Effective Date: September 29, 2020

Introduction

Welcome to Orange Silicon Valley’ Privacy Policy. It details our privacy practices for the activities described below. Please take the time to carefully review this Privacy Policy in order to understand how we collect, share, use and otherwise process information relating to individuals, and to learn about your rights and choices regarding our processing of your Personal Data (as defined below).

Orange Silicon Valley (“Orange Silicon Valley”, “we”, “us” or “our”) is committed to protect your Personal Data in accordance with applicable data protection and information security laws, including but not limited to the EU General Data Protection Regulation 2016/679, as nationally implemented, supplemented and amended from time to time (the “GDPR”), the EU ePrivacy legislation, and various national privacy laws.

  1. The scope of this Privacy Policy

This Privacy Policy applies to Personal Data that Orange Silicon Valley processes in connection with your use of our website www.orangesv.com, sales or marketing activities, surveys, customer satisfaction or service improvement programs, events invitation and management activities that involve Personal Data including for the purpose of event registration (the “Services”). For further details on our processing activities as Controller and the type of Personal Data processed, please see section 5.

Our Services are not intended for use by children, and we do not knowingly collect Personal Data relating to children.

Definitions

“Controller” has the meaning set out in the GDPR; in short, it is the company that (alone or jointly with others) determines the purposes and means of the processing of Personal Data.  Orange Silicon Valley is the controller of your Personal Data, as described in this Privacy Policy, unless otherwise stated.

“Personal Data” means any information relating to an individual from which that individual can be identified. It does not include data where the identity has been removed (anonymous data).

“Processor” has the meaning set out in the GDPR; in short, it is the company that processes Personal Data on behalf of the Controller. Orange Silicon Valley may act as a Processor in respect of all Personal Data collected or generated by Orange Silicon Valley in order to provide its services to you, on your instructions, and not for any other purpose.

Third-party links

Our website www.orangesv.com (the “Website”) may include links to third-party websites and applications as well as to partner providers of multiple different types of services associated with a particular Event. Clicking on those links, content or application may allow these third parties to collect or share Personal Data about you. Except as otherwise expressly included in this Privacy Policy, this document addresses only the use and disclosure of information we collect from you. If you disclose your information to others, different rules may apply to their use or disclosure of the information you provide to them. We do not control these third-party websites and are not responsible for their privacy statements or the way in which they collect or use your Personal Data. When you leave our Website, please read the privacy policy of the other websites that you visit.

Changes to this privacy policy and the importance of keeping us updated

We keep our Privacy Policy under regular review. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

This version was last updated in September 2020.

  1. Who we are and our contact information

We have appointed a data privacy manager who is responsible for overseeing questions in relation to this privacy policy.

If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact the data privacy manager using the details set out below.

Contact details

If you have any questions about this privacy policy or our privacy practices, please contact our data privacy manager in the following ways:

  • Full name of legal entity: Orange Silicon Valley, LLC
  • Mailing address: 60 Spear Street, Suite 1100, San Francisco, CA 94105
  • Email address: event.osv@orange.com
  1. What Personal Data may we collect?

We may collect, use, store and transfer different kinds of Personal Data about you which we have categorized as follows:

Category Personal Data in category
Identity Data first name, last name, honorific (e.g. Ms., Mr., Dr., …), username or similar identifier, password, image, employer name, job title, and, if you contribute to or interact with an event, any other audio-visual content which you appear in
Contact Data home address, office address, email address and telephone numbers
Visual Data photographs and other audio-visual record or content which you appear in and that we take during Orange Silicon Valley or third party events or that we process based on your consent
Transaction Data details about payments you have made and other details of services you have accessed or used through the Website. We do not store card details on our server. Credit and debit card payments are processed by Stripe on their secure payments server and all card details and fully encrypted and store by them
Technical Data internet protocol (IP) address, login data, browser type and version, time zone setting and location, hardware information, time zone setting and location, browser plug-in types and versions, operating system and website, and other technology on the devices you use to access areas of our Website
Profile Data username and password, interests, purchases, preferences, comments, questions, feedback and survey responses
Usage Data information about how you use our Website and Services
Marketing and Communications Data preferences in receiving marketing from us and our third parties partners and your communication preferences

Aggregated / anonymized data

We also collect, use and share aggregated and anonymized information such as statistical or demographic information. Aggregated or anonymized data could be based on Personal Data but is not legally considered to be Personal Data. For example, we may aggregate or anonymized Usage Data to calculate the percentage of users accessing a specific function on our website. If we combine or link aggregated or anonymized data with any Personal Data so that it can identify an individual, we treat the combined data as Personal Data which will be used in accordance with this Privacy Policy

4. How do we collect your Personal Data?

We use different methods to collect data from and about you including through:

  • Direct interactions. You may give us your Identity, Contact and other Data by filling in forms or by corresponding with us by email or otherwise on the Website. This includes Personal Data you provide when you: (a) create an account with us; (b) subscribe (or are subscribed) to our services or interact in an event; (c) request marketing to be sent to you; (d) enter a promotion or survey; or (e) give us feedback or contact us.
  • Automated technologies or interactions. As you interact with the Website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.

5. How do we use your Personal Data?

The table below shows the ways that we use Personal Data for which we are Controller and our legal bases for doing so (including a description of our legitimate interests).

We may process your Personal Data for more than one lawful ground depending on the specific purpose for which we are using your data.

  Our Activity Types of Personal Data processed   Our lawful basis for processing
To register you as a user of our Website Identity Data Contact Data Performance of a contract with you
To process any paid or unpaid [SG1] entry to an event: Managing payment, fees and charges (if any)Verifying your identity and details of your payment method or credit card account (if any)Communicating with you, for example confirmation of your attendance for an event Identity Data Contact Data Transaction Data Marketing and Communication Performance of a contract with youNecessary for our legitimate interests
To manage our relationship with you, which will include: Providing access to Website servicesNotifying you of any changes to our terms of service or Privacy PolicyAsking you to leave a review or take a surveyInvestigating complaints Identity Data Contact Data Profile Data Marketing and Communications Performance of a contract with youNecessary to comply with a legal obligationNecessary for our legitimate interests (to keep our records updated and to study how users use the Websites and our services)
To deliver relevant Website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you Identity Data Contact Data Profile Data Usage Data Marketing and Communications Data Technical Data Necessary for our legitimate interests (to study how users use the Website and to grow our business and inform our marketing and growth strategy)
To complete a survey, provide customer satisfaction feedback, take part in service improvement programs, and attend any events that we organize Identity Data Contact Data Profile Data Usage Data Marketing and Communications Data Visual Data Necessary for our legitimate interests (to study how Customers use our services, to try to increase and improve interaction with customers, to find out how we can improve our services, and to develop and grow our business, to communicate about our events)
To make suggestions and recommendations to you about events or services that may be of interest to you Identity Data Contact Data Profile Data Usage Data Marketing and Communications Data Necessary for our legitimate interests (to develop our products/services, grow our business and maintain our relationships)Consent where required
To administer and protect our business and our websites (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) Identity Data Contact Data Technical Data Necessary for our legitimate interests (for running our business, administering our CRM, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise)Necessary to comply with a legal obligation

Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your Personal Data for our legitimate interests. We do not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.

Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract. In respect to Orange Silicon Valley, that is the performance of our agreement with you to make the Website and our services available. We are not involved in the processing of your Personal Data during any engagement you enter into with our third party partners. We will always get your consent to transfer any Personal Data to any third party whom you enter into an agreement with for the provision of their services to you.

Comply with a legal obligation means processing your Personal Data where it is necessary for compliance with a legal obligation that we are subject to.

Marketing

We strive to provide you with choice regarding use of your Personal Data around marketing and advertising. We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think may be of interest to you. This is how we decide which services and offers may be relevant for you.

You will receive marketing communications from us if you have provided your consent to receive those communications.

You can ask us to stop sending you marketing messages at any time by contacting us.

Third-party Marketing

We will get your express opt-in consent before we share your personal data with any third party for marketing purposes, including our affiliates.[SG1] 

Opting out

You can ask us or third parties to stop sending you marketing messages at any time. Where you opt out of receiving these marketing messages, this will not apply to Personal Data provided to us as a result of your use of the Website, registration for an event or any associated services.

Cookies

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the Website may become inaccessible or not function properly.

Change of Purpose

We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

We may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by applicable law.

6. To whom may we disclose Personal Data?

We may share your Personal Data in our capacity as Controller of such Data with the parties set out below for the purposes set out in the table in section 5 above.

Service providers acting as Controllers in their own rights, in which case the processing of your Personal Data will be subject to these service providers’ privacy policies. For example, to provide event hosting platform services when we hold our events virtually, or our third-party partners and affiliates who you engage with you through the use of the Website or Services in order to facilitate the provision of services.

Where third parties provide support for the provision of services made available to you through the Website or for the hosting of events, these third parties may receive certain Personal Data from you. Whilst we are not in control of any third parties to whom you request your data to be shared, we require all third parties to respect the security of your Personal Data and to treat it in accordance with applicable data protection laws. Unless they obtain your explicit consent, we do not allow any third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with your instructions.

Service providers acting as Processors based in EU and outside of EU, who provide IT and system administration services, maintenance, expert technical support and hosting.

To help constantly improve and tailor the service we provide to you through our Website, we may use aggregated information so that we can administer and improve our services, analyze trends, gather broad demographic information and detect suspicious or fraudulent transactions and most importantly monitor and improve our operations on a day to day basis. In carrying out this activity, we may pass some information to third parties in aggregate and anonymized format. National authorities (such as tax authorities), agencies and regulators acting as Processors or Controllers who have the legal authority to require reporting of processing activities or disclosure of Personal Data in certain circumstances

7. What are the appropriate safeguards for international transfers of Personal Data?

We may transfer your Personal Data outside the European Economic Area (EEA) in our performance of services.

Whenever we transfer your Personal Data out of the EEA, for example to an external supplier in a country which the EU Commission has not assessed as providing an adequate level of protection, we ensure an appropriate degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give Personal Data the same protection it has in the European Union.

Please contact us if you want further information on the specific mechanism used by us when transferring your Personal Data out of the EEA.

Our data security practices

We have put in place appropriate security measures to prevent Personal Data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to access it. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

9.  How long will we retain Personal Data?

We will only retain your Personal Data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for Personal Data, we consider:

  • the amount, nature and sensitivity of the Personal Data;
  • the potential risk of harm from unauthorized use or disclosure of your Personal Data; and
  • the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

In some circumstances we will anonymize your Personal Data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Your legal rights

Under certain circumstances, you have the following rights under data protection laws in relation to your Personal Data:

  • request access to, correction of, or erasure of Personal Data
  • object to processing of Personal Data
  • request restriction of processing of Personal Data
  • request transfer of Personal Data to another organization
  • withdraw consent to processing of Personal Data
  • make a complaint to the relevant national data protection regulator (such as the Information Commissioner’s Office (ICO) in the UK – www.ico.org.uk, or the Commission Nationale de  L’Informatique et des Libertés (CNIL) in France – www.cnil.fr/fr).

If you wish to exercise any of the rights set out above, please contact us.

How will Orange Silicon Valley deal with my request?

Usually no fee

You will not have to pay a fee to access your Personal Data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

What we require

We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

When we will respond

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.