PRIVACY POLICY

PRIVACY DECLARATION

This is the privacy declaration (hereinafter referred to as ‘Privacy Declaration’) of Exteso Sagl, a private limited company under Swiss law, with registered office at via A. Olgiati 6, 6900 Lugano, and lawfully registered under the number 838 866 911 (hereafter referred to as ‘Voxxed Days Zürich’, ’we’ or ‘us’).

Voxxed Days Zürich cares deeply about your privacy. We strive to protect the privacy and confidentiality of personal data we process. Hence, we do everything in our power to comply with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereafter the ‘Regulation’) or any applicable data protection legislation (hereinafter collectively with the Regulation referred to as the ‘Data Protection Law’).

The words ‘personal data’, ‘controller’, ‘processor’, ‘process’, ‘processing’, ‘profiling’, ‘data subject’ and all its derivatives used in this Privacy Declaration shall have the meaning set out in the Regulation.

1. Identity of the controller and contact details

Voxxed Days Zürich organizes conferences. We are the controller of the personal data that is used to organize these conferences.

Where Voxxed Days Zürich is deemed to be the controller, Voxxed Days Zürich will comply with this Privacy Declaration.

2. The personal data we collect and process

We process several categories of personal data, for instance, identification data (e.g. name, surname, employer,…) and contact data (e.g. address, email address) financial data (e.g. bank account number, VAT number). These personal data may relate to you in your capacity as a customer or supplier of our company, but also to you as a business relationship of one of our clients, and/or as one of the attendees of our conferences.

We collect and process personal data that you provide to us directly (e.g. by registering online for one of our conferences), as well as data that we obtain through another route, for example via a public source or provided by one of our clients or exhibitors.

We also use cookies for our website. More information about this can be found here.

We do not use automated data processing or so-called “profiling”.

3. Purposes of and legal basis for the processing personal data

3.1 In General

We process your personal data for various purposes, including conducting our general and financial administration, the organisation of our (future) conferences, to keep you updated about our (future) conferences, managing our customer and supplier base, providing a correct service and the proper execution of our agreements and direct marketing activities (e.g. sending newsletters).

Article 6.1 of the Regulation indicates the legal grounds on the basis of which personal data may be processed. Below we give you a brief overview of the legal grounds we rely on for the processing of personal data.

Your personal data may be processed:

  • Based upon your consent: we process personal data based upon your explicit and specific consent. Your consent is freely given and can be withdrawn at any moment.
  • For compliance with a legal obligation to which we are subject to: We have to comply with various legal obligations, under which we are obliged to maintain specific (personal) data.
  • For the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract: to execute our agreements, it’s necessary to process personal data. We hereby always limit ourselves to processing the data that are strictly necessary.
  • Based upon our legitimate interests or those of a third party: We may process data to protect our legitimate interests or those of our clients, suppliers or a third party, except where such interests are overridden by your interests or your fundamental rights and freedoms which require protection of your personal data.
3.2 Attending our conferences

Voxxed Days Zürich organizes Developer community conferences and events. Organizing these conferences requires a lot of administration. Nevertheless, we try to keep it very simple for our attendees.

(a) Buying an entrance ticket for one of our conferences

Registering for one of our conferences takes only a few steps. First of all, we ask you to fill in an online form. In this form, we ask you for several types of personal data, like identification data (name, surname, company you’re connected to) and contact details (address, email address) of the attendee(s). For the avoidance of the doubt, if a third party buys a ticket for someone else (e.g. an employer for its employees) we will ask and process data from the attendees for whom a ticket will be bought.

After you’ve been registered, we will ask you to pay for your entrance ticket(s). Therefore, we may ask you for your bank account number, card number, name of the cardholder, the due date of the card, VAT number,… The processing of these data is a necessary step prior to entering into a contract with us. Without the processing of these data, you will be unable to attend (one of) our conferences.

(b) Sharing your personal data with the exhibitors

We share the identification data and contact details of the attendees of our conferences with the exhibitors at our conferences. More information about our exhibitors can be found here.

Attendees of our conferences choose the exhibitors we share their personal data with. At the entrance of our conferences, attendees receive a QR-Code. The exhibitors are able to scan this QR-code. Attendees who have this QR-code scanned by one or more exhibitors give their explicit consent to share their personal data with the exhibitor(s) in question.

3.3 Direct marketing activities

We also process personal data for reasons of direct marketing.

We deem it to be one of our legitimate interests to communicate with our customers. Therefore, we may send you information about our products, services, and future conferences if we consider you a part of our customer base. This will be the case if you visited one of our previous conferences, or if you contacted us by mail or subscribed to our newsletter, or if you’re a customer of one of our business relationships or exhibitors of (one of) our conferences.

If you no longer want to receive our communications, you can unsubscribe by clicking the unsubscribe link contained at the bottom of any marketing email we send to you and following the instructions which appear in your browser following your clicking on that link.

4. Who has access to your personal data?

Only a limited number of people, companies, organizations or other entities have access to the personal data we’ve collected and process.

Our cloud servers are hosted by Amazon and Google. More information about the hosting of cloud servers by Amazon can be found here and Google here.

Our employees and staff, have access to the personal data we process. To guarantee the protection of your personal data, they are subject to a series of (contractual) obligations. For example, all employees and employees of our company are bound by confidentiality.

Voxxed Days Zurich does not share your personal data with third parties for any other purpose than mentioned in this Privacy Declaration, unless you’ve given us your explicit consent to do so or when we are required to do so by law or for the purposes of prevention of fraud or other crime.

We do however pass your information to our third-party service providers, agents, subcontractors, and other associated organizations for the purposes of completing tasks and providing services to you on our behalf (e.g. to process payments and back-up storage). Voxxed Days Zurich only discloses the personal data to its sub-processors that are necessary for the execution of their services. and Voxxed Days Zurich enters into a written agreement with each processor in which obligations are imposed to keep your information secure and to prevent your data is used for other purposes (for example the processor’s direct marketing purposes).

If we transfer personal data to countries outside the EEA, we will, in all circumstances, take appropriate safeguards and establish legal grounds justifying such transfer.

5. How long do we keep your personal data?

We keep your personal data as long as required to comply with our legal obligations and to provide our services in a correct manner or because we have a legitimate interest to keep your personal data (longer).

At any moment you have the possibility to object against further processing of your personal data.

6. How do we protect your personal data?

Voxxed Days Zurich takes appropriate measures to prevent misuse, loss, unauthorized access, unwanted disclosure, and unauthorized modification. If you have the impression that your data is not properly secured or there are indications of abuse, please contact our customer service or via info@exteso.com.

7. What rights do you have regarding the processing of your personal data?

The Regulation provides you with various rights regarding the processing of your personal data. If you wish to invoke your privacy rights, please contact info@exteso.com. We will normally respond to your request within 30 days. This period can be extended by a further two months if the request is complex or if you send us several requests. We will notify you of this extension within 30 days after we’ve received your request.

  1. Right of access: You have the right to know which of your personal data we’ve collected and process.
  2. Right to rectification: It can happen that certain information held on you by Voxxed Days Zurich is not (or has ceased to be) correct. You can ask for the data to be corrected or completed at any time.
  3. Right to erasure: You can ask to erase the personal data that we’ve collected and process about you (‘right to be forgotten’). We may deny this request if further processing of this personal data is needed to comply with a legal obligation, for the executing of a contract or to protect our legitimate interests or the legitimate interests of our clients, suppliers or those of a third party.
  4. Right to data portability: You are entitled to ask for personal data that you have provided Voxxed Days Zurich with yourself be transferred back to you or to a third party. The data protection laws do lay down a number of restrictions on the exercise of this right so that it is not applicable to all data.

Under the circumstances of conditions set by the Regulation, you also have the following rights regarding the processing of your personal data.

  1. Right to restriction of processing: The right to restrict the processing of your personal data.
  2. Right to object: If you disagree with how Voxxed Days Zurich invokes its legitimate interests to process certain data, you can object. We shall heed objections unless there are overriding grounds not to do so, such as when we process data with a view to combating fraud.

If the processing of your personal data is based upon your explicit and prior consent, you can revoke your consent at any time.

In principle, you can exercise these privacy rights free of charge. We ask to be as specific as possible when directing your request. In addition, we ask you to include a copy of the front and back of your identity card with every request.

8. Update Privacy Declaration

Voxxed Days Zurich is entitled to update this Privacy Declaration by posting a new version on the website. As such, it is strongly recommended to regularly consult the website and the page explaining the Privacy Declaration, to make sure that you are aware of any changes.

9. Questions, requests or complaints

If you have any questions regarding this Privacy Declaration or Voxxed Days Zurich privacy practices, or if you want to submit a request you can contact us using the following contact details:

Exteso Sagl
via A. Olgiati 6
6900 Lugano (TI)

Email: info@exteso.com

PRIVACY POLICYTERMS OF PARTICIPATIONCODE OF CONDUCT