WLPI GDPR Compliance Policy

The World Leadership and Policy Institute ("WLPI," "we," "our," or "us") refers to Nexus Prime Group LLC, a legally registered company operating through and under the World Leadership and Policy Institute brand. World Leadership and Policy Institute (WLPI) is a trade name managed by Nexus Prime Group LLC and does not constitute a separate legal entity. For the purposes of applicable data protection laws, including the General Data Protection Regulation (GDPR), Nexus Prime Group LLC acts as the data controller for all personal data processed under the WLPI brand.

The World Leadership and Policy Institute (WLPI) is committed to ensuring full compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and all applicable data protection laws. This GDPR Compliance Policy outlines WLPI’s approach to the collection, processing, storage, transfer, and protection of personal data in accordance with internationally recognized data protection standards.

The GDPR applies not only to organizations within the European Union but also to entities outside the EU that process personal data of individuals located in the EU. Accordingly, WLPI adheres to GDPR principles across all operations involving personal data.

This policy applies to: All WLPI employees, contractors, partners, and service providers; All systems, platforms, and processes handling personal data; All personal data processed by WLPI, regardless of geographical origin.

It governs both digital and physical data processing activities, including applications, event participation, communications, and operational data handling.

For the purpose of this policy: Personal Data refers to any information relating to an identifiable individual; Processing includes collection, storage, use, transfer, or deletion of data; Data Subject is the individual whose data is processed; Data Controller refers to WLPI as the entity determining the purposes and means of processing; Data Processor refers to third parties processing data on behalf of WLPI.

WLPI strictly adheres to the core principles of GDPR, ensuring that all personal data is: processed lawfully, fairly, and transparently; collected for specific, explicit, and legitimate purposes; limited to what is necessary (data minimization); accurate and kept up to date; retained only as long as necessary; and protected with appropriate security measures.

These principles form the foundation of GDPR compliance and require organizations to demonstrate accountability in how data is handled.

WLPI processes personal data only when a lawful basis exists, including: Consent provided by the data subject; Performance of a contract (e.g., participation in programs/events); Compliance with legal obligations; Legitimate business interests that do not override individual rights.

All processing activities are documented and justified to ensure compliance with GDPR requirements.

WLPI collects only the personal data necessary for clearly defined purposes, including: Processing applications and program participation; Facilitating events and international collaboration; Providing communication, certifications, and services; Maintaining operational and legal records.

Personal data is not used beyond its intended purpose unless required by law or with explicit consent.

WLPI fully respects and facilitates the rights of data subjects under GDPR. Individuals have the right to: Access their personal data; Request correction or deletion; Restrict or object to processing; Request data portability; Withdraw consent at any time.

WLPI has established procedures to respond to such requests within legally mandated timeframes.

WLPI implements robust technical and organizational measures to protect personal data, including: encryption and secure data storage; access controls and authentication systems; regular monitoring and risk assessments; and backup and recovery systems.

GDPR requires organizations to ensure confidentiality, integrity, and availability of personal data, including resilience of systems and rapid recovery capabilities.

Despite these measures, WLPI acknowledges that no system is entirely secure and continuously works to enhance its data protection framework.

In the event of a personal data breach, WLPI will assess and contain the breach immediately, notify relevant supervisory authorities where required, and inform affected individuals if there is a high risk to their rights.

GDPR mandates breach notification within strict timelines, typically within 72 hours where applicable.

WLPI retains personal data only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal obligations.

Retention periods are determined based on the nature of the data, legal and regulatory requirements, and operational needs. Data is securely deleted or anonymized once no longer required.

As a global organization, WLPI may transfer personal data across borders. Such transfers are conducted in compliance with GDPR requirements, including use of appropriate safeguards, standard contractual clauses (where applicable), and ensuring adequate levels of data protection.

WLPI engages third-party service providers for various operational functions. All third parties processing personal data on behalf of WLPI are required to enter into data processing agreements, comply with GDPR and equivalent standards, and implement appropriate data protection measures.

Organizations must ensure third-party compliance through contractual obligations and oversight.

WLPI maintains accountability for all data processing activities and ensures: internal policies and procedures aligned with GDPR; regular audits and compliance reviews; and clear assignment of responsibilities for data protection.

GDPR requires organizations to demonstrate accountability and governance in their data handling practices.

WLPI incorporates privacy by design and by default into all systems and processes. This means: data protection is integrated into system development; only necessary data is processed by default; and security measures are embedded at all stages.

This proactive approach ensures compliance from the outset rather than as an afterthought.

WLPI ensures that all personnel involved in data processing are trained in data protection principles, aware of GDPR requirements, and responsible for maintaining confidentiality and compliance.

While WLPI takes all reasonable steps to ensure GDPR compliance and data protection: WLPI shall not be liable for breaches caused by third parties or external factors beyond its control; and WLPI does not guarantee absolute security of data transmission.

Users acknowledge inherent risks associated with digital data processing.

WLPI reserves the right to update this GDPR Compliance Policy at any time to reflect legal, operational, or technological changes. Updates will be published on wlpi.org, and continued use of services constitutes acceptance of such updates.