Privacy Policy
We collect your information to organize conferences and manage speaker applications, using privacy-friendly analytics to improve our website. We're committed to protecting your data and never sell your personal information to third parties.
This policy explains what data we collect, how we use it, and your rights under GDPR. We only gather information necessary for conference operations, speaker coordination, and providing you with the best possible event experience.
Last updated: October 31, 2025
1. Who We Are
Cloud Native Bergen is a technology conference organizer based in Bergen, Norway. We organize events focused on cloud native technologies and related topics.
2. What Personal Data We Collect
Speaker Information
Contact & Professional
- • Name, email address, professional title
- • Biography and company affiliation
- • Social media links and professional profiles
- • Profile photos and presentation history
Authentication & Diversity
- • GitHub/LinkedIn profile information (when signing in)
- • Optional diversity and inclusion details (special category data, collected only with your explicit consent)
- • Local speaker status (optional)
Travel Support Information
3. Why We Collect This Information (Legal Basis)
We process your personal data based on the following legal grounds under GDPR:
Legitimate Interest (Article 6(1)(f))
- • Organizing and managing the conference
- • Speaker selection and coordination
- • Volunteer coordination and event operations
- • Conference logistics and communication
- • Attendee registration and venue access control
- • Workshop registration, capacity management, and waitlist coordination
- • Sharing participant lists with venue partners for security and access management
- • Improving future events
- • Preserving conference history and archives
- • Privacy-friendly website analytics and performance monitoring (no advertising)
Consent (Article 6(1)(a))
4. How We Use Your Information
Conference Organization
Managing speaker applications, scheduling, and logistics
Communication
Sending updates about the conference, speaking arrangements, and travel
Financial Processing
5. Who We Share Your Data With
Essential Service Providers
Sanity.io
Content management and database services (EU-based, GDPR compliant)
Vercel.com
Website hosting, infrastructure, content delivery network, and privacy-friendly analytics (Vercel Analytics & Speed Insights; cookie-less)
6. International Data Transfers
Some of our service providers may be located outside the EU/EEA. When we transfer your data internationally, we ensure appropriate safeguards are in place:
Standard Contractual Clauses (SCCs) with service providers
- Adequacy decisions by the European Commission
- Other appropriate safeguards as required by GDPR
Some providers (e.g., Vercel, Slack, Resend, WorkOS) may process data in the United States. We rely on Standard Contractual Clauses and other safeguards required by GDPR for such transfers.
WorkOS Authentication
WorkOS processes workshop authentication data in the United States. We rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- WorkOS's compliance with applicable data protection frameworks
- Additional safeguards including encryption at rest and in transit
7. How Long We Keep Your Data
We retain personal data for different periods depending on its purpose and legal requirements:
| Data Type | Retention Period | Legal Basis & Reason |
|---|---|---|
| Active Speaker Profiles | 3 years after last conference participation | Legitimate Interest: Future conference invitations and speaker outreach |
| Archived Speaker Profiles (Previously published conference programs) | Indefinitely With option to request removal |
8. Your Rights Under GDPR
You have comprehensive rights regarding your personal data. Here’s what you can do:
Right to Access (Article 15)
Request a copy of all personal data we hold about you, including how it’s processed.
Right to Rectification (Article 16)
Correct any inaccurate or incomplete personal data we have about you.
Right to Erasure
9. Data Security
We implement comprehensive security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction:
Encryption
All data is encrypted in transit (HTTPS/TLS) and at rest using industry-standard encryption protocols.
Access Controls
Role-based access controls with organizer-only admin functions and multi-factor authentication.
Authentication
11. Children’s Privacy
Age Restriction: Our services are not intended for individuals under 13 years of age. We do not knowingly collect personal data from children under 13. If you become aware that a child has provided us with personal data, please contact us immediately and we will delete it.
12. Changes to This Privacy Policy
We may update this privacy policy from time to time. When we make changes, we will:
Update the date
Update the “Last updated” date at the top of this policy
Notify active users
Send email notifications about significant changes
Request renewed consent
For significant changes, we may request renewed consent where required by law
13. Contact Information and Complaints
Contact Us
For privacy-related questions:
📧contact@cloudnativebergen.devSubject line: Please include “Privacy Policy” in your email subject
Response time: We will respond within 30 days and may request identity verification for security purposes
File a Complaint
This privacy policy complies with the EU General Data Protection Regulation (GDPR) and Norwegian data protection laws.