Hello @

cyex.camp

CYEX Camp Közép- és Kelet Európa legnagyobb kiberbiztonsági szimulációs versenye és innovációs kihívása

Privacy statements

1         Purpose of this document

Cyex OÜ (hereinafter Cyex or Data controller) is an Estonian company offering new generation awareness training solution including but not limited to cybersecurity. However, regarding cybersecurity, its management’s hart matter helps organisations and individuals elevate their security-level. Reaching this objective, Cyex organises Cyex camp and Cyex talks events including but not limited to competitions, presentations, webinars, round table discussions, etc.

Conducting related task, Cyex, as a potential international organisation does cross-border data processing, in which data security and data privacy is an inevitable crucial factor. Cyex does its best to comply with the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter GDPR).

The purpose of this document is to give information about the related activities in the perspective of personal data privacy regarding processed data, the purpose of data processing, lawfulness, rights of data subjects, contacting possibilities and more.

2       Base information

 

Organisation

Cyex OÜ

Main establishment

Mere pst 8-54, Tallinn, 10111 Estonia

Web

https://cyex.camp/

E-mail

hello[@]cyex.io

3       Definitions

consent

means of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Controller

means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

cross-border processing

means either:

(a) processing of personal data which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the Union where the controller or processor is established in more than one Member State; or

(b) processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the Union but which substantially affects or is likely to substantially affect data subjects in more than one Member State.

international organisation

means an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries.

main establishment

means:

(a) as regards a controller with establishments in more than one Member State, the place of its central administration in the Union, unless the decisions on the purposes and means of the processing of personal data are taken in another establishment of the controller in the Union and the latter establishment has the power to have such decisions implemented, in which case the establishment having taken such decisions is to be considered to be the main establishment;

(b) as regards a processor with establishments in more than one Member State, the place of its central administration in the Union, or, if the processor has no central administration in the Union, the establishment of the processor in the Union where the main processing activities in the context of the activities of an establishment of the processor take place to the extent that the processor is subject to specific obligations under this Regulation;

personal data

means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

personal data breach

means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;

processing

means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

processor

means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

profiling

means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;

pseudonymisation

means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

relevant and reasoned objection

means an objection to a draft decision as to whether there is an infringement of this Regulation, or whether envisaged action in relation to the controller or processor complies with this Regulation, which clearly demonstrates the significance of the risks posed by the draft decision as regards the fundamental rights and freedoms of data subjects and, where applicable, the free flow of personal data within the Union;

restriction of processing

means the marking of stored personal data with the aim of limiting their processing in the future;

supervisory authority

means an independent public authority which is established by a Member State pursuant to Article 51;

third party

means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

 

4       Activities

4.1        Before events

To be able to organise events, the Data controller manages the personal data of performers, team members, jury members, observers, sponsors, and helpers as follows:

Purpose

Processed data

Data processor

Data forwarding

Legal base

Retention time

Spectators, visitors

(any event)

Name, e-mail address, phone number

Eventbrite

Organisers

 

Consent under Article 6 (1) (a) GDPR

One month after events closure

Invited speakers

(any event)

Name, title, position, e-mail address, phone number

Eventbrite

Google mail

Organisers

Consent under Article 6 (1) (a) GDPR

One month after events closure

Sponsor information (any event)

Name, title, position, e-mail address, phone number

Eventbrite

Google mail

Organisers

Data management required for the preparation and performance of a contract determined under Article 6 (1) (b) of the GDPR

8 years after the accomplishment of the given contract

Social media

(any event)

Profile name or voluntarily shared data

Facebook

Instagram

LinkedIn

Organisers

Consent under Article 6 (1) (a) GDPR expressed by specifying “like” or “follow”

According to the data management information of the respective social media

Invitation of jury members

(competitions)

Name, e-mail address, phone number

Eventbrite

Google mail

Organisers

Consent under Article 6 (1) (a) GDPR

Until withdrawal of consent

Application of teams

(competitions)

Name, e-mail address, phone number

Eventbrite

Google mail

Organisers

Consent under Article 6 (1) (a) GDPR

Until withdrawal of consent

Competitors will be allowed to share their resumes with sponsors through the website

(competitions)

 

Sharing a resume is not a condition of participation in the Contest.

Data provided by the given competitor in the CV

Sponsors who access the data in the interface provided by the data controller during the indicated retention period.

Consent under Article 6 (1) (a) GDPR

One year after events closure or until the withdrawal of consent

 

 

Where Article 6 (1) (a) of the GDPR has been identified as the legal basis for data processing, the legal basis is the data subject’s consent. Team members and observers give their consent by sign up for the given event, while presenters, jury members, and helpers give their consent when accepting the invitation.

Sharing a resume by competitors is not a condition of participation in the given competition.

4.2      Meanwhile of events

In addition to the activities discussed in the previous section, video and audio recordings may be recorded at events. The Data controller may commission a professional team as a data processor to fulfil the given tasks; however, the identity of ‘the professional team’ may vary.

The purpose of the video recording as data recording is to present the event more widely to an audience that does not appear in person but is of interest, as well as to promote the simulation exercises and the competition on the competition website and the event’s Facebook, Instagram and LinkedIn pages, in media reports.

Most of the recordings are made in mass recordings; however, we also make close (targeted) recordings and interviews. The legal basis for data processing is the consent set out in Article 6 (1) (a) of the GDPR. During the interviews, the interviewee is named only with his or her express consent. If a Data Subject does not wish to make a statement, we will of course respect it.

 

Purpose

Processed data

Data processor

Data forwarding

Legal base

Retention time

Spectators, visitors, speakers

(any event)

Name, title, position, face, voice

Online even service platform in case of online event

Consent under Article 6 (1) (a) GDPR

None

Sponsor information (any event)

Name, title, position, face, voice

Online even service platform in case of online event

Data management required for the preparation and performance of a contract determined under Article 6 (1) (b) of the GDPR

None

Jury members, team members

(competitions)

Name, title, position, face, voice

Online even service platform in case of online event

Consent under Article 6 (1) (a) GDPR

None

Social media posts

(any event)

Name, title, position, face, voice

Facebook

Instagram

LinkedIn

Consent under Article 6 (1) (a) GDPR expressed by specifying “like” or “follow”

According to the data management information of the respective social media

Audio and video recording during

(any event)

Visual recording (face, hair, facial expressions, etc.) and sound recording as follows:

 

In general recordings, stakeholders may appear on mass recordings.

 

Jury members, competitors, performers will be included in a targeted recording, indicating their name, job title, position, title.

 

In the case of separately interviewed parties, name, job, position, title (to be provided by the Data Subject)

Image, video, audio processor

Consent under Article 6 (1) (a) GDPR

The raw image is deleted after the final cut material has been prepared or accepted.

The final cropped images, videos are processed

The data will be processed until the withdrawal of the consent, and in accordance with the general information posted on the website of the competition, the corrected or deleted data can be requested at the contact details indicated there.

 

 

 

4.3      After events

Following events, Cyex welcomes comments and feedbacks in person, by e-mail or by phone.

 

Purpose

Processed data

Data processor

Data forwarding

Legal base

Retention time

For the purpose of a call for applications for the next competition, provided that the Data Subject gives its separate, targeted consent

Name, title, position, face, voice

Online even service platform in case of online event

Consent under Article 6 (1) (a) GDPR

Until the next competition, but no longer than 1 year compared to the Competition

Posts about happenings

(any event)

Profile name or voluntarily shared data

Facebook

Instagram

LinkedIn

https://cyex.camp

Consent under Article 6 (1) (a) GDPR expressed by specifying “like” or “follow”

According to the data management information of the respective social media

 

5       Who may meet with your personal data?

Employees and data processor of Cyex may meet personal data of any data subject in targeted purpose and ways in the necessity of their jobs.

 

5.1        Data processors

Cyex works with data processors to do its daily operations according to the previous chapter. Any other third party is not involved. The location of privacy statements of Cyex’s data processors are the following:

Eventbrite

https://www.eventbrite.com/support/articles/en_US/Troubleshooting/eventbrite-privacy-policy

 

Facebook

https://facebook.coms/business/gdpr

 

Google Inc.

https://policies.google.com/privacy

 

Miller & Company Firm OÜ

http://millercolegal.com/

 

Twitter

https://twitter.com/en/privacy

 

5.2      Transfers of privacy data

Cyex does not transfer personal data without the consent of data subjects, except shipping by post offices, or any legal obligation.

6       Security measures

All members of Cyex do their own best to create and manage a secure environment for daily operation; furthermore, many of the members work in the beauty of the field of cybersecurity. So, Cyex requires an external service provider to provide services in a secure fashion. For its operation, Cyex creates, implements, and keeps up-to-date security measures in risk bases.

7       Your rights and advocacy

You may be initiate to

  • request information about your processed personal data,
  • make us correct your personal data,
  • delete or restrict processing your personal data,
  • initiate data portability,
  • withdraw your consent,
  • object against data processing.

In case of a request, please contact us via the beforementioned e-mail address. After processing your request, but within 3 days, we make our response.

 

You may contact Estonian supervisory authority:

Nõuandetelefon 5620 2341

(vaata vastamisaegu SIIT),

üldtelefon 627 4135,

info[@]aki.ee

https://www.aki.ee/en/inspectorate/staff-and-contacts

 

 

Jó társaság

Partnereink

cyex
meout
kibev
VM Advisory
s&t
OKEAN
LinkPlus
Landmark
Genesis
FutureProof
Danmar Computers
Center for Sec research
Külügyi Szemle
Visegrad Found
Legfrissebb

Hírek

Hello world!

Welcome to WordPress. This is your first post. Edit or delete it, then start writing!

Feel free to contact us

Contact Us

cintia
Zsolti
Értékesítési vezető
Váczi Dániel
Projektvezető
vdani
meout
meout