This is the Privacy Policy (“Policy”) for this website available on https://www.riskconnect.eu (“Website”) which is run and provided by Web Shield Services GmbH, Rosa-Luxemburg-Straße 27, 04103 Leipzig, Germany,(we, us and our).

Processing of personal data by Web Shield Services GmbH is governed by the provisions of the Regulation (EU) 2016/679 Of The European Parliament And Of The Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”).

Controller of your personal data is Web Shield Services GmbH, Rosa-Luxemburg-Straße 27, 04103 Leipzig, Germany.

You can contact our Data Protection Officer by email: dataprotection@webshield.com on all matters relating to the processing of your personal data and the exercise of your rights under GDPR.

We will only use the personal data gathered over this Website as set out in this Policy. Below you will find information on how we use your personal data, for which purposes your personal data is used, with whom it is shared and what control and information rights you may have.

This privacy policy relates solely to this Website.

‍

Summary of our processing activities

When you visit our Website for informational reasons, only limited personal data will be processed to provide you with the Website itself. The scope of data is processed may also depend on you browser settings.

In case you send us a request, you sign up for a RiskConnect or you subscribe to our newsletter, further personal data will be processed in the scope of such services.

We have implemented appropriate safeguards to secure your personal data and retain your personal data only as long as necessary. Under GDPR, you are entitled to exercise certain rights with regard to the processing of your personal data. You will find more detailed information under the indicated sections below.

1. Definitions

• “You” refers to unregistered and registered user of Website;
• ”Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
• “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2. The purposes of the processing and legal basis for processing

A) Data Collection – use of our Website for informational purposes

When you visit our Website for informational reasons, i.e. without registering for any of our provided services and without providing us with personal data in any other form, we may automatically collect information about you which will contain personal data only in limited cases and which is automatically recognised by our server, such as:

• Your IP address;
• Device type, name and IDs;
• Date and time of your requests;
• Content of your requests;
• Information on your browser version;
• Screen resolution;
• Information on your operating system, including language settings;
• the URI addresses (Uniform Resource Identifier);
• the time of the request;
• the method utilized to submit the request to the server;
• the size of the file received in response,
• the numerical code indicating the status of the server's answer (successful outcome, error, etc.);
• the country of origin,
• the features of the browser and the operating system utilized by the User,
• the various time details per visit (e.g., the time spent on each page within the Website)
• the details about the path followed within the Website with special reference to the sequence of pages visited.

We use such information only to assist us in providing an effective service (e.g. to adapt our Website to the needs of your end user device or to allow you to log in to our Website), and to collect broad demographic information for anonymized, aggregate use. The personal data automatically collected is necessary to provide the Website and its stability and security.

The legal basis for such processing is article 6 section 1 point a) of GDPR, which allows the processing of personal data if the processing is consent has been given for such processing. When you start to use our Website, we kindly ask for your consent to process such data.

You can withdraw your consent at any time. Withdrawal your consent does not affect the lawfulness of processing based on consent before your withdrawal.

Personal data that is collected automatically is retained for 60 months and properly erased afterwards.

‍

B) Data Collection – Registration for RiskConnect

In order to register for RiskConnect, you need to fill out a form with the necessary information such as your name, surnames, job title, preferred meal option (standard or vegetarian), email address, company name, billing address, VAT number and other. The provision of such information is contractual requirement and is necessary for the proper performance of the contract. Failure to provide this information prevents us from performing the contract.

The legal basis for such processing is article 6 section 1 point b) of GDPR, which allows the processing of personal data if the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

For all delegates we also kindly ask you whether each delegate agrees to share his or her contact information with other attendees and agrees for those other attendees to contact him or her. In this case, we shall send you back an e-mail in order to confirm your consent to share your data (double opt-in).

The legal basis for such processing is article 6 section 1 point a) of GDPR, which allows the processing of personal data if the processing is consent has been given for such processing.

You can withdraw your consent at any time. Withdrawal your consent does not affect the lawfulness of processing based on consent before your withdrawal.

By statutory law we are required to retain the provided financial data in relation to transactions (including address, payment and order information) for 10 years. However, after 2 years we will restrict the processing of your personal data to comply with the statutory requirements and will not process the personal data any further.

The legal basis for such processing is article 6 section 1 point c) of GDPR, which allows the processing of personal data if the processing is necessary for compliance with a legal obligation to which the controller is subject.

‍

C) Newsletter

With your email address you can subscribe to our newsletter that provides you with the latest news about RiskConnect events information, after conference summary and materials, industry news and blog posts if you consent to receiving such newsletters.

The legal basis for such processing is article 6 section 1 point a) of GDPR, which allows the processing of personal data if data subject has given consent to the processing of his or her personal data for one or more specific purposes/

You can withdraw your consent at any time. Withdrawal your consent does not affect the lawfulness of processing based on consent before your withdrawal.

Your email address will be retained as long as you subscribe to our newsletter. You can unsubscribe from this service by opting out via the link provided in each email newsletter.

‍

3. The recipients of personal data

Within the provision of our services, we use the assistance of other entities, which is related to transfer of personal data to them. Therefore, we transfer your personal data to the following recipients:

Typeform: Our Web Shield Academy forms and book purchase forms are hosted off-site (not on our server) and processed digitally by Typeform.com. Using Cookies to store data made available by your web browser, Typeform collects usage data, device and application data, referral data, and other information. Typeform automatically send your form data, email, or survey answers to us. The storage of personal information by Typeform is governed by the terms and conditions set out here.

Zapier: We use the services by Zapier, Inc., 548 Market St., #62411, San Francisco, CA 94104-5401, US (“Zapier”). Zapier will process event-based messages to allow us to integrate other web application in a standardized way. Information transmitted can include name, email and other personal data that is processed by Zapier. Learn more about Zapier’s policies.

Stripe: We accept payments through Stripe. When processing payments, some user data will be passed to Stripe, including information required to process or support the payment, such as the purchase total and billing information. Please see the Stripe Privacy Policy for more details.

HubSpot: We use the marketing automation software HubSpot on our Website. When you register for one of our offers using a form on our Website, your contact information – including your name, email address and company name are collected and saved in HubSpot databases. We use the data to optimise our marketing activities and to manage the communication process with you in the future. The personal information we process includes information about you that is freely available on the internet and that HubSpot also stores. We reserve the right to use the information to contact visitors to our Website by mail or phone, assuming they have provided their contact details for this purpose, to enable us to find out which of our company’s services they are interested in. Further information about HubSpot and its privacy protection is available here.

In addition, we may transfer your personal data, on the basis of the applicable legal provision or the decision of a competent authority, to other recipients, whether public or private. However, we assure you that we will examine every request for personal data very carefully to ensure that it is not passed on to an unauthorised person. We may also exchange your data within the companies of Web Shield Group (capital group of our companies) to provide you the highest standard of our services.

‍

4. Cookies - what are cookies?

The main purpose of cookies is to make it quicker for users to access the selected services. In addition, cookies make it possible to tailor the services offered by the website, allowing information of interest or potentially of interest to be provided to users depending on their use of the services. A cookie is any kind of file or device that is downloaded to a user’s system for the purpose of storing data that may be updated or retrieved by the company responsible for its installation.

We use cookies on this Website, to understand how you use our Website and to improve your experience. Cookies are text files which are stored on your computer. After you have finished your session and closed your browser many of the text files are deleted (“session cookies”). So-called “persistent cookies” are also stored and these allow us to recognise you during your next visit on our website. You can prevent cookies being saved on your computer by changing your browser settings. This may result in some functions used by our website being restricted.

I. Cookies – types of cookies

Depending on the company managing them:

• Own cookies – are those which are sent to the user’s system from a system or domain managed by the editor and from which the service requested by the user is provided.
• Third party cookies – are those which are sent to the user’s system from a system or domain that is not managed by the editor, but by another company processing the data obtained through the cookies.

Depending on the period of time that they remain active:

• Session cookies – are those cookies designed for gathering and storing data while the user is using a web page. They are usually used to store information that is only intended for providing the service requested by the user on one single occasion (e.g. a list of purchased products).
• Persistent cookies – in this type of cookie the data continues to be stored on the system and may be accessed and processed during a specific period of time by the manager of the cookie, which may range between several minutes and several years.

Depending on their purpose:

• Technical cookies – are those which allow the user to browse a website, platform or application and use the different options or services offered, such as, for example, controlling data traffic and communication, identifying the session, accessing restricted areas, recalling the parts of an order, carrying out the process for purchase of an order, making a request to register for or participate in an event, using security elements during browsing, storing contents for the transmission of videos or sound or sharing contents through social networks.
• Personalization cookies – are those which allow the user to access the service with certain general predefined preferences depending on a number of criteria in the user’s system, such as, for example, the language, the type of browser through which the service is accessed, the regional configuration from which the service is accessed, etc.
• Analytical cookies – are those which enable the manager to monitor and analyse the behaviour of the users of the websites to which they are linked. The information collected by means of this type of cookie is used to measure the activity of the websites, applications or platforms and to draw up browsing profiles of the users of such websites, applications and platforms to introduce upgrades on the basis of the analysis of the data on the use of the service by users.
• Advertising cookies – are those which enable the most efficient management possible of the advertising space that the editor has included in a website, application or platform from which the requested service is provided based on criteria such as the edited content or the frequency with which the advertisements are shown.
• Behavioural advertising cookies – are those which enable the most efficient management possible of the advertising space that the editor has included in a website, application or platform from which the requested service is provided. These cookies store behavioural information about users obtained through the ongoing observance of their browsing habits, which allows a specific profile to be defined to show advertising on the basis of such profile.

II. Cookies – Third-Party Cookies

You may choose which cookies you want on this Website by setting your browser.

Google Analytics

Our Website uses Google Analytics, a web analytic service provided by Google, Inc. Google Analytics uses javascript and cookies to help us analyze how visitors use Website.

The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information on behalf of the operator of this Website for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing them other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. For more information on Google Analytics cookies, visit this site. To opt-out of being tracked by Google Analytics across all websites visit this site. This allows you to download and install a Google Analytics cookie-free web browser, however please note that if you do this you may not be able to use the full functionality of this Website. By using this Website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

‍

HubSpot

Our Site also employs HubSpot, which collects personal identifying information by using javascript and cookies to track visitors of this Website and gathers demographic information about them. HubSpot’s products help us to identify Website visitors, analyse email campaigns and track contact form submissions. Anonymous visitor tracking information may be shared with other HubSpot customers. For more information about HubSpot cookies, see here.

‍

5. Transfers of personal data to third countries or international organisations

Within the scope of our information sharing activities set out above, your personal data may be transferred to other countries (including countries outside the EEA) which may have different data protection standards than your country of our residence. In particular, your data may be transferred to the United States of America. The basis for the transfer of data to the United States of America is an European Commission decision stating the appropriate level of protection ("Privacy Shield"). Please note that data processed in a foreign country may be subject to foreign laws and accessible to foreign governments, courts, law enforcement, and regulatory agencies. However, we will endeavour to take reasonable measures to keep up an adequate level of data protection also when sharing your personal data with such countries.

‍

6. Security

We have reasonable state of the art security measures in place to protect against the loss, misuse and alteration of personal data under our control. For example, our security and privacy policies are periodically reviewed and enhanced as necessary and only authorised personnel have access to personal data. Whilst we cannot ensure or guarantee that loss, misuse or alteration of information will never occur, we use all reasonable efforts to prevent it.

We process your data in a proper manner and take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of your data.

Processing of your data is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated.

‍

7. Data retention

We strive to keep our processing activities with respect to your personal data as limited as possible. In the absence of specific retention periods set out in this Policy, your personal data will be retained only for as long as we need it to fulfil the purpose for which we have collected it and, if applicable, as long as required by statutory retention requirements.

‍

8. Your rights

Under GDPR, you are entitled to exercise of the following rights:

• right to request from controller access to personal data – you may require (i) information whether your personal data is retained and (ii) access to your personal data retained, including the purposes of the processing, the categories of personal data concerned, and the data recipients as well as potential retention periods;
• right to rectification, erasure or restriction of personal data – you may request rectification, removal or restriction of your personal data, e.g. because (i) it is incomplete or inaccurate, (ii) it is no longer needed for the purposes for which it was collected, or (iii) the consent on which the processing was based has been withdrawn;
• right to withdrawal your consent – you may refuse to provide and – without impact to data processing activities that have taken place before such withdrawal – withdraw your consent to processing of your personal data at any time;
• right to object – you may object, out grounds relating to your particular situation, that your personal data shall be subject to a processing. In this case, please provide us with information about your particular situation. After the assessment of the facts presented by you we will either stop processing your personal data or present you our compelling legitimate grounds for an ongoing processing;
• right to data portability – you may require (i) to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and (ii) to transmit those data to another controller without hindrance from our side; where technically feasible you shall have the right to have the personal data transmitted directly from us to another controller;
• right to lodge a complaint with a supervisory authority – you may take legal actions in relation to any potential breach of your rights regarding the processing of your personal data, as well as to lodge complaints before the competent data protection regulators.

You may (i) exercise the rights referred to above or (ii) pose any questions or (iii) make any complaints regarding our data processing by contacting us under the contact details set out below.

‍

9. Changes to this privacy policy

We reserves the right to make changes to this privacy policy at any time. In this case, we will post the updated privacy policy on the Website and the date of its last update. It is strongly recommended to check this page often.

If a you objects to any of the changes to the Policy, then you must cease using this Website and can request us to remove the your personal data. Unless stated otherwise, the then-current privacy policy applies to all your personal data we has about you.

‍

10. Contacting us

Please submit any questions, concerns or comments you have about this Policy or any requests concerning your personal data by email to our data protection officer. You can contact us via dataprotection@webshield.com.

The information you provide when contacting us (Web Shield Services GmbH) will be processed to handle your request and will be erased when your request was completed. Alternatively, we will restrict the processing of the respective information in accordance with statutory retention requirements.