IT Security Insights 2023
Terms and conditions
ItSec Insights’ Privacy Policy
- About ItSec Insights
ItSec Insights is a Stockholm based event management services company specializing in organising of a wide range of events within the IT Security topic. At ItSec Insights we pride ourselves in conducting thorough research of the threat landscape, analysing the key developments on the IT Security market that we communicate through our events developed and executed by dedicated event experts in the process. Within the IT arena ItSec Insights is dedicated to both raise awareness and help organisations protect their own data through innovation hence the IT Security Insights Conference (www.itsecinsights.com).Through our events and lead generation offering we capture and present some of the most ground-breaking strategies, business cases, ideas and technologies around IT Security, Cloud Services, Development with Data Protection and Privacy, Privilege Access Management, Vendor Risk Management and Information Security and much more - presented by practitioners and experts from world leading organisations and technology providers. Although acting as a commercial event organisation where every individual event has its unique own content, through our media channels we are committed to delivering the knowledge shared with us to any person eager to learn more. Our primary objective is to facilitate and maximize our customers success.This Privacy Policy provides information about the above-mentioned site and services provided by ItSec Insights.
2. Privacy Policy at ItSec Insights
ItSec Insights is committed to protecting your privacy. You can visit our site without giving us any personal information about yourself. But sometimes we do need information to provide services that you request. While processing your personal data, ItSec Insights and its affiliated entities respect your right to privacy and will only process your personal information in accordance with applicable data protection laws, which include the General Data Protection Regulation (Regulation 2016/679) (“GDPR”). This document is designed to give a clear explanation of ItSec Insights’ data processing practices. Please see below for further information. If you have any questions or concerns relating to ItSec Insights sites or would like to find out more about how we collect, store or use your personal data, please contact us by email privacy@itsecinsights.com
2.1 To whom is this policy addressed?
The Policy applies to the following categories of data subjects whose Personal Data is processed by us:
• Exhibitors and potential future exhibitors at our events (including, but not limited to, exhibitions, consumers and trade shows, conferences and congresses)
• Delegates and potential future delegates of our Events
• Press and public relations contacts and speakers
• Organisers and potential future organisers of Events in ItSec Insights
• Sponsors, Co-host Partners, suppliers, other stakeholders in contact with ItSec Insights
3. What is Personal Information, Sensitive Data and legal basis for the processing
Personal data means any information relating to a person who can be identified either directly or indirectly; it may include name, address, email, phone number, credit / debit card number, IP address and location data (“Personal Data”).Sensitive personal data includes any information that reveals your race or ethnicity, political views, religious or philosophical beliefs, membership in a trade union, as well as personal data regarding your health or private life. We don’t collect, store or process this data. The applicable legal basis for the processing of personal information depends on the circumstances relating to the relevant processing activities, as further described below:
• Consent. If the processing of personal information is necessary for one or more specific purposes, and the data subject has provided consent, GDPR art. 6(1)(a) serves as the legal basis for processing operations
• Performance of a contract. If the processing of personal information is necessary for the performance of a contract, such as for providing certain services, to which the data subject is party, GDPR art. 6(1)(b) serves as the legal basis for processing operations. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services
• Legal obligation. If the processing of personal information is necessary for complying with a legal obligation, such as for the fulfilment of tax obligations, GDPR art. 6(1)(c) serves as the legal basis for processing operations
• Vital interests. If the processing of personal information is necessary for protecting the vital interests of a natural person, such as if a visitor were injured in our premises and his information would have to be passed on to medical personnel, GDPR art. 6(1)(d) serves as the legal basis for processing operations
• Legitimate interests. If the processing of personal information is necessary for processing operations which are not covered by any of the abovementioned legal grounds but are deemed permissible for the purposes of the legitimate interests pursued by us, such as marketing, GDPR art. 6(1)(f) serves as the legal basis forprocessing operations
4. What information we collect
We collect very basic (2) types of information:
• Personal information that you provide directly to us when you send us request on itsecinsights.com, submit information through an online form based on a specific request or purpose, or in discussion with our inside sales department via telephone or email
• Data collected automatically such as tracking information, IP addresses or other data related to usage on ItSec Insights’ event websites
4.1 Information you provide directly to us
4.1.1 Account information
When you contact us via info@itsecinsights.com, you provide personal information, such as your name, email address and your company information. This information is sent to an encrypted cloud database to use in accordance with our privacy policy.
4.1.2 Conference information
When you require additional ItSec Insights’ conferences information such as pricelists for sponsorship packages, we store and process your submitted personal information including your name, address, telephone number and email address
4.1.3 Delegate information
When required for ItSec Insights conferences, we collect and process your personal information including your name, address, telephone number and email address, and in some instances other preferences such as topic, workshop and activity choices. At times, you may be asked to provide additional information, such as invoice payment details to provide under a secure conference registration process. Registrations with Credit card payments are processed by verified third parties who perform tasks required to complete the purchase transaction in behalf of ItSec Insights
4.1.4 Speaker Information
When applying for speaking on ItSec Insights events, we collect your personal information such as name, email, telephone, short bio, linkedin profile link, twitter username and picture. This is done via opt-in online form of Speaker Submission Form soft copy via email. Once your presentation and attendance are accepted, we may collect additional technical personal and/or non-personal information from you needed for execution of the presentation during the conference
4.1.5 Pictures and video recordings from our events
During our events photographers may take pictures and videos of speakers, exhibitors and customers attending the event. Those pictures may be used in our folders, brochures or flyers or on the website and/or social media page of the event concerned for promotional purposes and to enable you to view pictures of your participation to the event. We video record the presentations of our conferences. Those videos are used for post event replay of the conference and added to our video portfolio that is posted on itsecinsights.com, before publishing they are approved by the speakers.
4.2 Non-personal data collected automatically
4.2.1 Device data
We may collect non-personal information about the computer, mobile device or other device you use to access each ItSec Insights webpage (https://www.itsecinsights.com/) such as IP address, geolocation information, unique device identifiers, browser type, browser language and other preferences automatically collected.
4.2.2 Data collected with cookies
We use first and third-party data analytics service providers such as Google Analytics, to manage each ItSec Insights webpage (www.itsecinsights.com) and optimize their performance, including:
• First Party cookies - session cookies, performance and functionality cookies without which the webpagewill not be able to work or to be adaptable to your device screen
• Third Party cookies - Google Analytics cookies, embedded video and picture viewers, and social mediacookies such as Twitter, Instagram, Facebook and Youtube.Google Analytics cookies are used to collect your Device Data (see section 4.2.2) for optimizing the performance ofthe webpage. Although at this point we don't use Google Advertising cookies, we might do so in future for advertising purposes. You can opt out of Google Analytics for Display Advertising and customize Google Display ads using the Ads Preferences Manager or completely remove them by using the Google Analytics Opt-out BrowserAdd-on. Social media cookies - On some pages of our Website, third parties that provide applications through our Website may set their own anonymous cookies in order to track the success of their applications or customize applications for you. For example, when you share an article using a social media sharing button on our Website (e.g., Twitter or Facebook), the social network that has created the button will record that you have done this. Because of how cookies work, we cannot access these cookies, nor can the third parties access the data in cookies used by us. Some pages of our Website may also contain embedded content, such as video content from YouTube or Vimeo, and these sites may set their own cookies.
5. How we use your Personal Information
We don’t process your personal information if we don't need to. Specific uses are defined below.
5.1 Providing requested services
We may use the data to fulfil your requests for services and information. For example, using your contact information to respond to your customer service requests, or to enable registration for one of our conferences.
5.2 Communication/Marketing
We use data we collect to send email newsletters, or information about ItSec Insights events. We may also use the data to send you email communications, such as information about event updates or updates to the itsecinsights.com.
5.3 Enforcement
We may use the data to prevent illegal activities, to enforce the itsecinsights.com Terms of Use, or as otherwise required by law.
5.4 Personalization
We don’t use any personal information for personalization of our websites or events.
5.5 Program specific uses
In addition to the uses identified above, we may use your personal information for any other purposes disclosed to you at the time we collect your data or pursuant to your consent, such as applications for various ItSec Insights programs, certifications, webcasts, training, nomination forms and requests submitted by users including as defined below.
5.5.1 ItSec Insights Conferences registrations
ItSec Insights collects and processes personal information to:
• evaluate the application for attending an ItSec Insights conference or event
• process payment through our third party certified and verified vendors that manage secure payment processing on ItSec Insights’ behalf
• manage the information required for planning and running events, including exhibits, activities, parties and meals
• communicate to registrants regarding notifications, updates, and information pertaining to their application or future ItSec Insights events
5.5.3 Event Speakers
ItSec Insights collects and processes personal information to:
• To evaluate nominations for ItSec Insights events
• To communicate with you regarding pre- and post-event preparation activities, instructions, reviews, interview scheduling, event printed materials)
• If accepted as speaker, for pre-event session, speaker and event marketing promotion (only name and picture are processed and used)
• For Post event promotion such as quotes, video articles (if any) and Presentation recording promotion (if selected and approved)We hold the right to retain your information on the event webpage for a duration of 18 months
6. How We Protect Your Information
We employ administrative, physical, and electronic measures designed to protect your information from unauthorized access. However, despite those efforts, no security measures are perfect or impenetrable and no method of data transmission can be guaranteed against any interception or other type of misuse.We store all the personal information you provide on its secure (password and firewall protected) local and cloud servers and ensure external partners involved maintain equal security measures. All our websites has Hyper Text Transfer Protocol Secure (HTTPS) certificate, also called instant SSL. SSL is the standard security technology forestablishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browser remain private
7. How long do we keep your data
Your data will be stored in accordance with current legislation meaning that the personal information is not retained for a longer period than necessary for the purpose of the treatment. For marketing purposes, information older than 5 years is not used. This implies that data will be erased when they are no longer relevant or necessary for analysis or direct marketing for the purposes for which they have been collected. Some information may be retained longer when required due to other legal requirements, such as the accounting law. However, all handling of personal data always ensures high security and confidentiality.
8. Data Transfer
ItSec Insights will not disclose your stored Personal Information to third parties for direct electric marketing (email, text messages) without your consent or except as part of a specific program or feature for which You will have the ability to opt-in or opt-out. You may always opt-out of receiving promotional emails by following the instructions in those emails. If you are speaking at, or, attending a ItSec Insights conference, we may share your personal information such as name and email with event organizing partner/s, or selected GDPR compliant event sponsors/exhibitors for post event follow-ups and email promotions related to your area of interest. Consent for this is transparently presented as an opt in option while registering on ItSec Insights events, or if presenting on the event in the Speaker Submission Form or Nominate a Speaker online form.ItSec Insights strives at all times to keep personal data within the European Economic Area (EEA) but engage suppliers located outside of the EEA such as Google and Hubspot. We use only GDPR compliant third-party service providers, such as banks, registration processing suppliers such as myconnector, e-mail service providers such as Mailchimp, credit card processors such as Netopia, CRM tool providers such as Hubspot, website analyzers such as Google Analytics, Large online transfer providers such as Webtransfer, and online survey providers such as SurveyMonkey. ItSec Insights has right to share personal information as necessary for the service providers to provide their services to ItSec Insights. ItSec Insights is not liable for the acts and omissions of these third parties. ItSec Insights may host events in and transfer personal information for this purpose to countries outside the European Union or the European Economic Area in accordance with mandatory legislation and this Privacy Policy. As we have offices outside European Economic Area ("EEA"), your personal information may also be processed by international staff or data processors outside EEA, who may be engaged in, among other things, event information, fulfilment of your order, the processing of your invoice payment details and provision of support services. Personal Information may be disclosed to third parties if required under any applicable law or regulation or order by competent authorities, or in order to enforce the Terms of Service and to investigate possible infringing use of our services as well as to guarantee the safety of the Services. ItSec Insights has right to share your information in connection with any merger, sale of our assets, or a financing or acquisition of all or a portion of our business. Contact us on privacy@itsecinsights.com for more information.
9. Rights of the Data Subjects and Contact Information
9.1 Right to access, correct and object
You may contact us and we will inform what Personal Information we have collected and processed regarding you and the purposes such data are used for. You have the right to have corrected any incorrect, incomplete, outdated, or unnecessary Personal Information stored about you by contacting us. You may object to certain use of personal information, including direct marketing, even if after prior given consent. If you object to the further processing of Personal Information, this may lead to fewer possibilities to use our services.
9.2 Right to deletion and restriction of processing
You may also ask us to delete your personal information from our systems. We will comply with such request unless we have a legitimate ground to not delete the data. After the data has been deleted, we may not immediately be able to delete all residual copies from all our systems. Such copies shall be deleted as soon as reasonably possible.You may request us to restrict processing of certain Personal Information, this may however lead to fewer possibilities to use our website and other Services.
9.3 Right to data portability
You have the right to receive personal information provided by you to us in a structured, commonly used format.
9.4 How to use the rights
These rights may be used by sending a letter or e-mail to us on the addresses set out below, including the following information: name, phone number, login information and details of the Services you have used. We may request the provision of additional information necessary to confirm your identity. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded. In case you consider our processing activities of Personal Information to be inconsistent with the applicable data protection laws, a complaint may be lodged with the local supervisory authority for data protection.
10. Links to Other Sites
ItSec Insights sites may contain links to other services, apps, and sites not operated by us (we refer to these as "Other Sites"). Any information you provide on Other Sites is provided directly to whoever owns that site and is subject to their privacy policy. ItSec Insights Privacy Policy does not apply to those Other Sites, and we are not responsible for the content you provide to, or the privacy and security practices and policies of, Other Sites.
11. Our GDPR Update
As of May 25, 2018, a new privacy law, the General Data Protection Regulation (“GDPR”) goes into effect. As a result, ItSec Insights has implemented a number of updates in various areas across our organisation to ensure we comply with the intent and spirit of the law. Here is a summary of updates ItSec Insights has implemented. We have:
• updated our privacy policy with respect to how ItSec Insights processes, stores and manages your data
• notified users on our ItSec Insights event that we update our privacy policy and terms of use through a link, in order to help our users, understand the new changes
• added consent options where users submit their personal information to ensure they are aware and agree to submitting their information prior to completing a form
• updated our vendor agreements with those third parties that manage data as a data processor on our behalf, to ensure they have appropriate safeguards in place to process, manage and secure data as required
• implemented new disclosures on all our forms where users submit their data so that users are aware of how ItSec Insights processes their information
• modified our internal processes to ensure we have a way to contact users in the event that there is a breach in data storage of your personal information
• created a new way for users to reach out to privacy@itsecinsights.com about any privacy issues, such as questions or requests for modifications including deactivation of any account or the right to be forgotten
12. Children Under Age
We do not knowingly collect personal information from children under age of 18. If we learn that we have collected any personal information from a child under the age of 18 and/or under the age without verifiable parental consent, we will delete it from our database as quickly as possible. If you believe that we may have collected informationfrom a child under age, please contact us at privacy@itsecinsights.com
13. Changes to this privacy policy
This privacy policy may be updated from time to time, and when the policy is updated, the version date will appear at the top of this privacy policy. If we make material changes, you will be notified here for a period of 30 - 60 days based on our last update. In addition to our Privacy Policy document from 2016, as of 25th ot May 2018, we added information to our privacy policy based on new requirements from GDPR, including more details pertaining to: what type of personal information ItSec Insights collects, how ItSec Insights uses this information and a process in which users can update their information.
14. Contact Details of the Data Controller
ItSec Insights AB
Söderberga Allé 26,168 62 Bromma.
Email: privacy@itsecinsights.com
Phone: +46 70 7470 608