Information and consent relating to the processing of personal data, art 13 of the GDPR

Before submitting the registration form, you must read this brief information and give your consent to the processing of the data you provide us.

1. Who is the Data Controller

The data controller is Kübertalentide treeningud MTÜ (hereafter known as "ECSC Estonia organizers"). The Data Protection Officer for the ECSC Estonia organizers can be reached at the following email address [email protected].

2. For what purposes we process personal data

Your personal data will be used as part of activities related to sourcing talent for Estonian and European cybersecurity talent programs, such as:

• to update you on new material, competitions or resources available from the ECSC Estonia organizers;
• to update you on new initiatives organized or supported by the ECSC Estonia organizers;
• for the conduct of competitions and the awarding of prizes as per the regulations.

Examples of typical purposes of processing personal data:

• Sourcing talent for contests such as ECSC Estonia qualification
• Measuring impact of ECSC Estonia organizers activities on cyber awareness
• Analysing training effectiveness and researching improvements to ECSC Estonia activities
• Reaching out to interested parties to invite them to participate in activities such as organizing trainings, authoring challenges, participating in community etc.

3. How long will your data be kept

Personal data will be retained for no longer than is strictly necessary to pursue the purposes for which they were collected. The data may be stored for archiving, scientific research and statistical purposes with the guarantees set out in the art. 89 GDPR.

Examples of typical data retention patterns:

• Processing of data to evaluate candidates before ECSC -- 1 year
• Processing of data for invitations to future events -- 2 years, extending by 1 year for active participants each year

4. What are your rights and who can you contact to assert them

You can contact the Data Protection Officer (DPO), who the ECSC Estonia organizers have appointed, to assert your rights, as indicated in the articles 15 and following of the GDPR n. 679/2016, including in particular:

• the right of access to know how your data is processed;
• to rectify your inaccurate personal data;
• of cancellation, limitation of processing or opposition;
• you can revoke the processing based on consent at any time, without this affecting the lawfulness of the processing before your act of revocation;
• exercise the right to portability of the data provided by you.

You will obviously be able to lodge a complaint with a supervisory authority such as the Estonian Data Protection Officer for the protection of personal data in case of violation of the principles of lawfulness of the processing.

5. What subprocessors does Kübertalentide treeningud MTÜ use?

In short, we rely on Google services, CloudFlare and Discord for organizatory activities / internal data processing. We rely on PostHog for site analytics.

When we have trainings or competitions hosted by external parties, they may have additional terms and privacy policies which are required as part of participating in the events. We will do our best to inform in advance when extra terms are required to participate.