Last updated: September 26, 2023
Dear User,
The “General Data Protection Regulation” (EU Regulation 2016/679, also known and hereinafter referred to as “GDPR“) requires us, pursuant to Article 13, to provide You with the following information on the processing of Your Personal Data.
This policy informs you of the Personal Data Processing activities we perform as a result of providing the website, https://legalhackers.org/ (the “Site”) to you, your application to start a traditional Legal Hackers Chapter for your city/region or a student-only Legal Hackers Student group for your university (the “Request”), and providing events to you. “Processing of Personal Data” means any operation concerning any information relating to an identified or identifiable natural person. For example, first and last name, or an email address with a “user name” that identifies you (e.g. johndoe@….) is considered “Personal Data”, and the actions of collection, registration with us and use of your Personal Data to send you a communication are considered “Processing” operations; same applies to communication of Data to other organizations and storage.
As our entity provides the Site, and establishes purposes and means of the Processing of Personal Data relating to You, it qualifies as “Data Controller” under the GDPR.
You, the User, are the individual whose Personal Data are processed by us, you are referred to as a “Data Subject,” and you have the right to receive the following information about who we are, what Personal Data we process, why, how and for how long we process it, and what obligations and rights you have regarding it.
Depending on your access to the Site and/or your Request, we may need to process certain Personal Data. In some cases, specified below, we may have an interest in processing Personal Data for purposes other than the provision of Request: in these cases, we will process only where there is an appropriate legal basis and, where required by law, on the basis of the Consent of the Data Subject.
The following grid and clauses explain how the Company, as Data Controller, will process Your Data.
Definitions of terms and expressions used within this Privacy Policy are contained in the Glossary below.
| Purpose | Categories of Personal Data | Legal Basis | Retention Period |
| Analysing traffic on the Site (e.g. detecting the most visited pages, number of visitors per time slot or per day, geographical origin, average connection time, browsers used, visitor origin – from search engines or other sites -, phrases and words searched, etc.) in order to understand how it is used and manage, optimize and improve it, or even just for statistical purposes; solving operational problems (e.g. anomalies in page loading); performing monitoring activities to repel and/or prevent cyber attacks and fraud | Browsing Data, anonymous information (which does not allow us to trace Your identity) and Common Personal Data (e.g. full IP address) | The need to make the Site available (Art. 6.1.b GDPR) | 1 Week from the date of Your last access to the Site |
| Satisfying Your Request regarding your application to start a traditional Legal Hackers Chapter for your city/region or a student-only Legal Hackers Student group for your university | Common Data | The need to take pre-contractual measures at Your Request (Art. 6.1.b GDPR) | Until the newly opened Chapter is closed or you leave the Chapter. |
| As a result of your attendance to events (such as: informal gatherings, panel/keynote discussions, workshops, demo nights, design jams, hackathons) | Sensitive Data (limited to photography) | The need to make the events in a proper way (Art. 6.1.b GDPR) | Until consent to processing is revoked for Sensitive Data |
| Direct communications relating to activities of the Chapter or Student group that started by You | Common Data | Our legitimate interest in consolidating our relationship with your Chapter and updating you about the initiatives carried out by the Company or other Chapters (Art. 6.1.f of the GDPR), unless You inform us that You wish to object it | For a maximum of 3 years from the date of Your last activity |
| Fulfilling obligations under Applicable Law and/or orders issued by Authorities, based on the need to fulfill legal obligations to which the Data Controller is subject | Common Data | The need to fulfill legal obligations from another source (Art. 6.1.c GDPR) | For the time required by these legal and regulatory obligations |
| Establish, exercise and/or defend a right in court on the basis of the need to pursue that purpose | Common Data | Our legitimate interest in exercising or defending our rights in court (Art. 6.1.f GDPR) | For the duration allowed by the law to to establish, exercise and/or defend the right considered. |
| Clarification of Maximum Retention Period | |||
| Your Personal Data will be processed for the maximum periods indicated above for the respective processing purposes, unless Applicable Law requires us to retain it for a longer period or permits us to do so in order to protect our rights and/or legitimate interests. | |||
| To whom do we disclose Data (Recipient Categories)? | |||
To the minimum extent necessary to achieve each of the Purposes, on the basis of Applicable Law and/or a contractual agreement with the Data Controller, to
The Data Controller does not disclose Personal Data, except where such disclosure is required, in accordance with the law, by Authorities, information and security bodies or other public entities for purposes of defense or State security or for the prevention, detection or prosecution of criminal offenses. |
|||
| Does the Site make use of Cookies? | |||
| No. | |||
| Are you obliged to provide us with Personal Data? | |||
| Due to the way the Internet works, you may not refuse to disclose your Browsing Data; you may not refuse to disclose certain Personal Data (such as the IP address of Your device). | |||
| What happens if you refuse to disclose your Data? | |||
| If you refuse to provide Personal Data for the above contractual or pre-contractual purposes, we will not be able to enter into/perform the contractual relationship or fulfill your Request. | |||
| What kind of communication will we send you? | |||
Please, note that to interact with its Users, the Company reserves the right to use any service, platform or tool, including but not limited to Discord, Facebook, Typeform.com. For information that the Company requests directly from you through these channels, the Company is the Data Controller and the processing of such information will be done in accordance with this Privacy Policy (and, as the case may be, such third-party providers may act as Data Processors on our behalf). For the use and registration to these channels, however, you are considered a direct User of those services and therefore the operators of those services will process your Data as independent Data Controllers in relation to the Company. Therefore, we recommend that you carefully read the terms of service and privacy policies of such operators. |
|||
| What rights do You have as a “Data Subject”? | |||
You, as Data Subject, have the right to:
Furthermore, you have the following rights: the right to withdraw your consent to the Processing of Data at any time, where Your consent was the legal basis for the Processing of Data; the right to object, under which you may object, upon simple request, to the Processing of Data that the Data Controller carries out for direct marketing purposes, as well as for reasons related to your particular situation (e.g. if you see a harm to your reputation), unless the Data Controller demonstrates an overriding legitimate interest, and unless the processing is necessary for the establishment, exercise or defence of a legal claim. |
|||
| Who can you contact with questions or to exercise your rights? | |||
| You may contact the Data Controller for questions concerning the processing of your Personal Data and to exercise your rights by sending an email to info@legalhackers.org. | |||
| Do we have a EU representative? | |||
| Yes, we do. Raffaele Battaglini (Futura Law Firm S.t.a.r.l. S.B. with registered address in Turin (Italy), Via Davide Bertolotti n. 7) is Company’s data protection representative in the EU to serve as the Company’s contact point for Supervisory Authorities and Data Subjects according to Art. 27 GDPR. | |||
This Privacy Policy is in force from the date indicated in the header. We reserve the right to modify its content, in part or in full. Such updates will be in force from the date of their publication. You are therefore invited to visit this section regularly.
We do not knowingly collect personal information about natural persons who, according to their national law, lack legal capacity to act for the purpose of entering into contracts, except for requests relating to minors made by persons exercising parental authority or custody over the minors concerned. If information on such persons is recorded, We will delete it in a timely manner at the request of the Data Subject or the person exercising parental authority over him or her.
GLOSSARY
“Applicable Law”: means any provision, of whatever rank, belonging to New York law or to the law of the European Union, in whatever way applicable to the Site and to the legal relationships arising as a result of the interactions between the Company and the Users.
“Authorized Agent”: means the natural person, under the direct authority of the Data Controller, who receives instructions from the Data Controller on the Processing of Personal Data, pursuant to and in accordance with Article 29 of the GDPR.
“Authority”: means a body or organization, public or private, with administrative, judicial, police, disciplinary or supervisory powers.
“Browsing Data”: means the data that the computer systems and software procedures used to operate the Site acquire, during their normal operation, and whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified Data Subjects, but given their very nature, this information could, through processing and association with data by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users who connect to the Site, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc..) and other parameters relating to the operating system and computer environment of the user. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning and is deleted immediately after processing.
“Committee” o “EDPB”: means the European Data Protection Board, established by Article 68 of the GDPR and governed by Articles 68 to 76 of the GDPR, which replaces WP29 as of 25/5/2018.
“Common Data”: means the Personal Data concerning Your personal details, including, but not limited to, Your first and last name, e-mail address, telephone number, tax code, VAT number, as Well as any other data You may provide us with, for example through the forms or contact details of our organization available on the Site.
“Company”: the company Legal Hackers LLC, with registered office in 50 Main St., Suite 100, White Plains, NY 10606 (USA), DOS ID 4504648.
“Data”: one or more of the categories indicated as Personal Data.
“Data Controller”: means “the natural or legal person, public authority, service or other body which alone or jointly with others determines the purposes and means of the processing of personal data”, as defined in Article 4, subsection 1, no. 7, of the GDPR.
“Data Processor”: means “a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller”, as defined in Article 4, subsection 1(8) of the GDPR.
“Data Subject”: “an “identified or identifiable natural person”, as defined in Article 4, subsection 1, no. 1, of the EU Regulation 2016/679 (so-called “GDPR”).
“Disclosure”: the making of personal data to unspecified persons, in any form whatsoever, including by making them available or consulting them (as defined in Article 2-ter(4)(b) of the Italian Privacy Code).
“GDPR”: means the EU Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
“Limitation”: means the marking of personal data stored with the aim of limiting their processing in the future, as defined in Article 4(1)(3) of the GDPR.
“Privacy Law”: the EU Regulation 2016/679 (“GDPR”), New York Privacy Act, as well as the measures adopted by the Supervisory Authority in execution of the tasks established by the GDPR, and further applicable legislation, of whatever rank, including the opinions and guidelines prepared by the Committee.
“Privacy Policy”: means this policy on the Processing of Personal Data.
“Personal Data”: means “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”, as defined in Article 4, subsection 1, no. 1, of the GDPR).
“Processing”: means “any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction”, as defined by Art. 4, subsection 1, no. 2, of the GDPR.
“Publication”: means the action by which the Data Controller communicates information on the Site, without the implementation of procedures requiring the User to view it.
“Recipient“: means “a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not”, as defined in Article 4, sub-paragraph 1, no. 9, of the GDPR.
“Request“: means an application to start a traditional Legal Hackers Chapter for your city/region or a student-only Legal Hackers Student group for your university.
“Sensitive Data”: means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs; trade-union membership; genetic data, biometric data processed solely to identify a human being; health-related data; data concerning a person’s sex life or sexual orientation.
“Site”: means the web pages displayed through https://legalhackers.org/, including subdomains.
“Supervisory Authority”: the independent public authority established by a European Union state, or by the European Union itself, in charge of supervising the application of the Privacy Law;
“Third Party”: means “the natural or legal person, public authority, service or other body other than the Data Subject, the Data Controller, the Data Processor and the persons authorized to process personal data under the direct authority of the Data Controller or Data Processor”, as defined in Article 4, subsection 1, no. 10, of the GDPR.
“User”: means any individual who accesses the Site or/and a member of the Request.