This Privacy Statement applies to the processing of personal data by Dutch Blockchain Hackathon B.V. and its affiliates (together: “Odyssey” or “we”). This includes the processing of personal data within the context of our events such as the Odyssey Hackathon and through our website: https://www.odyssey.org/ (“the Website”).
This Privacy Statement contains information on the categories of personal data we collect, why we collect it, what we do with it, and how we protect it, as well as information on your individual rights.
Odyssey is the so-called controller in the sense of the General Data Protection Regulation (‘GDPR’). This Privacy Statement explains in general terms how we seek to comply with data protection laws and regulations, including but not limited to the European General Data Protection Regulation (“GDPR”) and national laws implementing the GDPR, as well as applicable data protection legislation in other jurisdictions.
If, after reading our Privacy Statement, or in a more general sense, you have any questions or wish to contact us, you can do so via the contact details at the end of this Privacy Statement.
Which personal data do we collect and for which purposes?
We process personal data of participants in our events, (contact persons at) our event partners, suppliers and other relations, of students and job applicants, and of our Website visitors. We obtain your personal data from you or from third parties (such as team leaders in our events and/or our event partners).
Personal data that we may process are:
- basic information such as your first and last name, title, gender;
- contact details such as your email address, postal address, telephone number, the company you work for and your position;
- financial information, such as IBAN/bank account number;
- IP address and statistical data about your use of our Websites;
- Personal data you provide us with when applying for one of our events, such as information relating to your personal interests, skills and expertise;
- Photos and videos of our events in which you may appear;
- Personal data you provide us with when applying for a job with us, such as an application letter, CV, date of birth, education and career information;
- any other Personal Data we obtain from or about you that we use for the purposes mentioned below.
We do not always process all of the above data, this depends on the type of relationship, the service in question and (if applicable) the consent you have given us.
Purposes for the processing of personal data
We process your Personal Data for one or more of the following purposes (depending on our relationship with you):
- Development, organisation, delivery and funding of our events
We process your personal data if you apply for, participate in, are invited to participate in or are otherwise involved in one of our events, such as the Odyssey Hackathon. This includes the processing of personal data that you provide us with through your account on our Website (the Global Odyssey Community). When you have attended one of our events, we may contact you for feedback or further communication in relation to any follow-up activities or meetings.
- Marketing and acquisition purposes
We use your personal data to send out newsletters, invitations to our events and other marketing communications that may be relevant to you. We may also use photos and videos produced at our events to publish news updates and for marketing purposes.
- Compliance with legal obligations
We process your personal data insofar as necessary to comply with legal obligations. For example, the collection and storage of data and the provision of information to the tax authorities and supervisory authorities.
- Job applications and recruitment
The data you share with us if you apply with us (via email/mail, or via social media) or that we receive via recruiters, is processed by us to contact you for the purposes of our job application or internship procedures and to deal with your job application.
- Access control and security
Camera surveillance may be used to protect the possessions and safety of our employees, visitors and participants in our events.
- Use and improvement of our Website
We process statistical data about your visit and use of our Website. We do this to analyse and improve the content, layout and use of our Website.
- Other processing
We may also process your personal data to handle any questions, information requests or complaints.
Legal grounds for processing
We process your personal data on the basis of one or more of the following legal grounds:
- The performance of an agreement with you or to take measures before the conclusion of an agreement (such as the agreement regarding your participation in one of our events);
- A legitimate interest;
- Your consent;
- Our compliance with legal obligations.
Sharing your personal data
Depending on our relationship with you, we may share your Personal Data with third parties. We will only do this when we consider this necessary. We only share your data with trustworthy parties and ensure that a transfer of your personal data is subject to appropriate safeguards. We may share your personal data with:
- Government institutions such as the tax authorities and supervisory authorities.
- Our affiliates, sponsors and event partners;
- Service providers such as accountants, tax advisers and other advisers;
- External suppliers such as IT service providers, hosting and cloud service providers or other suppliers to which we outsource support services.
If the third party with which your personal pata is shared is designated a processor in the sense of the GDPR, we will also conclude a data processing agreement with this third party.
The personal data you provide to us in relation to the 2020 Odyssey Hackathon will be shared with the University of Groningen for the purpose of scientific research. The personal data shared with the University will be anonymized. It will not be possible to trace the data back to individual participants.
Storage and transfer of personal data
We will retain your personal data in accordance with applicable data protection legislation and specific mandatory retention periods. The data will not be retained for longer than strictly necessary to achieve the purpose for which the data has been collected and to comply with legal obligations.
Your personal data may be transferred, stored and processed by our IT and cloud service providers outside the European Economic Area (EEA). We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with applicable data protection laws, including appropriate safeguards such as a Privacy Shield certification or the use of EC standard contractual clauses.
Your privacy rights
Under the GDPR, you have the following rights:
You have the right to request us to access, rectify, erase, restrict and transfer your personal data. You also have the right to object to the processing of your personal data. If you wish to exercise your rights, please submit a request per e-mail. Our contact details can be found at the end of this Privacy Statement.
Please note that individuals’ rights under the GDPR are subject to certain restrictions and may not always be granted. A request may be denied in part or in full following these restrictions, such as legal obligations, the rights of third parties and the legitimate interests of Odyssey. If we are unable to grant a particular request, we will inform you of this, with statement of reasons.
Insofar as the processing of your Personal Data is based on consent, you have the right to revoke this consent at any time. Any withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal.
Within the EU, EU citizens have the right to lodge a complaint with a supervisory data protection authority. A list of all EU supervisory authorities is available on the European Data Protection Board website: https://edpb.europa.eu/about-edpb/board/members_en. In the Netherlands this is the ‘Autoriteit Persoonsgegevens’ (‘AP’). More information can be found on the website of the AP (https://autoriteitpersoonsgegevens.nl/). We would appreciate it if you would contact us first so that we can try to reach an amicable solution.
Using analytical cookies, we collect statistical data at a privacy-friendly aggregated level about the use of our website, allowing us to improve our services. The analytical cookies we use are from Google Analytics. We use these to gain insight into visitor flows, traffic sources and page views on our website. We do this in a manner that takes your privacy into account as much as possible. For example, your IP address is only partially stored for this reason. We have entered into a data processing agreement with Google which includes arrangements concerning the security of your personal data.
When sending e-mail newsletters and invitations for our events, we use Mailchimp. The e-mails sent using Mailchimp may contain web beacons. A web beacon, also called internet tag, pixel tag or clear GIF, is used to gather information about the use of the e-mails. Based on these, we can analyse the use of the newsletter and the invitations and optimise their layout and contents.
Changes to this statement
This Privacy Statement may be changed from time to time. Please check our Privacy Statement frequently to stay informed about how we use your personal data. This Privacy Statement is effective upon posting. This Statement was last updated on September 9, 2019.
If you have any questions regarding this Privacy Statement or your privacy, contact us at: firstname.lastname@example.org.