Privacy Policy

Welcome to the Eyes-Off Data Summit 2024 ("Summit") Privacy and Data Protection Policy ("Privacy Policy").

At Oblivious Software Limited ("Oblivious", “we”, “us”, or “our”) we are committed to protecting and respecting your privacy and Personal Data in compliance with the General Data Protection Regulation (“GDPR”).

This Privacy Policy tells you about your privacy rights and sets out how we, as a Data Controller, collect and process your personal information (or "Personal Data"). For the purposes of this Privacy Policy, "you" and "your" means you as a customer, user, business contact, or individual who has reserved a spot to attend the Summit, with whom we have a relationship or whom we may need to contact, whose information we have collected pursuant to this Privacy Policy.

This Privacy Policy should be read in conjunction with our Cookies Declaration, and in conjunction with the Oblivious Privacy Policy.

1. YOUR DATA CONTROLLER AND DATA PROTECTION OFFICER

Oblivious is your Data Controller and responsible for your Personal Data.

We have appointed a data protection officer (“DPO”) who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights surrounding your Personal Data please contact the DPO at privacy@oblivious.com.

2. LEGAL BASIS FOR DATA COLLECTION
Types of Data / Privacy Policy Scope

When we refer to personal data we are referring to any information that relates to an identified or identifiable living individual such as name, ID number, location data, any online identifier, or any factor specific to the physical, physiological, genetic, mental, economic or social identity of that person. It does not include data where any potential identifiers have been removed (anonymous data) or data held in an unstructured file.

Categories of personal data that we collect include:

a) Identification Data: in particular name, last name, user name, pseudonym, other names that help to establish the identity of a person, title, date of birth, gender.

b) Contact Data: in particular data relating to your addresses, e-mail addresses, phone numbers.

c) Marketing Data: in particular your preferences in receiving marketing information and other communication from us or our partners.

d) Technical Data: in particular your IP address, browser type and version, time zone setting and location, operating system and platform, and other technology on the devices you use to engage with us.

e) Transaction Data: in particular data about your payments, data about products and services you have purchased from us, data about cancelled transactions, bank account numbers.

f) Usage Data: in particular information about how you use our website, products and services. For example:

  • your unique user ID
  • network location
  • the date, time and duration of visits
  • the number of pages viewed
  • the amount of time spent on the website
  • your device information
  • your IP address

We also collect Aggregated Data (that means high-level data which is acquired by combining individual data) for page visits-related analytics such as but not restricted to country of a visitor, how a search engine was used to access our website link, time and duration for which the page was visited, what users click on. Aggregated Data could be derived from your Personal Data but is not considered Personal Data in law as this data will not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this Privacy Policy.

We may also Aggregate Data to enable research or analysis so that we can better understand and serve you and others. For example, we may conduct research on your demographics and usage. Although this Aggregated Data may be based in part on Personal Data, it does not identify you personally. We may share this type of anonymous data with others, including service providers, our affiliates, agents and current and prospective business partners.

We do not deliberately collect any Special Categories of Personal Data about you (that means details about your race or ethnicity, religious beliefs, sexual orientation, political opinions, party or trade union membership, information about your health, and genetic and biometric data, criminal convictions and offences). If you share this data with us for a specific purpose (such as your dietary requirements), we will only store it on the basis of your consent (or such other basis as we may determine based on the circumstances).

2.2. The Legal Basis for Collecting That Data

There are a number of justifiable reasons under the GDPR that allow collection and processing of Personal Data. The main avenues we rely on are:

a) "Consent": Certain situations allow us to collect your Personal Data, such as when you tick a box that confirms you are happy to receive e-mail newsletters from us, or 'opt in' to a service. You can withdraw consent at any time without affecting the lawfulness of any processing based on consent before its withdrawal by emailing us at privacy@oblivious.com.

b) "Contractual Obligations": We may require certain information from you in order to fulfil our contractual obligations and provide you with the promised service.

c) "Legal Compliance": We're required by law to collect and process certain types of data, such as fraudulent activity or other illegal actions.

d) "Legitimate Interest": We might need to collect certain information from you to be able to meet our legitimate interests in managing and improving our business and services and hosting the Summit, provided such interests are not overridden by the rights and interests of the data subjects concerned. This covers aspects that can be reasonably expected as part of running our business, that will not have a material impact on your rights, freedom or interests. Examples could be your address, so that we know where to deliver something to, or your name, so that we have a record of who to contact moving forwards.

3. HOW IS YOUR PERSONAL DATA COLLECTED
Direct Interactions

You may give us your identity and contact data by filling in forms or by corresponding with us by phone, email or otherwise. We may also collect personal data from you at the Summit. This includes Personal Data you provide when you:

a) Inquire about or purchase a ticket to the Summit and go on to attend the Summit,

b) Speak to our support team,

c) Request marketing to be sent to you,

d) Give us feedback or contact us.

Automated Technologies or Interactions

As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this Personal Data by using cookies and other similar technologies. Please see the Cookies Declaration for more information.

Third-parties or Publicly Available Sources

This includes Personal Data provided by:

a) Analytics providers such as Google and other third parties,

b) Advertising networks such as LinkedIn and Google.

Any information we obtain from third parties will be treated in accordance with this Privacy Policy. We are not responsible or liable for the accuracy of the information provided to us by third parties and are not responsible for any third party's policies or practices.

If you do not provide us with personal data we request, we may not be able to provide you with our services or respond to any questions or requests you submit to us via our website, by telephone, email or in writing. We will tell you when we ask for personal data whether it is a contractual requirement or needed to comply with our legal obligations.

4. HOW WE USE YOUR PERSONAL DATA
Our Uses

We will only use your Personal Data when the law allows us to. Set out below is a table containing the different types of Personal Data we collect and the lawful basis for processing that data. Please refer to section 2.2 for more information on the lawful basis listed in the table below.

Examples provided in the table below are indicative in nature and the purposes for which we use your data may be broader than described but we will never process your data without a legal basis for doing so and it is for a related purpose. For further inquiries please contact our DPO.

ActivityType of dataLawful basis for processing data
Communication with you, Response to your requestIdentification Data, Contact Data, Usage Data(d) Legitimate Interest
Permitting you to use your TicketIdentification Data, Contact Data, Transaction Data, Usage Data, Technical Data(b) Contractual Obligations
Hosting the SummitIdentification Data, Contact Data, Transaction Data, Event Data(d) Legitimate Interest
Data Analytics for improvement of the website, products, servicesUsage Data, Aggregated Data(d) Legitimate Interest
Carrying out legal obligationsIdentification Data, Contact Data, Transaction Data, Usage Data, Technical Data(c) Legal Compliance
Other, not specified activitiesIdentification Data, Contact Data, Transaction Data, Usage Data, Technical Data, Marketing DataDepending on the activity
Change of Purpose

We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact our Data Protection Officer.

If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

5. YOUR RIGHTS AND HOW YOU ARE PROTECTED BY US
How Does Oblivious Protect Customers' Personal Data?

We are concerned with keeping your data secure and protecting it from inappropriate disclosure. Any Personal Data collected by us is only accessible by a limited number of employees who have special access rights to such systems and are bound by obligations of confidentiality. If and when we use subcontractors to store your data, we will not relinquish control of your Personal Data or expose it to security risks that would not have arisen had the data remained in our possession. However, unfortunately no transmission of data over the internet is guaranteed to be completely secure. It may be possible for third parties not under the control of Oblivious to intercept or access transmissions or private communications unlawfully.

While we strive to protect your Personal Data, we cannot ensure or warrant the security of any Personal Data you transmit to us. Any such transmission is done at your own risk. If you believe that your interaction with us is no longer secure, please contact us at privacy@oblivious.com.

Your GDPR rights

You have certain rights under Irish and EU data protection legislation as summarised below:

a) Right of access: You have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, to request access to the personal data, as well as certain information on how we are processing such data.

b) Right to rectification: You have the right to obtain from us the rectification of inaccurate personal data concerning you. Considering the purpose of the processing, you may also, in some cases, be entitled to supplemental information regarding incomplete personal data.

c) Right to erasure (right to be forgotten): You may, in certain circumstances, have your personal data deleted, for example if your personal data is no longer necessary in relation to the purpose for which it was collected, if you have objected to the processing of personal data and we do not have a legitimate interest which outweighs your interest, if the personal data has been processed unlawfully, or if the personal data must be deleted to comply with a legal obligation.

d) Right to restriction of processing: You may require that we restrict the processing of your personal data in certain cases, for example where we no longer need your personal data but you need it to determine, enforce or defend legal claims or you have objected to processing based on our legitimate interest in order to enable us to check if our interest overrides your interest.

e) Right to data portability: In some circumstances, you may be entitled to receive the personal data concerning you which you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit those personal data to another controller, or to request us to transmit those personal data to that other controller without hindrance.

f) Right to object: You have the right to object to the processing of your personal data in certain circumstances, for example where the processing is based on our legitimate interest (or that of a third party). If so, in order to continue processing, we must be able to show compelling legitimate grounds that override your interests, rights and freedoms.

You have the right to lodge a complaint with the supervisory authority in the Member State of your residence, place of work or place of an alleged infringement, if you consider that the processing of your personal data infringes the GDPR. In Ireland, this is the Data Protection Commission. We would, however, appreciate the chance to deal with your concerns before you approach the Data Protection Commission in relation to any complaints so please contact the DPO at the details above.

In any case where Oblivious is relying on consent to process your personal data, you have the right to change your mind and withdraw your consent to our processing of your personal data at any time by contacting privacy@oblivious.com.

Your rights will in each case be subject to the restrictions set out in applicable data protection laws.

6. YOUR DATA AND THIRD PARTIES

When we disclose your personal data to third parties, we only disclose to them any personal data that is necessary for them to provide their service and where we are sure that they have adequate policies/procedures in place in relation to data security. We have contracts in place with these third parties in receipt of your personal data requiring them to keep your personal data secure and not to use it other than in accordance with our specific instructions.

We may also share personal data with interested parties in the event that Oblivious anticipates a change in control or the acquisition of all or part of our business or assets or with interested parties in connection with the licensing of our technology.

If Oblivious is sold or makes a sale or transfer, we may, in our sole discretion, transfer, sell or assign your personal data to a third party as part of or in connection with that transaction. Upon such transfer, the Privacy Policy of the acquiring entity may govern the further use of your personal data. In all other situations your data will still remain protected in accordance with this Privacy Policy (as amended from time to time).

We may share your personal data at any time if required for legal reasons or in order to enforce our terms or this Privacy Policy.

7. HOW LONG WILL WE RETAIN YOUR DATA FOR?

We will only retain your Personal Data for as long as reasonably necessary to fulfil the purposes we collected it for. We may retain your Personal Data for a longer period than usual in the event of a complaint; as required by law; or if we reasonably believe there is a prospect of litigation in respect of our relationship with you and for the exercise and defence of legal claims that may be brought by or against us.

8. INTERNATIONAL TRANSFER OF DATA

Your information may be stored and processed in the EU or other countries or jurisdictions outside the EU where Oblivious and its partners have facilities.

We may transfer the personal data we collect about you for the purposes described in this Privacy Policy to countries that have not been found to provide an adequate level of data protection by the European Commission.

To the extent that it is necessary to transfer personal data outside of the EEA, we will ensure appropriate safeguards are in place to protect the privacy and integrity of such personal data, including standard contractual clauses under Article 46 of the GDPR or an adequacy decision under Article 45 of the GDPR.

9. LINKS TO OTHER WEBSITES

Our website may, from time to time, contain links to and from other websites. If you follow a link to any of those websites, please note that those websites have their own privacy policies, and we do not accept any responsibility or liability for those policies. Please check those policies before you submit any personal data to those websites.

10. NOTIFICATION OF CHANGES AND ACCEPTANCE OF POLICY

We keep our Privacy Policy under review and will place any updates on this website. This version is dated 01/01/2024.

By using Oblivious and attending the Summit, you consent to the collection and use of data by us as set out in this Privacy Policy. Continued access or use of Oblivious and the Summit will constitute your express acceptance of any modifications to this Privacy Policy.

11. CONTACT US

In case of any questions on this Privacy Policy or any complaint regarding it, you should contact us at privacy@oblivious.com.