Privacy Policy

Updated September 4, 2021

At INFOBIP, we care about your personal data. It is very important to us to be transparent about the data we collect about you, how we use such data and with whom we share it. Therefore, we advise you to read the following Privacy Notice to be informed about the processing of your personal data.

Our global technology event, the Shift Conference attracts attendees from more than 100 different countries and speakers from all of the world's largest IT companies, bringing together and strengthening connections between developers from around the world.

We believe that the responsible use of data supports business growth and builds strong relationships between partners, consumers, and brands. As a business, we are committed to respecting and protecting the privacy of all individuals with whom we interact.



1. Definitions

In the text, we use specific data protection terms, and their definitions are the following:

The term "INFOBIP" or "us" or "we" or "our" refers to INFOBIP d.o.o., a company incorporated under the laws of Croatia with company registration number 130004106, whose registered office is at Istarska 157, Vodnjan 52215, Croatia.

The term "GDPR" means the EU General Data Protection Regulation (the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data and repealing Directive 95/46/EC).

The term "personal data" means any information about you by which you can be identified, directly or indirectly.

The term "controller" means the natural or legal person which determines the purposes and means of the data processing and is responsible for processing such data in a manner consistent with the GDPR and other applicable European and national regulations on personal data protection.

The term "processor" means a natural or legal person who processes personal data on behalf of the controller.

The term "Conference" means the Shift Conference, a global developer, fintech and artificial intelligence conference organised by INFOBIP.

The term "website" means a collection of publicly accessible, interlinked web pages that share a single INFOBIP domain name: infobip.com.

The term "you" refers to a natural person (an individual) whose personal data INFOBIP collects and processes.



2. Controller’s Contact Details

INFOBIP d.o.o., registration number 130004106, whose registered office is at Istarska 157, Vodnjan 52215, Croatia.

If you have questions regarding this Privacy Notice or about the INFOBIP Group’s privacy practices, you may reach our Privacy team and Data Protection Officer via the email address data-protection-officer@infobip.com.



3. How Do We Obtain Personal Data?

We process the personal data you provided to us directly when:



We also receive personal information indirectly, such as in the situations where:



4. What Personal Data Do We Collect, Why and on Which Legal Basis, How Do We Use It and for How Long Do We Keep It?

4.1. When you register to attend our Conference
What personal data do we collect?

To register to attend our Conference, you will be asked to provide your name, surname, residence, country and contact details (email and phone number) as well as your company’s name.

How do we collect your personal data?

In order for you to attend a Conference, a third-party service provider (ticketing system) will send us your personal information for the Conference registration list when they receive your payment for registration (when a ticket is purchased).

Why do we collect personal data, under which legal basis, and how do we use it?

If you register to attend a Conference, we collect your personal information for the Conference registration list to send you important pre-Conference information and grant you access to the Conference.

If you have received a ticket for the Conference, we store the personal information about you, which was either provided by you, a third-party service provider (ticketing system) or someone from your organisation. This information includes your full name, residence, country, company, phone number and email address. We may use your contact information, including your email address, country of residence and phone number to contact you with important information related to the Conference or in case of an emergency.

At the Conference, we print out a badge that will include your full name and company name in plain text. We do this to ensure on-site access control at the Conference.

Your picture may be taken during the Conference and published on our social media and marketing channels. If you do not wish to have your picture taken during the Conference, you can make yourself known to our team and inform us of that.

Leading up to the Conference, you may receive emails that include practical information related to the Conference, including registration hours, links to additional social events and new speaker announcements. After the Conference, you may receive an email requesting feedback on the event and including links where you can watch Conference videos online. Emails both before and after the Conference may also contain information about our upcoming events and other information relevant for Conference attendees. All of our marketing communication provides you with the option of unsubscribing or altering your communication preferences.

The legal basis we rely on for processing your personal data when you purchase a ticket to attend the Conference is performance of a contract under article 6.1.(b) of the GDPR.

During the Conference, your personal information will be temporarily stored on our on-site registration system so we can print out your badge and grant you access to the Conference. The legal basis we rely on for processing your personal data for those purposes is our legitimate interest under article 6.1.(f) of the GDPR.

We also keep participant lists for the Conference containing only participants’ name, contact details and their company’s name. In this case, the processing purpose is to maintain a list of former participants in order to invite them to our future events we consider they might be interested in. To be able to stay in touch with you, invite you to our future Conference or other events organised by us, we rely on our legitimate interest in accordance with GDPR article 6.1.(f). You may object to these communications at any time by using the unsubscribe link provided in all INFOBIP’s emails and we will stop sending you event invitations. We also conduct promotional activities regarding the Conference and other events we hold. In this case, the processing purpose is to promote our events, and it consists of publishing photos, videos, audios, and texts in online and offline media. These activities represent our legitimate interest in the sense of GDPR article 6.1.(f).

How long do we keep your personal data?

We keep events’ invite lists for three years after the day the Conference or other event was held.

All other personal data collected will be kept only for the duration of the event and will be erased within 60 days after the event day.



4.2. When you are a speaker at our Conference
What personal data do we collect?

When you are speaking at Conference event, you will be asked to provide your name, surname, country, and contact details (email and phone number), as well as your company’s name, industry, your business role, profile picture, information about your education, work experience, and any other information you choose to share with us in your resume (CV). In addition, we may ask you to provide your social media profile links, links to your blog(s) or website(s) as well as the title and description of the talk(s) and/or workshop(s) you will hold at the Conference.

How do we collect your personal data?

We collect your personal information when you register as a speaker at the Conference or when we contact you to speak at the Conference.

Sometimes your organisation will send us your personal information for you to speak at the Conference.

Why do we collect your personal data, under which legal basis, and how do we use it?

When you are speaking at the Conference, we need some personal information for the Conference speakers list as well as to communicate with you, arrange our Conference marketing materials, arrange travel and accommodations, and ensure other practical details related to your appearance at the Conference. We also need some information in order to publish and market your talk on our website or social media profiles.

We mention your name and surname in the Conference program, which will be published on the website, social media, in the Conference application and any other place where the Conference will be advertised (for example, public billboard).

To ensure on-site access control at the Conference, we print a badge that will include your name and company name in plain text.

During the Conference, attendees have the ability to submit feedback in the form of ratings, comments and questions about your talk. After the Conference, you will be given access to a page where you can view the ratings, feedback and questions for the talks you have given at our Conferences. We use this information to gather general feedback about the Conference, review the quality of the topics and talks, and use as input for the planning of future Conferences. We do not share this information with any third parties.

We may record your talk at the Conference and collect your slides to publish on our website. We may also publish a video of your talk on a third party channel, such as Entrio or YouTube. We may also promote the video of your talk through various social media channels.

Your picture may be taken during the event and published on our social and marketing channels. If you do not wish to have your picture taken during the Conference, you can make yourself known to our team and inform us of that.

The legal basis we rely on for processing your personal data is our legitimate interest under article 6(1)(f) of the GDPR, provided when you submit your details during the registration process or accept our offer to speak at the Conference.

During the Conference, your personal information will be temporarily stored on our on-site registration system so we can print out your badge and grant you access to the Conference. The legal basis we rely on for processing your personal data for those purposes is our legitimate interest under article 6(1)(f) of the GDPR.

The legal basis we rely on for processing your personal data when we create Conference speakers lists and when we publish your information in the Conference program is our legitimate interest under article 6.1.(f) of GDPR.

Also, when we take your picture or film a video of you during the Conference and publish them and promote your talk on various third-party channels, including social media channels, we rely on our legitimate interest under article 6.1.(f) of GDPR.

How long do we keep your personal data?

We keep your name, profile picture, information about your education, work experience, and any other information you choose to share with us in your resume (CV), as well as your social media profile links, links to your blog(s) or website(s) as part of the Conference speakers lists on our website, as long as there is a business need.



4.3. When you use Conference application
What personal data do we collect?

If you choose to download the Conference application (hereinafter: app) you will have the option of providing profile information, such as your name or nickname and email address.

How do we collect your personal data?

You are not required to download the Conference app to attend the Conference. If you choose to download the Conference app and use it, we will collect your information indirectly through the Conference app third-party service provider.

Why do we collect personal data, under which legal basis, and how do we use it?

For your registration to the Conference app, we need some of your profile information. The conference app’s functionalities can help communication regarding the event run more smoothly, so we provide you the option of interacting with other Conference attendees and getting the exact information you want on your device.

The profile information that you choose to provide will be accessible to other attendees, sponsors, and partners of the Conference, subject to your settings.

The legal basis we rely on for processing your personal data is your consent under article 6(1)(a) of the GDPR, provided when you download and register to the Conference app.

How long do we keep your personal data?

Personal information collected in the Conference app will be kept only for the duration of the event and will be erased within 60 days after the day the Conference was held.



4.4. When we send you our email marketing communications
What personal data do we collect?

We collect your name and email address.

How do we collect personal data?

We collect this information directly from you if you subscribe to receive our newsletters or other email marketing communication by which we provide the information about our Conference or other event’s organised by us. This data is collected through the webforms available on our website.

For business to business (B2B) marketing, if we have an existing business relationship (our customers, partners, sponsors or suppliers and their staff), we may use data collected from you or your organisation when entering into an agreement or during our business relationship.

Why do we collect personal data, under which legal basis, and how do we use it?

Our purpose for collecting the information is to inform you about upcoming Conference or other events organised by us.

We use your details only to provide these services. We also gather statistics around email opening and clicks using industry standard technologies, including clear gifs to help us improve our e-newsletter.

If you subscribe to our email marketing communication, we rely on your consent (Article 6.1.(a) GDPR) provided to us when submitting such webforms. You will receive a confirmation email once you have submitted your details.

For B2B (business to business) direct marketing, we may rely on our legitimate interest in accordance with GDPR article 6.1.(f). For the purpose of maintaining and improving our business relationship, it is our legitimate interest to inform our existing business partners (partners, sponsors, customers and suppliers, including their staff) about upcoming Conference or other events organised by us via email newsletters, blogs or other forms of email communication.

In any case, you may proactively manage your preferences or opt-out of communications (unsubscribe) with INFOBIP at any time using the unsubscribe link provided in all INFOBIP’s email marketing communications. In case that you have unsubscribed from our marketing communications (i.e. withdraw your consent or object to the processing) we will stop sending you any marketing materials.

However, we maintain a so-called "suppression list" that contains only your email address just to be sure that we will not contact you with unwanted content in the future. We retain this information relying on our legitimate interest (article 6.1.(f) GDPR).

How long do we keep your personal data?

If we send you marketing communications based on our legitimate interest (B2B) we will do so only during the business relationship with you or your organisation or until you object to the processing of your personal data for this purpose. We will keep a "suppression list" that contains email addresses of individuals that objected to receiving our marketing communications until the end of the business relationship with you or your organisation.

If you subscribed to receive our email marketing communications, we will provide you this service until you unsubscribe, i.e. withdraw your consent.



4.5. When you visit our website

We use third-party services such as Google Analytics when you visit our website in order to collect standard internet log information and details on visitor behaviour patterns. We do this to find out information such as the number of visitors to various parts of the site. This information is only processed in a way that does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of visitors to our website. We also use LinkedIn Analytics. For more information, please consult the relevant privacy notice.

When you browse our website, we automatically place necessary cookies on your browser. You can opt in to accept advertising or analytical cookies. The information we collect helps us maintain and improve our website and business. It usually includes your IP address, browser type, the pages you’ve visited and the order you visited them, as well as whether you’re a new or returning visitor. For more information please read our Cookie Policy.



4.6. When you contact us or when we are looking for partners and/or sponsors of our Conference
What personal data do we collect?

We may collect your name, surname and basic contact and business information such as your email address, phone number, country, company, industry, and business role or job title. We will also collect any other information you choose to send us, depending on the nature of our communication.

How do we collect your personal data?

We may collect this information directly from you through Shift Sponsor/Partner application form or other forms available on our website. After submitting your details, we will send you an email with the confirmation that our team will contact you.

We are constantly searching for new partners/sponsors. Therefore, we may collect your contact and business information indirectly, through business and professional networks and databases (such as LinkedIn) or we may employ third parties that supply us with information collected from publicly available sources. We only retain the information that will help us reach potential sponsors/partners.

Why do we collect personal data, under which legal basis, and how do we use it?

We collect this information to contact you, answer your questions, and to find out if you or your organisation are interested in further cooperation with us.

We use your personal data to provide you with the requested information and to see if you are interested in becoming our partner/sponsor. Any further processing of your personal data will be based on the business relationship established with you or your organisation and on the lawful processing ground.

Such activities represent our legitimate interest in accordance with GDPR article 6.1.(f).

If there will be a mutual interest in entering into an agreement, we will process your personal data within the dedicated teams within our company to ensure adequate technical and administrative support (e.g. negotiating, and concluding agreements). In accordance with GDPR article 6.1.(f), it is our legitimate interest to conduct this process properly. If you personally are our contractual counterpart (as an individual), we process your data because it is necessary for the performance of a contract or in order to take steps, at your request, prior to entering into a contract in accordance with GDPR article 6.1.(b).

How long do we keep your personal data?

We keep your name, surname and basic contact and business information such as your email address, phone number, country, company, industry, and business role or job title only during the business relationship with you or your organisation or until you object to the processing of your personal data for this purpose.

In any case, if you no longer wish to be contacted by us, you can always object by sending an email to shift@infobip.com.



5. How and With Whom Do We Share Your Personal Data?

We may share personal information with our trusted and verified third-party service providers to help us operate, provide, improve, understand, customize, support, and market the Conference. These third parties provide us with services including those for support, data storage and website hosting, ticketing and payments processing, registering to participate in the Conference or be a sponsor/partner, surveys and marketing and data analysis. These third parties are contractually required to use personal information only to provide their service to us and are prohibited from using it for their own purposes

When attending the Conference, your data may be shared with the other attendees if you decide to download and use the Conference app. You are not obligated to use the Conference app to participate at the Conference, however, in case you decide to download the Conference app, the profile information that you choose to provide will be accessible to other attendees, sponsors, and partners of the Conference, subject to your settings.



6. How Do We Cary Out International Transfers of Your Personal Data?

We conduct our business operations globally, and sometimes we need to carry out international transfers of your personal data by providing your personal data to the parties specified in the section above. All international transfers are carried out ensuring the confidentiality and security of your personal data.
In addition, the international transfers of your personal data are subject to contractual restrictions in accordance with the applicable data protection law, including, where necessary, the implementation of contractual mechanisms such as standard contractual clauses for data transfers.



7. How Do We Secure Your Personal Data?

Infobip values your privacy. In order to protect personal data collected and processed by INFOBIP we have invested in development, implementation, and constant improvement of a wide range of technical and organisational measures. Our technical and organisational measures have been implemented in accordance with ISO 27001:2013 standard requirements, and you can read more about them here. The list of our current and up-to-date certificates can be found here.
We take care to train all our staff in the field of privacy and security, starting from their first day in INFOBIP through the onboarding process and continuously throughout their stay at INFOBIP.
Before we engage any third-party vendor and service provider, we check their security practices and alignment with the GDPR, and regularly conduct our vendors’ and service providers’ security and privacy assessments.



8. What Are Your Rights in Respect of Your Personal Data?

Where permitted by applicable data protection law or regulation, you have the right to:

You can exercise these rights within limits stipulated by the applicable data protection legislation.

Some of your rights can be exercised directly within the Conference app. Regarding the data in the conference app, you can access much of your information by logging into your Conference profile. If you require access to additional information, or you do not have a Conference profile, please contact us. Where legally required, we will provide your information in an easily accessible format and assist in transferring some of this information to third parties.



9. How Can You Object to the Processing of Your Personal Data?

If we process your personal data upon our legitimate interest, you have the right to object to the processing. In such a case we will reassess its legitimacy and will no longer process your personal data unless we are able to demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise or defence of legal claims.

However, when we process your personal data for direct marketing purposes, you have the right to object at any time to such processing of your personal data, and in this case, your personal data will no longer be processed for marketing purposes. You can exercise this right by using the unsubscribe link provided in all INFOBIP’s email marketing communications.



10. How Can You Exercise Your Rights?

If you have any questions on how we use your personal data or if you wish to exercise a certain right (as specified under 9 and 10 of this Notice) or resolve a complaint regarding the processing of your personal data, you can contact our Data Protection Officer by sending an email to the following email address: data-protection-officer@infobip.com or by sending a written request via the postal address: INFOBIP d.o.o., attn. Data Protection Officer, Istarska 157, 52 215 Vodnjan, Croatia.

If you want to file a complaint or contact the relevant data protection authority for any other reason, you may find contact details of EEA data protection authorities at: https://edpb.europa.eu/about-edpb/board/members_en.

In particular, you can lodge a complaint with the supervisory authority of the EU member state of your habitual residence, place of work, or place of the alleged infringement.



11. Do We Conduct Automated Decision-making, Including Profiling, That Significantly Affects You?

No. We do not conduct any operation under which you would be subject to a decision based solely on automated processing that has legal or similarly significant effects for you, including profiling.



12. How Long Do We Keep Your Personal Data?

Your personal data that has been collected and saved in our database in accordance with your consent and will be saved in our database for a period specified in the consent. If you wish to withdraw your consent for the processing of your personal data for any purpose and to delete your data from our database, you can do that at any time by sending an email to data-protection-officer@infobip.com.

Regarding your personal data that is not subject to your consent, we will process it for the period necessary to fulfil the purposes outlined in this Privacy Notice, unless a longer period for the processing of such personal data is required or permitted by law. We have provided relevant information under section 4 of this Privacy Notice. Any storage of data beyond the deletion deadlines will encompass only non-personal data (aggregated or anonymized data).



13. Information From Children

You can find information about age limitations in our Terms and Conditions.

More information regarding INFOBIP's privacy practices are available at INFOBIP's Privacy Notice.