Privacy Policy for CFP

Privacy statement www.offensivecon.org
The protection of your personal data (hereafter “p.d.”) which are processed when using our website as well as during the registration for our conference is a huge and important concern for us. The term “personal data” includes all information which refer to identified or identifiable individuals.
Categories of data are e.g. your name, your address, your e-mail-address, but also data about your usage behavior on www.offensivecon.org.
In the following we would like to inform you which data are collected during your visit of our homepage and when registering for our conference and how we process and use that data. We would also like to inform you about our accompanying supportive measures we have taken regarding technical and organizational protection. Please take into account that this privacy policy can be updated from time to time through the implementation of new technologies and/ or legal changes. Of course we will consider all your interests in an appropriate way when making changes.

Controller, contact, data protection officer
The controller pursuant to Article 4 No. 7 General Data Protection Regulation (“GDPR”) is:

Blue Frost Security GmbH
Platz der Einheit 1,
60327 Frankfurt am Main.

That is represented by the CEO Lukas Hermann, ibid. You can also contact us via e-mail under office@bluefrostsecurity.de. Our homepage can be accessed via www.bluefrostsecurity.de.

For any questions and remarks regarding this privacy statement or for general inquiries regarding data protection please contact our data protection officer. You can contact him via e-mail under privacy@bluefrostsecurity.de or per mail by post with confidence to the attention of the data protection officer at the above address.
For further information, we refer to our information in the imprint: https://www.offensivecon.org/imprint.html

Legal bases for processing of your data
Legal basis for the processing of personal data are:

  • Insofar as we obtain the data subject’s consent for processing of personal data, Art. 6 (1) Clause 1 lit. a) GDPR as the legal basis.
  • In case of processing of personal data is necessary for the performance of a contract, the legal basis is Art. 6 (1) Clause 1 lit. b) GDPR. This also applies to processing operations that are necessary to carry out pre-contractual measures. 
  • Insofar as processing of personal data is necessary for the compliance of a legal obligation our company is subject to, the legal basis is Art. 6 (1) Clause 1 lit. c) GDPR.
  • In the case that vital interests of the data subject or of another natural person require a processing of personal data, Art. 6 (1) Clause 1 lit. d) GDPR serves as the legal basis.
  • If processing is necessary to protect a legitimate interest of our company or of a third party and if the interests, fundamental rights, and fundamental freedoms of the data subject do not outweigh these legitimate interests, the legal basis for processing is Art. 6 (1) Clause 1 lit. f) GDPR.

Storage periods
The data processed by us will be deleted or its processing restricted in compliance with the statutory provisions, in particular in accordance with Articles 17 and 18 GDPR. Unless specifically stated in this privacy statement, we delete data stored by us as soon as it is no longer needed for its intended purpose. Beyond the time of continued use, data is only collected if it is required for other and legally permissible purposes or if the data must be retained due to statutory retention obligations. In these cases, processing is restricted, that means blocked, and not processed for other purposes.

Server log Files
For the informational use of our website, it is generally not required that you actively provide personal data. In this case we collect and use only your data which is automatically transmitted to us by your Internet browser. These include:

  • date and time of your retrieval of one of our websites; 
  • time zone difference to Greenwich Mean Time (GMT);
  • your browser type; 
  • the amount of the data transferred
  • your browser settings; 
  • the utilized operating system; 
  • your most recently visited site;
  • the transferred data volume and access status (file transferred, file not found, etc.); 
  • your IP address.

The data is stored temporarily on our servers. This data is not stored together with other personal data except those stated above. The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the IP address of the user must be stored for the duration of the session. In addition, we create so-called log files. The log files are stored to ensure the security of our IT systems. The log files include all of the above data categories, whereby IP addresses are shortened for the purpose of anonymization. A personal evaluation of the data, in particular for marketing purposes, does not take place.
Processing of the above data is necessary for technical reasons to offer a website pursuant to Art. 6 (1) Clause 1 lit. b), lit. c), lit. f) GDPR in order to display our website correctly to you and to guarantee stability and security. In particular, log files are created to prove attacks on our systems. We delete non-anonymous server log files regularly after seven days, but not later than 30 days after your visit.

Data processing and recipient of data
In some cases, we use external service providers, who are bound by our instructions to process your data. These were selected and commissioned carefully by us and are controlled regularly. The orders are based on data processing agreements pursuant to Article 28 GDPR. The processor does not process data independently for its own purposes. If you have any questions about our order processors, please do not hesitate to contact us.

For the operation and hosting of this website we make use of Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany, located within the EU, which processes all usage data, meta and communication data of visitors or customers of this website on our behalf and on the basis of our legitimate interests in an efficient and secure provision of this online offer in accordance with Article 6 (1) Clause 1 lit. f) GDPR.

Registration for the Call for Papers
When you register as a speaker for the conference, we will process the data you provide when submitting your talk in order to process the contract. For the purpose of registration we need your name, your e-mail-address, your address, company, country of residence and a brief biography. Furthermore, the date and time of the order as well as data transmitted by your browser (see above server log files) are processed automatically.
The legal basis for the processing of your personal data is Article 6 (1) Clause 1 lit. b) GDPR. The legal basis for voluntarily provided information is Article 6 (1) Clause 1 lit. a) GDPR. We are obliged to save your ordering data for a period of ten years because of commercial and fiscal regulations (German federal Handelsgesetzbuch, German federal Abgabenordnung). However, we will perform a restriction of the processing after the congress. The legal basis for that is Article 6 (1) Clause 1 lit. b), lit. c) GDPR.
We use the pretalx ticket tool for registration. That is a service of pretalx / rixx.de Softwareentwicklung (Tobias Kunze) Dammstraße 18, 70806 Kornwestheim, which also stores the CFP submission system on its own servers. Entered data as well as your IP address and other automatically processed data are transferred to pretalx upon registration. We have concluded a data processing agreement with the service provider. In particular, this agreement guarantees that the transmission of your data is secure. The service provider does not process your personal data for its own purposes.

Contact via e-mail, telephone, social media

We would be pleased to give you the opportunity to contact us. If you contact us regarding the issue of data protection as well as any other matters, we will process the data provided by you so that we can take care of your request and respond to it. The processing of your data within the scope of contacting us via e-mail, telephone or via social media depending on the content of the enquiry for purely informational enquiries on the basis of your (presumed) consent pursuant to Article 6 (1) Clause 1 lit. a) GDPR or pursuant to Article 6 (1) Clause 1 lit. b) GDPR, as far as the contacts are in connection with contractual performance obligations. The information provided by users on the basis of Article 6 (1) Clause 1 lit. b) GDPR can be stored in a customer relationship management system ("CRM System").

We will delete your contact requests within a few days after processing. If you contact us by e-mail for informational purposes, you can object to the storage of your personal data at any time. In such a case, the conversation cannot be continued. Furthermore, you have the right to object to the storage of your personal data in a CRM system.
We will delete your contact inquiries from our active systems immediately after final processing, unless legal permissions or storage obligations permit or require further storage. For example, if you apply to us by e-mail, we will store your application data for a period of six months from the end of the application process.

Cookies and integrated offers of third parties
Own cookies
When you visit offensivecon.org, the website also stores so-called cookies on your computer. Cookies are small text files that within the scope of your visit of our website are transmitted from our web server to your browser and are stored by your browser on your computer for later retrieval. You can determine by the settings in your browser, whether cookies can be set and retrieved. You can completely deactivate the storage of cookies in your browser, limit it to certain websites or configure your browser so that it automatically informs you as soon as a cookie is to be set and asks you for feedback.
In particular, we use session cookies. They store a so-called session ID, with which different requests of your browser can be assigned to a certain session. This allows your computer to be recognized when you return to our website, which offers significant added value for the registration function for our conference, for example. The session cookies are deleted when the expiry time of one week has been reached.
Unless otherwise stated, the legal basis for the use of cookies is our legitimate interest (in the analysis, optimization and economic operation of the online offer) in accordance with Article 6 (1) Clause 1 lit. f) GDPR. You can object to the processing on the basis of our legitimate interests at any time.

Third-Party-Cookies and Third-Party-Offers
You can configure your browser settings according to your wishes and refuse the acceptance of third party cookies or all cookies, for example. The legal basis for the use of third party cookies as well as other offers from third parties is our legitimate interest (in the analysis, optimization and economic operation of the online service) pursuant to Article 6 (1) Clause 1 lit. f) GDPR, unless otherwise stated. You can object to the processing on the basis of our legitimate interests at any time.
Please consider the following notes on third-party cookies listed below.


1. Google Maps
On offensivecon.org some contents of Google Maps are also displayed. This service is provided by Google LLC ("Google"), Amphitheatre Parkway, Mountain View, CA 94043, USA. The offer allows you to view interactive maps directly on our website. By visiting our website, Google receives the information that you have called up the corresponding subpage of our website. This happens regardless of whether Google provides a user account that you are logged in with or whether no user account exists. If you are logged in to Google, your information will be directly associated with your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google stores your data as a user profile and uses it for the purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation takes place in particular (even for not logged-in users) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have a right to object to the creation of these user profiles, whereby you must contact Google to exercise this right. For more information on the purpose and scope of data collection and processing by the plug-in provider, please refer to the plug-in provider's privacy policy. There you will also find further information about your rights in this regard and setting options for the protection of your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield. Further information can be found at: https://www.privacyshield.gov/EU-US-Framework.


2. YouTube
We integrate the videos of the platform "YouTube" of the provider Google LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. The YouTube server is informed of which of our pages you have visited, stating your IP address.
If you are logged into your YouTube account, you allow YouTube to associate your surfing behavior directly with your personal profile. You may be able to prevent this by logging out of your YouTube account.
Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
When YouTube videos are used, Google uses cookies to collect information about visitors to the websites, for example to collect view statistics. A cookie is also used to connect to Google's DoubleClick network in order to display ads that are as relevant as possible. Google will keep track of which ads you've seen and which of them you've viewed. The use of DoubleClick cookies enables Google and its advertising network to serve ads based on your previous visits of websites (or apps). The information generated by the cookies is transmitted by Google to a Google server for analysis and stored there. You can prevent the collection of the cookies listed in this section and thus the use of data relating to this online offer and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
Further information on data use by Google, possible settings and objections can be found on Google's websites at: https://www.google.com/intl/de/policies/privacy/partners as well as at: http://www.google.com/policies/technologies/ads and https://adssettings.google.com/authenticated. You can find Google's privacy policy at: https://www.google.com/policies/privacy/.


3. Social plugins
To protect your personal data, we have deliberately decided against implementing plug-ins from social network operators, with the exception of the integrated YouTube videos. Links to portals that you will find on our website are merely static links. Information is only transmitted to the service providers when you click on the button. If you are a member of one of the linked portals, the portal providers may link our profile and your visit to our website to your profile there. The following portals are linked by us. Further information can be found under the links listed below.
a. Twitter
The functions and content of the Twitter service offered by Twitter Inc. 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, are integrated into our online service. This may include, e.g. content such as images, videos or texts and, in particular, buttons with which you can express your pleasure in the respective content within the network. In case you are a member of the Twitter platform, Twitter can assign your visit to our website to your Twitter profile by clicking on the Twitter button. Twitter is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law. Further information can be found under https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active. You can find Twitter's privacy policy at: https://twitter.com/de/privacy. An opt-out option is offered at https://twitter.com/personalization.
b. LinkedIn, Google+
The LinkedIn and Google+ buttons implemented on our pages are static links. Information is only transmitted to the service providers when you click on the button. Further information is available at: https://www.linkedin.com/legal/privacy-policy?trk=%7Berror-page%7D-privacy-policy or https://policies.google.com/privacy?hl=en.

Social media presences
We maintain presences in social media in order to communicate with customers and prospective customers there and to keep them informed. When utilizing the relevant social media network, the terms and conditions of the respective social media network operators apply.

Your Rights
Pursuant to statutory provisions, you can assert the following rights free of charge vis-à-vis the data processing controller:

  • Right to access by the data subject (Art. 15 GDPR);
  • Right to rectification and erasure (Art. 16 and Art. 17 GDPR);
  • Right to restriction of processing (Art. 18 GDPR);
  • Right to data portability (Art. 20 GDPR);
  • Right to object (Art. 21 GDPR).

You also have the right to complain to a data protection supervisory authority concerning the controller’s processing of your personal data.

Data security
We apply technical and organizational security measures to protect our website and other systems against loss, destruction, access and change. Your data will only be transmitted encrypted via a secure and specifically hardened TLS connection.
Whether a single page of our website is transmitted in encrypted form is indicated by the closed key or lock symbol in the lower or upper status bar of your browser.