Independent · Evidence-led · Globalinfo@wafflesworldrecords.com
WAFFLESWORLD RECORDS
Data protection

Privacy Policy

How Waffles World Records handles website, contact, submission, evidence, correction, and registry-related information.

Last updated: 29 June 2026

Controller details still requiredBefore public launch, enter the real legal operator/controller name and postal address in includes/functions.php. This policy cannot be considered deployment-complete without those details and the final hosting/provider information.
At a glance

The site uses limited personal data to answer messages, review submissions, protect forms, and operate essential preferences. It does not use advertising or behavioural analytics.

PrivacyTermsCorrectionsContact

1. Overview and contact

This policy applies to wafflesworldrecords.com and the associated Waffles World Records registry. The controller can be contacted at info@wafflesworldrecords.com. It explains processing connected with browsing, contacting the project, submitting or challenging a record, requesting pre-assessment for a future attempt, inviting Waffles World Records to an event, providing evidence, appearing in source material, and being listed as a holder, witness, organiser, researcher, or source.

The public registry is evidence-led. Public record facts may include names of holders or organisations, dates, countries, record values, source citations, audit status, and caveats where those facts are relevant to documenting a publicly claimed achievement.

2. Categories of information

2.1 Website and technical data

When the website is accessed, the hosting environment may process IP address, date and time, requested resource, response status, transferred volume, browser, device, operating system, referrer, and security-event data. These data support delivery, troubleshooting, abuse prevention, and infrastructure security. Form rate limiting uses a one-way hash derived from connection and browser data; the production application does not store the raw IP address in the rate-limit file.

2.2 Contact information

Contact forms and email may include name, email address, subject, message, attachments, timestamps, and follow-up correspondence. Successful form submissions are stored in protected server storage and may also trigger an email notification to info@wafflesworldrecords.com when the hosting mail transport is configured.

2.3 Record application, future-attempt, invitation, and evidence data

Submissions may include the request type, proposed title, holder or organiser, achieved or planned metric, achieved or planned date, location or venue, event name and website, category, description, proposed rules, measurement process, source URLs, photographs, video, measurement records, laboratory documents, permits, affidavits, event materials, accreditation and attendance requests, schedules, travel or production logistics, requested WWR role, decision deadlines, metadata, witness information, and applicant declarations.

2.4 Public-source research

The review may use publicly accessible reporting, official publications, research papers, institutional archives, event pages, press releases, public social posts, court or authority documents, and archived webpages. We record the source, retrieval context, relevant claim, and evidence strength.

2.5 Sensitive and unnecessary information

Applicants should not provide government identification, private home addresses, financial data, passwords, health records, information about minors, or other highly sensitive information unless specifically requested, necessary, lawful, and transmitted through an approved secure method. Unnecessary sensitive material may be deleted, redacted, or excluded from review.

3. Purposes of processing

  • delivering and securing the website;
  • responding to enquiries and rights requests;
  • receiving, screening, auditing, and deciding completed record submissions;
  • assessing planned attempts and responding to attendance invitations;
  • coordinating event access, accreditation, logistics, safety review, and an agreed WWR role where relevant;
  • contacting applicants, holders, organisers, witnesses, sources, venues, and experts;
  • testing authenticity, provenance, measurements, dates, and worldwide scope;
  • publishing and maintaining the registry and its correction history;
  • handling corrections, challenges, disputes, and later evidence;
  • preventing fraud, impersonation, manipulated evidence, and unsafe attempts;
  • establishing, exercising, or defending legal claims;
  • maintaining editorial integrity and accountability.

4. Legal bases

Where the GDPR applies, processing may rely on steps requested before entering a submission arrangement, performance of an agreement, compliance with legal obligations, legitimate interests in operating a secure and accurate specialist registry, consent where specifically requested, and the establishment or defence of legal claims. The relevant basis depends on the interaction and jurisdiction.

Legitimate interests include website security, responding to communications, verifying public claims, preventing fraud, preserving historically relevant information, maintaining transparent corrections, and protecting the integrity of the registry. These interests are balanced against the rights and expectations of affected individuals.

5. Record submissions, future attempts, invitations, evidence, and publication

Submitting a completed claim, planned attempt, or attendance invitation does not mean that every file or personal detail will be published. Event logistics, private schedules, accreditation details, travel arrangements, direct contact information, raw files, unpublished witness information, and internal review notes are normally restricted to the people who need them. Public pages normally contain only information necessary to explain an approved achievement, holder, metric, sources, evidence status, and caveat.

Applicants must have authority to submit the material and should inform identifiable participants where required. We may request redacted copies, proof of permission, original files, file metadata, or an alternative secure transfer method. Evidence may be converted into working copies, thumbnails, transcripts, hashes, or review notes for evidence assessment.

Where a public source contains personal information, inclusion in the registry depends on relevance, public nature, accuracy, proportionality, and the historical or editorial purpose. Requests for correction or removal are assessed individually and may result in correction, minimisation, pseudonymisation, restriction, or removal.

6. Sessions, cookies, and local storage

The current application uses an essential PHP session mechanism for anti-forgery protection and secure form handling. The record registry may use local storage to remember a user-selected grid or list view and the privacy interface may remember an essential-only choice. These functions are intended to provide a service expressly requested by the user and are not used for behavioural advertising.

The current build does not include advertising networks, analytics trackers, social-media embeds, fingerprinting, or cross-site profiling. This statement must be rechecked against the final hosting stack, CDN, mail service, security tooling, and any later integrations before deployment. If non-essential technology is added later, the cookie policy and consent mechanism must be updated before activation.

7. Retention and review periods

Security and server logsKept for the operational period needed to detect incidents, investigate faults, and protect the service.
General enquiriesKept until resolved and for a limited follow-up or legal period.
Pending applicationsKept while the claim is reviewed, clarified, challenged, or appealed.
Rejected applicationsDeleted or minimised after the review and dispute period unless continued retention is justified.
Approved record filesCore evidence and decision records may be retained for the life of the entry and historical archive.
Public registry factsMay remain available as an editorial and historical archive, subject to correction and proportionality.

Retention is reviewed periodically. A legal hold, dispute, fraud concern, or safety issue may justify longer retention.

8. Recipients and confidentiality

Information may be accessed by authorised project personnel, hosting and security providers, legal advisers, laboratories, measurement specialists, translators, technical specialists, external advisers, or other reviewers who need it for the relevant task. Access should follow least-privilege principles. Public sources may be shared through citations; confidential evidence is not made public merely because a claim is approved.

9. International processing

Record claims and sources can be global. Service providers, experts, applicants, and sources may be outside the European Economic Area. Where European transfer rules apply, appropriate transfer mechanisms and supplementary safeguards should be used. Applicants should avoid sending confidential evidence through unapproved public channels.

10. Rights and requests

Subject to applicable law, a person may request access, correction, deletion, restriction, portability, information about recipients, or objection to processing based on legitimate interests. Consent can be withdrawn for future processing where consent is the basis. A person may also complain to a competent supervisory authority.

Send requests to info@wafflesworldrecords.com. Include enough information to identify the relevant interaction or registry page. Identity verification may be required to protect other people and confidential evidence.

11. Security measures

The application includes CSRF protection, output escaping, bounded form fields, MIME-based upload checks, random private filenames, protected storage, security headers, restricted file types, and non-public evidence storage. Production operation should also use TLS, current software, access control, backups, monitoring, malware protection, rate limiting, and an incident-response process.

12. Children, unlawful activity, and safety

The service is not directed to children. Submissions involving minors require prior review, lawful authority, guardian consent where required, and safeguarding measures. The registry does not encourage illegal possession, distribution, unsafe consumption, fire hazards, crowd risks, or medically dangerous attempts.

13. Policy changes

This policy may change when features, providers, laws, or processing activities change. Material updates will be dated. Continued use after a change does not replace consent where consent is legally required.