Privacy Policy
We collect your information to organize conferences and manage speaker applications, using privacy-friendly analytics to improve our website. We're committed to protecting your data and never sell your personal information to third parties.
This policy explains what data we collect, how we use it, and your rights under GDPR. We only gather information necessary for conference operations, speaker coordination, and providing you with the best possible event experience.
Last updated: September 2, 2025
1. Who We Are
Cloud Native Bergen is a technology conference organizer based in Bergen, Norway. We organize events focused on cloud native technologies and related topics.
2. What Personal Data We Collect
Speaker Information
Contact & Professional
- • Name, email address, professional title
- • Biography and company affiliation
- • Social media links and professional profiles
- • Profile photos and presentation history
Authentication & Diversity
- • GitHub/LinkedIn profile information (when signing in)
- • Optional diversity and inclusion details (special category data, collected only with your explicit consent)
- • Local speaker status (optional)
Travel Support Information (When Applicable)
Financial Details
- • Beneficiary name and bank information
- • IBAN/account number and SWIFT code
- • Travel expense amounts and currencies
- • Receipts and travel documentation
Travel Information
- • Expense descriptions and categories
- • Travel locations and dates
- • Supporting documentation
Communication Data
- • Email Communications: Messages between organizers and speakers
- • Conference Updates: Information about conference logistics and updates
Attendee & Participant Information
Registration Details
- • Full name and email address
- • Company/organization affiliation
- • Professional title and experience level
- • Dietary requirements and accessibility needs(may include health data; collected with your explicit consent and used only to accommodate your needs)
Event Management
- • Check-in and attendance tracking
- • Session preferences and interests
- • Networking preferences (optional)
- • Emergency contact information
Website Usage (Analytics)
- • Page views, referrers, device/browser information, approximate region
- • Cookie-less analytics, aggregated; no advertising profiles
3. Why We Collect This Information (Legal Basis)
We process your personal data based on the following legal grounds under GDPR:
Legitimate Interest (Article 6(1)(f))
- • Organizing and managing the conference
- • Speaker selection and coordination
- • Conference logistics and communication
- • Attendee registration and venue access control
- • Sharing participant lists with venue partners for security and access management
- • Improving future events
- • Preserving conference history and archives
- • Privacy-friendly website analytics and performance monitoring (no advertising)
Consent (Article 6(1)(a))
- • Marketing communications and newsletters
- • Diversity data collection
- • Photography and recording during events
- • Public profile information for conference materials
- • Receipt processing for travel expenses
- • Financial data processing for reimbursements
- • Special category data (e.g., health, diversity) processing
Contract Performance (Article 6(1)(b))
- • Processing travel reimbursements for speakers
- • Managing speaker agreements and obligations
- • Providing conference-related services
Legal Obligation (Article 6(1)(c))
- • Financial record keeping and accounting
- • Compliance with tax and audit requirements
- • Data protection compliance and reporting
4. How We Use Your Information
Conference Organization
Managing speaker applications, scheduling, and logistics
Communication
Sending updates about the conference, speaking arrangements, and travel
Financial Processing
Handling travel reimbursements and expense management
Venue Coordination
Registration management, access control, and sharing participant lists with venue partners for security
Public Information
Displaying speaker profiles and bios on the conference website (with consent)
Website Analytics
Privacy-friendly, cookie-less analytics to understand site usage (no advertising)
Event Improvement
Analyzing feedback to improve future conferences
Recordings and Publication
We record conference sessions and may publish talks on our official online video channels/platforms. For speakers, the legal basis is our speaking agreement and our legitimate interest in documenting and sharing the event. For attendees, our legitimate interests allow incidental capture; we provide no‑filming areas and will honor reasonable requests for removal or blurring where feasible.
5. Who We Share Your Data With
Essential Service Providers
Sanity.io
Content management and database services (EU-based, GDPR compliant)
Vercel.com
Website hosting, infrastructure, content delivery network, and privacy-friendly analytics (Vercel Analytics & Speed Insights; cookie-less)
Resend.com
Email delivery service for conference communications
Checkin.no
Ticket management and event check-in services
Pirsch Analytics
Privacy-focused, cookie-less website analytics (aggregated, no advertising profiles)
Slack
Internal organizer notifications for operations (e.g., speaker proposal updates)
Authentication Services
GitHub/LinkedIn
Authentication services (when you choose to sign in)
Conference Partners & Venue
Venue Partners (Legitimate Interest)
• Participant registration lists - Names and basic contact information shared for venue access control and security
• Speaker information - Names and session details for event coordination and technical setup
• Logistics coordination - Information necessary for event management and facility access
Legal Basis: Legitimate interest for event security, access control, and venue management. Data sharing limited to information necessary for venue operations.
• Sponsors for networking opportunities (only if you opt in during registration)
• Photography/videography vendors for event documentation (with prior notice)
• Catering and hospitality providers for dietary requirements and service coordination
We never sell your personal data to third parties.
6. International Data Transfers
Some of our service providers may be located outside the EU/EEA. When we transfer your data internationally, we ensure appropriate safeguards are in place:
Standard Contractual Clauses (SCCs) with service providers
- Adequacy decisions by the European Commission
- Other appropriate safeguards as required by GDPR
Some providers (e.g., Vercel, Slack, Resend) may process data in the United States. We rely on Standard Contractual Clauses and other safeguards required by GDPR for such transfers.
7. How Long We Keep Your Data
We retain personal data for different periods depending on its purpose and legal requirements:
| Data Type | Retention Period | Legal Basis & Reason |
|---|---|---|
| Active Speaker Profiles | 3 years after last conference participation | Legitimate Interest: Future conference invitations and speaker outreach |
| Archived Speaker Profiles (Previously published conference programs) | Indefinitely With option to request removal | Public Interest Archiving (Art. 89): Historical documentation of technology community events and speakers.Legitimate Interest: Maintaining public archives of past conferences for community and historical value. |
| Banking & Financial Information | 5 years after transaction completion | Legal Obligation: Norwegian accounting and tax law requirements for financial records |
| Travel Receipts & Documentation | 5 years after reimbursement | Legal Obligation: Financial record keeping and audit requirements |
| Email Communications | 2 years after conference | Legitimate Interest: Conference documentation and operational continuity |
| Attendee & Participant Data (Registration, check-in, preferences) | 2 years after conference completion | Legitimate Interest: Event management, security, future event planning, and attendee experience improvement |
| Marketing Consent & Preferences | Until withdrawn or 3 years of inactivity | Consent: Active consent management and preference tracking |
About Archived Speaker Profiles
We maintain archived versions of conference programs with speaker information for historical and community purposes. This information was previously published with consent and serves the public interest of documenting our technology community’s history. You can request removal of your information from archives at any time by contacting us.
8. Your Rights Under GDPR
You have comprehensive rights regarding your personal data. Here’s what you can do:
Right to Access (Article 15)
Request a copy of all personal data we hold about you, including how it’s processed.
Right to Rectification (Article 16)
Correct any inaccurate or incomplete personal data we have about you.
Right to Erasure (Article 17)
Request deletion of your personal data in certain circumstances (right to be forgotten).
Right to Restrict Processing (Article 18)
Limit how we use your personal data in certain situations while keeping it stored.
Right to Data Portability (Article 20)
Receive your personal data in a machine-readable format to transfer to another service.
Right to Object (Article 21)
Object to processing based on legitimate interests or for marketing purposes. This includes the right to object to analytics based on our legitimate interests.
Right to Withdraw Consent
Where we process your data based on consent, you can withdraw that consent at any time. This won’t affect the lawfulness of processing before withdrawal.
How to Exercise Your Rights
Contact us at contact@cloudnativebergen.dev to exercise any of these rights. We will respond within 30 days and may request identity verification for security purposes.
9. Data Security
We implement comprehensive security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction:
Encryption
All data is encrypted in transit (HTTPS/TLS) and at rest using industry-standard encryption protocols.
Access Controls
Role-based access controls with organizer-only admin functions and multi-factor authentication.
Authentication
Secure OAuth-based authentication through trusted providers (GitHub, LinkedIn).
Regular Updates
Continuous security patches, system updates, and vulnerability monitoring.
Data Minimization
We only collect and process data that is necessary for our stated purposes.
Staff Training
Regular privacy and security training for all organizers and team members.
11. Children’s Privacy
Age Restriction: Our services are not intended for individuals under 13 years of age. We do not knowingly collect personal data from children under 13. If you become aware that a child has provided us with personal data, please contact us immediately and we will delete it.
12. Changes to This Privacy Policy
We may update this privacy policy from time to time. When we make changes, we will:
Update the date
Update the “Last updated” date at the top of this policy
Notify active users
Send email notifications about significant changes
Request renewed consent
For significant changes, we may request renewed consent where required by law
13. Contact Information and Complaints
Contact Us
For privacy-related questions:
📧contact@cloudnativebergen.devSubject line: Please include “Privacy Policy” in your email subject
Response time: We will respond within 30 days and may request identity verification for security purposes
File a Complaint
If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the data protection authority:
Norwegian Data Protection Authority (Datatilsynet)
Website: www.datatilsynet.no
Email: postkasse@datatilsynet.no
This privacy policy complies with the EU General Data Protection Regulation (GDPR) and Norwegian data protection laws.