Privacy Policy

Table of contents

We take the protection of your personal data very seriously and strive to provide you with comprehensive information about the processing of your personal data. The following privacy policy explains how and for what purposes we process your personal data when you visit our website, visit us on social media or contact us. We also wish to inform you about data processing for the purpose of organizing the event.

As a rule, the personal data of yours that we collect is obtained directly from you. The statutory basis is, in particular, the EU General Data Protection Regulation (GDPR).

1. Controller within the Meaning of Article 4(7) GDPR

The controller responsible for data processing within the meaning of Article 4(7) GDPR is:

Schwarz Digits KG
Stiftsbergstraße 1
74172 Neckarsulm

E-Mail: csc@cyberconference.schwarz
Tel.: +49 7132 30-5000

2. Data Processing on the Microsite

2.1. Data Processed when You Visit this Website

2.1.1 Purposes and Legal Basis of Processing

When you visit this website, log files are generated containing the following information:

  • the website/application from which you accessed our site (referrer URL);
  • the IP address;
  • the date and time of access;
  • the client request;
  • the http response code;
  • the data volume transmitted;
  • the name and URL of the requested file;
  • information about the type of browser and operating system you are using;
  • the name of your Internet service provider.

The legal basis for the processing is Article 6(1)(f) GDPR. Our legitimate interest arises from our interest in protecting our systems and preventing improper and/or fraudulent activity each time that a user accesses this website.

2.1.2. Recipients/Categories of Recipients

As a rule, we do not transfer the data to third parties outside Schwarz Digits KG. In exceptional cases, we will have a processor process the data on our behalf. Such processors are carefully selected and bound by contract in accordance with Article 28 GDPR. They include trend factory marketing & veranstaltungs GmbH and its subcontractors, which we have engaged to support the event and host the registration site.

2.1.3. Obligation to Provide Your Data

You are under no statutory or contractual obligation to provide personal data to us. However, such data will be processed for technical reasons as soon as you access our site. The only way to prevent your data from being processed is to stop using our website.

2.1.4. Storage Time

We store the aforementioned data for a period of 14 days.

2.2. Cookies

Cookies are small text files that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our websites. Cookies do not cause any harm to your end device, nor do they contain any viruses, trojans or other malware. The cookie stores certain information connected with the specific end device deployed. This does not, however, mean that we will immediately become aware of your identity.

You may also configure your browser to ensure that a warning appears every time a new cookie is placed. This makes the use of cookies more transparent for you. You may also configure your browser to refuse acceptance of all or some cookies from certain sources. Please be advised, however, that disabling cookies may limit the functionality of this website.

2.2.1. Purposes and Legal Basis of Data Processing

Cookies and the other technologies used to process usage data are deployed for the following purposes, depending on the categories of cookie/other technologies:

  • Necessary: These cookies help to make a website usable by enabling basic functions such as site navigation and access to secure pages. The website cannot function properly without these cookies.
  • Preferences: Using these methods, we can take into account your actual or perceived preferences to enhance the user experience. For example, we can use your settings to display our website in a language relevant to you. They also mean we can avoid displaying products that may not be available in your region.
  • Statistics: These methods enable us to tailor the design of our services by producing anonymized statistics about how they are used. For example, we can use them to determine how better to adapt our websites to user habits.
  • Marketing: These enable us to display relevant advertising content based on an analysis of your usage behavior. Your usage behavior can also be tracked over various websites, browsers or devices via a user ID (unique identifier).

Depending on the purpose, the use of cookies and similar technologies to process usage data involves processing the following types of personal data in particular:

Necessary:

  • user inputs, in order to remember inputs across multiple sub-pages;
  • authentication data to identify a user after signing in, enabling you to access authorized content on subsequent visits (e.g., access to the customer portal);
  • security-related events (e.g., identifying repeat failed sign-in attempts);
  • required data.

Preferences:

  • settings to customize the user interface that are not linked to a permanent identifier.

Statistics:

  • pseudonymized usage profiles containing information on the use of our website. These contain in particular:
    • browser type/browser version;
    • operating system used;
    • referrer URL (i.e., the previously visited page);
    • host name of the accessing computer (IP address);
    • time of the server request;
    • individual user ID; and
    • events triggered on the website (web browsing behavior).
  • The IP address is routinely anonymized, which in principle means it is no longer possible to identify you.
  • We only store the user ID together with other data you provide (e.g., name, e-mail address) if you give us express permission to do so. In itself, we cannot use the user ID to identify you.

Marketing:

  • pseudonymized usage profiles containing information on the use of our website. These contain in particular
    • IP address;
    • individual user ID;
    • products potentially of interest;
    • events triggered on the website (web browsing behavior).
  • IP addresses are routinely anonymized, which in principle means it is no longer possible to identify you. We only store the user ID together with other data you provide (e.g., name, e-mail address) if you give us express permission to do so.
  • • In itself, we cannot use the user ID to identify you. We may potentially share the user ID and associated usage profiles with third parties via providers of advertising networks.

The legal basis for using preference, statistics and marketing cookies and similar technologies is your consent given pursuant to Article 6(1)(a) GDPR and section 25 (1) sentence 1 of the German Telecommunications Digital Services Data Protection Act (Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz – TDDDG). The legal basis for using technically necessary cookies and similar technologies is your consent given pursuant to Article 6(1)(f) GDPR. We have a legitimate interest in ensuring the technical stability and security of website operation.

You may withdraw/modify your consent at any time with effect for the future without this affecting the lawfulness of the processing based on consent before its withdrawal. Click here to make your selection.

For an overview of the cookies and other technologies we use, including the respective purposes of processing, storage periods and any third party providers involved, see our cookie policy.

2.2.2. Recipients/Categories of Recipients

When using cookies and similar technologies to process usage data, we may on occasion retain specialized service providers, particularly from the field of online marketing, to process data. They process your data on our behalf as processors. Each has been carefully selected and bound by contract.

Google Analytics

We are supported in the context of Google Analytics by Google Ireland Limited and Google LLC (USA) as processors in accordance with Article 28 GDPR. Data may therefore be processed outside of the EU/EEA. An appropriate level of data protection cannot be assumed in the case of Google LLC because the data is processed in the US. There is a risk that authorities may be able to access the data for security and monitoring purposes without you being informed of this or having any legal recourse. Please bear this in mind when deciding about consent to our use of Google Analytics. However, by agreeing the European Commission's standard contractual clauses (these can be accessed here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en) we have bound Google LLC by contract to comply with data protection provisions. You can find out more by contacting our data protection officer (contact details below).

LinkedIn Insight Tag

We have embedded the Insight Tag from LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, on our website. When our website is accessed, data is forwarded to LinkedIn via a redirect. The following data can be forwarded:

  • http header information (such as IP address, information about the browser used, country-related data such as language)
  • unique cookie ID
  • information about events on the site (such as information on the page views or buttons clicked)
  • date and time

LinkedIn can mark the end device you are using with a cookie and a unique identifier, or may read an existing cookie. If you are signed in to LinkedIn, this data can be used to display targeted advertising for us on the LinkedIn pages. We can also use this data to evaluate the success of our LinkedIn ads. The legal basis for storing the cookie and forwarding data to LinkedIn Ireland Unlimited Company is consent given pursuant to Article 6(1) sentence 1(a) GDPR.

With respect to collecting and transmitting the above data, we are a joint controller together with LinkedIn Ireland Unlimited Company. For this reason, we have entered into a joint controller agreement with LinkedIn pursuant to Article 26 GDPR that determines the responsibilities for compliance with the obligations under the GDPR. Given the fact that we do not have access to the data collected about you in the context of the LinkedIn Insight Tag, LinkedIn alone has direct access to the necessary information and can also take any necessary action and provide information directly. In this respect, please contact LinkedIn directly to assert your rights as data subject regarding data processing in relation to the Insight Tag. Nevertheless, please feel free to contact us if you need our support.

With respect to using the LinkedIn Insight Tag, we cannot rule out LinkedIn also processing data in the US. To ensure an appropriate level of data protection in the event that data is transmitted outside of the EU, we have entered into the European Commission's standard contractual clauses with LinkedIn.

LinkedIn is responsible for the further processing and evaluation of the data collected. Further information about data privacy at LinkedIn in general and detailed information about how the data collected in the context of the Insight Tag is handled, such as the legal basis for data processing by LinkedIn, can be found in LinkedIn's privacy policy at:

https://de.linkedin.com/legal/privacy-policy?trk=content_footer-privacy-policy

You can change your ad preferences here:
https://www.linkedin.com/mypreferences/d/categories/ads

2.2.3. Obligation to Provide Your Data

You are under no statutory or contractual obligation to provide personal data to us. You may prevent cookies from being stored by adjusting the aforementioned settings, selecting the categories of cookies accordingly or by withdrawing or modifying any consent you may have given.

2.2.4. Storage Time

For information on the storage time for cookies, please see the cookie policy. If "persistent" is entered in the "expiration" column, the cookie will be stored permanently until the corresponding consent is withdrawn.

3. Data Processing for the Purpose of Organizing and Holding the Event

3.1. Registration Process

3.1.1 Purposes of the Processing/Legal Basis

We treat all personal data that you provide us as part of registration confidentially. We use your data solely for the limited purpose of processing your registration. The legal bases for the processing are Article 6(1)(b) and (f) GDPR. The legitimate interest lies in responding to your inquiries.

Your data (name, address, e-mail address, company/business/organization, menu preferences) are processed for the purpose of sending invitations to participate in the event on the basis of Article 6(1)(f) GDPR. The legitimate interest lies in notifying you of the event and providing you the link to the registration page and the registration code. You can also add further information if, for example, personal protection is needed or other organizational issues have to be observed.

3.1.2. Origin of Data

We may have received your data from a Schwarz Company you are in contact with as a business partner/supplier/customer. This may be one of the following companies:

Schwarz IT KG, Stiftsbergstraße 1, 74172 Neckarsulm
STACKIT GmbH & Co. KG, Stiftsbergstraße 1, 74172 Neckarsulm
XM Cyber Germany GmbH & Co. KG, Stiftsbergstraße 1, 74172 Neckarsulm
Schwarz Beteiligungs KG, Stiftsbergstraße 1, 74167 Neckarsulm

3.1.3. Recipients/Categories of Recipients

We will have a processor process the data on our behalf. Such processors are carefully selected and bound by contract in accordance with Article 28 GDPR. They include trend factory marketing & veranstaltungs GmbH and its subcontractors, which we have engaged to support the event and host the registration site. Where necessary to organize the event, your data will also be transmitted internally to Schwarz companies or to external service providers, which may include caterers, security services, shuttle services, etc. Where necessary to process your registration, we transfer your data to companies of Schwarz Group, such as Schwarz Digital GmbH & Co.KG and XM Cyber Ltd.

3.1.4. Pflicht zur Bereitstellung Ihrer Daten

You are under no statutory or contractual obligation to provide personal data to us. However, if you do not provide us with the data required to process your registration, we will not be able to process or respond to it or to register you for the event. By contrast, failing to provide optional details will have no impact on your participation at the event. We may merely be prevented from providing you a custom menu.

3.1.5. Storage Time/Criteria for Determining Storage Time

We delete or securely anonymize all information we receive from you in the context of the registration process no later than 60 days after the end of the event. Personal data that you send to us as part of initiating or performing a contract or that are subject to statutory retention periods under commercial or tax law will be deleted after the end of such periods, at the latest after 12 years.

The above-mentioned storage times notwithstanding, if we use your contact details for the purposes of mailing after the event (please see below) then we will retain your contact details until you unsubscribe from the mailing.

3.2. Menu Preference/Collection of Health Data

3.2.1. Purposes of the Processing/Legal Basis

You can provide specific details of allergies and intolerances as part of your menu preference. The data is processed on the grounds of legitimate interests pursuant to Article 6(1)(f) GDPR. We collect the data with your consent pursuant to Article 9(2)(a) GDPR in order to serve you a custom menu. These are health data, and by providing the corresponding information you consent to their processing. The information is provided on a voluntary basis and is not required by law or by contract. If you do not wish to provide information, please simply select "no".

You may withdraw/modify your consent with effect for the future by e-mailing csc@cyberconference.schwarz at any time.

3.2.2. Recipients/Categories of Recipients

Your specific intolerances will be forwarded to the respective caterer responsible for catering on the day of the event. This is Schwarz Restaurantbetriebe GmbH & Co. KG, Stiftsbergstraße 1, 74172 Neckarsulm, Germany.

3.2.3. Storage Time/Criteria for Determining Storage Time

Your data will be deleted at the latest 60 days after the end of the event.

3.3. Publication of Participants' Data

3.3.1. Purposes of the Processing/Legal Basis

Subject to your consent given pursuant to Article 6(1)(a) GDPR, we will publish your data on our website in relation to the event. The data potentially published includes your last name, first name, title and profile image (if you have uploaded one). All information is provided and published on a voluntary basis. You can also participate in the event without giving your consent.

3.3.2. Recipients/Categories of Recipients

Your details will be published online on the event website, meaning that they will be accessible worldwide. Please note that an appropriate level of protection cannot be guaranteed if persons in third countries access your data, and we have no influence on their processing.

3.3.3. Storage Time/Criteria for Determining Storage Time

Your data will be deleted at the latest 60 days after the end of the event.

4. Other Data Processing by Schwarz Digits

4.1. Communication by E-mail/Telephone/Mail/Contact Form

4.1.1. Purposes and Legal Basis of Data Processing

We treat all personal data that we receive from you by e-mail, telephone, mail or contact form confidentially. We use your data solely for the limited purpose of processing your inquiry. The legal basis for the processing is Article 6(1)(f) GDPR. The legitimate interest lies in responding to your inquiries.

When you send us personal data by contacting us for purposes of initiating or performing an existing contractual relationship, Article 6(1)(b) GDPR is the legal basis for data processing.

We will also send you e-mails containing information about the event at various stages (including invitation, reminder, confirmation of registration, final details prior to the event, post-event e-mail) to notify you about organizational issues and highlights of the event. This data is processed on the basis of Article 6(1)(f) GDPR pursuant to our legitimate interest in providing you with all information relevant to the event. You can object to this data processing by clicking on the unsubscribe link at the bottom of the e-mails.

4.1.2. Recipients/Categories of Recipients

As a rule, we do not transfer the data to third parties outside Schwarz Digits KG. In exceptional cases, we will have a processor process the data on our behalf. Such processors are carefully selected and bound by contract in accordance with Article 28 GDPR. They include trend factory marketing & veranstaltungs GmbH and its subcontractors, which we have engaged to support the event and host the registration site.

Where necessary to process your inquiry, we transfer your data to companies of Schwarz Group, such as Schwarz Digits KG and XM Cyber Ltd.

4.1.3. Obligation to Provide Your Data

You are under no statutory or contractual obligation to provide personal data to us. However, if you do not provide us with the data required to process your request, we will not be able to process or respond to it.

4.1.4. Storage Time/Criteria for Determining Storage Time

We delete or securely anonymize all information we receive from you when you make inquiries no later than 90 days after the final response is sent to you or after the end of the event. Personal data that you send to us as part of initiating or performing a contract or that are subject to statutory retention periods under commercial or tax law will be deleted after the end of such periods, at the latest after 12 years.

The above-mentioned storage times notwithstanding, if we use your contact details for the purposes of mailing after the event (please see below) then we will retain your contact details until you unsubscribe from the mailing.

4.2. Marketing Communications

4.2.1. Purposes and Legal Basis of Data Processing

Newsletter

We offer you the opportunity to subscribe to our newsletter. If you have consented to receive our newsletter pursuant to Article 6(1)(a) GDPR, we use your e-mail address and name (if provided by you) to send information about cyber security events and news. We store and process this data for the purpose of distributing the newsletter.

Newsletter Tracking

We also use information that we store on and retrieve from your end device to track how you use the newsletter. The evaluation of usage behavior includes: opening the newsletter, clicking on links and the newsletter status. On this basis we prepare personalized usage profiles assigned to you and/or your e-mail address in order to tailor newsletter content and communications to your interests and to improve our products and services.

The legal basis for storing and retrieving information on your end device is section 25 (1) TDDDG. The newsletter is sent and data subsequently processed (evaluation of usage behavior) based on your consent pursuant to Article 6(1)(a) GDPR.

To ensure that no mistakes are made when entering the e-mail address, we use the "double opt-in" procedure: once you enter your e-mail address in the registration field, we will send you a confirmation link. Your e-mail address will not be added to our distribution list until you click on the confirmation link.

If you subscribe to the newsletter, the IP address of the accessing system and the date and time of registration are recorded, as is the e-mail verification. This data is processed for the sole purpose of being able to track potential misuse of an e-mail address. The legal basis for processing the above-mentioned data is Article 6(1) sentence 1(f) GDPR. We have a legitimate interest in ensuring IT security.

You may withdraw your consent to receive the newsletter and to the recording of newsletter activities at any time with effect for the future, e.g., by unsubscribing from the newsletter on our website. The link to the unsubscribe page is provided at the bottom of every newsletter. When you unsubscribe, we consider your consent to a newsletter subscription and the recording of your usage behavior and the receipt of newsletters based thereon as withdrawn. We will delete your usage data. The lawfulness of the processing carried out until such time as we receive your notice of withdrawal shall not be affected.

Contact by Schwarz Digits KG and XM Cyber

We offer you the opportunity to find out about the product range of XM Cyber Ltd. free of charge and without obligation. Subject to your consent, we will transfer your contact details (last name, first name and e-mail address) to Schwarz Digits KG, Stiftsbergstraße 1, 74172 Neckarsulm, Germany, and XM Cyber Ltd., 7 Sapir Street, Herzliya, Israel, which will then be able to contact you for this purpose.

Israel is covered by an adequacy decision adopted by the European Commission. You can access this at: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32011D0061 . You can find out more about the adoption of an adequacy decision by the European Commission at: https://edps.europa.eu/data-protection/data-protection/glossary/a_en . Please do not hesitate to contact our data protection officer should you need further information.

The legal basis for the above data processing is your consent pursuant to Article 6(1)(a) GDPR.

Your consent is given voluntarily. You may withdraw your consent at any time with effect for the future. Please send your notice of withdrawal to csc@cyberconference.schwarz (contact address for Schwarz Digits KG, Stiftsbergstraße 1, 74172 Neckarsulm, Germany). We will forward your withdrawal of consent without undue delay to XM Cyber Ltd. so that they can also delete your data and cease contacting you. The lawfulness of the processing carried out until such time as we receive your notice of withdrawal shall not be affected.

4.2.2. Recipients/Categories of Recipients

As a rule, we do not transfer the data to third parties outside Schwarz Digits KG unless we have provided explicit notification of that fact. In exceptional cases, we will have a processor process the data on our behalf. Such processors are carefully selected and bound by contract in accordance with Article 28 GDPR.

4.2.3. Obligation to Provide Your Data

You are under no statutory or contractual obligation to provide personal data to us. Subscribing to our newsletter is voluntary and always subject to your consent. You will face no detrimental effect if you withdraw your consent.

4.2.4. Storage Time

Your e-mail address, your name (if provided by you) and your usage data will be deleted as soon as you unsubscribe from our newsletter or withdraw your consent to be contacted by Schwarz Digital GmbH & Co. KG and XM Cyber Ltd. The IP address will be stored for 30 days and then deleted.

4.3. Card Integration

Your data will not be stored in the context of the integrated card. This merely involves recording an image without uploading personal data.

5. Your Rights as Data Subject

Under Article 15(1) GDPR, you have the right to access information, free of charge, on the personal data stored about you. If the statutory requirements are met, you also have a right to rectification (Article 16 GDPR), erasure (Article 17 GDPR) and restriction of processing (Article 18 GDPR) of your personal data.

If the basis of processing is Article 6(1)(e) or (f) GDPR, you have a right to object under Article 21 GDPR. If you object to processing, your data will no longer be processed thereafter, unless the controller demonstrates compelling legitimate grounds for the processing which override the interests of the data subject in the objection.

If you have provided the processed data yourself, you have a right to data portability under Article 20 GDPR.

If the data processing is carried out on the basis of consent granted under Article 6(1)(a) or Article 9(2)(a) GDPR, you may withdraw that consent at any time with effect for the future without this affecting the lawfulness of the previous processing.

In the above-mentioned cases, or if you have questions or complaints, please write to or e-mail the data protection officer referred to below.

You also have a right to lodge a complaint with a data protection supervisory authority. The data protection supervisory authority located in the state in which you live or where the controller is domiciled has jurisdiction.

6. Data Protection Officer Contact Information

For further questions concerning the processing of your data or the exercise of your rights, please contact the competent data protection officer of the controller at:

Schwarz Digits KG
– Data protection officer –
Stiftsbergstraße 1
74172 Neckarsulm

E-Mail: datenschutz@mail.schwarz