Privacy Policy

CEIS attaches great importance to your privacy and the protection of your personal data and takes all reasonable precautions to ensure their protection.
The purpose of this Policy is to inform you about the processing of personal data that is implemented as part of the organisation of the InCyber Forum, in accordance with the European Union's General Data Protection Regulation or "GDPR" of 27 April 2016 (no. 2016/679) and the amended Act of 6 January 1978.
 We have drafted two documents to inform you about the way in which we collect, use and protect your personal data as part of our various services: 
  • a policy dedicated to personal data collected via our website and as part of the InCyber Forum registration process (this policy).
  • a specific document on the cookies we use (the cookie policy ).
The terms "we", "us" or "our" used in this Privacy Policy refer to CEIS.
In the remainder of this document, we use the terms "personal data", "personal data" and "personal information" interchangeably to refer to information that identifies you personally (surnames, first names, business addresses, etc.) or data that is link ed to you (answers to questions on our forms), as well as data relating to your access or browsing of our site (where applicable, IP address, date and time of access).
You will find answers to your questions in the following sections:
  1. Who we are 
  2. Scope of application 
  3. Type of personal data collected and legal basis for processing 
  4. Retention periods
  5. Confidentiality and security measures 
  6. Recipients of data 
  7. International transfer of data
  8. Rights of access, rectification and deletion
  9. Contacting us to exercise your rights 
  10. Changes to our Privacy Policy
  11. Use of cookies
  
1. Who we are
CEIS is a société par actions simplifiée (simplified joint stock company) with acapital of 150 510 €, registered in the Paris Trade and Companies Register under number 414881821. Its registered office is at 17 Avenue Hoche, 75008 PARIS.
We are the data controller within the meaning of Regulation (EU) 2016/679 of the General Data Protection Regulation (hereinafter "GDPR"), for the procedures and processing of personal data that are implemented as part of the organisation of the InCyber Forum, as described below.   
 As such, we undertake to comply with the legal provisions in force and in particular to take all reasonable measures to ensure the accuracy and relevance of personal data with regard to the purposes for which CEIS (hereinafter also "the Organiser") processes them.
 
2. Scope of application
This Policy covers all data processing related to the organisation of the InCyber Forum event, as well as :
- specific events associated with the InCyber Forum ("associated events"). These include Cybersecurity For Industry, the ID & KYC Forum, OSINT and the Trust & Safety Forum, CORIIN. You can take part in these events when you register for the InCyber Forum;
- post - InCyber Forum events organised by CEIS or co-organised with our partners (hereinafter referred to as "post- InCyber Forum events"), such as INCYBER news breakfasts, webinars, etc.
 
3. Purposes, types of personal data collected and legal basis for their processing
We have drafted a summary table listing for each type of data the legal basis on which it is collected and processed, the associated purpose and the applicable retention period. This table can be found at the end of this policy, and can be accessed directly via this link.
 
Attending the InCyber Forum, associated events and subsequent events is strictly reserved to:
  • professionals in the fields of cybersecurity, business intelligence, digital investigation and digital trust;
  • students, pensioners and jobseekers in these fields.
The personal data we collect on these occasions is used for the following purposes:
  • Your registration details (company and business address if provided, job title, areas of interest, country). This enables you to register for the InCyber Forum. When your application to register for the InCyber Forum is accepted, your access badge is created and your personal space on the SWAPCARD tool is created. This personal space will enable you to prepare for your visit (diary management, etc.) and to network with other participants. Your e-mail address is your username for your account. The legal basis for this processing is the contract governing your participation to our events and constituting the contractual conditions for your visit.  
  • Data from official documents used to verify your identity (identity card, etc.) and to control access is collected in order to implement security measures on the site. The legal basis for this processing is our legitimate interest in ensuring the security of the event, or in certain specific cases, the existence of a regulatory obligation.
  • We collect data relating to your identity and data relating to the management of reservations and payments (date of arrival, date of departure, date of payment, date of reservation, etc.)  to enable us to manage your hotel reservations (where applicable), to manage meal reservations in our partner restaurants (where applicable) and to manage the status of payments for these services. The legal basis for this processing of personal data is the performance of the contract. We also process this data for accounting purposes on the basis of compliance with our legal obligations.
  • As part of our partnerships with participating companies and sponsors of the InCyber Forum, we may also need to process your account data in order to carry out communication actions on their behalf, in particular in order to invite you to an event organised by them during the InCyber Forum.  The legal basis for this data processing is our legitimate interest.
  • Your account data and registration data are used to manage invitations to future professional events concerning cybersecurity, economic intelligence, digital investigation or digital trust (subsequent events as described in article 2 of this policy) that we or some of our partners will organise on similar themes and, more generally, to carry out any marketing operations relating to these themes (newsletters, publications) sent to your professional details. The legal basis for processing your data for these purposes is our legitimate interest.  
  • If you are a student, a pensioner, your account details and registration details may be used to manage invitations to future events that we or some of our partners will be organising in connection with the InCyber Forum , relating in particular to cybersecurity, economic intelligence, digital forensics or digital trust, on the basis of your consent. CEIS  may invite you by email to future events that we are organising, similar to the InCyber Forum, and you will be able to unsubscribe from this mailing list. 
  • Your contact details and areas of interest, for the purposes of managing our newsletters, on the basis of your legitimate interest if you are a professional and on the basis of your consent if you are a student or a pensioner. 
  • We process the data we collect when you register and take part in the InCyber Forum in order to produce statistics. These statistics are produced on the basis of our legitimate interests, which are reflected in the need to monitor our activity in order to improve our services.
  • The recording of event logs constituting the traceability of your activity (IP, date and time of connection, disconnection, etc.) for IT security purposes. This data processing is carried out on the legal basis of our legitimate interest in maintaining the cyber security of our information systems.
Please note: the information marked with an asterisk (*) on the various collection forms we use is essential for processing your registration.
With regard to the collection of personal data linked to your Internet browsing (cookies), we invite you to take a look at the dedicated cookie management policy .
 
4. Retention periods
We have produced a summary table listing for each type of data the legal basis on which it is collected and processed, the associated purpose and the applicable retention period. This table can be found at the end of this policy, and can be accessed directly via this link.
  • Your personal information will not be kept longer than is strictly necessary. In particular :
  • Your account details are kept for as long as it remains active. Your account will be deleted after three years of inactivity.
  • Your registration details for our events are kept for the duration of the event and then archived for a total of three years from the date of your last registration. At the end of this period, your data will be rendered anonymous. It may be rendered anonymous if you ask for your online account to be deleted in the meantime. The identity data required to control access to the event will be deleted immediately after the event.
  • Data relating to the management of bookings and payments (date of arrival, date of departure, date of payment, date of booking, etc.) will be kept for the duration of the contract in an active database and in an intermediate archive for 5 years for the purposes of processing transaction disputes and complaints, and for 10 years for the management of our accounting obligations.  
  • Visitors' contractual data is kept for 3 years.
  • Accounting data is archived for 10 years.
  • The data required for statistical purposes is kept for as long as is necessary to achieve the objective of the statistics or until you exercise your right to object.
  • The data required for marketing operations and commercial communications is processed for a period of three years, unless you object before the end of this period. Your objection may be expressed in particular by unsubscribing to receive a newsletter or an invitation via the unsubscribe link associated with the message.
  • Event logs may be kept for a maximum of 12 months.
Summary table of data collected, purposes, legal bases and retention periods by processing activity
 
Data collected Purpose Legal basis Retention period
Your account details: surname, first name, contact details, language, email address Account management Legitimate interest 3 years after last activity
Registration details: surname, first name, contact details, email address, company (and business address if provided), job title, areas of interest, country, etc. Registration management Contractual measures For the duration of the event in active database
3 years intermediate archiving
Anonymised after 3 years
Identity data Access control Legitimate interest Deleted immediately after the event
Identity data and data relating to the management of reservations and payments (date of arrival, date of departure, date of payment, date of reservation, etc.). Management of reservations and payment status Contractual measures For the duration of the contract in active database and 5 years in intermediate archiving
Identity data and data relating to the management of reservations and payments (date of arrival, date of departure, date of payment, date of reservation, etc.). Accounting management Legal obligation 10 years
Your account details: surname, first name, contact details, language, email address Invitations to events organised by InCyber Forum partners Legitimate interest 3 years
 
Professionals: Your account and registration details Commercial communication and newsletter management Legitimate interest 3 years
Students, pensioners: your account and registration details Commercial communication and newsletter management Consent 3 years
Registration data and data collected during the InCyber Forum Statistics Legitimate interest Duration required to achieve the purpose of the statistics or until the right to object is exercised
Event logs (IP, date and time of connection, disconnection, etc.) Maintaining the cyber security of our information system Legitimate interest 12 months
 
5. Confidentiality and security measures
We take all necessary and reasonable measures (physical, logistical, organisational) to protect your data at the time of transmission to our site or applications, in particular against loss, misuse, unauthorised access, disclosure, alteration or destruction, by means of security measures such as vulnerability detection, deployment of the HTTPS protocol, implementation of pseudonymisation and anonymisation processes, etc.
Depending on the type of data collected and the purposes for which it is used, it is only processed by authorised personnel in accordance with our confidentiality and security requirements for the creation of files, exchanges with our partners and subcontractors and the transfer of such data (see below).
 
6. Recipients of data
The personal information that you provide may be consulted by our company's staff and our subcontractors strictly for the purposes that we have presented to you. We would like to point out that we have signed strict 
security and confidentiality clauses with our subcontractors, in accordance with article 28 of the GDPR, specifying in particular the security objectives that must be met.
 
We may communicate your registration data to the following entities:
  • The managers of the venues hosting the events and the security services, should this prove necessary. As indicated above, they may also carry out identity checks;
  • Our subcontractor Swapcard enables us to offer you the mobile networking platform used to manage personal spaces, networking between participants and the appointment booking module. 
  • Our subcontractor LENI, in charge of hosting account and registration data;
  • The partner in charge of the CYBERJOBS platform, if you are looking for a job and have expressed your wish to communicate your data during the registration process.
  • The hotels and restaurants to which we communicate the data relating to your reservations, in order to enable you to access these services, and which act in this capacity as independent data processors.
As part of our partnerships with participating companies and sponsors of the InCyber Forum, we may collect certain data on behalf of our partners during the event and communicate it to these partners, in particular via the Swapcard badge and application. More specifically
  • Partners who sponsor related events, as described in article 2 of this policy, in which you participate and to whom you communicate your data at the entrance to the event. You may be contacted by these partners following the InCyber Forum for commercial purposes. These partners act as data processors. If, following receipt of a message from one of your partners, you do not wish to receive any communication from them, simply inform them directly, on this occasion or at a later date. 
  • InCyber Forum exhibitors to whom you have given your contact details, in particular by scanning your badge, when you visit their stands or when you are offered a free drink. Following the InCyber Forum, you may be contacted by the exhibitor in question, who acts as data controller. If you do not wish to receive any communication from them, simply let them know directly, either on this occasion or at a later date.
  • Finally, we may be required to disclose personal information at the request of any public authority as part of a compulsory legal procedure, or in the event of a proven risk that could affect our information system and have an impact on our activities or the conduct thereof, or the fundamental rights of third parties concerned.
7. International data transfer
We may transfer your personal data to service providers outside the European Economic Area (EEA). In this case, please be assured that they are bound by specific rules and measures to ensure the appropriate level of security for the protection of your personal data. This means that we will base our transfers on the applicable regulations (standard contractual clauses approved by the European Commission in our contracts with third parties outside the EEA, transfer to countries with protection recognised as adequate by the European Commission, etc.).
For further information, please contact our Data Protection Officer at the following address: dpo@ceis.com
 
8. Rights of access, rectification and deletion
We remind you that you have the right:
  • To be informed about how your data is processed;
  • To access your data;
  • To object to your data being processed, and in particular to your data being used for commercial prospecting purposes;
  • To temporarily restrict certain uses of your data, while your data is being rectified or verified;
  • To rectify incorrect information and ask us to delete certain information;
  • To withdraw your consent to the processing of your data, if such processing is based on this legal basis;
  • To define directives relating to what happens to your personal data after your death in application of article 32 of the law of 6 January 1978.
 
9. Contact us to exercise your rights
The protection of personal data is a fundamental right, and you may contact our Data Protection Officer at any time by email (dpo@ceis.com ) or by postal letter addressed to our DPO and sent to the following address: 17 Avenue Hoche, 75008 PARIS. However, we reserve the right to ask you to prove your identity and the relevance of your request. 
If, despite our reply, you are not satisfied, you may contact the Commission Nationale Informatique et Liberté (CNIL) directly at https://www.cnil.fr/fr/vous-souhaitez-contacter-la-cnil. 
 
10. Modification of our Privacy Policy
If we were to modify our Confidentiality Policy, we would inform you by any appropriate means. 
 
11. Use of cookies
We remind you that you will find details of your rights with regard to your personal data and its management in the context of the functions of our site and the way it operates in our Cookie policy .