as the case may be.

Article 1 – Identity of the Data Controller Vernewell Management Consultancies LLC shall be deemed the Data Controller for the purposes of processing all personal data as defined in this Policy. Vernewell operates the Conference in coordination with designated partners, including the Host Entity, and with the legal advisory support of Trabelsi Loeb Legal Consultants, its duly appointed legal representative.

Article 2 – Categories and Nature of Personal Data Collected Vernewell may collect, directly or indirectly, the following categories of personal data: (a) Identification and contact details including but not limited to full name, job title, organization name, email address, telephone number, nationality, and country of residence; (b) Technical, transactional, and operational data obtained through use of the QIS App, including device identifiers, access credentials, session timestamps, geolocation information, and user activity logs; (c) Preferences relating to newsletters, communications, and content subscriptions; (d) Audio-visual material, photographs, biographical data, and any submitted content, especially relating to contributors, speakers, and panelists; (e) Engagement data such as interaction with content, usage analytics, open and click-through rates; (f) Feedback, submissions, and evaluation forms related to Conference sessions or user experience; (g) Information obtained via third-party integrations including but not limited to Zoom, LinkedIn, Spotify, and YouTube.

Article 3 – Purpose and Legal Basis for Processing Personal Data All personal data shall be processed lawfully, fairly, and in a transparent manner in accordance with the lawful bases provided under applicable law. The processing activities are carried out for the following purposes: (i) Verification and administration of participant identity and eligibility; (ii) Coordination of access to digital and physical environments through the QIS App; (iii) Communication of Conference-related information, operational notices, and critical updates; (iv) Archiving and promotional use of media and intellectual contributions; (v) Fulfilment of contractual obligations and facilitation of pre-contractual interactions; (vi) Compliance with applicable legal and regulatory requirements; (vii) Legitimate interest pursued by the Controller or third parties, provided that such interest does not override fundamental rights and freedoms of the Data Subjects.

Article 4 – Recipients and Disclosure of Personal Data Personal data may be disclosed to and processed by the following recipients, in each case subject to the existence of appropriate legal and contractual safeguards: (i) The Host Entity and its operational affiliates, solely for the fulfillment of their respective obligations in relation to the Conference; (ii) Verified and authorized sponsors, media collaborators, or partners, on the basis of consent or contractual necessity; (iii) Third-party technical service providers engaged to support platform operations, data storage, communication systems, or analytical tools; (iv) Government authorities, regulators, or law enforcement entities to the extent required under applicable law or pursuant to judicial or administrative order. All third-party recipients shall be bound by data processing agreements that reflect the principles of necessity, proportionality, confidentiality, and security in compliance with applicable legislation. Vernewell does not permit any third-party recipients to use personal data for purposes unrelated to the Conference, unless such use is legally authorized or based on independent data controller arrangements, of which the User shall be duly informed.

Article 5 – Cross-Border Transfers of Personal Data Personal data collected within the United Arab Emirates or other jurisdictions may be transferred, accessed, or stored in foreign jurisdictions, including but not limited to the European Union and the United States. Such transfers shall be subject to legally recognized mechanisms including Standard Contractual Clauses (SCCs), intercompany binding corporate rules (BCRs), or adequacy decisions issued by the relevant authorities. By submitting data and continuing to use the Platform or QIS App, the Data Subject hereby acknowledges and provides explicit consent, where applicable, to such cross-border transfers under the outlined safeguards. These transfers shall comply with applicable international standards and data transfer frameworks.

Article 6 – Security of Processing Vernewell shall implement and maintain appropriate technical and organizational measures to secure personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Such measures include encrypted communication, controlled access, cybersecurity protocols, secure infrastructure, pseudonymization, and continuous vulnerability assessment. In the event of a data breach likely to result in significant harm, affected individuals will be notified in accordance with the applicable laws and response timelines.

Article 7 – Data Retention and Archiving Data shall be retained only for the duration necessary to fulfill the purposes identified herein or as otherwise required under applicable law. Personal data related to participation records, access management, or speaker submissions may be retained for a period not exceeding five (5) years, unless extended by virtue of legal obligations, pending claims, or archival justification.

Article 8 – Rights of the Data Subject Data Subjects have the right to request access to, rectification, or erasure of their personal data, restriction or objection to processing, portability of data, and to lodge a complaint before a competent data protection authority. Where processing is based on consent, the Data Subject may withdraw such consent at any time without affecting the lawfulness of prior processing. Such requests shall be submitted to: info@vernewellgroup.com.

Article 9 – Children’s Data The Conference and associated services are not intended for individuals under the age of sixteen (16). We do not knowingly collect personal data from minors. If such data is inadvertently collected, it shall be deleted promptly upon discovery or notification. Any suspected case should be reported to: legal@vernewellgroup.com.

Article 10 – Third-Party Content and Services The Conference Platform may include embedded content, links, or third-party integrations governed by separate legal and privacy terms. Vernewell does not control, and expressly disclaims liability for, the use or misuse of personal data by such external platforms. Users are encouraged to review the relevant policies of third-party providers before engagement. Vernewell accepts no responsibility for the accuracy, availability, or privacy practices of external services.

Article 11 – Media, Consent, and Contributor Liability By attending the Conference or contributing content in any form, each participant grants Vernewell and its affiliates an irrevocable, non-exclusive, worldwide, royalty-free license to use, publish, display, adapt, archive, and distribute their name, likeness, voice, biographical data, and any submitted or captured content for documentation, editorial, promotional, and educational purposes. This consent is non-revocable post-submission. Contributors warrant that they hold all rights to submitted content and shall indemnify Vernewell and affiliated entities from any legal claims resulting from such materials. Contributors acknowledge that they are solely responsible for ensuring content accuracy and for securing any third-party rights or permissions.

Article 12 – Newsletter Communications and Opt-Out Rights Users may unsubscribe from non-essential communications at any time via opt-out links included in emails. Notwithstanding opt-out from promotional material, Vernewell reserves the right to contact Users for essential participation, security, or operational matters related to the Conference.

Article 13 – Responsibility for Reliance on Information All users are solely responsible for verifying the accuracy and relevance of any information prior to reliance. Vernewell disclaims all liability for decisions made or actions taken based on session content, speaker materials, or other distributed resources.

Article 14 – Warranties and Limitation of Liability To the fullest extent permitted by applicable law, Vernewell, its affiliates, legal representatives, partners, and the Host Entity shall not be liable for any direct, indirect, incidental, or consequential damages arising from access to, reliance on, or use of the Conference content, platform, or third-party tools. This limitation includes data breach, transmission failure, content inaccuracy, or disruptions in service, unless such result from gross negligence or intentional misconduct.

Article 15 – Force Majeure Vernewell shall not be liable for any failure to perform its obligations where such failure results from events beyond its reasonable control, including but not limited to acts of God, government restrictions, natural disasters, power failures, cyber-attacks, pandemics, labor disputes, or force majeure events.

Article 16 – Event Management Application (QIS App) The Quantum Maritime Conference utilizes the QIS App, a third-party digital platform, for the management of participant registration, issuance of access credentials, scheduling, hybrid participation, and secure content delivery. The QIS App is maintained by a vetted service provider bound by contractual obligations to adhere to industry standards and applicable regulations, including the GDPR, CCPA, UAE Federal Decree-Law No. 45 of 2021, and cybersecurity standards such as ISO/IEC 27001. Personal data processed through the QIS App shall be governed by this Privacy Policy, and the processing shall remain under the legal responsibility of Vernewell. The App operates within a secure, encrypted, and access-controlled environment. All data sharing with the QIS App provider is subject to a Data Processing Agreement that ensures confidentiality, limitation of purpose, and data minimization. By registering for the Conference or interacting with the QIS App, Users consent to the processing of their data within this environment and recognize that the App functions as an extension of the secure data infrastructure of the Conference.

Article 17 – Change of Control In the event that Vernewell undergoes a merger, acquisition, restructuring, or any form of change in control or ownership, personal data collected under this Policy may be transferred to the new controlling entity. Such transfer shall occur in accordance with applicable laws, and the new entity shall assume the rights and obligations arising under this Privacy Policy. Users shall be notified of any material changes in data handling resulting from such structural changes.

Article 18 – Amendments Vernewell reserves the right to modify or update this Policy at any time. The revised version shall take effect upon its publication on the Conference website. Continued use of the Platform or QIS App after such modifications constitutes acceptance of the updated Policy.

Article 19 – Contact Information For all questions, concerns, or complaints regarding this Policy, please contact: Vernewell Management Consultancies LLC, Dubai Real Estate Corporation, Office 442-9, F13 City Bank Building, Healthcare City, Umm Al Hurair Second, P.O. Box 414919, Dubai, United Arab Emirates. Email: info@vernewellgroup.com. Legal Representative: Trabelsi Loeb Legal Consultants. Email: info@tl-legalconsultants.com.