GOhack24 - Symposium, bug bounty challenge & EDU program

Privacy Policy

Version: 1.3 Valid from: 26 July 2023

This Privacy Policy provides information about how, where, and why we process which personal data, in particular in connection with our website gobugfree.com and our other services. It also provides information about the rights of individuals whose data we process.

Special, supplementary, or further privacy policies as well as other legal documents such as general terms and conditions, terms of use, or conditions of participation may apply to individual or additional products and services.

Our services are subject to Swiss data protection law and to any applicable foreign data protection law, such as, in particular, the laws of the European Union (EU) including the General Data Protection Regulation (GDPR). The European Commission recognizes that Swiss data protection law ensures an adequate level of data protection.

1. CONTACT ADDRESSES

Entity responsible for the processing of personal data:

GObugfree AG
Waldmannstrasse 10
8001 Zürich-Bellevue

[email protected]

We will make it clear if other entities are responsible for the processing of personal data in individual cases.

1.1 DATA PROTECTION OFFICER

We have the following data protection officer as a contact point for data subjects and for supervisory authorities making inquiries in relation to data protection:

Marcel Eyer
c/o GObugfree AG
Waldmannstrasse 10
8001 Zürich-Bellevue

[email protected]
+41 58 255 04 30

1.2 DATA PROTECTION REPRESENTATIVE IN THE EUROPEAN ECONOMIC AREA (EEA)

In accordance with Article 27 GDPR , we have the following data protection representative in the European Economic Area (EEA), comprising the EU and the Principality of Liechtenstein, Iceland, and Norway, as an additional contact point for supervisory authorities and data subjects making inquiries in relation to the GDPR:

VGS Datenschutzpartner UG
Am Kaiserkai 69
20457 Hamburg
Germany

[email protected]

2. PROCESSING OF PERSONAL DATA

2.1 DEFINITIONS

Personal data means all information relating to an identified or identifiable person. A data subject is a person whose data is processed. Processing means any operation involving personal data, irrespective of the means and procedures applied, and in particular the storage, disclosure, acquisition, collection, erasure, storage, alteration, destruction, and use of personal data.

The European Economic Area (EEA) comprises the European Union (EU) and the Principality of Liechtenstein, Iceland, and Norway. The General Data Protection Regulation (GDPR) defines the processing of personal data as the processing of personal data relating to a specific natural person.

2.2 LEGAL BASES

We process personal data in compliance with Swiss data protection law, including in particular the Federal Act on Data Protection (FADP) and the Ordinance to the Federal Act on Data Protection (DPO).

If and insofar as the GDPR is applicable, we process personal data according to at least one of the following legal bases :

  • Article 6(1)(b) GDPR where processing of personal data is necessary to perform a contract with the data subject and to take steps prior to entering into a contract.
  • Article 6 (1)(f) GDPR where processing of personal data is necessary to safeguard our or third-party legitimate interests insofar as these interests are not overridden by the fundamental rights and freedoms and the interests of the data subject. Legitimate interests are, in particular, our interest in providing our services in the long term and in a manner which is user-friendly, secure, and reliable as well as advertising these services if required; information security and protection against misuse and unauthorized use; exercising of our own legal claims; and compliance with Swiss law.
  • Article 6 (1)(c) GDPR where processing of personal data is necessary to comply with a legal obligation to which we are subject under any applicable law of member states of the EEA.
  • Article 6(1)(e) GDPR where processing of personal data is necessary to perform a task carried out in the public interest.
  • Article 6(1)(a) GDPR to process personal data given with the data subject's consent.
  • Article 6(1)(d) GDPR where processing of personal data is necessary to protect the vital interests of the data subject or of another natural person.

2.3 NATURE, SCOPE, AND PURPOSE

We process personal data which is necessary to provide our services in the long term and in a manner which is user-friendly, secure, and reliable. Such personal data can fall into the following categories: master and contact data, browser and device data, content data, license data, metadata or peripheral data and usage data, location data or sales, contractual, and payment data.

We process personal data for the period which is required for the relevant purpose or purposes or which is required by law. Personal data that no longer needs to be processed is anonymized or erased. Data subjects whose data we process in general have a right to erasure.

In principle, we only process personal data after obtaining the data subject's consent unless processing is permissible for other legal reasons, such as to perform a contract with the data subject and to take steps prior to entering into a contract, to safeguard our overriding legitimate interests; because processing is evident from the circumstances; or based on prior information.

Within this framework we process in particular the information which data subjects transmit to us voluntarily and themselves when establishing contact with us – for example by letter, email, contact form, social media, or telephone – or when registering for a user account. We may store such information in, for example, an address book or using similar means. If you transmit personal data to us via third parties, you are obliged to ensure data protection vis-à-vis said third parties and to ensure the correctness of said personal data.

2.4 PROCESSING OF PERSONAL DATA BY THIRD PARTIES, IN SWITZERLAND OR ABROAD

We may have personal data processed by contracted third parties or process it together with third parties or with the help of third parties as well as transmit this data to third parties. Such third parties are, in particular, providers whose services we use. Should we use such third parties, we will ensure an adequate level of data protection.

Such third parties are, in principle, located in Switzerland and the EEA. Such third parties may, however, also be located in other states and territories around the world or elsewhere in the universe provided that, according to the adequacy decision of the Swiss Federal Data Protection and Information Commissioner  (FDPIC) and – if and insofar as the GDPR is applicable – according to the adequacy decision of the European Commission , their data protection law ensures adequate data protection or if, for other reasons, such as a corresponding contractual agreement, in particular based on standard contractual clauses, or corresponding certification, adequate data protection is ensured. In exceptional cases, such a third party may be located in a country without adequate data protection insofar as the prerequisites of data protection law, such as the data subject's explicit consent, are fulfilled.

3. RIGHTS OF DATA SUBJECTS

Swiss data protection law grants specific rights to data subjects whose personal data we process. These include the right to information and the right to rectification, erasure, or blocking of the processed personal data.

Data subjects whose personal data we process may – if and insofar as the GDPR is applicable – demand, free of charge, a confirmation whether we are processing their personal data and, if so, information about the processing of their personal data; have processing of their personal data restricted; exercise their right to data portability; and exercise their right to have their personal data rectified, erased ("right to be forgotten"), blocked, or completed.

Data subjects whose personal data we process may – if and insofar as the GDPR is applicable – withdraw any consent with effect for the future and object to processing of their personal data at any time.

Data subjects whose personal data we process have a right to lodge a complaint with a responsible supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

4. DATA SECURITY

We take adequate and appropriate technical and organizational measures to ensure data protection and, in particular, data security. However, despite these measures, there may always be security gaps when personal data is processed on the internet. We cannot therefore guarantee absolute data security.

Access to our online services is via transport encryption (SSL/TLS, in particular using Hypertext Transfer Protocol Secure, or HTTPS for short). Most browsers identify transport encryption with a padlock in the address bar.

Access to our online services is – as is essentially the case with all internet use – subject to mass surveillance, even where no specific grounds or suspicions exist, and other surveillance by security agencies in Switzerland, the EU, the United States of America (USA), and other states. We have no direct influence over the associated processing of personal data by secret services, police authorities, and other security agencies.

5. USE OF THE WEBSITE

5.1 COOKIES

We may use cookies for our website. Cookies – our own cookies (first-party cookies) and also cookies of third parties whose services we use (third-party cookies) – are data stored in your browser. Such stored data need not be limited to traditional cookies in text form. Cookies cannot execute programs or transmit malware such as trojans and viruses.

When you visit our website, cookies can be temporarily stored in your browser as "session cookies" or for a predefined period of time as "permanent cookies." Session cookies are automatically deleted when you close your browser. Permanent cookies are stored for a certain duration. Permanent cookies make it possible in particular to recognize your browser when you next visit our website and thus, for example, measure the website's reach. Permanent cookies can, however, also be used for purposes such as online marketing.

You can fully or partially deactivate or delete cookies at any time by changing your browser settings. However, without cookies it may no longer be possible to use our website to its full extent. We will – if and insofar as necessary – actively request you to provide your express consent to the use of cookies.

Where cookies are used to measure success and range or for advertising, it is possible to make a general objection ("opt-out") for many services via the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

5.2 SERVER LOG FILES

Each time you visit our website, we are able to log the following information insofar as your browser transmits it to our server infrastructure or our web server is able to identify it: date and time including time zone; Internet Protocol (IP) address; access status (HTTP status code); operating system including user interface and version; browser including language and version; the sub-pages of our website which were accessed, including the transmitted data volume; and the last web page accessed in the same browser window (referrer).

We store such information, which may also be personal data, in server log files. The information is necessary to provide our online services in the long term and in a user-friendly, reliable form as well as to ensure data security and thus in particular the protection of personal data – including by third parties or with the help of third parties.

6. NOTIFICATIONS AND ANNOUNCEMENTS

We send notifications and announcements such as newsletters by email and via other communication channels such as instant messaging.

6.1 MEASUREMENT OF SUCCESS AND REACH

Notifications and announcements may contain web links or tracking pixels which record whether the specific notification was opened and which web links were clicked. Such web links and tracking pixels can also record the use of notifications and announcements by specific data subjects. We require this statistical recording of use for the purpose of measuring success and reach, which is in turn intended to ensure that notifications and announcements are based on recipients' needs and reading habits and thus effective and user-friendly, as well as to be able to offer notifications and announcements in the long term and in a secure, reliable manner.

6.2 CONSENT AND OBJECTION

In principle, you must expressly consent to the use of your email address and your other contact addresses unless this use is permitted for other legal reasons. Wherever possible we use the "double opt-in" procedure when obtaining any consent to the receipt of emails. In other words, you receive an email with a web link which you must click as confirmation and to ensure that no unauthorized third parties can abuse your personal data. Such consents, including the IP address and the date and time, may be logged as evidence and for security reasons.

In principle, you may unsubscribe from notifications and announcements such as newsletters at any time. Notifications and announcements which are absolutely essential for our services may be excluded from this. When you unsubscribe you can, in particular, object to the statistical recording of use for the purpose of measuring success and reach.

6.3 USE OF SERVICE PROVIDERS TO SEND NOTIFICATIONS AND ANNOUNCEMENTS

We use third-party services or rely on the support of service providers to transmit notifications and announcements. This may also entail the use of cookies. We ensure an adequate level of data protection when using such services.

We use in particular:

7. SOCIAL MEDIA

We have a presence on social media platforms and other online platforms so that we can communicate with interested parties and provide information about our services. Personal data generated in this context may also be processed outside of Switzerland and the EEA.

In each case, the general terms and conditions, the terms of use, and the privacy policies and other terms and conditions of the relevant operators of such online platforms will also apply. These terms provide specific information concerning the rights of data subjects, including in particular the right to information.

8. THIRD-PARTY SERVICES

We use third-party services so that we can provide our services in the long term and in a manner which is user-friendly, secure, and reliable. Such services also allow us to embed content in our website. These services – for example, hosting and storage services, video services, and payment services – require your IP address since they would not otherwise be able to transmit the relevant content. Such services may be located outside of Switzerland and the EEA provided that adequate data protection is ensured.

Third parties whose services we use may also process data related to our services and from other sources – including cookies, log files, and tracking pixels – in an aggregated, anonymized, or pseudonymized manner for their own security, statistical, and technical purposes.

8.1 DIGITAL INFRASTRUCTURE

We use the services of third parties in order to be able to access the digital infrastructure required for our services. These include in particular hosting and storage services from specialized providers.

We use in particular:

9. FINAL PROVISIONS

We may amend and add to this Privacy Policy at any time. We will provide notification of such amendments and additions in an appropriate form, in particular by publishing the latest version of the Privacy Policy on our website.