Privacy Policy

Introduction

This Privacy Policy outlines how the 1st International Conference on Emerging Technologies and Business Digital Transformation (ICETBDT), organized by SITER Academy, Norway (“we,” “us,” or “our”), collects, uses, shares, and protects your personal information when you visit our website at https://icetbdt.no (the “Website”), register for the conference, submit papers, participate in the Doctoral Consortium, access training labs, book tour packages, or otherwise engage with our services. The conference, held in Bergen, Norway, on 22-23 January 2026, is a hybrid event focused on emerging technologies and digital transformation in business, including Cloud Computing, AI, Data Science, ICT, Software Engineering, e-commerce, e-learning, and FinTech.

We are committed to safeguarding your privacy and ensuring full compliance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) and the Norwegian Personal Data Act, as we operate in Norway, an EEA member state. By using our Website or services, you consent to the practices described in this policy. If you do not agree, please refrain from using our services. We may update this policy periodically, with changes posted on this page and the “Last Updated” date noted at the end. For inquiries or to exercise your rights under GDPR, contact us at conference@icetbdt.no or SITER Academy, Lønningsvegen 47, Blomsterdalen 5258, Near Bergen Airport, Norway.

1. Responsibility for Processing Personal Data

ICETBDT, operated by SITER Academy, is the data controller (as defined in GDPR Article 4(7)) for personal data processed in connection with our operations, unless we act as a data processor on behalf of our institutional partners (see Section 4). As the data controller, we determine the purposes and means of processing personal data in accordance with GDPR principles, including lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, confidentiality, and accountability (GDPR Article 5).

Contact Details for the Data Controller:

• Conference Name: 1st International Conference on Emerging Technologies and Business Digital Transformation (ICETBDT)
• Address: SITER Academy, Lønningsvegen 47, Blomsterdalen 5258, Near Bergen Airport, Norway
• Email: conference@icetbdt.no
• Phone: +47 412 86 050

If you have concerns about our processing, you may also lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) at www.datatilsynet.no or another supervisory authority in your EEA member state of residence or workplace (GDPR Article 77).

2. Processing of Personal Data

We collect and process personal data only when necessary for specified, explicit, and legitimate purposes, based on your interaction with the ICETBDT conference (e.g., as a participant, author, Doctoral Consortium member, or committee member). All processing is lawful under GDPR Article 6 and, where applicable, Article 9 for special categories of data. We apply data minimisation, ensuring we collect only what is adequate, relevant, and limited to what is necessary. Below, we detail the categories of data, purposes, legal bases, and retention periods in a transparent manner.

2.1 Information We Collect

Information You Provide Directly

• Conference Registration: Data: Full name, email address, phone number, institutional affiliation, professional background, payment details (if applicable), dietary preferences (for physical attendees), accessibility needs, and session preferences (in-person or virtual). Purpose: To manage registrations, issue certificates, facilitate hybrid participation, and provide event accommodations. Legal Basis: Performance of a contract (GDPR Article 6(1)(b)) for event delivery; explicit consent (GDPR Article 9(2)(a)) for special categories like dietary preferences or accessibility needs.
• Paper and Doctoral Consortium Submissions: Data: Full name, contact details, co-author information, paper content, abstracts, keywords, methodology, results, and related communications. Purpose: To process submissions, conduct peer reviews, and publish accepted papers or consortium outputs in open access proceedings. Legal Basis: Performance of a contract (GDPR Article 6(1)(b)) for submission processing; consent (GDPR Article 6(1)(a)) for any optional data.
• Training Labs Enrollment: Data: Full name, email, affiliation, and preferences for AI, Data, or Cloud lab use cases. Purpose: To grant access to labs for early bird registrants and analyse usage for service improvement. Legal Basis: Performance of a contract (GDPR Article 6(1)(b)); legitimate interests (GDPR Article 6(1)(f)) for enhancing services, balanced against your rights.
• Tour Package Booking: Data: Travel details, passport information (for visa assistance), and accommodation preferences. Purpose: To arrange the self-guided Norway tour itinerary. Legal Basis: Performance of a contract (GDPR Article 6(1)(b)); explicit consent (GDPR Article 9(2)(a)) for special categories like passport details.
• Communications and Inquiries: Data: Full name, email, and message content via contact forms, emails, or newsletter sign-ups. Purpose: To respond to inquiries, send transactional updates (e.g., submission deadlines, event details), and distribute newsletters. Legal Basis: Legitimate interests (GDPR Article 6(1)(f)) for essential communications; consent (GDPR Article 6(1)(a)) for newsletters, with easy opt-out.
• Committee and Speaker Applications: Data: CVs, professional history, contact details, and expertise areas. Purpose: To evaluate and manage committee or speaker roles. Legal Basis: Performance of a contract (GDPR Article 6(1)(b)); legitimate interests (GDPR Article 6(1)(f)) for ensuring event quality.
• Networking and Events: Data: Data from badge scans, conference app interactions, or attendee lists (with your control). Purpose: To facilitate networking and collaboration. Legal Basis: Consent (GDPR Article 6(1)(a)); legitimate interests (GDPR Article 6(1)(f)) for event enhancement.

We collect special categories of personal data (GDPR Article 9, e.g., dietary preferences, accessibility needs) only with your explicit consent and delete them promptly after the purpose is fulfilled.

Information Collected Automatically

• Device and Usage Data: Data: IP address, browser type, device information, operating system, pages visited, time spent, and referral sources, collected via server logs and analytics tools (e.g., Matomo, Google Analytics) where consented. Purpose: To optimise Website functionality, enhance security, and improve user experience. Legal Basis: Legitimate interests (GDPR Article 6(1)(f)) for core operations; consent (GDPR Article 6(1)(a)) for non-essential tracking.
• Login and Activity Data: Data: IP address, login history, and session activity for virtual sessions, labs, or app usage. Purpose: To secure accounts and monitor participation. Legal Basis: Legitimate interests (GDPR Article 6(1)(f)) for security; performance of a contract (GDPR Article 6(1)(b)) for access provision.

Information from Third Parties

• Institutional or partner data: Name, email, and affiliation from institutions or partners.
• Public sources: Publication history or professional details from academic databases (e.g., ORCID, ResearchGate) for verification.
• Payment processors: Billing information from providers like Stripe. Purpose: To verify affiliations, process payments, and enhance profiles. Legal Basis: Legitimate interests (GDPR Article 6(1)(f)); performance of a contract (GDPR Article 6(1)(b)).

2.2 How We Use Your Information

We process personal data strictly for the purposes outlined, without further compatible processing unless informed:

• Event delivery and hybrid participation.
• Submission review, peer evaluation, and open access publication.
• Training lab access and usage analysis.
• Networking facilitation via controlled sharing.
• Website optimisation and content personalisation.
• Transactional communications and consented marketing.
• Anonymised analytics for reporting and planning.
• Security, fraud prevention, and legal compliance (GDPR Article 6(1)(c)).

We do not engage in automated decision-making producing legal effects or similarly significant impacts without human review (GDPR Article 22).

3. Storage and Deletion of Personal Data

We retain personal data no longer than necessary, applying storage limitation (GDPR Article 5(1)(e)):

• Registration/Attendance: Until event end + 2 years (follow-up, accounting).
• Submissions: Review cycle + 5 years (archiving, disputes).
• Training Labs: Access period + 1 year (analytics).
• Tour Data: Completion + 1 year (records).
• Communications: Until opt-out or 3 years inactivity.
• Analytics: Anonymised after 14-26 months.
• Special Categories: Deleted immediately post-event.

Data is securely deleted or anonymised (rendering it non-personal) when retention ends. You may request earlier erasure where applicable.

4. Processing as a Data Processor

When acting as a processor (e.g., for partners’ users), we process data solely on the controller’s documented instructions under a GDPR Article 28-compliant agreement. The partner informs you of processing; we delete data upon instruction or agreement end.

5. Transfer or Disclosure of Personal Data

We disclose data only where necessary and with safeguards (integrity and confidentiality, GDPR Article 5(1)(f)):

• To processors (e.g., event platforms, Stripe, analytics) under Article 28 agreements.
• To partners, committee, reviewers, or sponsors for operations.
• To attendees via consented lists or app.
• To publishers for proceedings.
• To tour operators for bookings.
• For legal obligations or business transfers.

We do not sell data. International transfers outside EEA use adequacy decisions, Standard Contractual Clauses (GDPR Article 46), or other safeguards (Chapter V).

6. Security of Data Processing

We implement appropriate technical and organisational measures (GDPR Article 32), including encryption, access controls, pseudonymisation where feasible, regular testing, and breach response plans. Breaches risking rights are notified to Datatilsynet within 72 hours (GDPR Article 33) and to you if high risk (Article 34).

7. Your Rights

As a data subject, you have rights (GDPR Chapter III), free of charge unless manifestly unfounded/excessive:

• Access (Article 15): Copy of your data.
• Rectification (Article 16): Correct inaccuracies.
• Erasure (“right to be forgotten,” Article 17): Delete where no overriding grounds.
• Restriction (Article 18): Limit processing.
• Data Portability (Article 20): Receive in structured format.
• Objection (Article 21): To legitimate interests or direct marketing.
• Withdraw Consent (Article 7): Anytime, without affecting prior lawfulness.

Contact conference@icetbdt.no; we respond within one month (extendable). Identity verification may apply.

8. Children’s Privacy

Services are not directed to individuals under 16. We do not knowingly process their data without verifiable parental consent (GDPR Article 8).

9. Links to Third-Party Websites

Links to external sites (e.g., ORCID, Stripe) are not covered by this policy; review their privacy notices.

10. Changes to This Policy

Updates reflect practice or legal changes, posted here with notification for material changes if we hold your contact.

11. Contact Us

SITER Academy, Lønningsvegen 47, Blomsterdalen 5258, Near Bergen Airport, Norway Email: conference@icetbdt.no Phone: +47 412 86 050

This policy is governed by Norwegian law, supplementing GDPR.