CEIS values your privacy and the protection of your personal data and takes all reasonable precautions to ensure their protection.
The purpose of this Policy is to inform you about the procedures and processing of personal data that are put in place for the organisation of the Cyber Security Forum (CSIF) and related events. The purpose of this Policy is to inform you of the measures taken concerning the protection of your personal data in accordance with the European Union’s General Data Protection Regulation or “GDPR” of 27 April 2016 (n°2016/679) and the amended law of 6 January 1978.
We have drafted two documents to inform you about how we collect, use and protect your personal data in the context of our various services:
– a policy dedicated to the personal data collected via our website and in the context of registration to the FIC (this policy).
In the rest of this document, we use the terms “personal data”, “personal data” and “personal information” to refer to information that identifies you personally (names, first names, business addresses, etc.) or, as in this case, data that is linked to you (answers to questions on our forms), as well as data on your connection to or navigation on our site (if applicable, IP address, date and time of connection).
You will find the answers to your questions classified by theme in the following sections:
- Who are we?
- Scope of application
- Type of personal data collected and legal basis for processing
- Retention periods
- Confidentiality and security measures
- Recipients of the data
- International data transfer
- Sharing of social networks with which you have an account
- Rights of access, rectification and deletion
- Contacting us
- Evolution of the group’s perimeter
1. Who is CEIS?
CEIS is a simplified joint stock company with a capital of €150,510, registered in the Paris Trade and Companies Register under number 414881821 and whose registered office is located at 17 Avenue Hoche, 75008 PARIS.
We are the data controller within the meaning of Regulation (EU) 2016/679 of the General Data Protection Regulation (hereinafter “GDPR”), for the procedures and processing of personal data that are implemented on the occasion of the organisation of the INCYBER Forum, the events related to it and the processing of personal data described below.
As such, we undertake to comply with the framework of the legal provisions in force and in particular to take all reasonable measures to ensure the accuracy and relevance of personal data with regard to the purposes for which CEIS (hereinafter also “the Organiser”) processes them.
2. Scope of application
This Policy is specific to the organisation of the INCYBER Forum event and related events (breakfasts, etc.), as well as to the management of related websites and only concerns activities for which the Organiser is a Data Controller within the meaning of the RGPD.
3. Type of personal data collected and legal basis for their processing
With regard to the collection of personal data linked to your Internet navigation (cookies), we invite you to read our dedicated cookie management policy.
We also collect the data you specifically send us for each purpose:
– Professional data enabling you to register for our various events (surname, first name, function, company, telephone, professional email) in order to allow you to access and receive the information necessary for your participation (making badges, etc.) and to enable us to properly organise the events for which you have registered. The legal basis for this processing is the contract governing your participation in our events (the “Registration Conditions”). The same applies to your eventual registration to the various workshops, conferences, competitions, challenges, round tables, etc. organised within the INCYBER Forum and related events.
– Depending on the places where the events will take place and the personalities present, which may explain the particular security procedures for accessing them, the data and official documents allowing the verification of your identity (identity card, etc.) and access control. The legal basis for this processing is our legitimate interest, or in some specific cases, the existence of a regulatory obligation.
– Data enabling you to be identified (surname, first name, position, company, telephone, professional email) in order to invite you to future events that we or some of our partners will organise on similar themes and, more generally, to carry out any canvassing operation in connection with themes (newsletters, publications), within the framework of a BtoB relationship. The legal basis for processing your professional data for this purpose is our legitimate interest.
– The log files of the consultation of our websites (registration site, etc.), in order to optimise their operation and to facilitate interactions with our services and the information we provide (browser language, country of consultation, pages consulted, etc.) and also in order to secure the said sites. The information collected may include the IP addresses allocated to your devices by your Internet service provider, your operating system, your Internet browser, the configurations of your connection hardware and software or the date and time of consultation. All of this processing is carried out on the legal basis of our legitimate interest.
Please note: the information marked with an asterisk (*) in the various collection forms that we use is essential for processing your request.
4. Retention Periods
Your personal information will not be kept beyond the time strictly necessary. In particular:
– Your registration data for our events is kept for three years from your last registration. However, the data allowing to establish the proof of a right or a contract or having to be preserved under the respect of a legal obligation, will be it during the duration envisaged with the law in force and can be it until the end of the applicable prescription period;
– Data which is used to invite you to future events organised by us or our partners on similar themes will be kept for three years from the time your data was collected or from the last contact with you. At the end of this period, we will allow us to contact you again to see if you wish to continue to receive commercial solicitations from us.
– Your connection data (operating system, hardware and software configurations – browser and browser language -, country of supposed consultation, IP address, date and time of connection, pages consulted) are kept for a maximum period of 12 months.
5. Confidentiality and security measures
We take all necessary and reasonable measures (physical, logistical, organisational) to protect your data at the time of transmission to our site or applications, in particular against loss, misuse, unauthorised access, disclosure, alteration or destruction, through security measures such as vulnerability detection, deployment of the HTTPS protocol, implementation of pseudonymisation and anonymisation processes, etc.
Depending on the type of data collected and its purpose, processing is only carried out by authorised personnel in accordance with our confidentiality and security requirements in the constitution of files, exchanges with our partners and subcontractors, and the transfer of this data (see below).
6. Recipients of the data
The personal information that you may provide may be consulted by our company’s staff, as well as by all of the group’s subsidiaries, the departments in charge of control and our subcontractors within the strict framework of the purposes that we have presented to you (including the provision of premises, the management of ticketing, etc.). In this respect, we would like to point out that we have signed strict security clauses with our subcontractors, in accordance with Article 28 of the RGPD, specifying in particular the security objectives that must be achieved.
We may also communicate your professional registration data to four types of entities:
– We would also like to point out that, in the case of the use of social modules or your Facebook or LinkedIn account, the social networks in question may have access to some of the information (for more information, see below).
– Finally, we may be required to disclose personal information at the request of any public authority as part of a compulsory legal process, or in the event of a known risk that may affect our information system which impacts our business or the conduct of our business, or the fundamental rights of affected third parties.
7. International transfer of data
We may transfer your personal data to service providers outside the European Economic Area (EEA). In this case, please be assured that they are bound by specific rules and measures to ensure the appropriate level of security for the protection of your personal data. This means that we will base our transfers on the applicable regulations (standard contractual clauses approved by the European Commission in our contracts with third parties outside the EEA, transfer to countries with protection recognised as adequate by the European Commission, etc.).
For more information, you can contact our Data Protection Officer at the following address: email@example.com.
8. Sharing on social networks where you have an account
From our websites, we have provided you with the ability to easily share the pages you visit on your favourite social networks. The use of buttons allowing access to social networks is likely to lead to the collection and exchange of certain data between the social networks and the group’s sites.
Our site uses “plug-ins” or social modules on its various pages (“share” buttons on social networks such as Facebook, Twitter, LinkedIn, etc.). When you visit a page on one of our sites containing such social modules, a connection is automatically established with the servers of the social networks (Facebook, Twitter, etc.), which may then be informed that you have accessed the corresponding page on our site.
9. Rights of access, rectification and deletion
We remind you that you have the right :
- To be informed about the way your data is processed; To access your data; To have your data corrected; To have your data deleted;
- To access your data;
- To object on legitimate grounds to your data being processed and in particular to your data being used for commercial prospecting purposes;
- To limit certain uses of your data;
- To rectify incorrect information, as well as to ask us to delete certain information;
- To challenge the way in which your personal data is processed;
- To benefit from a right to data portability regarding your professional registration data;
- To define directives concerning the fate of your personal data after your death in application of article 32 of the law of 6 January 1978.
10. Contacting us
The protection of personal data is a fundamental right, and you may at any time contact our Data Protection Officer by email (firstname.lastname@example.org) or, failing that, by post addressed to our DPO and sent to the following address: 17 Avenue Hoche, 75008 PARIS. However, we reserve the right to ask you to prove your identity and the relevance of your request.
If, despite our reply, you are not satisfied, you may contact the Commission Nationale Informatique et Liberté (CNIL) directly at the following address https://www.cnil.fr/fr/vous-souhaitez-contacter-la-cnil.
11. Changes in the group’s scope
If we are acquired or merged with another company, or if there is a restructuring of the group, your personal data will be transferred to the new entity. If this happens, we will apply the same rules as set out in this Policy to your personal data and your rights in relation to its use.
We remind you that you will find details of your rights regarding your personal data and their management within the framework of the functionalities of our site and its mode of operation in our dedicated Cookie Management Policy.