Skip to main content

Privacy Policy

Last updated: October 10, 2025

1. Data Controller and Contact Information

Under the General Data Protection Regulation (GDPR), Valchy AI acts as the data controller for personal data collected through the Valchy AI Hackathon.

Data Controller: Valchy AI

Email: valchyai@gmail.com

Location: Sofia, Bulgaria

Data Protection Officer: For data protection inquiries, contact us at the email above

We are committed to protecting your personal data in accordance with GDPR requirements and Bulgarian data protection laws.

2. Lawful Basis for Processing

We process your personal data based on the following lawful grounds under Article 6 of the GDPR:

  • Consent (Article 6(1)(a)): For marketing communications and optional networking activities
  • Contract (Article 6(1)(b)): To fulfill our obligations related to your event participation
  • Legitimate Interest (Article 6(1)(f)): For event organization, security, and improving future events
  • Legal Obligation (Article 6(1)(c)): Where required by law for business records or safety requirements

You have the right to object to processing based on legitimate interest at any time.

3. Information We Collect

When you register for the Valchy AI Hackathon, we collect the following information:

Participant Registration:

  • Contact Information: Full name, email address, and phone number
  • Team Information: Team size and project description
  • Professional Profiles: LinkedIn profile, GitHub profile, and personal website (optional)
  • Event Data: Registration timestamp and participation status

Sponsor Registration:

  • Business Information: Company name, contact person name, email, and phone number
  • Sponsorship Details: Proposed sponsorship amount, company website, and additional messages

Technical Data:

  • IP address, browser type, and device information for security and analytics purposes

4. How We Use Your Information

We use your information exclusively for hackathon-related purposes and will contact you directly as follows:

Communication Methods:

  • Phone Contact: We will contact you via phone for important event updates, coordination, and participation confirmations
  • Email Communication: You will receive emails with instructions, schedules, announcements, and follow-up information directly from us
  • Direct Outreach: All communications come directly from the event organizer - we never use third-party marketing services

Specific Uses:

  • Event registration confirmation and management
  • Sending detailed instructions and preparation materials
  • Coordinating team formations and project logistics
  • Providing real-time updates during the event
  • Post-event follow-up and feedback collection
  • Sponsor coordination and partnership facilitation
  • Future event invitations (participants can opt-out anytime)

Important: Your data is used solely by the event organizer for hackathon purposes. We never sell, rent, or share your personal information with third parties for marketing purposes.

5. Information Sharing and Data Protection

🔒 Your Data is Protected: We never sell, rent, or share your personal information with third parties for commercial purposes.

Your information may only be shared in these strictly limited circumstances:

Essential Service Providers:

  • Data Storage: Airtable (secure database hosting with enterprise-grade security)
  • Email Services: Only for sending you event-related communications
  • All providers are bound by strict data processing agreements

Optional Networking (With Your Consent Only):

  • Sponsor Networking: Professional profiles may be shared with sponsors for career opportunities (only with explicit consent)
  • Participant Directory: Your name and professional profiles may be included in a participant directory (opt-in only)
  • You can opt-out at any time

Legal Requirements Only:

  • When required by law or court order
  • To protect our rights, safety, or the safety of others
  • In connection with legal proceedings

What We Never Do: Sell your data, use it for advertising, share it with data brokers, or use it for any purpose other than organizing this hackathon.

6. Data Storage and Security

Your personal information is stored with the highest security standards:

Security Measures:

  • Encryption: All data is encrypted in transit (HTTPS/TLS) and at rest using AES-256 encryption
  • Access Control: Only the event organizer has access to participant data - no third-party access
  • Secure Infrastructure: Data is stored on Airtable's enterprise-grade infrastructure with SOC 2 Type II compliance
  • Regular Monitoring: Continuous security monitoring and regular security updates
  • Data Minimization: We only collect and store data that is necessary for the hackathon

Storage Location and Backup:

  • Primary storage: Airtable cloud infrastructure (ISO 27001 certified)
  • Geographic location: Data centers in the European Union
  • Automated backups with encryption for data recovery
  • No local storage on personal devices or unsecured systems

Your Data Protection Rights:

  • You can request to see what data we have about you
  • You can ask us to correct any inaccurate information
  • You can request deletion of your data (right to be forgotten)
  • You can opt-out of future communications at any time

Data Breach Policy: In the unlikely event of a security breach, we will notify affected users within 72 hours and take immediate action to secure the data.

7. Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data. These rights are free of charge and we will respond within one month:

Individual Rights:

  • Right of Access (Article 15): Request a copy of your personal data and information about how we process it
  • Right to Rectification (Article 16): Correct any inaccurate or incomplete personal data
  • Right to Erasure (Article 17): Request deletion of your personal data ("right to be forgotten")
  • Right to Restrict Processing (Article 18): Limit how we use your data in certain circumstances

Processing Rights:

  • Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format
  • Right to Object (Article 21): Object to processing based on legitimate interest or direct marketing
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

How to Exercise Your Rights:

To exercise any of these rights, contact us at:

Email: valchyai@gmail.com
Subject Line: "GDPR Data Rights Request"
Response Time: Within 30 days (may be extended to 60 days for complex requests)

Supervisory Authority: If you're not satisfied with our response, you can lodge a complaint with the Bulgarian Commission for Personal Data Protection (CPDP) or your local EU data protection authority.

8. Cookies and Tracking

We use minimal tracking technologies:

  • Essential cookies for website functionality
  • Analytics cookies to understand website usage (anonymized)
  • No advertising or social media tracking cookies

9. Data Retention and Deletion

We retain your data only as long as necessary for legitimate purposes:

Specific Retention Periods (GDPR Article 5(e)):

  • Event Registration Data: 24 months after event completion for alumni networking and future invitations (legitimate interest basis)
  • Contact Information: Until consent is withdrawn or 24 months after last engagement, whichever comes first
  • Communication History: 12 months after event for follow-up and feedback (contract basis)
  • Marketing Consents: Until explicitly withdrawn by data subject
  • Sponsor Information: 12 months for future sponsorship opportunities (legitimate interest basis)
  • Financial/Prize Records: 7 years as required by Bulgarian commercial law
  • Safety/Security Logs: 6 months for incident investigation (legitimate interest basis)
  • Website Analytics: 26 months (anonymized after 14 months)

Retention Criteria:

  • Purpose Limitation: Data retained only as long as necessary for the specific purpose collected
  • Legal Requirements: Extended retention only where required by Bulgarian or EU law
  • Active Engagement: Marketing data deleted after 36 months of no engagement
  • Consent-Based: Data processed on consent basis deleted immediately upon consent withdrawal

Automatic Deletion:

  • Data is automatically reviewed for deletion after retention periods expire
  • Inactive participants' data is deleted after 3 years of no engagement
  • You can request immediate deletion at any time (subject to legal requirements)

Your Control: You can request deletion of your data at any time by emailing us. We will process deletion requests within 30 days unless we have a legal obligation to retain the information.

10. Data Breach Notification

In accordance with GDPR Article 33 and 34, we have established procedures for data breach detection and notification:

Our Breach Response Commitment:

  • Detection: Continuous monitoring systems to detect potential breaches
  • Assessment: Immediate risk assessment within 24 hours of discovery
  • Authority Notification: Report to Bulgarian CPDP within 72 hours if high risk
  • Individual Notification: Direct notification to affected individuals if high risk to rights and freedoms
  • Documentation: Full documentation of breach details, effects, and remedial actions

We maintain comprehensive logs and documentation to ensure compliance with breach notification requirements.

11. Children's Privacy

The hackathon is intended for participants aged 16 and older. If you are under 18, please ensure you have parental consent before registering.

12. International Data Transfers

Your personal data is primarily processed within the European Union. Any transfers outside the EU are protected by appropriate safeguards:

  • Adequacy Decisions: Transfers only to countries with adequate data protection levels
  • Standard Contractual Clauses: EU-approved contracts for third-party processors
  • Data Processing Agreements: All processors bound by GDPR-compliant agreements
  • Security Measures: Additional encryption and security for any cross-border transfers

We ensure that your data receives the same level of protection regardless of where it is processed.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by email or through our website. Your continued participation constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Valchy AI

Email: valchyai@gmail.com

Event: Valchy AI Hackathon

Date: October 11-12, 2025

Location: Sofia, Bulgaria

Back to HackathonView Terms of Use