Privacy Policy

Last updated: April 21, 2022

 

We process personal information

This is the Privacy Policy that governs how Algorethics Ltd (“Data controller”), collect, receive, use, store and share Personal Data about you in connection with your interaction with the event: DAMA EMEA Conference and the websites related thereto.

The DAMA EMEA conference, and the responsible parties behind the conference are committed to respecting our members and participants legal rights to privacy and recognize the need for appropriate protection and management of any Personal Information that you choose to share with us as part of participating in the conference. As used in this Privacy Policy, “Personal Information” means any information that may, either alone, or in combination with other information, be able to identify an individual.

 

Contact information

The conference endeavours to comply with all applicable privacy laws. But If you wish to clarify anything with regards to the Privacy Policy or the conference’s use of personal information or exercise any rights as a registered party, please contact us info.emea@fitacademy.fit .

 

What kind of personal information do we process?

We collect personal information about various types of persons – in the latter we called “data subjects”, they can be:

  • Speakers at the conference
  • Members of DAMA chapters
  • Sponsors
  • Visitors to the conference
  • Course participants
  • Volunteers to the conference

The personal information we collect during our interaction with the above listed data subjects are all categorized as common personal information as described in GDPR Art. 6. The information collected can e.g. be:

  1. Name
  2. E-mail address
  3. Job role
  4. Company name
  5. Industry
  6. Company country
  7. Phone number
  8. Biography
  9. Photo
  10. LinkedIn profile
 
How we process personal information

About our way of processing the data, technical and organizational measures to make sure, that data is safe etc.

The GDPR art. 32 states, that the data controller must establish appropriate organisational and technical security measures, to set up a suitable safeguard for the personal information that is being processed. The security measures must comply to the risks applied to the data subjects from the type of personal information that is being gathered and processed by the data controller and the data processors involved in the processing.

The data controller is obliged to evaluate the risks, that is opposed on the data subjects and establish a corresponding of technical and organizational measures to make sure, that physical person’s freedom rights are maintained. Depending on the criticality of processing these measures can be:

  1. Pseudonymisation or encryption of personal information
  2. Maintain an access management procedure, so only users with a legal and work-related interest in the processing of personal information are allowed access to it
  3. The ability to maintain continuous confidentiality, integrity, access, and robustness of processing systems- and/or services
  4. The ability to establish access in a timely fashion, in case of a physical or technical incident
  5. Establish a procedure for regular testing, assessment, and evaluation of the efficiency of the technical and organisational measures that are set up to maintain a suitable level of security around the processing of personal information.

According to GDPR art. 32 the data controller is, if some or all these processing activities are outsourced to a data processor, obliged to make sure, that similar security measures are developed and implemented with the data processor. The data controller is responsible for providing information to the data processor about risks and conditions, that can make the data processor capable of setting up the appropriate security measures.

 

Purpose and legal basis for processing your personal information

In the following, we will list up the different kinds of processing, that the conference performs with the input of your personal information. The description will reflect the actual processing activity, the attached legal basis for the individual activities and definition of the retention policy we have applied to the individual activities.

 

Speaker at the conference

We make it possible to signup as a speaker at the conference. The purpose of this activity is to build up a portfolio of candidates from which we may pick out individuals and forward them as speakers at the conference. In that process we collect information about the possible speaker e.g., name, email address, workplace, job-role, link to LinkedIn profile, country of origin and phone number. Furthermore, a short biography free text is required as well as a photo of the possible speaker and a more detailed description of the topic, that the speaker wants to propose for the conference. All personal information is collected to be able to get an impression of whether the speaker is a fit to the themes at the conference and to be able to get back to the candidate if they are selected to act as a speaker at the conference. All personal information that is collected is general information and thus regulated according to GDPR Art. 6. The legal basis claimed to process the information is both based on Art. 6, litra (a) as a consent is asked during the application process. Also, Art 6, litra (f) is assigned a legal basis, as the “Data controller” has a legal interest in getting in touch with a candidate, that has given a voluntary request to be assigned as a speaker at the conference.

The collected Personal Information will be deleted in two different stages – speakers not assigned to the program of the conference will have their information deleted after confirming the final programme of the conference. The speakers assigned to the programme of the conference will have their information deleted according to the general closure of the conference platform. Besides this, a data subject can of course exercise their general rights to be deleted, as mentioned in below chapter about Obligations and rights.

 

Retention and deletion of your personal information

The privacy policy contains per processing activity a description of retention and deletion. The overall principle of the “Data Processor” is to collect and process as little personal information as possible, and make sure that it’s deleted once the legal basis for processing it is expired. All data related to the conference will be discontinued after 6 months and all personal information relating to the conference deleted or anonymized.

 

Sharing your personal information

We share personal information that we collect with other relevant parties to deliver our services related to the conference. Below is a list of these 3rd parties, and an explanation of the activities in which they are being used:

 

NAME

BUSINESS ID NO.

ADDRESS

PERSONAL INFORMATION BEING PROCESSED

PURPOSE OF PROCESSING

Godaddy.com

Godaddy.com

Corporate Headquarters

2155 E. GoDaddy Way

Tempe, AZ 85284 USA

 

United Kingdom: Attn: Legal, Office of the DPO, 5th Floor, The Shipping Building, Old Vinyl Factory, 252-254 Blyth Road, Hayes, UB3 1HA

 

https://www.godaddy.com/en-uk/legal/agreements/privacy-policy

Name, Telephone number, Email address

Country, Company and Role, Candidate speaker’s bio details and photo (for conference speakers’ applicants)

To receive Conference attendee’s registration, conference speakers’ submission and general newsletter subscriptions

Hubspot

HubSpot, Inc.

European HQ

1 Sir John Rogerson’s Quay, Dublin 2

 

Legal

25 First Street, 2nd Floor, Cambridge, MA 02141, USA

 

https://legal.hubspot.com/dpa

Name, Email address, Country, Company

To provide email and marketing services related to online conference service features

Zoom

Zoom Video Communications

 

Zoom Video Communications

London, The Place, 4th Floor, 175 High Holborn

 

Legal Department

Lionheart Squared Limited

Attn: Data Privacy

17 Glasshouse Studios

Fryern Court Road

Fordingbridge

Hampshire

SP6 1QX

United Kingdom

 

https://explore.zoom.us/en/privacy/

Profile and Participant Information, Contacts and Calendar Integrations, Settings, Registration Information, Device Information, Meeting, Webinar, and Messaging Content and Context, Product and Website Usage, Communications with Zoom, Information from Partners

To provide support to the conference live sessions with speakers and attendees

Whova

Whova, Inc

 

7310 Miramar Road, Suite 200, San Diego, CA 92126 Email: support@whova.com Phone: +1 855-978-6578

 

https://whova.com/privacy/

a) Whova Usage  information. This may include information about any IP address used to access Whova Services and your activities on Whova Services.

b) Whova account information.  This may include information such as your name, email address, social network sign- in.

c) Search history and bookmark profiles on the used Whova Services. You may delete one or all at any time when Whova Services are available.

d) Certain functionalities of Whova Services require you to enter Personal Data to access your accounts with third-party websites, such as third-party social networks and websites.

To provide virtual conference services such as networking, live chats and polls, attendees and speakers community, virtual conference agenda management.

Account information is not provided to or shared with any third party

Search History and bookmarks is not shared with any third party

Third-party login credentials used in the Whova platform will be stored for user convenience of continuously accessing the third-party information upon user requests. Whova do not use this information for any other purpose. User third-party login credentials are hashed and stored with the strictest security standards.

Vimeo

Vimeo.com, Inc.

Vimeo.com, Inc.

555 W 18th St

New York City, NY 10011-2822

United States of America

 

https://vimeo.com/privacy

Profile and Participant Information, Device Information, Webinar, and Messaging Content and Context, Product and Website Usage

To provide online video hosting, sharing, live streaming and related services through Vimeo owned-and-operated websites, including Vimeo.com and Livestream.com

 

Obligations and rights on processing personal information

Summing up our obligations, but also more on the data subjects’ rights

If we have collected personal from you, and the purpose for collecting this information is personal and described above as being processed in some form related to the DAMA EMEA conference you as a data subject enjoys a set of rights described in GDPR Chapter 3.

If you would like to access, amend, correct, erase (i.e., exercise your “right to be forgotten”), export (i.e., exercise your right to “data portability”), or object to or restrict the processing of Personal Data collected via our Site, you may submit a request to info.emea@fitacademy.fit

Depending on where you live, you may have a right to lodge a complaint with a supervisory authority (“DPA”) if you believe that we have violated any of the rights concerning Personal Data about you.  We encourage you to first reach out to us at the above email address to give us an opportunity to address your concerns directly.

You may choose not to receive future promotional or advertising emails from us by selecting an unsubscribe or “Manage Your Subscription” link at the bottom of each email that you receive from us, or by responding to the emails directly and requesting removal if such a link is not available. Additionally, you may send a request specifying your communications preferences to info.emea@fitacademy.fit . Customers cannot opt out of receiving transactional emails related to their financial transactions with us or our services. Please note that even if you opt out of receiving promotional emails, we may still send you a response to any “Contact Us” request as well as administrative, maintenance and operational emails (for example, in connection with a password reset request).

We are in all instances intending to follow the principles laid out in GDPR Art. 5 regarding principles relating to the processing of personal data. We therefore intend to process all personal information in our possession lawfully, fairly and in a transparent manner. We collect personal information to specified and defined purposes and limits our processing to only that. We seek to maintain updated information and make access to corrections to collected data as easy as possible for the data subjects. Once our legitimate interest in the collected personal information has ended, we make sure that its deleted or anonymized. We set up technical controls to secure access to personal information on a need-to-know basis, and to make sure that integrity of the data is maintained.

 

Your legal rights

From GDPR act, data subjects can exercise a set of rights in relation to the personal information being processed about them. The following rights are also available for the data subject by contacting us at info.emea@fitacademy.fit. The following list is showing the different demands they can raise against us as a data controller, and that you can expect, that any of our data processors are able to honour as well.

By getting in touch you can:

  • Get insight to the information, that we process about you and how we got into possession of this information if they were not provided from the data subject
  • Have your personal information rectified in case you believe that we have the wrong data
  • Have your data deleted – exercise the “right to be forgotten”
  • Get your data in a readable format to transfer to another data processor
  • Avoid or restrict processing of your personal information
  • And the right to object to automated processing of your data

If you raise a request on any of the above mentioned accounts, we will get back to you as soon as possible and at latest within a month from receiving your request.

If you after this still wish to raise a complaint, we may have to ask you to contact your local Data Processing Authority (“DPA”) to raise your case with them.

 

Cookies

We use cookies to make interactions with our website www.dama-emea.org (“site”) and subsites hereto easy and meaningful. When you visit our “site”, our servers may send a cookie to your computer. Alone, cookies do not personally identify you; they merely recognize your web browser. Unless you choose to identify yourself to us, either by responding to a promotional offer, opening an account, or filling out a web form, you remain anonymous to us.

We may use cookies that are session-based and persistent-based. Session cookies exist only during one session. They disappear from your computer when you close your browser software or turn off your computer. Persistent cookies remain on your computer after you close your browser or turn off your computer. Please note that if you disable your web browser’s ability to accept cookies, you will be able to navigate our Site, but you may not be able to successfully use all the features of our Site. For more information on how to manage your cookie settings, please visit our help page.