**316ctf**

Privacy Policy

Last Updated: August 19, 2024

We recognize that your privacy is very important. This privacy policy covers the policies of 316ctf ("316ctf", “we”, “us”, or “our”) on the collection, use, and disclosure of your information, including any personally identifiable information or other data collected that could directly or indirectly identify you (“Personal Data”) when you access the our website at https://316ctf.com, software, applications, and other existing and future products and services, owned, operated, controlled or offered by 316ctf and hosted on 316ctf’s systems (collectively, the “Services”).

Each time you use our Services, you consent to the collection, use and storage of the collected information as described in this Privacy Policy. Please read it carefully and contact us at bgrech@andersonuniversity.eduif you have any questions.

1. What information do we collect?

• Account Registration Information. If you wish to register for an account, we may collect your email address and password.

• Profile Information. From time to time you may be able to create a profile of which we may collect the following information where applicable: username, affiliation, website and country.

• Challenge Questions and Responses. If you are a challenge participant, you will be able to input your responses to the challenge questions, which can be textual, source code, or other formats as available through our Services.

• Online Activity. If you are a challenge participant, other Users may be able to see your performance statistics on your profile, which may include the following: your ranking, your points, the challenges you have solved, when you solved the challenges, the percentage of correct vs incorrect submissions you have, and other statistics related to your challenge activity. Administrators are always able to see all details related to the challenge activity and account of non-administrative users.

• Automatically Collected Online Usage Activity. As is true of most websites, we gather certain information automatically when you visit our website. When you use our Services, we may collect certain information automatically from you, which may include device and usage information, such as your IP address (as part of our security logging system), browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about who and when you use our website and other technical information. To collect this information, a cookie may be set on your computer or device when you visit our Services. Please see section below “How We Use Cookies” for more discussion on this topic.

• Mobile Device Data. When you access our Services through a mobile device, we may also collect certain mobile device information automatically, including, but not limited to, the type of mobile device you use, your mobile operating system, and the type of mobile Internet browsers you use.

• Services and Customer Support. We may collect information such as your name and email address to the extent necessary for us to provide the Services that you have requested and/or to provide customer support.

2. How we use cookies?

• Cookies are small text files which are transferred to your computer or mobile device when you visit a website or app. We use them to remember your preferences, improve your user experience, and help us understand how people are using our Services, so we can make them better. Cookies can be session cookies, which expire once you close your web browser. Cookies can also be persistent cookies, which stay on your device or a set period of time or until you delete them. 316ctf uses the following types of cookies:

• Strictly Necessary Cookies: These cookies are necessary to allow us to operate our Services as you have requested. For example, they let us recognize what type of User you are, provide security settings (for example, CAPTCHA) and then provide you with services accordingly.

• Performance/Analytics Cookies: We use cookies and other similar technologies to analyze how our Services are accessed, is used, or is performing. We use this information to maintain, operate, and continually improve our Services. We may also obtain information from our email newsletters or other communications we send to you, including whether you opened or forwarded a newsletter or clicked on any of its content. This information tells us about our newsletters' effectiveness and helps us ensure that we're delivering information that you find interesting.

• Functional Cookies: These cookies help us remember your preferences and settings to enhance your user experience. Using our Services without cookies is also possible. In your browser, you can deactivate the saving of cookies, limit them to particular websites, or set the browser to notify you when a cookie is sent. You can also delete cookies from your PC hard drive at any time (file: "cookies"). Please note that in this case you will have to expect a limited page presentation and limited user guidance. Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit http://www.allaboutcookies.org/

3. How do we use the collected information?

• We use the information we collect for the purposes described in this Privacy Policy, as covered in any agreement that incorporates this Privacy Policy, or as disclosed to you in connection with our Services. For example, we will use your information to: Provide customer and service support; Enforce our terms and conditions or protect our business, partners, or users; or Protect against, investigate, and deter fraudulent, unauthorized, or illegal activity

• Aggregate Data. In an ongoing effort to better understand and to serve the users of our Services, we may conduct research on our user performance on challenges. This research may be compiled and analyzed on an aggregate basis and this aggregate information does not identify you personally and will not be treated as Personal Data under this Privacy Policy.

• Legal Basis For Processing. When we process your information we will only do so where at least one of the following applies:

• Provide our service to you: Most of the time, the reason we process your information is to perform the services. For example, if you create an account, we process your account registration data to provide customized and personalized Services to you.

• Legitimate interests: We may use your information where we have legitimate interests to do so. We analyze aggregated and/or anonymous user activities on our Services to continuously improve our Services and for research purposes. We remember your preferences to provide enhanced, more personalized features. We process information for administrative, fraud detection and other legal purposes.

• Legal Compliance: When it is necessary for us to use your information to comply with a legal obligations.

4. Is Information Collected by or Disclosed to Third Parties by using the Services?

We do not share, sell or rent to third parties your information except as described in this Privacy Policy. Examples of instances in which we share your information are provided below:

• 1. Aggregate Data. In an ongoing effort to better understand and to serve the users of our Services, we may conduct research on our user performance on challenges. This research may be compiled and analyzed on an aggregate basis, shared with Users or third parties and this aggregate information does not identify you personally and will not be treated as Personal Data under this Privacy Policy
• 2. Legal requirements. We may disclose your Personal Data if required to do so by law (including, without limitation responding to a subpoena or request from law enforcement, court or government agency or other public authorities) or in the good faith belief that such action is necessary (i) to comply with a legal obligation, (ii) to protect or defend our rights, interests or property or that of other customers or users, (iii) to act in urgent circumstances to protect the personal safety of users of the Services or the public, or (iv) to protect against legal liability or potential fraud, as determined in our sole discretion.

5. How Does 316ctf Comply with the Children’s Online Privacy Protection Act?

• We do not knowingly collect information from children under the age of 13 without parental consent. Parents or teachers are able to register students without the child’s email address or info. These instructions can be found in 316ctf’s FAQs. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at bgrech@andersonuniversity.edu. We will delete such information from our files within a reasonable time.

6. What are my data protection rights under General Data Protection Regulation (“GDPR”) and its Swiss and UK GDPR counterparts?

• If you are located in countries that are within the European Economic Area (the “EEA”) Switzerland or UK, GDPR and its UK and Swiss GDPR counterparts gives you rights with respect to your personal data, subject to any exemptions provided by the law, including the rights to: Request access to your Personal Data; Request correction or deletion of your Personal Data; Object to our use and processing of your Personal Data; Request that we limit our use and processing of your Personal Data; and Request portability of your Personal Data.

• You can usually access, correct, or delete your personal data by contacting us at bgrech@andersonuniversity.edu. We will consider all such requests and provide our responses as soon as we can. Please note, however, that personal information may be exempt from such requests in certain circumstances, which may include circumstances where we need to keep processing your personal information for our legitimate interests or to comply with a legal obligations. Users located in EEA, Switzerland or UK also have the right to make a complaint to a government supervisory authority.

7. Cross-Border Data Transfers

• Sharing of information sometimes involves cross-border data transfers, for instance to the United States of America and other jurisdictions. 316ctf may also subcontract processing to, or share your Personal Data with, third parties located in countries other than your home country. Your Personal Data, therefore, may be subject to privacy laws that are different from those in your country of residence.

• We store the Personal Data on servers hosted by Linode utilizing the open source software provided by CTFd. For more details of Linode's privacy and security processes, please visit https://www.linode.com/es/legal-privacy/. For more details of CTFd's privacy and security processes, please visit https://ctfd.io/privacy-policy/. By using our Services, you consent to your personal information being transferred to our servers as set out in this policy.

• Where our Services allow for users located in the European Economic Area (“EEA”), Switzerland or UK, and when we transfer their Personal Data to countries outside of the EEA, Switzerland or UK as processors, we transfer the Personal Data in accordance with applicable privacy laws and, in particular, that appropriate contractual, technical, and organizational measures in place such as the Standard Contractual Clauses approved by the EU Commission. Standard Contractual Clauses are commitments between companies transferring personal data, binding them to protect the privacy and security of your data.

8. U.S. Privacy Laws

• If you are located in the United States, this Privacy Policy explains how we collect, use and disclose your personal information under California, Colorado, Connecticut, Montana, Oregon, Texas, Utah and Virginia privacy laws, to the extent applicable to us. We call these laws collectively, the “U.S. Privacy Laws.” As of the last date when this Privacy Policy was updated, we are not yet subject to the U.S. Privacy Laws due to our level of activities in those states. Although we are not yet subject to the U.S. Privacy Laws, our Privacy Policy currently describes rights afforded to data subjects under GDPR that are similar to the rights afforded to data subjects under the U.S. Privacy Laws. It is contemplated that in the event that the U.S. Privacy Laws apply to us, we will update our Privacy Policy to describe the rights afforded to data subjects under the U.S. Privacy Laws. Regardless, we do not sell or share personal information. We do not collect sensitive personal information. We do not disclose Personal Data to third parties for the purpose of engaging in advertising. We will closely monitor the development of the U.S. Privacy Laws that may apply to our future activities and will implement reasonable administrative, technical and physical security measures for compliance.

9. How long does 316ctf retain information collected?

• We follow generally accepted standards to store and protect the Personal Data we collect, both during transmission and once received and stored, including utilization of encryption where appropriate. We retain Personal Data only for as long as necessary to provide the Services you have requested and thereafter for a variety of legitimate legal or business purposes. These might include retention periods (i) mandated by law, contract or similar obligations applicable to our business operations; (ii) for preserving, resolving, defending or enforcing our legal/contractual rights; or (iii) needed to maintain adequate and accurate business and financial records. If you have any questions about the security or retention of your Personal Data, you can contact us at bgrech@andersonuniversity.edu

10. What is 316ctf’s Security Policy?

• We have implemented reasonable administrative, technical and physical security measures to protect your personal information against unauthorized access, destruction or alteration. For example, we limit access to this information to authorized employees and contractors who need to know that information in order to operate, develop or improve our Services. All sensitive information is protected behind firewalls and multiple layers of security systems. However, although we endeavor to provide reasonable security for information we process and maintain, no security system can ever be 100% secure.

11. How Does 316ctf Respond to Do Not Track Signals?

• Do Not Track is a feature enabled on some browsers that sends a signal to request that a web application disable its tracking or cross-site user tracking. At present, 316ctf does not respond to or alter its practices when a Do Not Track signal is received.

12. Your Rights and Your Choices.

• You can request in writing copies of personal information about you held by us. If that information is inaccurate, please let us know and we will endeavor to make the necessary amendments, erase, or block the relevant information as you request.

13. How Will I Be Notified of Changes to Your Privacy Policy?

• If 316ctf makes material changes to its Privacy Policy, it will notify you by: (i) changing the Last Updated Date at the top of the Privacy Policy, (ii) sending an email to its users, and/or (iii) adding a statement to the Site.

14. Contact Us

• If you have any questions regarding privacy while using our Services, or have questions about our practices, please contact us at bgrech@andersonuniversity.edu or write us at the following the address:

  Center for Cybersecurity
  316 Boulevard
  Anderson, SC 29671
  USA