Privacy policy

Last modified on October 2, 2020
  1. Scope of privacy policy
    1. This privacy policy(hereinafter: Privacy Policy) applies to all cases where Eventornado OÜ(hereinafter: we or us) processes personal data of natural persons(hereinafter: you) as a controller when operating and managing its funding platform at www.eventornado.com(hereinafter: Platform).
    2. We are committed to protecting and respecting your privacy. Please read the Privacy Policy carefully to understand our rules and practices regarding processing of your personal data.
    3. The Privacy Policy is effective as of the date set forth above. The Privacy Policy is an integral part of our terms and conditions which you can read at here.
  2. Data controller
    1. For the purpose of clarity, the data controller is Eventornado OÜ, located at Harjumaa, Tallinn linn, Kotkapoja tn 4, 10129, the Republic of Estonia(company registry code: 14994027).
    2. All questions, comments and requests regarding data processing are welcome and should be addressed at [email protected]
  3. What categories of personal data do we process and why
    1. We collect and process your personal data for the following purposes:
      1. Providing the hackathon platform service(hereinafter: Service) via the Platform, which includes providing customer support and any pre-contractual communication with you for the purpose of providing you the Service;
      2. improving the Service and the Platform(which includes monitoring user activity on the Platform);
      3. alerting you of new updates regarding your hackathon and other relevant aspects of the Service and the Platform by e-mail and/or electronic messages;
      4. fulfilment of obligations established in law;
      5. enforcing and defending our legal rights.
    2. We collect and process the following personal data:
      1. for the purpose stated in section 3.1.1:
        1. user account and/or contact information - name, photo, e-mail, address, professional background, education, professional qualification and other data that the data subject provides voluntarily;
        2. other data needed for applying for a hackathon and/or collecting submissions.
        3. data created by users in the Platform - project proposal data, proposal reviews, rating of reviews, comments, project activity, project summary.
      2. for the purpose stated in section 3.1.2: IP addresses, logs of activity on the Platform;
      3. for the purpose stated in section 3.1.3: name, e-mail address, field of interest of the data subject;
      4. for the purpose stated in section 3.1.4: any of the categories of personal data listed above(determined case-by-case according to the legal obligation we are subject to);
      5. for the purpose stated in section 3.1.5: any of the categories of personal data listed above(determined case-by-case according to the legal right which we are entitled to execute).
    3. Note that we only require provision of e-mail address upon registration. The provision of other personal data is voluntary but nevertheless necessary if you wish to use the Platform to the fullest(e.g. submit proposals, etc.).
    4. As a rule, the personal data processed by us is collected directly from you. If the user account is created via services provided by Google LLC, Facebook, Inc. or LinkedIn Ireland Unlimited Company, the user account and/or contact information is partially collected from the respective company.
  4. Legal basis for processing personal data
    1. We process your personal data to provide the Service because it is necessary for the fulfilment of a contract which is concluded between you and us; or for taking steps at your request prior to entering into a contract(see section 3.1.1). In such a case the legal basis for processing data is the contract concluded between you and us; or your request prior to entering into a contract.
    2. We process your personal data to improve the Service and the Platform because it is necessary for the fulfilment of a contract which is concluded between you and us; and under legitimate interest pursued by us(see section 3.1.2). In such a case the legal basis for processing data is the contract concluded between you and us; or our legitimate interest. It is also our legitimate interest to ensure that the Service and the Platform are working properly, any problems could be addressed accordingly and that the Service and the Platform could be improved.
    3. We process your personal data to alert you of updates in the hackathons you’re participating in and other relevant aspects of the Service and the Platform for the fulfilment of a contract which is concluded between you and us; and under legitimate interest pursued by us(see section 3.1.3). In such a case the legal basis for processing data is the contract concluded between you and us; or our legitimate interest. It is our legitimate interest to ensure that you are aware of the updates in the hackathons your participate in as well as of any other relevant aspects regarding the Service and the Platform.
    4. We process your personal data to fulfil obligations established in law as the processing is necessary for compliance with the legal obligation to which we are subject(see section 3.1.4).
    5. We process your personal data to enforce and defend our legal rights under legitimate interest pursued by us(see section 3.1.5). It is our legitimate interest to enforce and defend our legal rights as we see it necessary.
  5. Personalised experience
    1. We process your personal data to provide you personalised notifications of your hackathon and other relevant aspects of the Service by e-mail and/or electronic messages. We assure that such activity does not entail any legal or otherwise significant effects concerning you.
  6. Disclosing your personal data
    1. We will not transfer your personal data to third parties servers, except:
      1. to companies which provide to us cloud server computing services in which we store and process personal data. For example:
        1. Dropbox, Inc. and Dropbox International Unlimited Company. Dropbox, Inc. is established in USA and Dropbox International Unlimited Company is established in Ireland. Standard data protection clauses issued by the European Commission are applied for the transfer of personal data to processors established in third countries. Also, Dropbox, Inc. has joined the EU-U.S. Privacy Shield Framework which ensures the same level protection for personal data as set in the European Union(for more detailed information see https://www.dropbox.com/privacy);
        2. DigitalOcean, LLC, established in the USA. https://www.digitalocean.com/legal/privacy-policy/
      2. to companies which provide to us communication and e-mail server services, where the exchange of messages or e-mails may include personal data. For example:
        1. Mailgun Technologies, Inc., established in USA. Mailgun Technologies, Inc. has joined the EU-U.S. Privacy Shield Framework which ensures the same level protection for personal data as set in the European Union(for more detailed information see https://www.mailgun.com/gdpr)
        2. 8×8, Inc, located in Campbell, California, United States, which is the main contributor to the Jitsi.org open-source video meetings solution;
        3. Google Gsuite, by Google Ireland Limited;
        4. Slack Technologies Limited, established in Ireland;
        5. Zoom Video Communications, Inc, established in San Jose, California
      3. to companies which help us to monitor the behaviour of the Platform’s visitors, where we process such personal data. For example:
        1. Google LLC, established in USA. Google LLC applies the standard data protection clauses issued by the European Commission for the transfer of personal data to processors established in third countries. Also, Google LLC has joined the EU-U.S. Privacy Shield Framework which ensures the same level protection for personal data as set in the European Union(for more detailed information see https://cloud.google.com/terms/data-processing-terms
      4. to companies which provide to us accounting services, processing accounting documents and the personal data contained therein(e.g. Entro OÜ, established in Estonia);
      5. to companies which provide us software development(e.g. Upwork Global Inc). 
      6. to companies which help us with our work management where we may process your personal data(e.g. Atlassian, Inc., Atlassian Pty Ltd, Trello, Inc. – all established in USA). Standard data protection clauses issued by the European Commission are applied for the transfer of personal data to processors established in third countries. Also, Atlassian, Inc. has joined the EU-U.S. Privacy Shield Framework which ensures the same level protection for personal data as set in the European Union(for more detailed information see https://www.atlassian.com/legal/privacy-policy);
      7. to a relevant institution requiring your personal data, if we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request.
    2. We take steps to verify that processors who we appoint to process personal data on our behalf will protect that personal data as required under data protection legislation.
  7. How long do we store your personal data
    1. We only process and store your personal data for as long as it is necessary to fulfil the purpose for which it is processed – once the purpose has ceased, your personal data will be erased or anonymised.
    2. Your personal data will be stored:
      1. up to 3 years after the deletion of the user account where we process your personal data regarding providing Service to you, or up to 3 years after last communication with you if you do not have user account(see section 3.1.1);
      2. up to 3 years after the data was created where we process your personal data regarding improving the Service and the Platform(see section 3.1.2);
      3. up to 3 years after the last login to the Platform or until you unsubscribe from the marketing e-mails or other marketing messages(whichever is earlier) where we process your personal data regarding alerting you of new calls and other relevant aspects of the Service by e-mail and/or electronic messages(see section 3.1.3);
      4. determined case-by-case according to the legal obligation we are subject but no longer than 10 years from the circumstance which creates the legal obligation to the company(unless a longer period is required by the law), where we process your personal data regarding fulfilment of obligations established in law(see section 3.1.4);
      5. determined case-by-case according to the expiry date of the claim which we may submit or the claim which may be submitted against the us but no longer than 10 years from the moment when the limitation period for the claim started, where we process your personal data for enforcing and defending our legal rights(see section 3.1.5).
    3. Personal data contained in any accounting documents shall be stored for 7 years from the end of the last financial year they relate to.
  8. Your rights
    1. You have the right to contact us at [email protected] to exercise your rights concerning processing of personal data. Such rights include the:
      1. right to request access of personal data;
      2. right to request rectification of personal data;
      3. right to request erasure of personal data;
      4. right to request restriction of processing of personal data;
      5. right to object to processing of personal data;
      6. right to request portability of personal data;
      7. right that decisions are not taken concerning you which are based on automated decision-making;
      8. right to withdraw a consent;
      9. right to lodge a complaint with a supervisory authority(for further information see - https://www.aki.ee/en).
    2. Our Platform and website may, from time to time, contain links to and from the websites and apps of our partner networks, advertisers and affiliates(including, but not limited to, websites on which our company or Service are advertised). If you follow a link to any of these websites or apps, please note that these websites, apps and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites, apps or services. Please check these policies before you submit any personal data to these websites, apps or use these services.
  9. Processing data of representatives of hackathon offeror
    1. We also process the personal data of representatives, employees and/or officials of hackathon offerors to administrate the Platform. In this case the controller of data processing is the respective hackathon offeror.
  10. Changes to the privacy policy
    1. We have the right to unilaterally amend and supplement the Privacy Policy.
    2. Any changes we may make to the Privacy Policy in the future will be uploaded to the Platform. The new terms may be displayed on-screen and you may be required to read and accept them to continue your use of the Platform.