GDPR Compliance Statement for Bhutan Dev Fest Hackathon
Bhutan Dev Fest Hackathon, organized by GovTech Agency, Bhutan, is committed to protecting and respecting your privacy and personal data in compliance with the General Data Protection Regulation (GDPR).
Our Commitment to Data Protection
As a global hackathon attracting participants from the European Economic Area (EEA) and worldwide, we adhere to GDPR principles even though we're based outside the EU. This ensures the highest standards of data protection for all participants regardless of location.
Legal Basis for Processing
We process your personal data under the following legal bases:
- Consent: When you voluntarily register for the hackathon
- Contract: To fulfill our obligations to you as a participant
- Legitimate Interest: To organize, improve, and promote the hackathon
Your Rights Under GDPR
As a Bhutan Dev Fest participant, you have the right to:
- Access your personal data
- Rectify inaccurate information
- Erase your data ("right to be forgotten")
- Restrict processing
- Data portability
- Object to processing
- Withdraw consent at any time
Data Protection Measures
We implement appropriate technical and organizational measures to ensure data security, including:
- Encryption of sensitive personal data
- Regular security assessments
- Access controls and authentication
- Data minimization practices
- Staff training on data protection
International Data Transfers
For participants from the EEA, we ensure that any transfer of personal data outside the EEA is subject to appropriate safeguards as required by GDPR.
Data Retention
We retain your personal data only for as long as necessary for the purposes of the hackathon and as required by applicable laws. Project submissions may be retained longer for showcase purposes with your consent.
Data Protection Officer
While not legally required for our organization, we have appointed a Data Protection Coordinator who can be contacted at gdpr@thunderdev-hackathon.org for any privacy concerns.
Data Breach Notification
In the unlikely event of a data breach affecting your personal information, we will notify relevant supervisory authorities and affected participants within 72 hours of becoming aware of the breach.
Third-Party Processors
Any third parties processing personal data on our behalf (such as registration platforms, collaboration tools, or evaluation systems) are bound by data processing agreements compliant with GDPR requirements.
This GDPR Compliance Statement supplements our Privacy Policy and Terms and Conditions. By participating in ThunderDev Hackathon, you acknowledge that you have read and understood this statement.