GDPR

Information on the processing of personal data

The company Twenty one million s.r.o., as the organizer of the conference “BTC Prague” and the operator of the website https://www.btcprague.com/, would like to inform you about the scope of the related processing of personal data and the conditions for managing cookies.

1. CONTROLLER

Twenty one million s.r.o.
Company ID:	172 59 444
Registered office:	Korunní 2569/108, Vinohrady, 101 00 Prague 10, Czech Republic
Registered with the Commercial Register maintained by the Municipal Court in Prague, file No.: C 369031

2. PURPOSES FOR PROCESSING OF PERSONAL DATA

The Controller, as part of the organisation of the conference and the operation of the website or in relation to the operation of the website, processes personal data for the following purposes, which are further described in detail in the following sections:

• Website traffic analysis;
• Marketing analysis;
• Sale of tickets, goods, and the conference organisation;
• Bookkeeping;
• Communication with visitors;
• Marketing communication;
• Ensuring security and the technical functioning of the services;
• Ensuring legal protection.

2.1 Analysis of the website traffic

The Controller uses Google Analytics and Facebook Pixel traffic analysis services within the website. These services use aggregated statistical data on how the website is being used, while it is essential for the operation of the website to ensure the differentiation of unique accesses to the website. For this purpose, especially cookies and similar technology, further described in section 4 below, are used. The information thus obtained are used for improving user experience, identifying website errors and improving quality of services.

Cookies for analysis of the website traffic are stored in your browser only if the settings of the browser allow this, and if you consent to the storage of cookies using the corresponding dialogue when entering the website. You can find further information about cookies in section 4.

2.2 Marketing analysis

The Controller uses the advertising effectiveness analysis services of Google and Meta (Facebook) on the website. These services use data about accesses to the website, and it is essential for their functioning to ensure the differentiation of unique accesses to the website. In particular, cookies and similar technologies are used for this purpose and are further described in section 4 below. The information collected in this way is used to measure the effectiveness of advertising and advertising campaigns.

Marketing cookies are stored in your browser only if the settings of the browser allow this, and if you consent to the storage of cookies using the corresponding dialogue when entering the website. You can find further information about cookies in section 4.

2.3 Sale of tickets, goods and conference organisation

For the purpose of securing the sale of tickets, goods and conference organisation, the Controller processes personal data necessary for the conclusion and performance of the purchase contract, including related administrative and organisational activities. In particular, the processing concerns the basic identification data of the purchaser (name, surname, email address), billing details, delivery data, data on the content of concluded contracts, information on purchases made, including related communication and handling of related requests (e.g., delivery changes, warranty claims, cancellations, etc.), information on payments and mutual obligations and information related to the organisation of the conference, including organisational communication, tickets check in the context of participation in the conference.

The processing of this data is necessary for the conclusion of contracts for the sale and purchase of tickets and other goods, to ensure their performance and to ensure the proper conduct of the conference.

2.4 Bookkeeping

The Controller, being a legal entity, is required to keep standard accounting records, which may include information on transactions entered into and related liabilities. For accounting purposes, data on transactions and payments made, including price, payments in crypto assets, identification of buyers and receipts or invoices, are processed.

The processing of this data is necessary to comply with the legal obligations of the Controller and the data are kept for a legal archiving period, which may last up to 10 years from the end of the relevant accounting period.

2.5 Communication with visitors

In the event of contacting the Controller via the published contacts, the messages received in this way, including any information provided, will be processed by the customer support team in order to ensure that the requests, questions and other matters raised are processed properly.

This information is processed on the basis of the legitimate interest of the Controller and the user in processing the requests, queries and other matters raised by the user. Data processed in connection with the provision of customer support is retained until the matter is resolved and for a period of 6 months thereafter.

2.6 Newsletter and other marketing communication

If you subscribe to the newsletter or if you do not refuse to be included in the mailing list when purchasing tickets or other goods, the Controller may from time to time send you information about current news, new products and services, events organised by partner organisations and other relevant information to the email or other contact details provided.

Your email address will be included in the contact list with your consent if you subscribe to the newsletter on the website or if you do not refuse to be included in the list when purchasing tickets or other goods. Your email address will be kept on the contact list until you unsubscribe from the list. You may unsubscribe from marketing communications at any time by clicking on the unsubscribe link included in each mailing or by contacting the Controller directly with your request. The Controller is then entitled to record your choice not to receive marketing communications.

2.7 Ensuring the security and technical functioning of the services

For the proper and secure operation of the website and the provision of services, it is necessary to collect and process certain technical data about the use of the website, including the IP address, the parameters of the browser used or the storage of cookies.

Such processing is carried out in accordance with the legitimate interests of the Controller and users in the safe and proper operation of the website and the provision of services.

2.8 Ensuring legal protection

Any personal data collected may be processed for the purpose of providing legal protection to the Controller, users or third parties for the purpose of proving and settling legal claims. For this purpose, all processed data is archived for a period of at least 3 years from the date of collection, unless the specific data is retained for longer when necessary.

The processing for this purpose is based on the legitimate interest of the Controller or of third parties to protect their interests, enforce their claims and defend themselves against third-party claims, and resolve disputes and complaints.

3. TRANSMISSION OF PERSONAL DATA

Personal data is kept private and in the utmost safety. However, in order to provide quality services, we use the services of our suppliers who provide organisational, marketing, technical and other services for us and may include, but are not limited to:

• providers of online analytics tools (mentioned above in the cookies section);
• suppliers of technical IT services, including infrastructure (providers of hosting services and service support);
• accountants, legal and tax advisors;
• payment service providers;
• bulk email service providers;
• external collaborators.

Suppliers may have access to certain personal data in connection with the provision of services, but only to the extent necessary to properly provide the service. The security of personal data is ensured by our suppliers through their contractual obligations, including confidentiality obligations.

In cases provided for by law, the Controller may be obliged to disclose certain data to state administration authorities, including law enforcement authorities and the supervisory authority for measures against the legalization of the proceeds of crime.

Information on the processing of personal data by the most important processors is provided below.

3.1 Google

As part of the website, Google Analytics, Google Ads, and Google Tag Manager services are used for the website traffic analysis and marketing analysis. These services are provided by Google LLC based in the USA. The Controller has entered into a data processing agreement with Google LLC on the basis of standard contractual clauses approved by the European Commission.

You will learn more information about Google Analytics and how Google LLC processes data by following these links:

• Google – information about the processing of personal data;
• Google Processor Terms.

3.2 Meta (Facebook)

Facebook Pixel is used within the website to analyze website traffic and ad effectiveness. This service is provided by Meta (Facebook). When sharing data with the provider of this service, data may be transferred to third countries outside the EU, including the USA. The Controller has entered into a GDPR-compliant data processing contract with the provider based on standard contractual clauses approved by the European Commission.

You will learn more information about the service and how the provider processes data by following the link:

• Data Processing Terms;

3.3 Stripe

When selling tickets and goods, the Controller uses the Stripe payment gateway to process payments. As part of the payment processing, data relating to the transaction in question is shared with the payment gateway operator. The payment gateway operator may also collect other data necessary for payment processing, including payment card or bank account data. When sharing data with a payment gateway operator, data may be transferred to third countries outside the EU, including the US. The Controller has entered into a GDPR-compliant data processing agreement with the payment gateway operator based on standard contractual clauses approved by the European Commission.

You will learn more information about the Stripe payment gateway and how the payment gateway operator processes data by following the link:

• Stripe Privacy Policy.

3.4 Tixr

Tickets are sold through the Tixr ticket sales portal, which collects and processes the relevant data necessary to ensure ticket sales and payment processing. The personal data is then made available to the Controller. The processing of data by the Tixr ticket sales portal operator may involve the transfer of data to third countries outside the EU, including the USA. The Controller has entered into a contract with the Tixr ticket sales portal operator for the processing of personal data in accordance with the GDPR on the basis of standard contractual clauses approved by the European Commission.

You will learn more information about the Stripe payment gateway and how the payment gateway operator processes data by following the link:

• Tixr Privacy Policy.

4. Cookies

4.1 What are cookies

The website uses so-called cookies. Cookies are small data files that are stored on your device by the websites you visit. They are widely used to ensure the functioning of websites or to make them more efficient, as well as to provide information to their operators. Cookies are in no way harmful to your device or its software.

4.2 Necessary technical cookies

Cookies are used on the website to ensure its proper functioning and to secure the operation of the website. These cookies are necessary for the proper provision of services and do not require consent to store them. They are mainly cookies for storing session information and for storing user settings (e.g., language preferences). If the storage of these cookies is prohibited by the browser settings, it may not be possible to provide the services offered properly or at all.

User preferences

Cookies are used on the website to store user preferences and settings (e.g., language preferences) to enable the service to be provided to the user as they wish.

Technical and functional cookies for Google services

For the correct functioning of Google’s incorporated services, in particular in relation to respecting the user’s previously made choices (e.g., choices regarding the possibility of storing cookies by Google), cookies are used on the website.

4.3 Analytical cookies

The following third party traffic analytics services are used on the website and use cookies to function. These cookies are only stored with the user’s consent expressed by selecting their options via the cookie settings control panel that appears when you enter the website.

Google Analytics and Google Tag Manager

The Google Analytics and Google Tag Manager services use the information collected from cookies or other elements of the website to analyse the manner of the use of the website. The information stored in the cookies about your use of the website (including your IP address) will be provided by Google and stored on servers of the company Google All data thus obtained will be processed anonymously for the processing of analyses for the Controller. For more information, you can visit the following links:

• Privacy Policy;
• Information about cookies;
• To prevent processing by Google Analytics, please visit the following website.

Facebook Pixel

The Facebook Pixel service is used within the website for website traffic analytics. The information stored in cookies about the use of the website (including the IP address) will be provided to Meta and stored on Meta’s servers. The data collected in this way is anonymous to the Controller but is stored and processed by Meta.

Follow this link to find out more about the service and how Facebook (Meta) processes the data:

• Facebook Pixel cookie information;

4.4 Marketing cookies

The website uses third-party tools based on cookie technology used to monitor the effectiveness of the Controller’s advertising campaigns on these third-party platforms. These cookies are only stored with the user’s consent expressed by selecting his/her options via the cookie settings control panel displayed when accessing the website.

Google Ads and Google Tag Manager

The website uses Google Ads and Google Tag Manager for remarketing and evaluating the effectiveness of ads placed with Google. These tools are used to track redirects from Google platform ads for statistical purposes and to monitor the effectiveness of these ads. The data collected in this way is anonymous to the Controller but is stored and processed by Google.

Follow these links to find out more about the service and how Google processes the data:

• Privacy Policy;
• Information about cookies;
• Usage of cookies.

Facebook Pixel

Within the website, Facebook Pixel is used for remarketing and evaluating the effectiveness of advertising placed with Meta. This tool is used to track retargeting from Facebook ads for statistical purposes and to monitor the effectiveness of Facebook (Meta) ads. The data collected in this way is anonymous to the Controller but is stored and processed by Facebook.

You can find out more about the service and how Facebook (Meta) processes the data at this link:

• Information about cookies used by Facebook Pixel;

4.5 Cookies settings

You can set your browser to refuse all or some cookies. You can usually find out how to set your browser preferences with the browser’s help. If you refuse to store all cookies, the website and the purchase of tickets and other goods may not function properly or it may not be possible to provide these services at all.

You can also delete all cookies stored in your browser after visiting the website to maximize your privacy.

5. information on your rights

In connection with the processing of your personal data, you have the following rights: (1) the right to access your personal data, (2) the right to rectification of inaccurate personal data, (3) the right to restriction of processing, (4) the right to the erasure of personal data, (5) the right to object to the processing of personal data, (6) the right to withdraw consent, (7) the right to data portability, and (8) the right to lodge a complaint with a supervisory authority.

The Controller may need to verify your identity when you make a request to exercise any of these rights and is entitled to request further information in order to comply with your request.

5.1 Right of access to personal data

In connection with the processing of personal data, you have the right, upon request, to be provided with information about the processing of personal data and to be provided with a copy of the personal data processed.

5.2 Right to rectification

If you consider that your personal information is inaccurate, outdated or otherwise incorrect, you

may contact us and we will ensure appropriate remediation.

5.3 Right to restriction of processing

In cases where the processed data is inaccurate or you have objected to the processing, you have the right to request a restriction of processing activities.

During the period of restriction, the personal data will only be stored and no operations will be carried out on them without your consent. The restriction of processing lasts for as long as any of the above situations (e.g., evaluation of an objection or until a correction is made). You will be informed of the possible termination of the restriction.

5.4 Right to erasure

In cases where you withdraw your consent to the processing of personal data or personal data is no longer needed, you have the right to request the erasure of such personal data.

However, in some cases the right to erasure is limited. For example, personal data that are processed on the basis of legal obligations cannot be erased before the expiry of the statutory archiving periods.

5.5 Right to object

You can object to processing based on legitimate interest and for direct marketing with a reasoned objection. The legitimacy of the objection will be assessed and you will be notified of the decision via the contact you have chosen.

5.6 Right to withdraw consent to the processing of personal data

In the case of processing of personal data based on your consent, you can withdraw this consent at any time.

5.7 Right to portability

When the personal data provided by you in connection with the performance of a contract or on the basis of consent is processed entirely by automated means and is stored in a structured, machine-readable format, you have the right to have it provided in a structured, machine-readable format. However, we do not currently carry out such processing.

5.8 Right to lodge a complaint with a supervisory authority

If you consider your personal data not to be handled in accordance with the law, you can contact the competent supervisory authority in the place of your residency, your work or where your rights have been violated. In the Czech Republic, the supervisory authority is the Office for Personal Data Protection.

6. the effective date and amendments

6.1 Amendments

The Controller reserves the right to amend the details of the processing of personal data as needed. In such a case, you will be notified of the amendment and the new text of the Information on the processing of personal data will be published on the website.

6.2 The effective date

This information on the processing of personal data is issued with the effective date of 27. 6. 2022.

7. contact information

If you have any questions or in case of a query in relation to any of the above rights, you can use any of the following contacts:

Email:	info@btcprague.com
Phone:	+420 737 765 444