Privacy policy.

We are committed to handling personal data in line with the Swiss Federal Act on Data Protection (“FADP”) and, where applicable, the EU General Data Protection Regulation (“GDPR”). This Notice explains how we process personal data in the context of a large-scale event where individual interactions and individual consents may not be feasible.

1. Controller

Switzerland Blockchain Promotion Association
Address: c/o Alexander Brunner, Zollikerstrasse 126 8008 Zurich, Switzerland

E-mail: alexander@homeofblockchain.swiss

The controller is responsible for all processing described in this Notice.

2. Categories of Personal Data Processed at Large Events

Operational and registration data

  • Identity and contact information

  • Professional affiliation

  • Registration or ticket information

  • Access control data (e.g., badge scans, entry logs)

Special categories (explicitly marked)

  • Dietary requirements, accessibility requirements

    • Under FADP: particularly sensitive personal data

    • Under GDPR: special categories of personal data

Technical and infrastructure data

  • IP address, device identifiers, platform logs

  • Security surveillance and access management data

Image and audio data

At large events, image/audio data is collected from:

  • professional photographers and videographers

  • general crowd documentation

  • livestreams

  • incidental recordings by staff or contracted media teams

3. Purposes and Legal Bases

a. Event Organisation and Participant Management

Ensuring registration, capacity management, access control, security and logistics.

  • Under the FADP: necessary to fulfil our obligations and justified by overriding private interests.

  • Under the GDPR: Art. 6(1)(b) (contract performance) and Art. 6(1)(f) (legitimate interests).

b. Safety, Crowd Management and Compliance

Large events require operational safety measures, including monitoring flows, emergency procedures, and legal obligations.

  • Under the FADP: overriding private interests; legal obligations.

  • Under the GDPR: Art. 6(1)(c) and Art. 6(1)(f).

c. Communications Before, During and After the Event

Such as schedules, program updates, post-event surveys, and conference summaries by us as well as by our sponsors and partners.

  • Under the FADP: necessary to handle your request and the event participation.

  • Under the GDPR: Art. 6(1)(b) and Art. 6(1)(f).

d. Large-Scale Photography, Video and Live Recording

1. Group and crowd recordings (default at large events)

Due to the nature of mass events, participants may appear in:

  • wide-angle shots,

  • crowd shots,

  • background footage.

Legal basis:

  • Under the FADP: overriding private interests (documentation, communication, public relations).

  • Under the GDPR: Art. 6(1)(f) (legitimate interests).

2. Close-up images, interviews, identifiable portraits

These require a voluntary, explicit consent, typically obtained orally or in writing at the moment of filming.

  • Under the FADP: explicit consent

  • Under the GDPR: Art. 6(1)(a) and Art. 9(2)(a) where special categories are involved

3. Minimisation safeguards

  • Signage at entry points

  • Zones where photography is expected (stage areas, media zones)

  • “No prominent appearance” measures upon request

e. Marketing and Future Event Information

  • Under the FADP: overriding private interests; opt-out available.

  • Under the GDPR:

    • Existing customers: Art. 6(1)(f) (“soft opt-in”)

    • Other cases: consent where required

f. Processing of Special Categories

Special categories (dietary, accessibility) are processed:

  • Under the FADP: only with explicit consent or where necessary for safety obligations

  • Under the GDPR: Art. 9(2)(a) (consent) or other applicable Art. 9 exceptions

4. Disclosure and International Transfers

We may share personal data with:

  • Event infrastructure providers

  • Security and safety service providers

  • IT hosting and platform providers

  • Media or communication partners (as needed and proportionate)

International transfers

  • Under the FADP: adequate jurisdictions or recognised safeguards (e.g., SCCs)

  • Under the GDPR: adequacy decisions, SCCs or Art. 49 exemptions

5. Retention

Retention follows the principle of purpose limitation:

  • Operational/contract data: for the event duration and statutory retention periods

  • Crowd recordings: retained according to communication and documentation policies

  • Special categories: deleted as soon as operationally fulfilled

  • Technical logs: retained according to security standards

Data is deleted or anonymised once no longer necessary.

6. Your Rights

Under the Swiss FADP

You may request:

  • access,

  • rectification,

  • deletion,

  • objection (where applicable),

  • data portability (in the limited cases defined by law).

Under the GDPR

You may exercise the rights of:

  • access, rectification

  • erasure

  • restriction

  • objection (including to marketing)

  • portability

  • withdrawal of consent

We may need to verify your identity before fulfilling your request.

7. Data Security

We implement technical and organisational measures appropriate to the risks of a large-scale event environment.

8. Updates

This Notice may be updated to reflect changes in processing or the applicable laws. The most recent version is provided on the event website or on request.