Introduction
Your data is held and processed in accordance with the EU General Data Protection Regulation (GDPR) and in line with the Orange Cyberdefense Switzerland information security policy available on demand at the address: dpo[at]ch[.]orangecyberdefense[.]com
The responsible body in the sense of the GDPR and other data protection regulations (data controller) is Orange Cyberdefense Switzerland, Rue du Sablon 4, CH-1110 Morges. You can contact our data protection officer by mail at the address provided or directly by e-mail at: dpo[at]ch[.]orangecyberdefense[.]com
What data does Orange Cyberdefense Switzerland collect and why?
We only collect the minimum information about our marketing events participants to enable them a flawless experience when attending the events. The personal data collected includes:
- First name
- Last Name
- Company
- Email address
- City
- Country
- Event option(s) subscribed to if applicable
- Payment means details
- IP address
We may also take pictures during the event, on which you may appear. This material may be used for further advertisement of our events.
The following table indicates the legal basis for the personal data processing activities outlined in this notice.
| Data processing activity | Legal basis | Details |
| Management of marketing events participants | Legitimate interest | Provision of information related to a marketing event, registration, options selection, payment, entry badge issuance |
| Future events advertisement | Legitimate interest | Provision of pictures related to previous events |
Who are the recipients of these data ?
Your data is only processed by authorized Orange Cyberdefense Switzerland employees and by its subcontractor, which is located in the EU.
How do we manage and protect your personal information?
Disclosure
Orange Cyberdefense Switzerland would only disclose marketing events participants’ information which is required to detect or prevent crime to relevant authorities.
Retention period
The following table details applicable retention period by processing activity:
| Data processing activity | Paper-based records | Electronic records |
| Management of marketing events participants | No paper-based record is kept | The list of registered individuals to our marketing events is kept for a maximum of 3 years |
Processors
The table below details the list of processors used by Orange Cyberdefense Switzerland. The terms of use of our processors’ service comply with the provisions set by the EU General Data Protection Regulation.
| Processor name | Purpose of the subprocessing | Data location | Safeguard for transfer |
| Weezevent | Provision of information related to a marketing event, registration, options selection, payment, entry badge issuance | Ireland | N/A. Processor and data are located within the E.U. |
Data transfers
Orange Cyberdefense Switzerland does not transfer any data regarding its marketing events participants to countries outside of the E.U., unless required to detect or prevent crime.
Security controls
Orange Cyberdefense Switzerland implements technical and organisational measures to ensure a level of security appropriate to the risk faced by marketing events participants’ data.
Orange Cyberdefense Switzerland guarantees compliance with and certification under ISO/IEC 27001:2013.
What are your rights?
Orange Cyberdefense Switzerland would like to make sure you are fully aware of your rights as a data subject under the GDPR. Every participant to one of our marketing events is entitled to the following:
- Request a copy of your personal data held by us. Orange Cyberdefense Switzerland is required to fulfil this request within 20 working days
- Withdraw consent where that is the legal basis of our processing
- Rectify inaccuracies in personal data that we hold about you
- Request to remove some personal data we hold about you restrict the processing in certain ways
- Object to certain processing of your personal data by us
Finally, you should be aware that you have the right in any event to lodge a complaint with a national authority responsible for the protection of personal data if you consider that your data has not been processed in accordance with the applicable provisions.
Please see https://gdpr-info.eu/chapter-3/ for further information on the above rights. You may also contact the Data Protection Officer for further information: dpo [at] scrt [dot] ch.