We value your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, and protect the information you provide when using the ISAY system, particularly when reporting incident cases. This system is designed to comply with the EU General Data Protection Regulation (GDPR) and applicable privacy laws.

By using the ISAY system, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Information We Collect

We collect the following types of information:

• Personal Information (optional): When you submit a report through the ISAY system, you may choose to identify yourself. In this case, we collect personal data such as your name, email address, and any other details you provide in your report.
• Anonymous Information: If you prefer to remain anonymous, we will assign you a randomly generated credential and password. This allows us to communicate back to you while still protecting your identity. You can use this credential and password to log in to the system without revealing any personal information.
• Logins and User Credentials: To submit reports, users must log in with their credentials. We do not store your password or any other sensitive data. We only store your login credentials for the purpose of providing access to the system.
• No IP Address Collection: We do not collect or store your IP address when you visit the ISAY system.
• Minor Information (Handling): If a user is later identified as a minor during the report process, we will ensure that special care is taken to protect their personal data. However, we do not actively collect information to identify minors and will treat all users' data with the same level of care and attention. If it becomes known during the process that a report was submitted by a minor, we will take appropriate steps to protect the individual's rights and may seek guardian consent when necessary and legally applicable. Where required by law, such information may also be disclosed to the competent public authority.

2. How We Use Your Information

In accordance with Article 13 of the General Data Protection Regulation (GDPR), we process personal data under the following legal bases:

• Consent: We process personal data based on your consent where this is explicitly stated at the moment of collection.
• Legitimate Interests: We process data as necessary for the operation, security, and continuous improvement of the ISAY system, and to enable appropriate follow-up and investigation of reports, in accordance with our legitimate interests.
• Legal Obligations: In certain cases, we may process personal data to comply with applicable legal or regulatory requirements, including cooperation with competent authorities.

Please note that the ISAY system only relies on the legitimate interests' ground if the reason for processing your personal data is fair and lawful. Where we want to rely on legitimate interests as a legal basis for processing, we will carry out a balancing test between our legitimate interests and your privacy rights.

We may analyze anonymized usage patterns and user feedback to improve the performance, usability, and development of the ISAY system. No personal data is used in this analysis.

We use the information provided through the ISAY system for the following purposes:

• To process reports: We will use the information in your report to investigate and take appropriate action, as necessary.
• To communicate with you: If you choose to identify yourself or use an assigned credential, we may use your contact details or assigned credentials to follow up or seek clarification about your report.
• To improve our services: We may use non-personal data to improve the performance and functionality of the ISAY system, ensuring a better user experience.

3. Anonymity and Data Security

• Anonymous Reporting: You can submit reports anonymously if you prefer not to identify yourself. If you choose to remain anonymous, we will assign you a random credential and password, which can be used to access the system and receive feedback while maintaining your anonymity. However, please be aware that without identifying information, it may be more difficult for us to follow up on certain reports.
• No Encryption: While the ISAY system does not currently use end-to-end encryption, it applies appropriate technical and organizational safeguards in accordance with GDPR standards to protect the information you provide. We advise users to exercise discretion when including highly sensitive personal or third-party details in their reports.

4. Data Retention

We retain the information provided in your report for as long as necessary to fulfill the purpose for which it was collected. If you submit a report anonymously, we do not retain personal data, as none is provided.

Reports submitted anonymously are retained without any associated personal identifiers. The content of the report itself may be stored for investigation, audit, or statistical purposes, in accordance with applicable laws and regulations and ethical standards.

5. Data Sharing and Disclosure

Access to report content and personal data is limited to authorized personnel who require it for specific operational purposes and is governed by role-based permissions and confidentiality obligations (need-to-know basis).

Only authorized personnel bound by confidentiality agreements may access user data. Internal access is strictly limited to (a) performing system maintenance, (b) investigating reports, (c) fulfilling legal obligations, or (d) responding to a user's request.

We do not share, sell, or rent your personal information to third parties, except in the following cases:

• Legal or Disciplinary Action: If required by law or in the event of legal or disciplinary action, we may disclose the information to relevant authorities or assigned personnel for investigation or further legitimate action.
• Sanctions: If a sanction is issued based on the report, the community to which the sanction needs to be enforced will receive the personal information of the offender. However, the identity of the person who made the report will remain confidential, unless it is deduced from the proceedings or disclosed by authorities as they see fit.

6. Your Data Protection Rights

As per the GDPR, you have the following rights regarding your personal information:

• Right to Be Informed: You have the right to be informed about the collection and use of your personal data, which is provided in this policy.
• Right to Access (Know): You may request access to the personal information we hold about you free of charge.
• Right to Rectification (Correction): You may request corrections to any inaccurate or incomplete personal data we hold about you.
• Right to Erasure (Deletion): You may request the deletion of your personal data, where no overriding legal basis or legitimate reason continues to exist for processing personal data (right to be forgotten).
• Right to Restrict Processing (Right to Opt-Out): You may request a limitation on the processing of your data in certain circumstances. We will still hold the data but will not process it any further, if one of the following conditions applies: a) The accuracy of the personal data is contested. b) Processing of the personal data is unlawful. c) We no longer need the personal data for processing but the personal data is required for part of a legal process. d) The right to object has been exercised and processing is restricted pending a decision on the status of the processing.
• Right to Object: You have the right to object to the processing of your personal data in certain situations.
• Right to Withdraw Consent: If we process your data based on your consent, you can withdraw that consent at any time.
• Right to Data Portability: You may request to receive your personal data in a structured, commonly used and machine-readable format, and that your set of personal data be transferred to another controller or processor.

To exercise any of these rights, please contact us at info@ignitx.events

You also have the right to lodge a complaint with your local data protection authority if you believe your rights under GDPR have been violated.

7. Cookies

The ISAY system may use cookies to improve functionality, personalize your experience, and analyze traffic. You can manage your cookie preferences through your browser settings.

8. Third-Party Processors and External Links

We may engage trusted third-party service providers to perform system hosting, maintenance, or other functions necessary to operate the ISAY system. These providers are contractually bound to process data solely in accordance with our instructions and to comply with GDPR and relevant data protection requirements.

The ISAY system and Apps contain links to other websites that we do not own or operate. We do not control, recommend, or endorse the content, products, services, privacy policies, or practices of these third-party websites. We do not accept any responsibility or liability for such third-party websites.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or other factors. Any changes will be posted on this page with an updated "Last updated" date.

10. Contact Us

If you have any questions about this Privacy Policy or need further information regarding your data, please contact us at: