Privacy Policy
BA & Beyond — Business Analysis Conference
Last updated: 21 February 2026
Our approach to your privacy
BA & Beyond exists to strengthen the business analysis community. We gather and manage personal data as part of running our events and communications — and we take that responsibility seriously. This policy explains what we collect, why, and what rights you have over your own information.
We keep this document as plain and readable as we can. If anything is unclear, please reach out to us at info@ba-beyond.eu.
Who we are
BA & Beyond is the data controller for the personal data described in this policy.
Contact: info@ba-beyond.eu
Website: ba-beyond.eu
For co-organised events, we act as joint controllers with our co-organising partners. See the section on joint controllers below.
What data we collect and why
We collect personal data in several contexts. Here is an overview of each, including the legal basis we rely on.
Event participants
When you register for a BA & Beyond event, we collect:
- Name, organisation, job title, email address
- Country — to understand engagement across the global business analysis community and to actively stimulate multi-country participation in our events
- LinkedIn profile — to support communication and professional networking among participants and with the broader BA & Beyond community
- IIBA member ID (optional) — to apply eligible IIBA member discounts and to track participation from within the IIBA community
- Dietary requirements and accessibility needs (for on-site arrangements only — see note below) (optional)
- Payment information (processed by our ticketing provider; we do not store card details)
Why: To manage your registration, deliver the event experience you signed up for, and strengthen the diversity and reach of our community.
Legal basis: Performance of a contract (GDPR Art. 6(1)(b)) for registration essentials; legitimate interest (GDPR Art. 6(1)(f)) for country, LinkedIn, and IIBA member ID, which help us build a diverse, connected community and provide relevant discounts and recognition.
Note on dietary and accessibility information: Providing this is entirely optional. If provided, this information may reveal health or religious details and is therefore treated as special category data under GDPR Article 9. We collect it solely to arrange appropriate on-site provisions and handle it with additional care. Legal basis: Explicit consent (GDPR Art. 9(2)(a)) — by providing this information voluntarily, you consent to its use for on-site logistics only. You may request its deletion at any time.
Speakers
When you submit a speaker proposal or are confirmed as a speaker, we collect:
- Name, biography, photo, email address, social media handles
- Session title, abstract, and any materials you submit
- Your responses during the review process
Why: To manage the call-for-speakers process, build the programme, and promote the event.
Legal basis: Legitimate interest (programme delivery and event promotion) and, where you have accepted a speaker agreement, performance of a contract (GDPR Art. 6(1)(b) and (f)).
Partners and sponsors
When a partner or sponsor organisation engages with us, we collect contact details of the individuals involved (name, email, phone, role).
Why: To manage our partnership relationship and deliver agreed benefits.
Legal basis: Legitimate interest / performance of a contract (GDPR Art. 6(1)(b) and (f)).
Newsletter subscribers
If you subscribe to our newsletter or community updates, we collect your email address and any preferences you provide.
Why: To send you updates about BA & Beyond events and the business analysis community.
Legal basis: Consent (GDPR Art. 6(1)(a)) for general newsletter sign-ups. You can unsubscribe at any time using the link in any email or by contacting us.
Note for event registrants: Once you have registered for a BA & Beyond event, we may also send you limited information about future similar events and community initiatives that we believe are relevant to you. This falls within the “soft opt-in” provision of the ePrivacy Directive — no separate consent is required, but you can opt out at any time. We will never use your registration contact details to send marketing for third-party products or to share your details with sponsors for their own marketing.
Website visitors
Our website uses GoatCounter, a privacy-respecting analytics tool that does not use cookies or track individuals. It collects aggregated data such as page views, browser type, and country of origin (derived from your IP address, which is not stored). This helps us understand how the site is used.
Why: To improve our website.
Legal basis: Legitimate interest (GDPR Art. 6(1)(f)).
Photography, video, and event recordings
BA & Beyond events may be photographed and recorded for documentation, community sharing, and promotion purposes. We inform participants of this at registration and through on-site notices.
If you would prefer not to be photographed or filmed please contact us at info@ba-beyond.eu or speak to a team member on-site. We will make reasonable efforts to accommodate your request, including removing published images where practicable.
For general crowd or venue shots where individuals are not the primary subject, we rely on legitimate interest (GDPR Art. 6(1)(f)), balanced against individual privacy expectations at a professional conference setting.
Speaker sessions may be recorded and published. This is agreed separately with speakers.
Legal basis: Consent (GDPR Art. 6(1)(a)) for identifiable individual photography; legitimate interest (GDPR Art. 6(1)(f)) for general venue and crowd imagery.
Use of AI tools
BA & Beyond may use AI-assisted tools to support our operations. Where this involves your personal data or submitted content, we are transparent about it:
- Speaker submissions and event content: AI tools may be used to create speaking proposal and session summaries or highlights from event materials. Any AI-generated content published by BA & Beyond will be clearly identified as such.
- General communications: We may use AI writing assistance for internal drafting purposes.
We do not use submitted speaker materials to train AI models, and we do not share your content with third-party AI providers beyond what is necessary for the specific tool described. All AI tools we use are bound by appropriate data processing agreements.
Transparency obligations under the EU AI Act (Article 50) apply as of August 2026. We are committed to meeting these requirements.
Sharing your data
We share personal data only where necessary:
Third-party service providers (processors)
We use the following tools to deliver our services. Each is bound by a data processing agreement:
| Service | Purpose | Provider location |
|---|---|---|
| Sessionize | Call for speakers | Slovenia (EU) |
| Pretix | Event registration & payments | Germany (EU) |
| Sender.net | Newsletter communications | Lithuania (EU) |
| GoatCounter | Website analytics | Finland (EU) |
| Google Workspace | Internal operations and communications | EU (data residency configured) |
| Event venues | On-site logistics | Varies (EU) |
Co-organising partners (joint controllers)
For co-organised events, participant information (name, role, organisation, contact details) may be used jointly by BA & Beyond and our co-organising partner for event-specific outreach (e.g., via LinkedIn or email). Our intent is to ensure a diverse, high-quality community and the long-term viability of our events through sufficiently broad participation — this is a shared goal with our co-organisers. This use is limited strictly to that event’s purposes. See the section on joint controllers below.
Community insights (aggregated)
We may share non-identifying, aggregated information — such as sector categories, organisation types, and attendance figures — with partners and the community. No individual is identifiable in this data.
We do not sell your personal data and we do not share it for third-party marketing purposes.
Joint controller agreement
For co-organised events, BA & Beyond and the relevant co-organiser function as joint controllers under GDPR Article 26. This means we have agreed in writing on how we will:
- Define the purposes and scope of joint data processing
- Restrict data use to event-related activities only
- Apply appropriate security safeguards
- Handle data subject rights requests
You may exercise your rights with either organisation. BA & Beyond remains your primary point of contact: info@ba-beyond.eu.
How long we keep your data
| Type of data | Retention period |
|---|---|
| Event registration data | For as long as you are an active member of the BA & Beyond community, or until you request deletion. Every two to three years we review dormant contacts and reach out to confirm ongoing interest; contacts who do not respond or who opt out are removed. |
| Dietary and accessibility data | Deleted after each event. This data is strictly operational and has no purpose beyond the event it was collected for. |
| Financial and payment records | 7 years (Belgian legal requirement) |
| Speaker professional and content data (session titles, abstracts, topics, biography, programme history) | Indefinitely, as part of our community archive tracking the evolution of the business analysis profession — unless you request deletion. Records older than five years may be pseudonymised so the content is preserved while the link to you personally is minimised. |
| Speaker personal contact data (email address, phone number) | 5 years after your last engagement with BA & Beyond, then deleted or anonymised — unless you remain an active participant or subscriber, in which case the standard registration data retention applies. |
| Newsletter subscriptions | Until you unsubscribe |
| Website analytics (aggregated) | Rolling 12 months |
| Photography and recordings | Until no longer relevant for community use, or until you request removal |
Your rights
Under GDPR, you have the following rights regarding your personal data:
- Access — request a copy of the data we hold about you
- Rectification — ask us to correct inaccurate or incomplete data
- Erasure — ask us to delete your data where there is no longer a legitimate reason to hold it
- Restriction — ask us to pause processing while a dispute is resolved
- Portability — receive your data in a structured, machine-readable format
- Objection — object to processing based on legitimate interests or for direct marketing
- Withdraw consent — at any time, for processing based on consent (this does not affect prior processing)
To exercise any of these rights, contact us at info@ba-beyond.eu. We will respond within one month.
Supervisory authority
If you have concerns about how we handle your personal data and we have not resolved them to your satisfaction, you have the right to lodge a complaint with the Belgian data protection authority:
Gegevensbeschermingsautoriteit (GBA) / Autorité de protection des données (APD)
Rue de la Presse 35 / Drukpersstraat 35
1000 Brussels, Belgium
www.gegevensbeschermingsautoriteit.be
Changes to this policy
We may update this policy from time to time. When we do, we update the date at the top of this page. For significant changes, we will communicate directly where we have your contact details.
Contact
For any questions about this privacy policy or your personal data: info@ba-beyond.eu