Bread&Net is an annual unconference that promotes and defends digital rights across Arabic-speaking countries. Hosted by SMEX, Bread&Net is a platform built for and sustained by hundreds of activists, technologists, journalists, researchers, lawyers, academics, entrepreneurs, and human rights defenders from around the world, with a particular focus on digital rights and digital freedoms in Arabic-speaking countries.
Bread&Net is committed to safeguarding the privacy of all participants as strictly as possible, both online and offline. We are aware of the heightened privacy risks associated with hosting an online event and undertake to mitigate these risks. This Privacy Policy explains how we use the personal data we collect from you when you participate in the unconference.
This Privacy Policy applies to all Bread&Net participants, including staff, speakers, and attendees, across all physical and virtual platforms.
. 
Your Personal Data
We collect the following personal data during proposal submission or event registration:

• Name and last name 
• Email address
• Phone number
• Age Range
• Gender
• Accessibility requirements
• Passport Copy

We also ask for a passport copy from participants who are receiving travel support from SMEX. 
The legal basis for collecting data is your consent, which must be freely given, specific, informed and unambiguous.

How we use your personal data:
Your personal data will be processed only for purposes necessary to organize Bread&Net, for correspondence, scheduling, and internal recordkeeping. Your personal data will not be sold, rented, or otherwise released to third parties without your prior written consent. We will not share your personal data on our social media channels, promotional material, and other public platforms or documents without your prior written consent. Your personal data will only be accessible to the Bread&Net organizing committee, all of whom are bound by this Privacy Policy, as well as the SMEX Code of Conduct, which prohibits unauthorized sharing of information.
We reserve the right to share your personal data in accordance with any applicable Lebanese law if we are of the opinion that it is absolutely necessary for the interests of justice and in accordance with international human rights standards.
Each participant in Bread&Net should determine, before the event, if they agree or do not agree to appear in pictures and videos, and if they agree for their name to be shown if they are participants. Different lines will be assigned for people who wish to stay private during the event. This will be determined by consent forms sent to all participants, speakers, or moderators.
Bread&Net prohibits video and audio recording of sessions without the prior written consent of all participants. When such consent is given, recordings are only permitted after all personal information has been redacted. While we acknowledge that our control over participants in this regard is limited, should any unauthorized recordings surface online, we undertake to have the content removed.

Third-Party Services
Bread&Net uses third-party service providers to perform certain functions towards hosting the event. These include the proposal submission form and the event platform. In terms of the contractual relationship between SMEX, as the organizer of Bread&Net, and these service providers, SMEX retains ownership of the personal data you provide to them when participating in Bread&Net, and we undertake to ensure that this data is not mismanaged. Our third-party service providers share our commitment to privacy and security, but we do not ultimately have control over their privacy policies. We have signed agreements for the protection of personal data with these third-party services.

Third parties are: 

• Pretlax
• Google forms
• Paperform
• Hotels in Beirut (TBA)
• Travel Agency (TBA)
• Taxi Company (TBA) 

Other social media channels
Bread&Net’s public social media channels are administered by Facebook, Twitter, and Instagram respectively, and managed by the Bread&Net team. Engagement with our social media channels is governed by the privacy policies of each platform, which users consent to by signing up for the platform. We recommend you review these privacy policies and your privacy settings on each platform before Bread&Net.

Data retention

On the basis of contractual obligations, we collect and store your personal data for a period of 10 years.

Deletion of personal information 
After the data retention period, your personal data will be deleted from our database. However, we reserve the right to keep personal data which have already been anonymised and cannot be traced back to a specific individual.
You may also request the deletion of your personal data, as provided for in the section about your rights.

Data Security 
We take industry standard precautions and security measures to protect your personal data from misuse, breaches and loss. Like with every digital tool, there are risks, even if rare, out of the HelpDesk’s control. We store all personal data you provide to us on servers employing security protections.

The safety and security of your information also depends on you, please remember not to share your personal information unless it is impossible to solve the case otherwise. Please do not share personal data when there is no need to. 

Your rights
You have a number of rights that you can exercise on your personal data: 

1. The right to request information regarding the data concerning you
2. The right to access your personal data: You have the right to request SMEX for copies of your personal data. We may charge you a small fee for this service.
3. The right to rectification: You have the right to request that SMEX corrects any information you believe is inaccurate. You also have the right to request SMEX to complete the information you believe is incomplete.
4. The right to erasure: You have the right to request that SMEX erases your personal data, under certain conditions.
5. The right to restrict processing: You have the right to request that SMEX restricts the processing of your personal data, under certain conditions.
6. The right to object to processing: You have the right to object to SMEX’s processing of your personal data, under certain conditions.
7. The right to portability:  You have the right to request that SMEX transfers the data that we have collected to another organization, or directly to you, under certain conditions. 
8. The right to object and rights related to automated decision-making: you have the right to not be subject to any decision based solely on automated processing, including profiling, and to request human intervention.  

To exercise your rights, you can contact us at: breadandnet@smex.org 
In some countries, you may have the right to file a complaint with your local data protection authority. 
Should you have any further questions or concerns, you can contact us at: breadandnet@smex.org

Changes to our Privacy Policy
We will post any changes made to this Policy in this section, please check this page frequently. 

Bread&Net keeps its Privacy Policy under regular review and places any updates on this web page. This Privacy Policy was last updated on May 12th, 2023. 

GLOSSARY

1. Personal data: any information relating to an identified or identifiable natural person

• Categories of personal data:

General personal data: may include personal identification details such as name and address, customer relationships, personal finances, tax-related matters, debts, sick days, work-related circumstances, family circumstances, residence, car, qualifications, applications, CV, date of employment, position, area of work, work phone, key data: name, address, date of birth, IP address or other similar non-sensitive information.
Sensitive personal data: 

• Details of racial or ethnic origin.
• Political, religious or philosophical beliefs.
• Trade union affiliation.
• The processing of genetic data and/or biometric data for the purpose of uniquely identifying a natural person.
• Health details.
• Information about a person's sex life or sexual orientation.

Details of criminal offenses: information that a person has committed a particular offense, but it may also be e.g. information that a person is serving a prison sentence. In other words, details of criminal offenses are information which can be used to deduce that a person has committed a criminal offense. Rules for the processing of information concerning criminal offenses are not laid down in the regulation, but will be determined in the individual countries.

2. Data subject: an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
3. Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
4. Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
5. Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
6. Third party: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
7. Consent: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.