Privacy statement www.offensivecon.org
The protection of your personal data (hereafter “p.d.”) which are processed when using our website as well as during the registration for our conference is a huge and important concern for us. The term “personal data” includes all information which refer to identified or identifiable individuals.
Categories of data are e.g. your name, your address, your e-mail-address, but also data about your usage behavior on www.offensivecon.org.
Controller, contact, data protection officer
The controller pursuant to Article 4 No. 7 General Data Protection Regulation (“GDPR”) is:
Blue Frost Security GmbH
Platz der Einheit 1,
60327 Frankfurt am Main.
That is represented by the CEO Lukas Hermann, ibid. You can also contact us via e-mail under firstname.lastname@example.org. Our homepage can be accessed via www.bluefrostsecurity.de.
For any questions and remarks regarding this privacy statement or for general inquiries regarding data protection please contact our data protection officer. You can contact him via e-mail under email@example.com or per mail by post with confidence to the attention of the data protection officer at the above address.
For further information, we refer to our information in the imprint: https://www.offensivecon.org/imprint.html.
Legal bases for processing of your data
Legal basis for the processing of personal data are:
The data processed by us will be deleted or its processing restricted in compliance with the statutory provisions, in particular in accordance with Articles 17 and 18 GDPR. Unless specifically stated in this privacy statement, we delete data stored by us as soon as it is no longer needed for its intended purpose. Beyond the time of continued use, data is only collected if it is required for other and legally permissible purposes or if the data must be retained due to statutory retention obligations. In these cases, processing is restricted, that means blocked, and not processed for other purposes.
Server log Files
For the informational use of our website, it is generally not required that you actively provide personal data. In this case we collect and use only your data which is automatically transmitted to us by your Internet browser. These include:
The data is stored temporarily on our servers. This data is not stored together with other personal data except those stated above. The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the IP address of the user must be stored for the duration of the session. In addition, we create so-called log files. The log files are stored to ensure the security of our IT systems. The log files include all of the above data categories, whereby IP addresses are shortened for the purpose of anonymization. A personal evaluation of the data, in particular for marketing purposes, does not take place.
Processing of the above data is necessary for technical reasons to offer a website pursuant to Art. 6 (1) Clause 1 lit. b), lit. c), lit. f) GDPR in order to display our website correctly to you and to guarantee stability and security. In particular, log files are created to prove attacks on our systems. We delete non-anonymous server log files regularly after seven days, but not later than 30 days after your visit.
Data processing and recipient of data
In some cases, we use external service providers, who are bound by our instructions to process your data. These were selected and commissioned carefully by us and are controlled regularly. The orders are based on data processing agreements pursuant to Article 28 GDPR. The processor does not process data independently for its own purposes. If you have any questions about our order processors, please do not hesitate to contact us.
For the operation and hosting of this website we make use of Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany, located within the EU, which processes all usage data, meta and communication data of visitors or customers of this website on our behalf and on the basis of our legitimate interests in an efficient and secure provision of this online offer in accordance with Article 6 (1) Clause 1 lit. f) GDPR.
Registration for the conference (ticket shop)
When you register for the conference and/or want to take part in a training, we will process the data you provide when placing your order in order to process the contract. For the purpose of registration we need your name, your e-mail-address, your address, company, ticket type (if conference and/or training) as well as payment and invoice data. Furthermore, the date and time of the order as well as data transmitted by your browser (see above server log files) are processed automatically.
When you register for our conference, you can optionally receive a T-shirt. For this purpose we need your clothing size and your gender so that we can hand you a suitable T-shirt. The data will not be processed for any other purpose.
The legal basis for the processing of your personal data is Article 6 (1) Clause 1 lit. b) GDPR. The legal basis for voluntarily provided information is Article 6 (1) Clause 1 lit. a) GDPR. We are obliged to save your ordering data for a period of ten years because of commercial and fiscal regulations (German federal Handelsgesetzbuch, German federal Abgabenordnung). However, we will perform a restriction of the processing after the congress. The legal basis for that is Article 6 (1) Clause 1 lit. b), lit. c) GDPR.
We use the pretix ticket tool for registration. That is a service of the rami.io software development (Raphael Michel), Römerstraße 245, 69126 Heidelberg, Germany, which also stores the ticket shop on its own servers. Entered data as well as your IP address and other automatically processed data are transferred to pretix upon registration. We have concluded a data processing agreement with the service provider. In particular, this agreement guarantees that the transmission of your data is secure. The service provider does not process your personal data for its own purposes. For further information, please visit https://pretix.eu/about/de/privacy.
To pay for the registration we offer to use the payment service providers: Sofortüberweisung (Klarna), Stripe and Paypal. If you choose a payment method, you will be redirected to the providers' websites. Under data protection law, they are solely responsible for the processing of your data in the context of payment processing. If you wish to pay for your registration with a payment provider, the data protection information of the payment provider applies, which you can view at https://www.paypal.com/de/webapps/mpp/ua/privacy-full and at https://stripe.com/gb/privacy and at www.klarna.com/sofort/datenschutz/.
Contact via e-mail, telephone, social media
We would be pleased to give you the opportunity to contact us. If you contact us regarding the issue of data protection as well as any other matters, we will process the data provided by you so that we can take care of your request and respond to it. The processing of your data within the scope of contacting us via e-mail, telephone or via social media depending on the content of the enquiry for purely informational enquiries on the basis of your (presumed) consent pursuant to Article 6 (1) Clause 1 lit. a) GDPR or pursuant to Article 6 (1) Clause 1 lit. b) GDPR, as far as the contacts are in connection with contractual performance obligations. The information provided by users on the basis of Article 6 (1) Clause 1 lit. b) GDPR can be stored in a customer relationship management system ("CRM System").
We will delete your contact requests within a few days after processing. If you contact us by e-mail for informational purposes, you can object to the storage of your personal data at any time. In such a case, the conversation cannot be continued. Furthermore, you have the right to object to the storage of your personal data in a CRM system.
We will delete your contact inquiries from our active systems immediately after final processing, unless legal permissions or storage obligations permit or require further storage. For example, if you apply to us by e-mail, we will store your application data for a period of six months from the end of the application process.
Cookies and integrated offers of third parties
When you visit offensivecon.org, the website also stores so-called cookies on your computer. Cookies are small text files that within the scope of your visit of our website are transmitted from our web server to your browser and are stored by your browser on your computer for later retrieval. You can determine by the settings in your browser, whether cookies can be set and retrieved. You can completely deactivate the storage of cookies in your browser, limit it to certain websites or configure your browser so that it automatically informs you as soon as a cookie is to be set and asks you for feedback.
In particular, we use session cookies. They store a so-called session ID, with which different requests of your browser can be assigned to a certain session. This allows your computer to be recognized when you return to our website, which offers significant added value for the registration function for our conference, for example. The session cookies are deleted when the expiry time of one week has been reached.
Third-Party-Cookies and Third-Party-Offers
You can configure your browser settings according to your wishes and refuse the acceptance of third party cookies or all cookies, for example. The legal basis for the use of third party cookies as well as other offers from third parties is our legitimate interest (in the analysis, optimization and economic operation of the online service) pursuant to Article 6 (1) Clause 1 lit. f) GDPR, unless otherwise stated. You can object to the processing on the basis of our legitimate interests at any time.
Please consider the following notes on third-party cookies listed below.
1. Google Maps
We integrate the videos of the platform "YouTube" of the provider Google LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. The YouTube server is informed of which of our pages you have visited, stating your IP address.
If you are logged into your YouTube account, you allow YouTube to associate your surfing behavior directly with your personal profile. You may be able to prevent this by logging out of your YouTube account.
Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
3. Social plugins
To protect your personal data, we have deliberately decided against implementing plug-ins from social network operators, with the exception of the integrated YouTube videos. Links to portals that you will find on our website are merely static links. Information is only transmitted to the service providers when you click on the button. If you are a member of one of the linked portals, the portal providers may link our profile and your visit to our website to your profile there. The following portals are linked by us. Further information can be found under the links listed below.
b. LinkedIn, Google+
The LinkedIn and Google+ buttons implemented on our pages are static links. Information is only transmitted to the service providers when you click on the button. Further information is available at: https://www.linkedin.com/legal/privacy-policy?trk=%7Berror-page%7D-privacy-policy or https://policies.google.com/privacy?hl=en.
Social media presences
We maintain presences in social media in order to communicate with customers and prospective customers there and to keep them informed. When utilizing the relevant social media network, the terms and conditions of the respective social media network operators apply.
Pursuant to statutory provisions, you can assert the following rights free of charge vis-à-vis the data processing controller:
You also have the right to complain to a data protection supervisory authority concerning the controller’s processing of your personal data.
We apply technical and organizational security measures to protect our website and other systems against loss, destruction, access and change. Your data will only be transmitted encrypted via a secure and specifically hardened TLS connection.
Whether a single page of our website is transmitted in encrypted form is indicated by the closed key or lock symbol in the lower or upper status bar of your browser.
If this takes longer than a few minutes, please contact us.