Effective Date: September 29, 2020
Orange Silicon Valley (“Orange Silicon Valley”, “we”, “us” or “our”) is committed to protect your Personal Data in accordance with applicable data protection and information security laws, including but not limited to the EU General Data Protection Regulation 2016/679, as nationally implemented, supplemented and amended from time to time (the “GDPR”), the EU ePrivacy legislation, and various national privacy laws.
Our Services are not intended for use by children, and we do not knowingly collect Personal Data relating to children.
“Personal Data” means any information relating to an individual from which that individual can be identified. It does not include data where the identity has been removed (anonymous data).
“Processor” has the meaning set out in the GDPR; in short, it is the company that processes Personal Data on behalf of the Controller. Orange Silicon Valley may act as a Processor in respect of all Personal Data collected or generated by Orange Silicon Valley in order to provide its services to you, on your instructions, and not for any other purpose.
This version was last updated in September 2020.
- Who we are and our contact information
- Full name of legal entity: Orange Silicon Valley, LLC
- Mailing address: 60 Spear Street, Suite 1100, San Francisco, CA 94105
- Email address: firstname.lastname@example.org
- What Personal Data may we collect?
We may collect, use, store and transfer different kinds of Personal Data about you which we have categorized as follows:
|Category||Personal Data in category|
|Identity Data||first name, last name, honorific (e.g. Ms., Mr., Dr., …), username or similar identifier, password, image, employer name, job title, and, if you contribute to or interact with an event, any other audio-visual content which you appear in|
|Contact Data||home address, office address, email address and telephone numbers|
|Visual Data||photographs and other audio-visual record or content which you appear in and that we take during Orange Silicon Valley or third party events or that we process based on your consent|
|Transaction Data||details about payments you have made and other details of services you have accessed or used through the Website. We do not store card details on our server. Credit and debit card payments are processed by Stripe on their secure payments server and all card details and fully encrypted and store by them|
|Technical Data||internet protocol (IP) address, login data, browser type and version, time zone setting and location, hardware information, time zone setting and location, browser plug-in types and versions, operating system and website, and other technology on the devices you use to access areas of our Website|
|Profile Data||username and password, interests, purchases, preferences, comments, questions, feedback and survey responses|
|Usage Data||information about how you use our Website and Services|
|Marketing and Communications Data||preferences in receiving marketing from us and our third parties partners and your communication preferences|
Aggregated / anonymized data
4. How do we collect your Personal Data?
We use different methods to collect data from and about you including through:
- Direct interactions. You may give us your Identity, Contact and other Data by filling in forms or by corresponding with us by email or otherwise on the Website. This includes Personal Data you provide when you: (a) create an account with us; (b) subscribe (or are subscribed) to our services or interact in an event; (c) request marketing to be sent to you; (d) enter a promotion or survey; or (e) give us feedback or contact us.
- Automated technologies or interactions. As you interact with the Website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.
5. How do we use your Personal Data?
The table below shows the ways that we use Personal Data for which we are Controller and our legal bases for doing so (including a description of our legitimate interests).
We may process your Personal Data for more than one lawful ground depending on the specific purpose for which we are using your data.
|Our Activity||Types of Personal Data processed||Our lawful basis for processing|
|To register you as a user of our Website||Identity Data Contact Data||Performance of a contract with you|
|To process any paid or unpaid [SG1] entry to an event: Managing payment, fees and charges (if any)Verifying your identity and details of your payment method or credit card account (if any)Communicating with you, for example confirmation of your attendance for an event||Identity Data Contact Data Transaction Data Marketing and Communication||Performance of a contract with youNecessary for our legitimate interests|
|To deliver relevant Website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you||Identity Data Contact Data Profile Data Usage Data Marketing and Communications Data Technical Data||Necessary for our legitimate interests (to study how users use the Website and to grow our business and inform our marketing and growth strategy)|
|To complete a survey, provide customer satisfaction feedback, take part in service improvement programs, and attend any events that we organize||Identity Data Contact Data Profile Data Usage Data Marketing and Communications Data Visual Data||Necessary for our legitimate interests (to study how Customers use our services, to try to increase and improve interaction with customers, to find out how we can improve our services, and to develop and grow our business, to communicate about our events)|
|To make suggestions and recommendations to you about events or services that may be of interest to you||Identity Data Contact Data Profile Data Usage Data Marketing and Communications Data||Necessary for our legitimate interests (to develop our products/services, grow our business and maintain our relationships)Consent where required|
|To administer and protect our business and our websites (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||Identity Data Contact Data Technical Data||Necessary for our legitimate interests (for running our business, administering our CRM, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise)Necessary to comply with a legal obligation|
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your Personal Data for our legitimate interests. We do not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract. In respect to Orange Silicon Valley, that is the performance of our agreement with you to make the Website and our services available. We are not involved in the processing of your Personal Data during any engagement you enter into with our third party partners. We will always get your consent to transfer any Personal Data to any third party whom you enter into an agreement with for the provision of their services to you.
Comply with a legal obligation means processing your Personal Data where it is necessary for compliance with a legal obligation that we are subject to.
We strive to provide you with choice regarding use of your Personal Data around marketing and advertising. We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think may be of interest to you. This is how we decide which services and offers may be relevant for you.
You will receive marketing communications from us if you have provided your consent to receive those communications.
You can ask us to stop sending you marketing messages at any time by contacting us.
You can ask us or third parties to stop sending you marketing messages at any time. Where you opt out of receiving these marketing messages, this will not apply to Personal Data provided to us as a result of your use of the Website, registration for an event or any associated services.
Change of Purpose
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
We may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by applicable law.
6. To whom may we disclose Personal Data?
We may share your Personal Data in our capacity as Controller of such Data with the parties set out below for the purposes set out in the table in section 5 above.
Service providers acting as Controllers in their own rights, in which case the processing of your Personal Data will be subject to these service providers’ privacy policies. For example, to provide event hosting platform services when we hold our events virtually, or our third-party partners and affiliates who you engage with you through the use of the Website or Services in order to facilitate the provision of services.
Where third parties provide support for the provision of services made available to you through the Website or for the hosting of events, these third parties may receive certain Personal Data from you. Whilst we are not in control of any third parties to whom you request your data to be shared, we require all third parties to respect the security of your Personal Data and to treat it in accordance with applicable data protection laws. Unless they obtain your explicit consent, we do not allow any third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with your instructions.
Service providers acting as Processors based in EU and outside of EU, who provide IT and system administration services, maintenance, expert technical support and hosting.
To help constantly improve and tailor the service we provide to you through our Website, we may use aggregated information so that we can administer and improve our services, analyze trends, gather broad demographic information and detect suspicious or fraudulent transactions and most importantly monitor and improve our operations on a day to day basis. In carrying out this activity, we may pass some information to third parties in aggregate and anonymized format. National authorities (such as tax authorities), agencies and regulators acting as Processors or Controllers who have the legal authority to require reporting of processing activities or disclosure of Personal Data in certain circumstances
7. What are the appropriate safeguards for international transfers of Personal Data?
We may transfer your Personal Data outside the European Economic Area (EEA) in our performance of services.
Whenever we transfer your Personal Data out of the EEA, for example to an external supplier in a country which the EU Commission has not assessed as providing an adequate level of protection, we ensure an appropriate degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give Personal Data the same protection it has in the European Union.
Please contact us if you want further information on the specific mechanism used by us when transferring your Personal Data out of the EEA.
Our data security practices
We have put in place appropriate security measures to prevent Personal Data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to access it. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
9. How long will we retain Personal Data?
We will only retain your Personal Data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for Personal Data, we consider:
- the amount, nature and sensitivity of the Personal Data;
- the potential risk of harm from unauthorized use or disclosure of your Personal Data; and
- the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
In some circumstances we will anonymize your Personal Data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Your legal rights
Under certain circumstances, you have the following rights under data protection laws in relation to your Personal Data:
- request access to, correction of, or erasure of Personal Data
- object to processing of Personal Data
- request restriction of processing of Personal Data
- request transfer of Personal Data to another organization
- withdraw consent to processing of Personal Data
- make a complaint to the relevant national data protection regulator (such as the Information Commissioner’s Office (ICO) in the UK – www.ico.org.uk, or the Commission Nationale de L’Informatique et des Libertés (CNIL) in France – www.cnil.fr/fr).
If you wish to exercise any of the rights set out above, please contact us.
How will Orange Silicon Valley deal with my request?
Usually no fee
You will not have to pay a fee to access your Personal Data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
What we require
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
When we will respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.