Insomni'hack
Data Privacy Policy
Privacy Policy
Introduction
Your data is held and processed in accordance with the EU General Data Protection Regulation (GDPR), the New Federal Act on Data Protection (nFADP) and in line with the Orange Cyberdefense Switzerland information security policy available on demand at the address: dpo[at]ch[.]orangecyberdefense[.]com. The responsible body in the sense of the GDPR and other data protection regulations (data controller) is Orange Cyberdefense Switzerland, Rue du Sablon 4, CH-1110 Morges. You can contact our data protection officer by mail at the address provided or directly by e-mail at: dpo[at]ch[.]orangecyberdefense[.]com.
What data does Orange Cyberdefense Switzerland collect and why?
We only collect the minimum information about our marketing events participants to enable them a flawless experience when attending the events. The personal data collected includes:
- First name
- Last Name
- Company
- Email address
- City
- Country
- Event option(s) subscribed to if applicable
- Payment means details
- IP address
- Data related to website usage (collected via Google Analytics)
We may also take pictures during the event, on which you may appear. This material may be used for further advertisement of our events.
The following table indicates the legal basis for the personal data processing activities outlined in this notice.
| Data processing activity | Legal basis | Details |
| Management of marketing events participants | Legitimate interest | Provision of information related to a marketing event, registration, options selection, payment, entry badge issuance |
| Future events advertisement | Legitimate interest | Provision of pictures related to previous events |
| Website usage analysis | Legitimate interest | Use of Google Analytics to analyze website usage and improve user experience |
Who are the recipients of these data?
Your data is only processed by authorized Orange Cyberdefense Switzerland employees and by its subcontractors, which are located in the EU.
Processors
The table below details the list of processors used by Orange Cyberdefense Switzerland. The terms of use of our processors’ service comply with the provisions set by the EU General Data Protection Regulation.
| Processor name | Purpose of the subprocessing | Data location | Safeguard for transfer |
| Weezevent | Provision of information related to a marketing event, registration, options selection, payment, entry badge issuance | Ireland | N/A. Processor and data are located within the E.U. |
| Google Analytics | Analysis of website usage to improve user experience and event marketing | United States | Data is anonymized and aggregated to protect user privacy. |
| Tarteaucitron.io | Management of user consent for cookies and tracking technologies | France | N/A. Processor and data are located within the E.U. |
Data transfers
Orange Cyberdefense Switzerland does not transfer any data regarding its marketing events participants to countries outside of the E.U., unless required to detect or prevent crime.
Security controls
Orange Cyberdefense Switzerland implements technical and organisational measures to ensure a level of security appropriate to the risk faced by marketing events participants’ data. Orange Cyberdefense Switzerland guarantees compliance with and certification under ISO/IEC 27001:2022.
What are your rights?
Orange Cyberdefense Switzerland would like to make sure you are fully aware of your rights as a data subject under the GDPR. Every participant to one of our marketing events is entitled to the following:
- Request a copy of your personal data held by us. Orange Cyberdefense Switzerland is required to fulfil this request within 20 working days.
- Withdraw consent where that is the legal basis of our processing.
- Rectify inaccuracies in personal data that we hold about you.
- Request to remove some personal data we hold about you or restrict the processing in certain ways.
- Object to certain processing of your personal data by us.
Finally, you should be aware that you have the right in any event to lodge a complaint with a national authority responsible for the protection of personal data if you consider that your data has not been processed in accordance with the applicable provisions. Please see https://gdpr-info.eu/chapter-3/ for further information on the above rights. You may also contact the Data Protection Officer for further information: dpo[at]ch[.]orangecyberdefense[.]com.
