Privacy Notice

CYBER FORUM GMBH (SWISS CYBER INSTITUTE) PRIVACY NOTICE

 

  1. BACKGROUND AND PURPOSE OF PROCESSING

Cyber Forum GmbH (hereinafter “Swiss Cyber Institute” or “SCI” or “we“), is a Swiss-owned company that specializes and focused on providing cybersecurity education and organizing cybersecurity and privacy conferences as well as designing and developing online products and services.

In connection with our operations and to be able to provide Swiss Cyber Institute Services and Events, we may collect and process personal data of you as a user of Swiss Cyber Institute Services (“User” or “you”). Swiss Cyber Institute processes personal data under this Privacy Notice and in accordance with applicable laws, including the Swiss Federal Data Protection Act and General Data Protection Regulation (2016/679) (the “GDPR“).

The purpose of this Privacy Notice is to describe and explain how we as controllers process personal data in connection with Swiss Cyber Institute Services, what personal data we collect, and how you may use your rights as a data subject. At times Swiss Cyber Institute platform may also be licensed to a third party and in such cases, Swiss Cyber Institute may act as a processor or an independent controller together with the third party.

In this Privacy Notice, “SCI Services” refer to Global Cyber Conference, Swiss Cyber Security Community, Swiss Cyber Institute Education platform and Online Campus, including applicable features such as, but not limited to, online events, an online ticket store, and an online matchmaking platform (mobile/web app) provided by Swiss Cyber Institute. In this Privacy Notice, the cybersecurity and privacy conferences and events (physical or online) organized by SCI and/or under the SCI brand, and being part of Swiss Cyber Institute Services, are separately referred to as the “Events”, where necessary.

Please note that we may update this Privacy Notice from time to time – you can find the current version on the swisscyberinstitute.com and globalcyberconference.com websites.

  1. CONTROLLER’S CONTACT DETAILS

Name: Cyber Forum GmbH

Address: Höhestrasse 20, 8702 Zollikon

Email: email@swisscyberinstitute.com

  1. PERSONAL DATA PROCESSED AND SOURCES OF DATA

Our User’s personal data collected and processed by us in connection with SCI Services can be divided into two general data categories: “User Data” and “Technical Data” (including cookies and web analytics).

User Data

User Data is personal data collected directly from you, or from the customer organization represented by you and on behalf of which you are using SCI Services (the latter hereinafter the “Customer Organization”). We may collect User Data from our Users in a few different ways, including when the User registers to SCI Services, creates a profile, or subscribes to our newsletter. Please note that we may also collect details of transactions, such as ticket purchases, you complete in connection with SCI Services.

User Data will be collected from the User as a part of the registration and when creating a profile to SCI Services. Accordingly, the following User Data is necessary in order to be able to use SCI Services:

Registration

  • First name;
  • Last name;
  • Email address;
  • Marketing opt-in or opt-out.

We may also collect and process the following User Data (listed by feature) in connection with your use of SCI Services:

Mobile/Web App of SCI – Matchmaking tool

  • Picture, domicile, job title, organization, phone number;
  • Information regarding interests, employer, education, professional background, and/or other information the User chooses to provide in connection with his/her public profile on the matchmaking tool;
  • Information about the User’s activities within the tool, such as information related to User’s meetings;
  • Information the User chooses to provide to other Users in the chat function available on the matchmaking tool; and

Ticket shop

  • Name;
  • Email address;
  • Information relating to transactions and payments carried out through SCI Services;
  • Type of Event ticket purchased on SCI Services;
  • Organization and Job Title; and
  • Address, Postal Code, Domicile, or Locations

Marketing

  • Name;
  • Email address;
  • Event attendance information;
  • Interests of the User;
  • User account and profile information; and
  • Information is provided via the matchmaking tool (please see the matchmaking tool section above).

Other

  • Customer feedback and other information the User provides to us in correspondence.

In addition, we may also collect User Data from our Customer Organizations when they purchase Event tickets in connection with and/or to SCI Services. The User Data we collect from the Customer Organizations include:

  • Email address connected to the Customer Organization;
  • Customer Organization’s representative User and thereto related User Data, as applicable.

Technical Data

We do not normally use Technical Data to identify you as an individual, but you can sometimes (e.g. in certain technical support cases) be recognized from such data, either alone or when combined or linked with User Data. In these situations, Technical Data can also be considered personal data under applicable laws and we will treat such data as personal data.

We and/or our authorized third-party service providers may automatically collect the following Technical Data when you visit or interact with SCI Services:

  • Browser type and version;
  • Device and device identification number;
  • Time spent at SCI Services;
  • Interaction with SCI Services;
  • URL of the website you visited before and after visiting SCI Services;
  • The time and date of your visits to SCI Services;
  • Operating system and the Internet service providers utilized.

Cookies

We use various technologies to collect and store Technical Data and other information when you visit SCI Services, including cookies.

Cookies are small text files sent and saved on your device, helping us – for example – in tailoring SCI Services and personalizing the information we provide to our Users. They allow us to identify visitors of SCI Services, facilitate the use of the same and create aggregate information about the Users. By using cookies, we are able to improve SCI Services and better serve and support our Users, for example, by remembering usernames, passwords, and language preferences. We also use tracking and analytics cookies to see how well our services are being received by the Users.

The Users may choose to refuse cookies or to alert when cookies are being sent. However, please note that some parts of SCI Services may not function properly if the use of cookies is, in part or in whole, refused.

Web analytics services

SCI Services use Google Analytics and other web analytics services to compile Technical Data and reports on visitors’ usage and help us improve SCI Services. For an overview of Google Analytics, please visit Google Analytics. It is possible to opt out of Google Analytics with the following browser add-on tool: Google Analytics opt-out add-on.

  1. PURPOSES AND LEGITIMATE GROUNDS FOR PROCESSING OF PERSONAL DATA

SCI processes the personal data of the Users of its services for the purposes described in this Privacy Notice. These processing purposes, of which one or more may apply depending on the case at hand, are listed below:

  • To organize Events and provide SCI Services

SCI processes personal data to be able to organize Events and provide SCI Services to you under the contract between you and SCI, or between the Customer Organization and SCI. We use the data, for example, to handle your online registration, manage ticket(s) and payments, provide you with educational services, enable the organization of side events, and provide you and the other Users with the information necessary for the proper use of the matchmaking tool as well as other tools of the SCI platform. We may also process personal data to contact you regarding the Events and SCI Services as well as to inform you of any changes to the same. In the event you contact our customer service, we will use the provided information to answer your questions or solve possible issues. The legitimate grounds for processing are the performance of a contract and in certain cases legitimate interest.

If registration for an Event organized with/by a third party takes place on SCI Services (not redirecting to other registration sites or platforms), the respective organizer and SCI are joint controllers for the personal data processed for the purpose of the event registration. The legitimate ground for processing is the performance of a contract. With any questions related to such processing, you can reach out to us.

  • To provide personalized content and customized user experience

If you have selected to become our community member, we process personal data to generate an optimal and customized user experience and to provide you with the most relevant content based on your user profile.

You may at any time decide to leave the SCI Community platform and/or turn the notification feature off, and remove your profile. After removing the profile SCI no longer processes the user profile information for the abovementioned purposes. The legitimate grounds for processing is the performance of a contract.

  • For customer communication, marketing, and development

We process personal data for the purposes of maintaining our customer relationships as well as for marketing and advertising SCIServices and other products offered by SCI or via the SCI platform. This means, for example, customizing the user experience by showing targeted offers, side event information, job opportunities, and advertisements based on the information gathered from the User during his/her visits to SCI Services. We process personal data also to run, maintain and develop our business and to create new customer relationships. The legitimate ground for processing is the legitimate interests of SCI.

  • Electronic direct marketing

In relation to electronic direct marketing, the legitimate grounds for processing personal data is the legitimate interest of SCI. However, in certain cases, to be allowed to send electronic direct marketing (for example, utilizing email or text messages) the consent of the receiver of electronic direct marketing is collected where required by applicable laws. Such consent may be requested in certain parts of SCI Services, e.g. in connection with the registration. The Users may withdraw given consent at any time by contacting us via email (see section 2 above for contact details) or by managing consent settings via their own user account.

  • To fulfill our legal obligations

SCI processes personal data to be able to administer and fulfill its obligations under the applicable laws. This includes processing data for complying with the bookkeeping obligations and providing information to relevant authorities such as tax authorities. Personal data may also be disclosed due to mandatory grounds arising from the applicable laws, regulations, and/or, if required, to the court or competent authority for legal and justified grounds. The legitimate ground for processing is to comply with legal obligations.

  • For potential claims handling and legal processes

SCI may process personal data in relation to handling claims, debt collection, and legal processes. SCI may also process personal data to prevent fraud, and misuse of SCI Services and for information, system, and network security. In these situations, the legitimate grounds for processing are the legitimate interests of SCI.

  • For quality improvement, trend analysis, and research

We may process information about your use of SCI Services to improve the quality e.g. by analyzing trends in the use of SCI Services, and to adjust, develop and improve our offering and operations, including the user experience. Further, we may process the information you provide us via the SCI platform for research purposes. However, we will never publish other than aggregated, non-personally identifiable data. The legitimate ground for processing is the legitimate interests of SCI in maintaining and improving its services to ensure their relevancy and quality.

When choosing to use your data on the basis of our legitimate interests, we weigh our own interests against your right to privacy. We also use pseudonymized or non-personally identifiable data when possible.

  1. TRANSFERS TO COUNTRIES OUTSIDE SWITZERLAND, THE EU, AND THE EUROPEAN ECONOMIC AREA

We always take necessary steps to ensure that Users’ personal data receives an adequate level of protection in the jurisdictions where it is stored and processed. We ensure adequate safeguards and protection for the transfers of personal data to countries outside of Switzerland, and the EU/European Economic Area through a series of agreements with our service providers based on the Standard Contractual Clauses or through other appropriate safeguards, in force and accepted from time to time.

Currently, we store Users’ personal data primarily in Switzerland and in the EU/European Economic Area, as it is the domicile of our service providers. SCI has service providers in certain other geographical locations too. As such and subject to this section 4, we and our service providers may transfer to and access personal data from jurisdictions outside the EU/European Economic Area.

More information regarding the transfers of personal data may be obtained by contacting us (see section 2 above for contact details).

  1. RECIPIENTS AND DATA DISCLOSURES

We only share personal data within our SCI organization, if and as far as reasonably necessary, for the purposes of this Privacy Notice, e.g. with our employees responsible for customer service and marketing. We do not share personal data with third parties outside of our organization unless one of the following circumstances applies:

  • It is necessary for the purposes of this Privacy Notice

To the extent, third parties (such as other Users of SCI Services, side event organizers, or other collaborators/event organizers) need access to your personal data in order for us to perform SCI Services. SCI has taken the appropriate contractual and organizational measures to ensure that your data are processed exclusively for the purposes specified in this Privacy Notice and in accordance with the applicable laws and regulations. Furthermore, we may provide your personal data to our affiliates, other trusted businesses, or persons to process it on our behalf of us, based on our instructions and in accordance with our Privacy Notice as well as any other appropriate obligations of confidentiality and security measures.

  • For legal reasons

We may share personal data with third parties outside our organization if we have a good-faith belief that access to and use of the personal data is reasonably necessary to (i) meet the requirements or obligations under the applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address fraud, security or technical issues; and/or (iii) protect the interests, properties or safety of SCI, the Users or the public in accordance with the applicable law. When possible, we will inform the User of such data transfer and processing.

  • To authorized service providers

We may share personal data with authorized service providers who perform services for us (including but not limited to data storage, accounting, payment, sales, and marketing service providers). Our agreements with our service providers include commitments ensuring that the service providers agree to limit their use of personal data and to comply with privacy and security standards at least as stringent as the terms of this Privacy Notice.

  • With explicit consent

We may share your personal data with third parties outside SCI for other reasons than the ones mentioned above when we have your explicit consent to do so. The User has the right to withdraw the aforementioned consent(s) at any time.

  1. INFORMATION SECURITY

We use administrative, organizational, and technical measures as well as physical safeguards to protect all personal data we collect and process. Measures include, for example, and where necessary, encryption, pseudonymization, firewalls, secure facilities, and access right systems. Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, availability, resilience, and ability to restore the data.

If a security breach that is likely to have a negative effect on the privacy of the Users would occur despite the security measures, SCI will inform the relevant Users and other affected parties, as well as relevant authorities in accordance with the applicable data protection laws, as soon as possible.

  1. STORAGE PERIOD

SCI does not store your personal data longer than is legally permitted and necessary for the purposes of this Privacy Notice. The storage period depends on the nature of the information and on the purposes of the processing. The maximum storage period may therefore vary per use.

Registration information relating to the user account with SCI Services will be deleted after a period of seven (7) years from the last use of the user account in question. SCI will inform you of the oncoming deletion. The data collected for a specific Service or Event will be deleted or anonymized five (5) years after the completion of the Service or Event. A part of the personal data relating to the user account or otherwise to SCI Services may be stored in case processing is required by the applicable law or is reasonably necessary for our legal obligations or legitimate interests such as handling of claims, bookkeeping, internal reporting, and reconciliation purposes.

All personal data relating to the user account with SCI Services will be anonymized or deleted after a period of seven (7) years from the last use of the user account, with the exception of personal data required in certain rare situations such as legal proceedings.

We will store the Technical Data of unregistered Users for a reasonable time period, but in no event longer than two (2) years for the purposes specified in this Privacy Notice.

  1. USERS’ RIGHTS
  • Right to access

The Users have the right to access the personal data relating to them and processed by us. We give you the possibility to view certain data through your user account with SCI Services or request a copy of your personal data.

  • Right to object

If the data is processed based on our legitimate interest, you may have the right to object to certain use of your personal data. If you object to the further processing of your personal data, this may lead to fewer possibilities to use SCI Services.

  • Right to rectify

The Users have the right to have incorrect, imprecise, incomplete, outdated, or unnecessary personal data we have stored about the User corrected or completed by contacting us. You can correct or update some of your personal data through your user account in SCI Services.

  • Right to erasure

The Users may also request us to delete their own personal data from our systems. We will comply with such requests unless we have a legitimate ground not to delete the personal data. The such legitimate ground may be based on e.g. the applicable laws.

  • Right to data portability

In certain situations, you may have the right to receive your personal data from us in a structured and commonly used format and to independently transmit the data in question to a third party.

  • Right to withdraw consent

In case the processing is based on the consent granted by the User, the User may withdraw the consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

  • Right to restriction of processing

You may request us to restrict the processing of personal data, for example, when your data erasure, rectification or objection requests are pending and/or when we do not have legitimate grounds to process your personal data. However, this may lead to fewer possibilities to use SCI Services.

The abovementioned rights may be exercised by sending an email or a letter to us at the addresses set out above in section 2 (Controller’s Contact Details). The message should include the following information: full name, home address, email address, and telephone number. We may request the provision of additional information necessary to confirm the identity of the User. We reserve the right to reject requests that are unreasonably repetitive, excessive, or manifestly unfounded.

  1. DIRECT MARKETING

The User has the right to prohibit us from using User’s personal data for direct marketing purposes, market research, and profiling made for direct marketing purposes by contacting us at the address indicated above in section 2 (Controller’s Contact Details) or by using the unsubscribe function offered in connection with each direct marketing message.

  1. LODGING A COMPLAINT

The User can lodge a complaint with the local data protection supervisory authority in case the User considers that SCI’s processing of personal data appears to be inconsistent with the applicable data protection laws. In Switzerland, the local supervisory authority is the Federal Data Protection and Information Commissioner (Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter) https://www.edoeb.admin.ch/edoeb/de/home.html. The contact details of the supervising authority are as follows:

Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter

Address: Feldeggweg 1, CH – 3003 Bern, Switzerland

Telephone: +41 (0)58 462 43 95

Telefax: +41 (0)58 465 99 96

 

Version effective as of 01.03.2023