Data Privacy Policy

Introduction

Your data is held and processed in accordance with the EU General Data Protection Regulation (GDPR) and in line with the SCRT S.A. Information Security policy available on demand at the address: dpo [at] scrt [dot] ch

The responsible body in the sense of the GDPR and other data protection regulations (data controller) is SCRT S.A., Le Trési 6BCH-1028 Préverenges. You can contact our data protection officer by mail at the address provided or directly by e-mail at: dpo [at] scrt [dot] ch

What data does SCRT S.A. collect and why?

We only collect the minimum information about our marketing events participants to enable them a flawless experience when attending the events. The personal data collected includes:

  • First name
  • Last Name
  • Company
  • Email address
  • City
  • Country
  • Event option(s) subscribed to if applicable
  • Payment means details
  • IP address

We may also take pictures during the event, on which you may appear. This material may be used for further advertisement of our events.

The following table indicates the legal basis for the personal data processing activities outlined in this notice.

Data processing activity Legal basis Details
Management of marketing events participants Legitimate interest Provision of information related to a marketing event, registration, options selection, payment, entry badge issuance
Future events advertisement Legitimate interest Provision of pictures related to previous events

Who are the recipients of these data ?

Your data is only processed by authorized SCRT S.A. employees and by its subcontractor, which is located in the EU.

How do we manage and protect your personal information?

Disclosure

SCRT S.A. would only disclose marketing events participants’ information which is required to detect or prevent crime to relevant authorities.

Retention period

The following table details applicable retention period by processing activity:

Data processing activity Paper-based records Electronic records
Management of marketing events participants No paper-based record is kept The list of registered individuals to our marketing events is kept for a maximum of 3 years

Processors

The table below details the list of processors used by SCRT. The terms of use of our processors’ service comply with the provisions set by the EU General Data Protection Regulation.

Processor name Purpose of the subprocessing Data location Safeguard for transfer
Weezevent Provision of information related to a marketing event, registration, options selection, payment, entry badge issuance Ireland N/A. Processor and data are located within the E.U.

Data transfers

SCRT S.A. does not transfer any data regarding its marketing events participants to countries outside of the E.U., unless required to detect or prevent crime.

Security controls

SCRT S.A. implements technical and organisational measures to ensure a level of security appropriate to the risk faced by marketing events participants’ data.

SCRT S.A. guarantees compliance with and certification under ISO/IEC 27001:2013.

What are your rights?

SCRT S.A. would like to make sure you are fully aware of your rights as a data subject under the GDPR. Every participant to one of our marketing events is entitled to the following:

  • Request a copy of your personal data held by us. SCRT S.A. is required to fulfil this request within 20 working days
  • Withdraw consent where that is the legal basis of our processing
  • Rectify inaccuracies in personal data that we hold about you
  • Request to remove some personal data we hold about you restrict the processing in certain ways
  • Object to certain processing of your personal data by us

Finally, you should be aware that you have the right in any event to lodge a complaint with a national authority responsible for the protection of personal data if you consider that your data has not been processed in accordance with the applicable provisions.

Please see https://gdpr-info.eu/chapter-3/ for further information on the above rights. You may also contact the Data Protection Officer for further information: dpo [at] scrt [dot] ch.