DATA PRIVACY NOTICE This Privacy Notice gives you details on the following items, in accordance with the General Data Protection Regulation (GDPR): (i) how we use the personal data you provide; and (ii) the marketing activities we carry out through our websites or social media. We would also like to inform you about the measures we are taking to protect your personal data, as well as about your rights and options to access your data and protect your privacy. This Privacy Notice contains information about the type of data we collect from you, how we process them and who we forward them to, if the case. This Privacy Notice applies to the visit and use of 2019.foss4g.org where you can create a customer account and purchase tickets. Other websites are not covered by this Privacy Notice and will provide their privacy notices. In this Privacy Notice, the terms listed below have the following meaning:

Processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Controller – means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law; Who is responsible for the processing of your data and whom can you contact if you need to? We, VISION EVENT PRODUCTION S.R.L. are the Controller who processes your personal data. Our full contact and identification data are listed below: Registered seat: Bucharest, Sector 3, Aleea Barajul Lotru, Nr.11, Parter, Bloc M4A1, Sc.1, Apt.4, Trade Register number: J40/6925/2016, Fiscal code: 36084258 E-mail: contact@visionevent.ro What information do we have about you and how do we obtain it? a) We collect the data you provide when you create your account, you purchase and pay for tickets, namely: name and contact details (phone number, e-mail address, postal address), minimal geolocation data (the county where you live, or if you live abroad). If you do not provide this data, we will be unable to create your user account, and to sell the tickets to you. b) We automatically collect information about your device as well as about the visits and use of this website, including your IP address, general geographical area where your device is located (city level), type of browser, referral source, duration of your visit to the website and the number of page views. You may adjust the confidentiality settings in your browser to block most cookies. c) We also collect data related to the events for which you have purchased tickets (name of the event, number of tickets, ticket category, specialised data regarding the event). We will be unable to sell you tickets without collecting this information; e) When you post on our social media pages or you send us messages, the relevant network will provide us with information about you, such as:

·         Text of the message;

·         Name;

·         Profile photo;

·         Annexes (if applicable);

·         Voice messages. In addition, we have access to all information on your Facebook profile which you have chosen to make public. f) If you have any specific requests regarding access to events, we would like to make sure that you have the best experience. For this, we need to collect details regarding your request, which may mean the sending of information regarding your health. Unless we collect this data, we will be unable to ensure that we properly respond to your request. g) If you request to return tickets and to be reimbursed their value, we will collect the data in the request you fill in for purpose of returning the tickets, the data in the payment order, as well we your bank account number, if you choose to be reimbursed by bank transfer. We will be unable to process your request unless we process this type of data. h) Also, we will collect the following information: (i) gender), (ii) first and last name, (iii) postal address, (iv) city, (v) postal code, (vi) country and (vii) mobile phone number. Supplying data regarding your gender and mobile phone number is optional. All other data are necessary . i) If you pay by card from outside Romania and our payment services provider has a suspicion of fraud, we will receive data regarding the respective transaction (such as your name, bank card used for the payment, amount paid, date of transaction), for purpose of verifying the transaction. j) We will collect any other information you may provide to us of your own will. Most of the times it is not mandatory for you to provide this data, but it may be that in absence of all or some of this data, we will be unable to respond to your request. For what purposes and on what legal basis are your personal data processed? 1.1. Based on your consent [Art. 6 (1) (a) GDPR] We process your personal based on your consent when (i) you create a user account on our website without purchasing tickets from us, for purpose of handling your respective account, (ii) you use the comments functions on our websites or on our social media pages, for purpose of understanding the nature of your comment, responding to your request or appropriately handling your comment considering its nature and content; (iii) you take part in our competitions, for purposes related to such competitions; (iv) you subscribe to our newsletters and thereby send us information regarding certain categories/ types of events, according to the selections you make; (v) you decide to fill in the gender and mobile phone number boxes, for purpose of creating demographic and geographic statistics in respect of our customers; (vi) as well as in any situation where we process your health data in connection with your access to events, only if this is strictly necessary and we have your explicit consent to do so (e.g. Art. 9 (2) (a)din GDPR). If you have given us your consent for us to process your personal data, the processing will only take place for the purposes and under the conditions mentioned in your written statement of consent (such as, for example, the mailing of newsletters to users who are not our customers). You may withdraw your consent at any time without giving reasons. Withdrawal of consent will only have effect for the future. 1.2. For compliance with contractual obligations [Art. 6 (1) (b) GDPR] We process your data in connection with account management, so that we perform our contract with you (i.e. sale of tickets, contacting you in case of payment irregularities, customer support services, handling questions/complaints/suggestions etc) and the orders you place. 1.3. For compliance with legal obligations [Art. 6 (1) (c) GDPR] We may process your data as necessary for compliance of legal obligations with regard to contract management, accounting, invoicing etc. 1.4. To protect the Controller’s legitimate interests [Art. 6 (1) (f) GDPR] We process your data in order to protect our legitimate interests or those of a third party, as follows:

·         Sending you information regarding upcoming event for which you purchased ticket/ tickets;

·         Sending you information/ newsletters regarding OSGeo similar events;

·         For purpose of marketing, internal analyses and advertisements;

·         Advertisements on third party websites and on social networks;

·         Fraud detection and prevention measures;

·         For asserting, exercising or defending our rights in legal proceedings;

·         For purpose of internal auditing and verifications, with observance of applicable law. Who receives your personal data? We transfer your data for purpose of concluding or performing our contract with you, based on Art. 6 (1) (b) GDPR, for purpose of improving and promoting our products, based on our legitimate interest to do so in accordance with Art. 6 (1) (f) GDPR and, if you have given your consent to the processing of your personal data, based on your consent within the meaning of Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR, if that consent is explicit. As it is important to protect the confidentiality of your personal data, we disclose your personal data only to the extent describe below or within the scope of an individual instruction received from you when we collect the data or later. Your data will not be transferred to third parties by way of sale or other forms of disclosure against monetary compensation. 1.1. Transfer. We transfer your data to  EVENT AVENUE S.R.L, in accordance with the legal provisions and restrictions of GDPR and Romanian data protection law, for internal administrative purposes (ticket management, IT systems). Access to your personal data will be restricted to those employees who need to know it and may include employees in our marketing, IT and security departments. 1.2. Transfer to processors We also give access to your data to our processors who act as service providers to us, if this is necessary for them to provide their services to us, such as the performance of our contract with you, handling payments, account management, accounting and invoicing, sending newsletters and supply of IT services, e.g. platform and data base management, the supply of tools for our products and services etc. We do this for marketing and analytical/ statistical purposes. We transfer your data in accordance with the foregoing paragraph, among others, to OSGeo, the provider of the IT platform used for operation of 2019.foss4g.org web shop, and to X- TAG S.R.L., who makes available the software license and necessary support for the ticket distribution platform. 1.3. Transfer to processors We also give access to your data to our processors who act as service providers to us, if this is necessary for them to provide their services to us, such as the performance of our contract with you, handling payments, account management, accounting and invoicing, sending newsletters and supply of IT services, e.g. platform and data base management, the supply of tools for our products and services etc. We do this for marketing and analytical/ statistical purposes. We transfer your data in accordance with the foregoing paragraph, among others, to OSGeo, the provider of the IT platform used for operation of 2019.foss4g.org web shop, and to X- TAG S.R.L., who makes available the software license and necessary support for the ticket distribution platform. 1.4. Other transfers We may also transfer your data (i) to auditors, lawyers, experts or other similar professionals, to the extent this is necessary for them to provide to us the services for which they were contracted and in our legitimate interest; (ii) if we are required to do so by law or in the context of legal proceedings; (iii) if we believe that disclosure is necessary to prevent damages or financial loss on our part or on the part of third parties; or (iv) in relation to (suspected or proven) fraud investigation. In addition, we may disclose your data to third parties as follows: a. If you give your consent to the disclosure, you request us to make the disclosure, or the disclosure is necessary for the handling of a request you address to us [Art. 6 (1) (a), and Art. 9 (2) (a) GDPR] b. To banks and payment services providers, for purpose of ticket payments or reimbursement, in case you return tickets [Art. 6 (1) (b) GDPR]. In cases where this derives from our legitimate interest to manage our business [Art. 6 (1) iii. In order to respond to any complaints, to protect our rights or the rights of a third party, to protect the safety of any person or to prevent unlawful activity; or iv. To protect the rights, property or safety of S.C.VISION EVENT PRODUCTION S.R.L., its employees, clients, suppliers or other persons. f. If we are legally bound to disclose a certain type of information, in case of legal requests of government officers, or in case we are bound to observe national security or law enforcement requirements, or in order to prevent illegal activities.

For how long are personal data stored and processed? We process your data for the entire duration of our contractual relationship with you (from commencement to performance and termination of the contract) and beyond this, pursuant to statutory retention and documentation obligations. These derive, for example, from:

·         The Romanian Civil Code;

·         Consumer protection legislation;

·         Fiscal legislation. In addition, the retention period must take into account statutory limitation periods on a case by case basis (for example, under the Romanian Civil Code, the limitations period is usually of 3 years). Except as may be expressly provided in this Privacy Notice, personal data processed by us will be deleted as soon as they are no longer required for the purpose for which they were collected, provided that deletion does not conflict with any statutory retention obligations or other rights to retain data under the law. What are your rights and options? You have the following rights under GDPR:

·         Right of access – allowing you to receive confirmation whether we are processing your personal data and, if yes, relevant details regarding the processing;

·         Right to rectification – allowing you to request the rectification of inaccurate data we hold concerning you;

·         Right to erasure – allowing you to request, in certain circumstances, the erasure of your personal data (e.g. in case the data is no longer necessary to fulfil the purpose for which they were collected);

·         Right to restriction of processing – allowing you to request, in certain circumstances, the restriction of processing (e.g. in case you dispute the accuracy of the personal data, the restriction shall be put in place for a period enabling us to verify the accuracy of the respective personal data);

·         Right to data portability – allowing you to receive, in certain circumstances, the personal data concerning you and which you have provided to us, in a structured, commonly used and machine-readable format, as well as to transfer such data to another controller;

·         Right to be informed, without undue delay, in care of a data breach capable of generating a significant risk to the rights and liberties of a natural person;

·         Right to file a complaint with the Romanian Data Protection Authority (Autoritatea Nationala pentru Supravegherea Prelucrarii Datelor cu Caracter Personal) (www.dataprotection.ro) or any other competent supervisory authority (Art. 77 GDPR). You also have the following specific rights:

·        The right to withdraw, at any time, your consent for the data processing. You may find additional details in the relevant section below ;

·       The right to object, for any reasons related to your particular situation, to the processing of date based on our legitimate interest. How can you exercise your rights? Should you wish to exercise one or more of the abovementioned rights, please send your request to either of the contact details below: contact@visionevent.ro Withdrawal of Consent (a) If you wish to stop receiving our newsletters We are sending you information on similar products and services (“Newsletter”) based solely on your consent, keeping records in this respect, or, if we acquired your e-mail address directly upon your purchase of tickets, based on Art. 12 (2) of Law 506/2004. You may unsubscribe from our Newsletter, i.e. withdraw you consent, at any time via e-mail to contact@visionevent.ro or by clicking on UNSUBSCRIBE in any Newsletter you receive. If you withdraw your consent, we will continue to process your personal data exclusively so that we may prove that we have complied with the law for the time when we were sending you Newsletters, if the case.

(Date of last revision, 12 December 2018)