PRIVACY POLICY

Privacy Policy

In accordance with the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (nFADP)

01 DATA CONTROLLER

Data Controller

Verein Hack am Rhein

Basel, Switzerland

Data Protection Contact

info@hackamrhein.dev

02 DATA COLLECTION

What We Collect and Why

Newsletter

When you subscribe to our newsletter, we collect your email address, IP address, and consent timestamp. We use double opt-in to confirm your subscription.

Legal basis: Your consent, Art. 6(1)(a) GDPR.

Retention: Until you unsubscribe, or 6 months after the event concludes, whichever comes first.

Registration and Participation

When you register for Hack am Rhein, we collect your name, email address, password (stored only as a secure hash), bio, skills, and team preferences.

Legal basis: Performance of a contract, Art. 6(1)(b) GDPR.

Retention: 1 year after the event concludes, then deleted.

Challenge Submissions

When you submit a challenge proposal, we collect your name, email address, and organization (if provided).

Legal basis: Your consent, Art. 6(1)(a) GDPR.

Retention: Until the event concludes, then deleted.

Analytics

We use a privacy-focused, cookieless analytics service to understand aggregate site usage. Analytics data is fully anonymized. No personal identifiers are collected by this service, and no cookies are set.

Legal basis: Legitimate interest, Art. 6(1)(f) GDPR. Our legitimate interest is understanding aggregate site usage to improve the platform.

Security

We use a cloud-based security service to protect against automated attacks and abuse. This service processes IP addresses for the sole purpose of identifying and blocking malicious traffic. IP addresses are not used for tracking or profiling.

Legal basis: Legitimate interest, Art. 6(1)(f) GDPR. Our legitimate interest is maintaining the security and integrity of the platform.

03 COOKIES

Cookies

This website uses only essential cookies required for the site to function:

Session cookie: maintains your login session
CSRF token cookie: protects against cross-site request forgery

We do not use any tracking, advertising, or third-party cookies.

04 DATA TRANSFERS

Data Recipients and Transfers

All data is stored on servers located in Switzerland.

All fonts are self-hosted. We use privacy-focused third-party services for analytics and security. These services are selected for their minimal data collection practices. See the What We Collect and Why section above for details.

We do not sell or trade your personal data.

05 YOUR RIGHTS

Your Rights

Under the GDPR and nFADP, you have the following rights regarding your personal data:

Access: request a copy of the data we hold about you
Rectification: request correction of inaccurate data
Deletion: request erasure of your personal data
Portability: receive your data in a structured, machine-readable format
Object: object to processing based on legitimate interest
Withdraw consent: withdraw any previously given consent at any time

We will respond to all data rights requests within 30 days. To exercise any of these rights, please contact us at info@hackamrhein.dev.

06 SUPERVISORY AUTHORITIES

Supervisory Authorities

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. The relevant authorities include:

FDPIC: Federal Data Protection and Information Commissioner (Switzerland) · edoeb.admin.ch
LfDI Baden-Württemberg: State Commissioner for Data Protection and Freedom of Information (Germany)
CNIL: Commission Nationale de l'Informatique et des Libertés (France)

07 AUTOMATED DECISIONS

Automated Decision-Making

We do not use any automated decision-making or profiling that produces legal effects or similarly significant effects on you.

08 POLICY CHANGES

Changes to This Policy

We may update this privacy policy from time to time. The latest version will always be available at this page. We encourage you to review it periodically.