FOUR privacy policy

(Last Updated May 2024)

Protecting your personal information is of utmost importance to us, and we take our responsibility seriously. When you use our services, we may need to collect certain information from you in order to provide you with the best possible experience. This Privacy Policy outlines how we collect, use, disclose and protect your personal information and the controls we give you to access, update and delete such information. This Privacy Policy also describes the choices available to you regarding our use of your personal information and how you can access and update this information, and what information you provide that we will retain even if you decide to discontinue using the services we provide.

We encourage you to read this Privacy Policy carefully to understand our practices and how we handle your personal information. If you have any questions or concerns about our Privacy Policy, please do not hesitate to contact us at privacy@four-corp.com. 

• About the Data Controller and Content of this Privacy Policy

• Types of Information We Collect

• How We Use Your Personal Information

• Cookies and Other Tracking Technologies

• Third-Party Sites and Services

• How We Share Personal Information

• Data Storage and Retention

• Children's Privacy

• Your Rights

• Privacy Policy Modifications and Updates

We, four X GmbH, Switzerland, which is a subsidiary of fourX, Inc., Delaware USA (“FOUR”, “we”, “us”), provide services mainly related to the holding of FOUR's annual machine learning summer school (the “Event”), including but not limited by operating the websites https://fourgroup.co and https://bumblekite.co and family of websites, landing page(s), and/or blogs owned by FOUR (collectively the “Site”). In order for us to do this, we may store, collect, and process various forms of personal information. In some instances, the Site and the Event are collectively referred to as the “Service”.

When registering to attend one of our educational programs please also read our Registration and Terms of Service for the Event (the “Terms of Service”), available at https://bumblekite.co/terms. These Terms of Service contain important information about the scope and nature of the Service, and the rules that apply to your use of the Service. 

In this Privacy Policy, the terms “you” and “user” mean all individuals that access the Service. The term “Personal Information” means any information that can be used to identify you as a natural person.

In data protection matters, we are guided primarily by the legal requirements of Swiss data protection law, in particular the Federal Act on Data Protection (FADP) and by the EU General Data Protection Regulation (GDPR).

Please note that the Privacy Policy may be amended from time to time. We therefore recommend that you consult this Privacy Policy regularly to stay up-to-date.

If you continue accessing and using the Service, that indicates to us that you agree to us collecting, storing, using and disclosing your Personal Information and other information as described in this Privacy Policy. 

There are 2 basic categories of information we collect: 

A. Personal Information you provide. There are numerous ways that you can share your information with us.

In order to access and utilise the Service, you are asked to fill out the online application form located at https://www.bumblekite.co/application. As part of the application and registration process, you will be asked for the following information via our online form (mandatory data is indicated as "required" in the application form): 

1. name (first and last); 

2. email address; 

3. gender;

4. age; 

5. nationality and country of residence; 

6. curriculum vitae (in uploadable format); and

7. educational experience and interests, etc.

As part of the user experience, you may also exchange information with us that would be part of the Personal Information we collect. Examples of such information may include but are not limited to the following: 

1. information provided when you download or use applications from us (including but not limited to our online application form); 

2. information you enter into our system and post as part of using our services (e.g. text, photos, videos, comments, voice recordings and other multimedia communication materials); 

3. information you provide to us when contacting us for assistance (e.g., via the contact page or email); 

4. images and/or likenesses of yourself and/or other registered users at the Event taken by you or another user; 

5. information you send us when making the payment for our Services including Event registration,

6. your contact details and the information you provide us with when completing our surveys.

When you use some of the features of the FOUR Service, certain Personal Information and content you share is visible to other users and can be read, collected, or used by them. You are responsible for the Personal Information you choose to share or submit in these instances. Please take care when using these features.

Please note that all information provided to us must comply with the Terms of Service.

B. Personal Information we collect automatically. We automatically receive and record log file information from your web browser when you interact with the Site. The following data is collected without your intervention and stored by us until automatically deleted: 

1. user device identifier (IDFA);

2. the IP address of your device;

3. the date and time of access;

4. the name and URL of the retrieved file;

5. the website from which the access was made;

6. the operating system of your device and the browser you use;

7. device type in case of access by mobile phones;

8. the name of your internet access provider.

We may use this data in aggregate form, that is, as a statistical measure, but not in a manner that would identify you personally. This type of aggregate data enables us and third parties authorised by us to figure out how often individuals use parts of the Service so that we can analyse and improve them. 

We use the information we learn from you to help us continually improve your experience while using the Site and/or attending the Event and when we have a legal basis for doing so. We collect, use, or otherwise process your information for the following purposes:

1. Registering for the Event. We use your Personal Information provided through the online application form to process your registration and communicate with you about the Event. We may also collect financial information such as your payment method or bank account details to process payment for the Event. Our use of your Personal Information for this purpose is based on preparation for and performance of our contract to deliver the Event for you as a participant;

2. Improving our Service. We may collect information about your preferences, interests and feedback for internal purposes to identify areas for improvement of our Service. When we use your information for these purposes, we base such use on our legitimate interest, which means that we have an interest in improving our Service and cannot do so without using your Personal Information;

3. Sharing aggregate data with our corporate partners for sponsorships. We will use only aggregated Personal Information so that it can no longer be linked to you. Our use of your Personal Information for this purpose is based on our legitimate interest;

4. Sending newsletters. If you sign up for our newsletter, we will occasionally send you newsletter editions that we consider may be of specific interest to you. By signing up for the newsletter, you provide us with your email address. You can unsubscribe from our newsletter at any time. When we use your information for this purpose, we base such use on your consent;

5. Responding to your questions and requests. If you contact us via our email address or contact form, we may use the Personal Information you have provided us with (including your email address) to respond to your questions or requests and to keep a record of that exchange. The legal basis for this use of your Personal Information is consent;

6. Handling surveys. We may also collect your Personal Information through voluntary surveys. We may use that information to contact you about your submission. Your responses to such surveys are collected on the basis of your consent and will be deleted once no longer necessary for the purposes collected or if you ask for them to be deleted, provided they have not been anonymised. The legal basis for such use of your Personal Information is your consent.

Cookies are small data files that are sent to your web browser when you access a website, and the files stored on your device's hard drive. 

Our cookies do not, by themselves, contain Personal Information, and we do not combine the general information collected through cookies with other Personal Information to tell us who you are. 

This Privacy Policy does not cover the use of cookies of third parties. 

FOUR products, services, and Site may contain links to our profiles in the social networks of the following providers:

• LinkedIn Unlimited Company, Wilton Place, Dublin 2, Ireland.

Information collected by third parties is governed by their privacy policies and practices. We encourage you to read and learn about their specific privacy practices.

From time to time, FOUR may make certain personal information available to product and service partners. Specific ways FOUR shares with third parties are described below:

A. Third-Party Service Providers. Without the support of selected service providers, we would not be able to provide our services in the desired form. In order for us to be able to use the services of these companies, it is also necessary to pass on your Personal Information to a certain extent. Such a transfer takes place to the extent that it is necessary for the fulfilment of the contract requested by you. The information may be shared with the following third party service providers:

1. payment processors and facilitators: we work with Payrexx, with headquarters in Thun, Switzerland, for processing of registration fees and we share bank or credit card information and personal contact details for that purpose;

2. website hosting provider: our website is hosted by Squarespace Ireland Limited, headquartered in Dublin, Ireland. Information shared over our website is processed by Squarespace; 

3. communication service providers: we work with EmailOctopus, operated by Three Hearts Digital Limited, London, for the sending of newsletters. The contact information you provide when you opt to receive our newsletter is shared with EmailOctopus;

4. productivity suite providers: we use Google Workspace, a cloud-based productivity suite provided by Google Ireland Limited, headquartered in Dublin, Ireland, for managing our work and collaborating with our team;

5. research partners; and

6. consultants, accountants, lawyers, and other professional service providers.

Such disclosure is necessary for the performance of the contract.

B. Business Affiliates and Transfers. We may share information from or about you with our affiliated companies or joint ventures, in which case we will require them to adhere to this Privacy Policy. In the event FOUR is acquired in total or by a substantial amount of its assets, we will make best efforts to ensure that the purchaser will assume the rights and obligations of this Privacy Policy. However, FOUR cannot make any guarantees or promises with respect to a purchaser adopting the current rights and obligations of this Privacy Policy.

Such disclosure is necessary for safeguarding our rights and complying with our obligations or the sale of our company.

C. Authorities. FOUR reserves the right to provide and/or disclose necessary information for investigatory matters. Examples include but are not limited to: (1) compliance with law enforcement or the necessary legal process; (2) behaviour and/or use violative of the Terms and Service, and (3) instances whereby it is necessary to protect our rights and obligations.

Such disclosure is necessary for safeguarding our rights and complying with our obligations.

We may disclose de-identified information that we collect about you through our Service, for advertising, research and analytical services. 

FOUR may share your information other than as we have described in this policy if we notify you and you consent to the sharing.

Most of the data related to the Event is stored on our Google Drive, that is a part of Google Workspace. A list of email addresses for sending out the newsletters is stored by EmailOctopus. The respective information is stored in the European Union (“EU”).

The information you provide FOUR may be collected through our services and processed in the EU or any other country in which FOUR, its subsidiaries, affiliates, and/or service providers maintain facilities.

FOUR, its subsidiaries, affiliates, and/or service providers may transfer information we collect about you from your country or jurisdiction to other countries or jurisdictions around the world.

FOUR uses commercially reasonable standards, measures and/or protocol to keep the information collected through the Service secure, and as a result, we take cautionary steps to verify your identity before granting you Service access.

FOUR will retain your personal information for the time period necessary to carry out the processing explained in this Privacy Policy. In the case of contractual data, storage is required by statutory retention obligations. Requirements that oblige us to retain data result from the provisions on accounting and from tax law regulations. According to these regulations, business communications and concluded contracts must be stored for up to 10 years. The data is deleted as soon as there is no longer any obligation to retain it and we no longer have any legitimate interest in retaining it. 

FOUR is aware of the importance of protecting the privacy and safety of children who may use our services. In that regard, we do not knowingly solicit data from or market to children under the age of 16. In the event a child’s parent and/or legal guardian becomes aware that their child has provided us with information without their consent, please contact us immediately at privacy@four-corp.com. Once notified, we will delete the information as soon as reasonably possible.

FOUR provides means for you to see and control the information that FOUR collects, including through: (1) device permissions; and (2) opt-outs exercisable at any time.

In addition, you have the following rights with respect to FOUR's handling of your personal information:

1. Right of access: you have the right to request access to your Personal Information stored and processed by us at any time and free of charge. This gives you the opportunity to check what Personal Information we process about you and that we use it in accordance with applicable data protection regulations;

2. Right to rectification: you have the right to have inaccurate or incomplete Personal Information rectified and to be informed of the rectification. In this case, we will inform the recipients of the data concerned of the adjustments made, unless this is impossible or involves disproportionate effort;

3. Right to deletion: you have the right to have your Personal Information deleted under certain circumstances. In individual cases, especially in the case of legal retention obligations, the right to deletion may be excluded. In this case, we may block your data instead, provided the conditions are met;

4. Right to restrict processing: you have the right to request that the processing of your Personal Information be restricted;

5. Right to data transfer: you have the right to obtain from us, free of charge, the Personal Information you have provided to us in a readable format;

6. Right to object: you can object to the processing of your data at any time, in particular for data processing in connection with direct advertising (e.g. advertising emails or newsletters);

7. Right of withdrawal: in principle, where you have given consent you have the right to withdraw that consent at any time. However, processing activities that have already taken place based on your consent do not become unlawful because of your revocation of consent. 

To exercise these rights, please contact us at privacy@four-corp.com.

8. Right of complaint: you have the right to lodge a complaint with a competent supervisory authority in a state of your habitual residence, place of work, or place where the alleged infringement of applicable data protection laws has allegedly occurred, for example against the way your Personal Information is processed. 

The competent data protection supervisory authority is the government agency responsible for overseeing and enforcing data protection laws in a specific country or region.

Contact details for data protection authorities in the EU (and the UK) are available here. For users in Switzerland, the competent authority is the Federal Data Protection and Information Commissioner.

FOUR reserves the exclusive right to change, modify, or alter the terms of this Privacy Policy. The most current version of this policy will govern our use of your information. Continued access and use of the FOUR services after changes to our Privacy Policy occur indicate that you agree to be bound by the revised Privacy Policy.