RomHack

Privacy and Cookies Policy

INFORMATION ON THE PROCESSING OF PERSONAL DATA

The information provided below describes the processing operations performed on the personal data of the users visiting the websites

  • https://romhack.io (and its third level domains)

DATA CONTROLLER

Cyber Saiyan Ente del Terzo Settore is the Controller for the personal data we process

CATEGORIES OF PERSONAL DATA, PURPOSES AND LEGAL BASIS OF THE PROCESSING

Browsing data

To operate the websites, the Data Controller performs processing operations on some of your personal data, such as the IP address of the terminal equipment, the URI/URL address of the requested resource, date and time of such request, the method used for submitting the request to the server, returned file size, a numerical code relating to server response status (successfully performed, error, etc.), and a set of other parameters related to your computer environment (operating system, browser, etc.).

Data are are also processed in order to check the proper functioning of the service and to extract anonymous statistical information on the service usage. These Processings are necessary in our legitimate interest, consisting of supplying the service and checking its proper functioning.

Data related to Call For Papers participants

To submit a Talk proposal to the Conference’s Call For Papers, you must provide us with your e-mail and some other information about you and your talk proposal, via e-mail or, at your free choice, filling a Google Form.

This processing is necessary for selecting the Conference Speakers, under the Call For Papers Terms and Conditions. Failure to provide mandatory data will result in not being able to be selected.

Data concerning Conference Speakers

  1. To give your Talk at the Conference, besides data submitted during the Call For Papers, you must provide us with your name+surname or your nickname. Optionally, you may also provide us with your social-media pages’ links and a short bio (whois). This processing is necessary for introducing your Talk. Failure to provide mandatory data will result in not being allowed to speak at the Conference.
    Data will be published on the Conference website.
  2. We may also publish a picture of you and/or a video recording of the Talk and/or your presentation slides.
    These processings are based on your freely given consent.
    You can object to these processings initially by not giving your consent or withdrawing it subsequently (provided that the withdrawal of the consent does not affect the lawfulness of processing based on consent before its withdrawal).

Data concerning Events Attendees

  1. To buy a ticket to attend an Event (e.g. Conference, Training, Camp) you must provide us your name, surname and e-mail. This processing is necessary to identify attendees, under the events Terms and Conditions. Failure to provide mandatory data will result in not being allowed to buy a ticket and attend to the events.
  2. In case of the Conference, we may transfer your data to our Platinum Sponsors for their own direct marketing and job offer purposes.
    This processing is based on your freely given consent. You can object to this processing by not giving your consent initially or withdrawing it subsequently (provided that the withdrawal of the consent does not affect the lawfulness of processing based on consent before its withdrawal), directly to the Data Controller or to the Platinum Sponsors.

Data concerning Scholarships

To submit for scholarships , you must provide us with your name, surname, date of birth, phone number, e-mail and some other information about you and your proposal, via e-mail or, at your free choice, filling a Google Form.

This processing is necessary for selecting the winning scholarships students. Failure to provide mandatory data will result in not being able to submit and be selected.

Newsletter

To keep you up to date with our activities, you can subscribe to our newsletter, providing us with your e-mail address. This processing is based on your freely given consent.

DATA RECIPIENTS

Recipients of the collected data include the Data Controller’s information service providers, acting as Data Processors pursuant to Article 28 of the Regulation, and staff in charge of processing operations, acting on specific instructions given by the Data Controller.
Your IP address is disclosed to the OpenStreetMap Foundation to show you the map of the venue and to rami.io GmbH to embed the Pretix ticket shop.
Pretix does not store any IP addresses, browser information or other unnecessary meta data beyond the timeframe of your transaction. You can find out more about privacy at Pretix here: https://pretix.eu/about/en/privacy.
Data about Conference Speakers will be published on the Conference website.
Camp and Conference Attendees’ data may be transferred to our Platinum Sponsors, under the conditions stated above.

DATA TRANSFER OUTSIDE E.E.A.

The Data Controller does not intend to transfer personal data to third countries or international organizations. If necessary, data will be transferred with appropriate safeguards in accordance with Article 44 of the GDPR. By using our site, you consent to the processing and transfer of your browsing data as described in this section.

Map tiles are provided by OpenStreetMap using a global network of cache servers; which tile server your browser or app accesses is determined dynamically by geolocation of the IP address and selection of the cache server “nearest” to you. Read more on OSM Privacy Policy.

The webiste uses the services of Cloudflare, Inc. (“Cloudflare”) to improve the security, efficiency, and performance of the platform. Cloudflare acts as a Content Delivery Network (CDN) and provides protection services against DDoS attacks and other security measures. Some information about your browsing data, including IP addresses, may be transferred to and processed by Cloudflare on servers located in the United States. Cloudflare complies with Cloudflare’s Privacy Shield framework, which ensures that the transferred data is protected according to applicable privacy and security standards in the United States and complies with the GDPR and the EU Cloud Code of Conduct.

 

STORAGE PERIOD

  • Browsing data will be kept in the server for no longer than 1 month;
  • Data related to the Call for Papers participants will be stored for no longer than 6 months;
  • Data related to the Events (e.g the Conference and the Camp) attendees tickets will be stored for no longer than 6 months, or the longest time provided by Italian laws;
  • Data processed to send our newsletter will be stored until you unsubscribe or 2 years after our last submission.

DATA SUBJECTS' RIGHTS

As a Data Subjects you have the right to:

  1. ask us for copies of your personal data,
  2. ask us to rectify data you think is inaccurate,
  3. ask us to complete data you think is incomplete,
  4. ask us to erase your personal data in certain circumstances,
  5. ask us to restrict the processing of your data in certain circumstances,
  6. object to processing if we process your data in our legitimate interests,
  7. ask that we transfer the data you gave us to another organisation, or give it to you (the right only applies if we are processing data based on your consent or under a contract and the processing is automated).

Where the processing is based on your freely given consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

You can send your requests to privacy [at] cybersaiyan [dot] it

If you think that the processing of your personal data infringes the GDPR, you have the right to lodge a complaint with the Supervisor Authority in the Member State of your habitual residence, place of work or place of the alleged infringement (in Italy: Garante per la Protezione dei Dati Personali), or to bring a judicial proceeding against the Data Controller.

COOKIES AND TRACKERS

We do not use any third-party cookies or other trackers.
We may store a small amount of data in local and session storage to enable websites’ core functionality.
If you try to purchase a ticket from our website, Pretix will use first party technical cookies to manage your purchase process and to remember tickets in your cart:

  1. __proxy_session (Max-Age: 7 days);
  2. prefix_session (Max-Age: 14 days);
  3. pretix_widget_https_tickets_romhack_camp_ (Max-Age: 30 days);
  4. pretix_csrftoken (Max-Age: 365 days);
  5. pretix_language (Max-Age: 3650 days).

These cookies will only be set once you’ve started to interact with the Pretix widget.