Privacy Policy

INFORMATION RELATED TO THE PRIVACY POLICY OF THE WEBSITE WWW.CROWDSWARM.IO

The document was updated on 20/01/2020 to comply with the regulations, and in particular in compliance with EU Regulation 2016/679.

  1. This section contains information related to the management methods of CROWDSWARM with reference to the processing of user’s data of the services provided by CROWDSWARM through the www.crowdswarm.io website and related subdomains *.crowdswarm.io.
  2. This privacy policy is also valid for the purposes of Article 2, Federal Law Number 5 of 2012 on Combatting Cybercrimes (the “Cybercrime Law”) regarding the protection of personal data, and for the purposes of Article 13 of EU Regulation no. 2016/679, concerning the protection of individuals with regard to the processing of personal data and on the free movement of such data, for persons interacting with CROWDSWARM and can be reached at the address corresponding to the home page: www.crowdswarm.io.
  3. The privacy policy is provided only for CROWDSWARM and related subdomains *.crowdswarm.io, not extended to other external websites, possibly browsed by the user through links contained in CROWDSWARM.
  4. The purpose of this document is to provide information about the methods, timing and nature of the information that the data controller must provide to users when connecting to the CROWDSWARM web pages, regardless of the purpose of the connection, according to the European and UAE legislation.
  5. The privacy policy may undergo changes due to the introduction of new rules and subsequent functionalities and services provided by the web portal. Each change will require the approval of the user during its first access to the platform next to the changes.
  6. If the user is under the age of 16, pursuant to the article 8, c.1 EU regulation 2016/679, he/she must legitimize his/her consent through the authorization of his/her parents or guardians.

DATA PROCESSING

DATA CONTROLLER

  1. The data controller is the natural or legal person, public authority, service or other body that, individually or together with others, determines the purposes and means of processing personal data. This position also deals with safety profiles.
  2. With regards to this website, the data controller is: CROWDSWARM, and for any clarification or exercise of the rights of the user he can be contacted at the following email address: info@crowdswarm.io.

DATA CONTROLLER

  1. The processing of data, generated by the use of the services provided by CROWDSWARM through the web portal, takes place at Dubai, United Arab Emirates.
  2. In case of need, the data related to the newsletter service can be processed by individuals appointed for this purpose by the Owner, at their respective locations.

COOKIES

TYPES OF COOKIES

  1. The CROWDSWARM website uses cookies to make the user’s browsing experience easier and more intuitive: cookies are small strings of text used to store some information that may concern the user, his preferences or the device used to access the Internet (computer, tablet or mobile) and these cookies are mainly used to adapt the operation of the website to the user’s expectations, offering a more personalized browsing experience and memorizing the choices made previously.
  2. A cookie consists of a reduced set of data transferred from a web server to the user’s browser and it can only be read by the server that made the transfer. This is not executable code and does not transmit viruses.
  3. Cookies do not record any personal information and any identifiable information will not be stored. If you want, you can prevent the saving of some or all cookies. However, in this case the use of the website and the offered services could be compromised. To proceed without changing the options related to cookies, simply continue browsing.

Below there are the types of cookies that are used by the website:

TECHNICAL COOKIES

  1. There are many technologies used to store information on the user’s computer, which are then collected by the websites. Among these, the best known and used one is based on HTML cookies. They are used for navigation and to facilitate the access and use of the website to the user. They are necessary for the transmission of communications on the electronic network and for the supplier, to provide the service requested by the customer.
  2. The settings to manage or deactivate cookies may vary depending on the used internet browser. In any case, the user can manage or request the general deactivation or cancellation of cookies, modifying the settings of his internet browser. This deactivation can slow down or prevent access to some parts of the website.
  3. The use of technical cookies allows the safe and efficient use of the website.
  4. Cookies that are inserted in the browser and retransmitted by Google Analytics or by the statistics service of blogger providers or similar services are considered as technical only if they are used for the purpose of optimizing the website directly from the owner of the website, which can collect information in aggregate form about the number of users and how they visit the website. Under these conditions, the same rules provided for technical cookies, in terms of privacy policy and approval, are applied to analytics cookies.
  5. From the duration point of view, it’s possible to identify the temporary session cookies, which are deleted automatically at the end of the browsing session and are used to identify the user and thus avoid logging into each visited page, and permanent ones, which remain active in the PC until expiry or cancellation by the user.
  6. Session cookies may be installed in order to allow the access and the continuity of operations in the reserved area of the platform as an authenticated user.
  7. They are not permanently stored, but only for the duration of the navigation, until the browser is closed, and disappear when the browser is closed. Their use is strictly limited to the transmission of session identifiers, consisting of random numbers generated by the server and needed to allow the safe and efficient browsing of the website.

THIRD-PARTY COOKIES

  1. Depending on the provenance, it’s possible to identify the cookies that are sent to the browser directly from the website that the user is browsing and those owned by third parties, sent to the computer from other websites and not from the one that the user is browsing.
  2. Permanent cookies are often third-party cookies.
  3. The majority of third-party cookies consists of tracking cookies, used to identify online behavior, understand the interests and then customize the advertising proposals for users.
  4. Third-party analytical cookies may be installed. They are sent from the domains of the aforementioned third parties, that are external to the website.
  5. The third-party analytical cookies are used to provide information about the behavior of users on CROWDSWARM’s platform. The detection is anonymous, in order to monitor the performance and improve the usability of the website. The third-party profiling cookies are used to create users’ profiles, in order to propose advertising messages that follow the choices expressed by the users.
  6. The use of these cookies is governed by the rules set by the third parties themselves, therefore, users are invited to read the privacy policies and the indications to manage or disable the cookies, that are published on the related web pages.

PROFILING COOKIES

  1. Profiling cookies are used to create profiles related to the user and they are used in order to send advertising messages that follow the preferences expressed by the user when surfing the net.
  2. When these types of cookies are used, the user must give explicit consent.
  3. Article 22 of EU Regulation 2016/679 will be applied.

PROCESSED DATA

DATA PROCESSING MODE

The processing of personal data is fulfilled mainly using electronic procedures and supports (database, backend application, etc.) for the time strictly necessary to achieve the purposes for which the data are collected and, in any case, in accordance with the principles of lawfulness, correctness, non-excess and relevance considered by the current privacy legislation.

  1. This website uses log files where it keeps information collected in an automated manner during users’ browses. The information collected could be the following ones:
    • internet protocol (IP) address;
    • type of browser and device parameters used to connect to the website;
    • name of the Internet service provider (ISP);
    • date and time of visit;
    • web page that brings visitors to CROWDSWARM (referral) and exit pages;
    • possibly the number of clicks.
  2. The aforementioned information is processed in an automated way and collected in an exclusively aggregated way, in order to verify the correct operation of the website, and for security reasons. This information will be processed according to the legitimate interests of the data controller.
  3. For security purposes (email spam filters, firewalls, virus and malware detection), the automatically recorded data may possibly also include personal data such as the IP address, which could be used, in accordance with applicable laws, in order to block attempts to damage the website itself or to damage other users, or in any case of harmful or criminal activities. Such data are never used for the identification or profiling of the user, but only for the protection of the website and its users. This information will be processed according to the legitimate interests of the data controller.
  4. The www.crowdswarm.io website allows the addition of comments, contents, photos and videos of natural disasters, people in special needs or other events linked with the services provided by the platform; in this case, the website automatically detects and records some user identification data. These data are voluntarily provided by the user at the time of requesting service delivery. By adding a comment or other information the user expressly accepts the privacy policy, and in particular agrees that the added contents are freely used by the website. The data received will be used exclusively for the provision of the service and only for the time needed to provide the service.
  5. By registering on the CROWDSWARM platform, users can create their own personal profile. Through the control panel users can manage the level of ‘public visibility’ of their data, thus having the ability to decide independently what information they want to make visible to other users of the platform.
    a) At the initial state, all the visibility settings related to data are in OPT-OUT mode (disabled), so not visible to platform users. For other types of users, such as non-profit organizations, public bodies and companies, the visibility settings are in OPT-IN mode (enabled), so visible to platform users. It is not possible to modify this configuration, as it is necessary to offer the appropriate transparency tools to users of the platform.
  6. The information, that users of the website will deem to make public through the platform’s services and tools, are provided by the user in a conscious and voluntary manner, exempting this website from any liability regarding any violation of the laws. It is up to the users to verify that they have the permission to add personal data of third parties or contents protected by national and international legislation.

PURPOSES OF DATA PROCESSING

  1. The personal data of the users, collected through the registration to the platform, are used to guarantee a correct association between the program and the user, and to offer trust and transparency to the users of the platform.
  2. Data collected by the website during its operation are used for the purposes indicated in this document and kept for the time strictly necessary to carry out the specified activities, and in any case not later than 5 years.
  3. Data used for security purposes (block the attempts to damage the website, etc.) are kept for the time strictly necessary to achieve the previously indicated purpose.

DATA PROVIDED BY THE USER

  1. The CROWDSWARM platform aims to solve the problem of transparency in crowdsourced bug bounty sector: to reach that goal, it uses KYC (Know Your Customer) and Identity Verification Technology and aims to use Blockchain Technology in the near future to show the financial flows between companies and hackers.
  2. Security Reseachers and Companies may voluntarily or be required to provide some personal and sensitive data, sending identity documents and proof of residence, commercial and trade licenses, establishment records needed for the identification, verification and geolocation procedures. Users or organizations can decide which data they want to send to the platform to be correctly identified and geolocated, in order to increase their trust level and be approved as a valid member.
  3. The identified and geolocated users and organizations will be able to enjoy more services and benefit from a greater level of trust in the platform and by its users.
  4. To guarantee identity verification and the correct association and thus be able to offer trust and transparency to the users of the platform, CROWDSWARM directly manages the verification processes related to the identity and geolocation of the users.
  5. The verification of the information provided by the user may be transferred to appointed external company or third party such as KYC provider; the verification operations are performed by appointed, specialized personnel internal to CROWDSWARM or to an appointed third-party, which shall follow rigorous verification procedures.

Types of processed data for user and organization;

  1. All data are used only and exclusively in case that the users or organizations are required to be identified, verified and geolocated, so to verify the correctness of the provided information to perform related services and activities provided by the platform.
  2. As indicated above, the optional, explicit and voluntary sending of e-mails to the CROWDSWARM’s email addresses entails the subsequent acquisition of the sender’s address, necessary to respond to the requests, as well as any other personal data included in the message. As indicated above, CROWDSWARM may send newsletter and marketing e-mails to the subscribed users of the platform, this is an option that users can either OPT-IN or OPT-OUT of.
  3. If necessary, to increase the level of transparency and information regarding specific requests for personal and / or sensitive data and the related processing, specific policy summaries will be shown to the user and they will be progressively reported or displayed on the website pages, predisposed for specific on demand services such as show hacker’s name on the list of hackers for a given program which will be at the discretion of the hacker itself.

SUPPORT IN CONFIGURING YOUR BROWSER

  1. Users can manage cookies also through the setting options of their browser. However, deleting cookies from their browser, they may remove the preferences they have set for the website.
  2. For further information and support, it is possible to also visit the specific help page of the web browser:
    • Internet Explorer:
    http://windows.microsoft.com/en-us/windows-vista/block-or-allow-cookies
    • Firefox:
    https://support.mozilla.org/en-us/kb/enable-and-disable-cookies-website-preferences
    • Safari:
    http://www.apple.com/legal/privacy
    • Chrome:
    https://support.google.com/accounts/answer/61416
    • Opera:
    http://www.opera.com/help/tutorials/security/cookies/

PLUGIN SOCIAL NETWORK

  1. This website also incorporates plugins and/or buttons for social networks, in order to allow the easy sharing of content on users’ favorite social networks. These plugins are programmed in order to not set any cookies when opening the web page, to safeguard the privacy of users. It’s possible that cookies are set, if planned by social networks, only when the user voluntary uses the plugin. Please note that if the user browses the website while he/she is logged into the social network, then he/she has already accepted to use cookies conveyed through this website when signed in the social network.
  2. The collection and use of information obtained thanks to the plugins are governed by the respective social networks’ privacy policies, to whom it is required to refer:
    • Facebook: https://www.facebook.com/help/cookies
    • Twitter: https://help.twitter.com/en/rules-and-policies/twitter-cookies
    • Pinterest: https://policy.pinterest.com/en/privacy-policy
    • Instagram: https://help.instagram.com/402411646841720
    • Linkedin: https://www.linkedin.com/legal/cookie-policy

USER RIGHTS

  1. The art. 13, c. 2 of EU Regulation 2016/679 lists the user’s rights.
  2. The CROWDSWARM website therefore informs the user about the existence of:
    a) the right of the interested party to ask to the data controller the access to personal data (Article 15 of the EU Regulation), their updating, the rectification, integration or the limitation of processing that is related to them or to oppose, for legitimate reasons, to their treatment, in addition to the right to data portability;
    b) the right to request cancellation (Article 17 of the EU Regulation), the transformation into anonymous form or blocking of processed data in violation of the law, including those whose retention is unnecessary for the purposes where the data have been collected or subsequently processed;
    c) the right to obtain the attestation that the operations of updating, rectification, integration of data, cancellation, blocking of data, transformation have been brought to the attention, also in relation to their content, of those that received or managed those data, except in the case where such fulfillments are not possible to deliver or they require a manifestly disproportionate effort in comparison with the protected right
  3. Requests can be made directly through the user’s personal control panel in the CROWDSWARM website, or alternatively via email addressed to the Data Controller, without formalities or, alternatively, using the model provided by the Data Protection Supervisor, or sending an email to: privacy@crowdswarm.io.
  4. If the treatment is based on express consent to the use – or to express consent to the use of genetic, biometric, health-related data, that reveal religious beliefs, philosophical or union membership, that reveal racial or ethnic origin, political opinions – the user has the right to revoke the consent at any time without compromising the lawfulness of the treatment, based on the consent given prior to the revocation.
  5. Likewise, in case of violation of the law, the user has the right to complain about it to the Data Protection Supervisor, as it is the authority responsible for monitoring the data processing in the UAE.
  6. For a more in-depth examination of the rights that the user has, it is possible to look at the article. 15 of the 2016/67 EU Regulation.

DATA TRANSFER TO EXTRA EU COUNTRIES

  1. This website may share some of the collected data with services located outside the European Union. In particular with Google, Facebook and Microsoft (LinkedIn) through social plugins and the Google Analytics service. The transfer is authorized and strictly regulated by Article 45, paragraph 1 of EU Regulation 2016/679, so no further consent is required. The companies mentioned above guarantee their participation in the Privacy Shield.
  2. Data may be transferred to third countries that may not comply with the conditions set out in Article 45 of the EU Regulation.

SECURITY ABOUT PROVIDED DATA

  1. This website processes the data of users in a lawful and correct manner, adopting appropriate security measures to prevent unauthorized access, disclosure, modification or unauthorized destruction of data.
  2. Processing is carried out using IT and/or cloud service tools, with organizational methods and with techniques strictly related to the indicated purposes. The data provided by the users and organizations for identification, verification and geolocation are sent in encrypted form between the users and organizations and the web platform, and through a daily procedure are transferred and offline stored in an isolated, safe and protected environment, in accordance with the current legislation.