Heapcon 2025 Privacy Policy

Last updated: [28 October 2025]

1. Who we are

This Privacy Policy explains how Heapspace, Belgrade (Serbia), VAT number: 108772431, Registration number: 28158777 (“Heapspace”, “we”, “us”) collects and uses personal data in connection with the Heapcon 2025 conference.

Contact: heapcon@heapspace.rs

Data Protection Contact / DPO (if applicable): Dimitrije Stamenković

2. Scope

This policy covers data processed through:

  • The Heapcon website (heapcon.io/2025)

  • Ticketing and attendee management (via Entrio)

  • On-site registration and badge QR scanning (via RentIT)

  • Interactions with conference exhibitors and sponsors at the venue

3. What data we collect

  • Registration and attendance data: name, email, company, job title/role, country, ticket type, check-in status, and similar details you provide via Entrio or to us.

  • On-site badge data: your badge contains a unique QR code that allows authorized exhibitors to retrieve your contact details when you choose to let them scan your badge.

  • Interaction data: session check-ins, workshop selections, networking preferences, dietary requirements (if provided), and general conference analytics (aggregated).

  • Communications: emails you send us and your preferences for event communications.

  • Website data: basic technical logs and analytics (IP address, device/browser info). We do not use invasive profiling.

4. How we use your data

  • Deliver the event you registered for (ticketing, access control, agenda communications, support).

  • Operate on-site services, including badge printing and scanning.

  • Share your details with exhibitors only when you allow your badge to be scanned at their booth.

  • Event communications (program updates, logistics, post-event surveys).

  • Security and compliance (fraud prevention, health and safety, legal obligations).

  • Event analytics to improve future editions (aggregated wherever possible).

5. Legal bases (GDPR / applicable local law)

  • Contract performance: to deliver the conference you registered for.

  • Legitimate interests: event operations, safety, aggregated analytics, and preventing abuse, balanced against your rights.

  • Consent: marketing you opt into and sharing your data with exhibitors when you allow a scan. The act of allowing a booth to scan your badge is your consent to share your contact details with that exhibitor for follow-up.

6. Badge scanning at exhibitor booths (lead collection)

  • Your printed badge includes a QR code.

  • If you allow an exhibitor to scan your badge, we will provide that exhibitor with your contact details (typically name, email, company, job title/role; exact fields may vary by registration form).

  • Exhibitors may add private notes to their lead records (e.g., “interested in backend roles”).

  • No scan = no data sharing. If you prefer not to share your data with a booth, simply decline the scan.

  • Exhibitors act as independent data controllers for the data they receive via scans and must handle it in line with their own privacy obligations. You may contact them directly to exercise your rights.

7. Who we share data with

  • Entrio (ticketing provider) for ticket purchase/claim, attendee lists, and access management.

  • RentIT (on-site registration and scanning) for badge printing and lead capture operations.

  • Eventee (official event app) to provide access to the event agenda, session details, updates, networking features, and attendee profiles.

  • Brevo (email service provider) to send operational event emails such as schedules, reminders, and post-event surveys.

  • Exhibitors/Sponsors: only when you allow your badge to be scanned at their booth.

  • Vetted processors providing hosting, email delivery, and analytics under contracts that protect your data.

These providers act as data processors, meaning they process personal data strictly according to our instructions and under appropriate data protection agreements.

We do not sell personal data.

8. International transfers

When data leaves your country/EEA/UK, we use appropriate safeguards (e.g., EU Standard Contractual Clauses) and assess the destination’s protections where required.

9. Data retention

  • Registration and operational data: for the duration of the event plus up to 24 months for accounting, compliance, and event-improvement purposes.

  • Lead data shared with exhibitors: retention is determined by each exhibitor’s policy. Contact them directly for details or deletion.

  • We keep communications and legal records for periods required by law.

10. Your rights

Subject to applicable law, you may have rights to access, correct, delete, restrict, object, and port your data, and to withdraw consent at any time (withdrawal does not affect prior processing).

To exercise rights: contact heapcon@heapspace.rs. You may also lodge a complaint with your local supervisory authority.

11. Security

We use administrative, technical, and physical safeguards appropriate to the risks of event operations. No system is perfectly secure, but we continuously work to protect your data.

12. Children

Heapcon is a professional event not directed to children. We do not knowingly collect data from children under applicable age thresholds.

13. Changes to this policy

We may update this policy for legal, technical, or operational reasons. Material changes will be highlighted on this page prior to taking effect.

Contact: [heapcon@heapspace.rs]