PRIVACY POLICY

31 July, 2018

HackControl’s commitment is to put users first. We will only use the information that we collect at our Website about you lawfully in accordance with applicable local, national or international law or regulation.  We strive to be transparent about how we collect, use, disclose and process your information, to keep your information secure and to provide you with meaningful choices.

This Privacy Policy describes the policies and practices with regard to the collection and use of your personal data and sets forth your privacy rights. The Company recognizes that data privacy is an ongoing responsibility, and, therefore, the Company will from time to time update this Privacy Policy and its privacy practice as the Company undertakes new personal data practices or adopt new privacy policies.

In this Policy, "personal data" means any information relating to you as an identified or identifiable natural person ("Data Subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an online identifier or to one or more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity.

In this Policy, "processing" means any operation or set of operations which is performed on personal data (as defined in this Privacy Policy) or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

1. SCOPE

HackControl company ("HackControl", "we", "us", "our"), organisers of The 4th Global CyberSecurity Forum HackIT ("HackIT").HackControl is committed to protecting your personal information. We invite you to read this Privacy Policy, which explains the types of information collected and created in connection with the HackIT event, how and why we use such information, who we share it with and your legal rights.

Unless indicated otherwise, this Privacy Policy relates to our use of any personal information we collect or use in relation to the following services (collectively, the "Services"):

– The 4th Global CyberSecurity Forum HackIT
– the HackIT website https://hackcontrol.org  and their related subdomains including those pertaining to registration for attendance;
– account within the mentioned above Website;
– online surveys relating to the HackIT;
– messages sent via the HackIT support portal; and
– the HackIT official social media channels.

Personal information processed in connection with the Services is controlled by HackControl , an Estonian limited liability company with offices located at Parda 4, Kesklinn, Tallinn, 10151 Harju Maakond, Eesti, Kesklinna, Estonia.

2. HOW WE COLLECT INFORMATION

When we provide the Services, we collect and receive information in several different ways. In many cases, you choose what information to provide, although some information is required for us to provide you the Services.

  • We collect a variety of information from you when you provide it to us directly, when we request it from you, or when you give us permission to get it from a third party source. The Company collects data when you interact with its Websites, especially when:
    • you browse any page of the Websites;
    • the Company contacts you;
    • you use the Websites;
    • you receive emails from the Company;
    • you chat with the Company for customer support;
    • you connect integrations;
    • you opt-in to marketing emails.
    • you set up an account.
  • The Company collects the following categories of data:
    • contact details such as your first name, last name, telephone number, telegram username, email address;
    • business details such as your company, your job title;
    • data for setting up an account for the purposes of upcoming HackIT: Food preferences, Picture of profile;
    • data that identifies you such as your IP address, login information, browser type and version, time zone setting, browser plug-in types, geolocation information about where you might be, operating system and version;
    • data on how you use the Websites such as your URL clickstreams (the path you take through the Websites), goods/services viewed, page response times, download errors, how long you stay on webpages, what you do on those pages, how often, and other actions.
  • Consent rule

If you have given consent to the processing of your data, you can freely withdraw such consent at any time by emailing the Company to info@hackcontrol.org.

If you do withdraw your consent, and if the Company does not have another legal basis for the processing of your data, then the Company will stop the processing of your personal data.

If the Company has another legal basis for the processing of your data (legitimate Interests, for example), then the Company may continue to do so subject to your legal interests and rights.

By providing us your telegram username you also agree that we will automatically add you to our HackIT telegram group.

2.4 Cookies.

This website uses cookies. We automatically collect certain information from your browser or device when you use certain Services or read a message from us. Please review our Cookies Policy.

3. HOW WE USE YOUR INFORMATION

We use your information in order to provide, operate, improve, understand, customize, support, and market our Services, including:

Keeping the Websites running. Managing your requests (like orders), login and authentication, remembering your settings, processing payments, hosting and back-end infrastructure

Providing Services. the Company needs to provide services accessible via the Websites. Fulfilling our legal or regulatory requirements. Sending you technical notices, support or administrative notifications

Improving the Websites. Testing features, interacting with feedback platforms and questionnaires, managing landing pages, heat mapping the Websites, traffic optimization and data analysis and research, including profiling and the use of machine learning and other techniques over your data and in some cases using third parties to do this.

Communicating with you. We use your personal information to contact you regarding your registration to attend, to notify you of any changes to our policies and practices, and to respond to any requests or inquiries you may submit to us. If you subscribe to marketing, such as newsletters, we will use your information as described below.

Marketing. If you opt-in to receiving marketing communications from us, we will use your personal information for outreach and marketing, such as to send you information about our future events and to exhibit attending companies. You can opt-out of these communications by using the unsubscribe links in our communications.

4. LEGAL BASES FOR PROCESSING YOUR INFORMATION

We rely on a number of bases to lawfully process your personal information for the purposes described in this Privacy Policy. We process your personal information upon your expresed consent:

– when necessary to perform the Terms and Conditions or to provide you with the proper Website use;
– where you have consented to the processing, which you may revoke at any time; – when necessary to protect your vital interests, or those of others, such as in the case of an emergency;

5. OUR LEGITIMATE INTERESTS

As indicated above, in certain cases we use your information where necessary to pursue our, your and others’ legitimate interests, including where necessary to:

Keep the Website safe and secure. We use your information as it is necessary to pursue our legitimate interests, or those of all visitors, users, and others who access or use in ensuring the HackIT is a safe and secure Website, such as enforcing our Terms and Conditions.

Provide, develop and improve the Services. We process your information as necessary to pursue our legitimate interests in improving HackiIT and our other Services, such as our Websites etc.

Market the Services. We process your information in accordance with our legitimate interests of marketing the event and the Services to you. If you want to exercise your right to object to any of these uses please email us at info@hackcontrol.org.

Provide seamless Service. We may share personal information amongst our parent company, subsidiaries, or affiliates for internal business purposes and to provide you with the Services in accordance with the Terms and Conditions and this Privacy Policy. If we share your information within our corporate group we will ensure that your information continues to be used only in accordance with this Privacy Policy and your expressed choices, and in accordance with applicable law.

6. SHARING WITH THIRD PARTIES

We share information with attendees, service providers, affiliates, partners, and other third parties where it is necessary to perform the Terms and Conditions, to provide the Services, and for other purposes described in the Privacy Policy.

Marketing. In order to further our legitimate interests in marketing the Services, we rely on third-party marketing platforms and service providers to assist us and perform certain marketing services for us.

Third party service providers. We may share your personal information to help us operate, provide, improve, understand, customize, support, and market our Services. These trusted third parties provide us with services including for customer support, data storage and website hosting, ticketing and payments processing, legal advice and compliance, and marketing and data analysis. These trusted third parties are contractually required to use it only to provide their service to us, and prohibited from using it for their own purposes.

Legal and safety reasons. We may retain, preserve, or share your personal information if we have a good-faith belief that it is reasonably necessary to (a) respond, based on applicable law, to a legal request (such as, a subpoena, search warrant, court order, or other request from government or law enforcement); (b) detect, investigate, prevent, and address fraud and other illegal activity, security, or technical issues; (c) protect our rights, property, or safety; (d) enforce our Terms and Conditions or any other agreements we have with you; or (e) prevent physical injury or other harm to any person or entity, including yourself and members of the general public.

Aggregated information. We may also share aggregated or de-identified information, such as counts of attendee job titles or their affiliated companies, with companies we do business with, including our advertisers, partners as well as other organisational members.

7. DATA RETENTION

We will retain your personal information for as long as is necessary, up to a period of seven years after such information is collected, to achieve the purposes set out in this Privacy Policy, such as to provide you with the Services. We may also need to retain some of your information for a longer period to comply with our legal and regulatory obligations, to resolve disputes, and to enforce our Terms and Conditions.

8. LOCATION OF THE PROCESSING OF PERSONAL DATA AND DATA TRANSFERS

The personal data collected by the Company is processed at the Company’s offices in Tallinn. The Company is international and can have foreign branches and departments. The Company’s Research and Development department is based in Kyiv at secure premises.

Our servers for storing the data are located in Germany.

As a global business, we access and transfer information around the world. If you are based in the EU, this means that we access and transfer your personal information outside the EU, including in and to the United States. The privacy protections and the rights of authorities to access your personal information in some of these countries may not be the same as in your home country. We transfer your personal information in accordance with law, and take steps to ensure that your information is appropriately protected.

In particular, where we transfer information to countries that are not viewed as providing adequate protections, we generally rely on an approved mechanism known as the "standard contractual clauses" to protect the information transferred. These are template contracts published by the European Commission containing approved commitments to protect the privacy and security of the information transferred. To request a copy of the clauses, please contact us.

9. YOUR RIGHTS AS DATA SUBJECT

You have a number of rights in relation to your information that we process. While some of these rights apply generally, certain rights apply only in certain limited cases. We describe these rights below.

Access and Porting. You can access much of your information by logging into your HackIT account. If you require access to additional information, or you do not have a HackIT account, please contact us. Where legally required, we will provide your information in an easily accessible format and assist in transferring some of this information to third parties.

You have the right to access information about you, especially:

  • the categories of data;
  • the purposes of data processing;
  • third parties to whom the data disclosed;
  • how long the data will be retained and the criteria used to determine that period;
  • other rights regarding the use of your data.

In the context of the right to access information the Company shall provide you with the information within one month of your request unless there is a justified requirement to provide such information faster.

Rectify, Restrict, Delete. You can amend, update and delete some of your information by logging into your HackIT account. You have the right to be "forgotten". You may ask erasing any personal data about you, if it is no longer necessary for the Company to store the data for purposes of your use of the Websites. If you don’t have a HackIT account, or want us to amend, update or delete other information, please contact us.

Object and termination of processingWhere we process your information based on the legitimate interests described above, or in the public interest, you can object to the processing in certain circumstances.

You can object to the Company using your personal data for profiling you or making automated decisions about you. The Company may use your data to determine whether we should let you know information that might be relevant to you (for example, tailoring emails to you based on your behaviour).

We will generally stop processing your information unless we have compelling grounds to continue processing, such as where needed for legal reasons. Where we use your information for direct marketing, you can always object using the unsubscribe link in such communications, changing your HackIT account settings or by contacting us.

Revoke consent. If we have specifically asked for your consent to use your information, you have the right to withdraw your consent at any time. You may ask us to refrain from using your data for marketing. You can opt out from marketing. You may choose not to provide the Company with personal data. If you choose to do so, you can continue to visit the Websites and browse its pages, but the Company will not be able to process transactions without personal data.

You can exercise the following rights by sending us an email info@hackcontrol.org.

Cookies. You may turn off cookies in your browser via settings. You can block cookies on your browser refusing cookies. You may delete cookies. If you turn off cookies, you can continue to use the Websites and browse its pages, but the Websites and certain services will not work properly.

Application to the the Estonian Data Protection Inspectorate. You have the right to lodge a complaint regarding the use of your data by the Company. You can address any complaint to the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) as directed on their website at http://www.aki.ee/en/inspectorate/staff-and-contacts (in English) or http://www.aki.ee/et/inspektsioon/kontaktid-nouandetelefon (in Estonian).

10. SECURITY

The security of your personal information is important to us. We strive to use appropriate technical and organisational to protect your personal information. We have security and organizational measures and procedures to secure the data collected and stored. We have security policies and data processing agreements with all our employees and contractors who are obliged to follow and maintain appropriate technical and organizational measures.

Connections to the Websites are encrypted using 256-bit SSL with integrity assured by the SHA2 ECDSA algorithm.

We use servers that comply with strict international data security standards, including ISO 27001.

Despite these measures, the Internet is not a fully secure environment and we cannot guarantee that your personal information won’t be intercepted or improperly accessed. You are responsible for your login information and password. You shall keep them confidential.

In case if your privacy has been breached, please contact the Company immediately on info@hackcontrol.org.

11. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time so please review it occasionally. If we make material changes, we will notify you. The date of the last revisions will appear on the top of this page.

Use of MailChimp

For sending our newsletter we use the provider MailChimp. MailChimp is an offer of The Rocket Science Group, LLC, 512 Means Street, Suite 404 Atlanta, GA 30318, USA. When you register for our newsletter, the data you provide when registering for the newsletter will be transferred to MailChimp and stored there. After registration you will receive an e-mail from MailChimp to confirm your registration ("double opt-in"). MailChimp offers extensive analysis possibilities about how the newsletters are opened and used. These analyses are group-related and are not used by us for individual evaluation. Further information about MailChimp and data protection at MailChimp can be found here: http://mailchimp.com/legal/privacy/

Contact us

If you have any questions or concerns about this Privacy Policy or our privacy practices generally, or if you would like to exercise your statutory rights, you can contact us at:

HackControl ul. Halicka 9,

Krakov, Poland

info@hackcontrol.org