The International Internet of Things Forum (hereafter “IoT Forum”) located in Geneva Switzerland, aims at promoting international cooperation and dialogue. Its Services include, inter alia, website and online information, international events, and activities related to its aims. This Privacy Policy describes how the IoT Forum, which is the Data Controller, collects and processes personal data, including in the context of events it organizes.

Data Minimization
IoT Forum avoids collecting unnecessary personal data and follows “privacy by design” and “data minimization” policies for data processing and retention.

Purpose and Use of Collected Information
The IoT Forum processes personal data for the sole purposes of its aims, activities and Services, including:

• Registration, invoicing and billing of participants to the IoT Forum events and activities.
• Membership applications and management, including membership fees invoicing.
• Enabling users and IoT Forum interact and communicate with each other.
• Informing IoT Forum events participants on IoT Forum related events and activities.
• Improving users experience on our website.
• Authenticating, securing and collecting statistics on remote connections.

How Data Can Be Collected
The IoT Forum can receive information and personal data through its websites, email notifications, and other interactions means, and may include:

• Information you provide about yourself when you use our Services.
• Information collected automatically and shared by your device for connectivity, such as your IP address, software configurations, etc. Such data may be logged for security reasons.
• Cookies and similar technologies: We limit the use of “cookie” technology and other similar technologies. Detailed information on the cookies we use and the way to deactivate them is available on the Cookies Policy page.

Policy Towards Children
In principle, our Services are not directed to persons under 16 years of age. Any participant to an IoT Forum event who is a minor of age shall have a parental agreement before sharing any personal data with us. Anyone who becomes aware that someone under 16 years of age has provided us with personal data without parental agreement should contact us.

Data Storage and Retention Period
IoT Forum stores its data in Europe (mainly Switzerland). The data retention period is minimized and data that are not useful anymore are deleted. The data retention period is determined by taking into account the legal, security, management and other legitimate Service requirements.

Sharing and Transfer of Information
Personal data are processed with care and strict rules are applied to avoid any unnecessary data transfers to third parties or to geographic locations that may expose the data at risk. We may share personal data in the following cases:

• With Data Processors and Partners for our Services and activities, such as online payment solutions, onsite registration process, or data storage infrastructure. The list of data processors is available by simple request to the data protection officer.
• When Required by Law or for legitimate purpose, such as: protecting the legal rights and safety of IoT Forum, its partners, and the users of its Services.
• For Reporting: We usually use aggregated and anonymized data when reporting on the participants to our events. However, names and affiliations of participants attending IoT Forum as keynote speakers, chairs, moderators, speakers or officials may appear in public reports, press releases and through other information means.

If you subscribe to our newsletter
In order to register for a newsletter service provided by the IoT Forum, we need your e-mail address so that we know where to send the newsletter.
We use MailChimp to manage our newsletter. There’s no third-party tracking in messages we send through MailChimp besides MailChimp’s own analytics, which may aggregate how many subscribers open a message or click the links inside. MailChimp stores your email addresses. MailChimp’s privacy policy is available at http://mailchimp.com/legal/privacy.
You can cancel subscriptions to our newsletters at any time. To do so, either send us an e-mail or follow the link at the end of the newsletter.

Security
We use physical, technical, and administrative measures to safeguard information in our possession against loss, theft and unauthorized use, disclosure, or modification. Please note, however, that no data transmission or storage can be guaranteed to be 100% secure. As a result, while we strive to protect the information we maintain, we cannot ensure or warrant the security of any information that you transmit to us. If you identify any weakness in our security, please inform us.
Data Subject Rights
Users have rights on their personal data. You may contact our Data Protection Officer in order to assert your rights as a Data Subject, including the right to access, rectify, erase your personal data; the right to withdraw consent and to restrict or object to the processing of your personal data; and the right to portability of your personal data. Data Subjects also have the right to lodge a complaint with a supervisory authority in case their rights would be violated.
Changes to this Policy
We may revise this Privacy Policy from time to time and make changes at our sole discretion. The most current version of the policy will govern our use of your information and will be available on the IoT Forum website: www.iotforum.org. By continuing to access or use the Services after those changes become effective, you agree to be bound by the revised Privacy Policy.

Data Protection Officer and Contact
If you have any questions about this policy or your privacy on the Services, you can contact our Data Protection Officer at mail privacy[at]iotforum.org