General Data Protection Regulation (GDPR) Policy for N0PSctf

Introduction:

This document outlines the measures taken by N0PSctf to ensure compliance with the European Union's General Data Protection Regulation (GDPR). By participating in this event, you consent to the collection, use, and sharing of your personal data as outlined below.

  1. Personal Data Collection:
    • Username
    • Email address
    • Profile picture (if provided)
    • Affiliation (team/company name, if applicable)
    • IP address
    • Device information (type and operating system)
    • Browser type and version
    • CTF performance data (scores, rankings, etc.)
  2. Personal Data Use:
    • Event organization and management
    • Communication with participants regarding event updates, results, and other relevant information
    • CTF performance analysis and reporting
    • Security monitoring to prevent fraudulent or malicious activities during the event
    • Anonymous data aggregation for statistical analysis and improvement of future events
  3. Data Sharing:
    • CTFd platform (as the data processor) for the purposes of hosting and managing the CTF event
    • Event organizers, staff, and volunteers involved in running the CTF event
    • Law enforcement agencies or regulatory authorities, if required by law
  4. Data Protection:
    • Encryption of sensitive data
    • Limited access to personal data on a need-to-know basis
  5. Data Retention:

    N0PSctf will retain your personal data for the duration of the CTF event, plus an additional two years after the event's completion to facilitate communication regarding results and feedback. After this period, all personal data related to the CTF event will be securely deleted or anonymized.

  6. Data Subject Rights:
    • Right of access
    • Right to rectification
    • Right to erasure (right to be forgotten)
    • Right to restrict processing
    • Right to object
    • Right to data portability

    To exercise any of these rights, please contact N0PSctf's Data Protection Officer at info@nops.re. We will respond to your request within one month from the date of receipt.

  7. Changes to this Policy:

    N0PSctf reserves the right to update or modify this GDPR policy at any time. Any changes will be posted on our website and become effective immediately upon posting. Please review this policy periodically for updates.

  8. Contact Information:

    If you have any questions or concerns about this GDPR policy or how N0PSctf processes your personal data, please contact our Data Protection Officer at info@nops.re.