This is a very boring document, but don’t let it put you off.
TL:DR – We consider your privacy rights to be human rights wherever in the world you live. We take steps to secure the information we collect, and only use or share it under specific circumstances. If you ever want to talk to us about it, or request we do something with data held about you, just talk to us and we’ll do our best. If you have any questions, please contact email@example.com.
We consider privacy rights to be fundamental human rights. Regardless of where you live, you have the right:
- to access your information and to receive information about its use.
- to have your information corrected and/or completed.
- to have your information deleted.
- to restrict the use of your information.
- to receive your information in a portable format.
- to object to the use of your information.
- to withdraw your consent to the use of your information.
- to complain to a supervisory authority.
When exercising these rights, there may be consequences affecting our ability to deliver access to the event. We’ll try to warn you of this at the time, but will carry out your request if you confirm you wish to proceed after being warned.
Data Protection Officer: Marizel Fourie
To exercise or query your information rights, please contact our Data Protection Officer at firstname.lastname@example.org.
We collect the following pieces of information:
- Name, Contact information, IP address, cookie information, device information, geographical information from IP address and time of access through web and host analytics and logs.
- Email address and any information (for example, food preferences) you provide when buying a ticket or contacting us via email.
- Country of origin, Email address, name and any information you provide when using our CFP system.
Your information is shared with the following third-parties:
- Companies sharing directors with Sense/Net Ltd (Currently Alien8 Systems Ltd, Cortex Insight Ltd, Mandalorian Security Services Ltd and Raw Hex Ltd). Sense/Net Ltd doesn’t employ anyone. Instead, people employed by these companies support Sense/Net’s operations. The information is shared in order to support events such as 44CON.
- Eventbrite (for ticketing), Google (mail, groupware and analytics), Hootsuite (Social media), Mailchimp (44con-announce list), Slack (internal chat), Shopify (Ticket and swag sales), Youtube and Vimeo (Talk and Workshop videos), Sched (Scheduling – speaker details), SagePay (for payment processing).
- We also use other platforms such as Sched for scheduling, YouTube and Vimeo for video but your information is not provided by us, unless you’re the subject of the content (e.g. a speaker).
- Volunteers working on events (e.g. our CFP panel and where relevant, ops leads). This is provided on a need-to-know basis and strictly for the purposes of making events run smoothly. Data is shared with volunteers on an individual, not company basis.
Your information is not shared by us:
- With sponsors, friends of 44CON or partners except as shown above or where specific explicit consent is granted (e.g. you asked a crew member to pass your email address to a sponsor).
When you send us information, you are deemed to have given us the consent to process it in accordance with our policy and the laws of England and Wales.
You may withdraw consent by emailing our DPO in the first instance, or using function-specific features such as the unsubscribe button in every 44CON-announce list email, or their equivalents.
Use of collected data
How we use your information:
- Administrative and business purposes, including but not limited to processing orders and refunds, travel bookings, contacting you with information about the event or those connected to it.
- In order to meet contractual obligations.
- Improving our systems and marketing through the use of analytics.
- Advertising goods and services.
- To fulfil legal obligations under the laws of England and Wales.
How long we retain it for (in order of importance from most to least):
- As long as we need it in order to comply with the laws of England and Wales (e.g. for tax purposes).
- As long as we need it in order to perform the functions above.
- As long as consent is not withdrawn (e.g. our announce list).
How we secure your information:
- We use Google’s G Suite to store the majority of our data used for operating the event, which allows us (amongst other things) to track who downloaded copies of it.
- We use appropriate encryption methods (TLS, PGP, drive crypto) to protect personal data at endpoints and in transit.
- We try to avoid collecting information where practical.
Transfers of information outside of the EU:
As an international event, some of our volunteers are based in and outside of the EU. Where we transfer information outside the EU, we’ll ensure appropriate safeguards are in place, for example our non-EU suppliers such as Google have self-certified as compliant with the EU-US privacy shield.
Sensitive Personal Information
We do not knowingly or intentionally collect what is commonly referred to as “sensitive personal information”. Please do not submit sensitive personal information about you to us.