Last updated: April 21, 2022
We process personal information
What kind of personal information do we process?
We collect personal information about various types of persons – in the latter we called “data subjects”, they can be:
The personal information we collect during our interaction with the above listed data subjects are all categorized as common personal information as described in GDPR Art. 6. The information collected can e.g. be:
About our way of processing the data, technical and organizational measures to make sure, that data is safe etc.
The GDPR art. 32 states, that the data controller must establish appropriate organisational and technical security measures, to set up a suitable safeguard for the personal information that is being processed. The security measures must comply to the risks applied to the data subjects from the type of personal information that is being gathered and processed by the data controller and the data processors involved in the processing.
The data controller is obliged to evaluate the risks, that is opposed on the data subjects and establish a corresponding of technical and organizational measures to make sure, that physical person’s freedom rights are maintained. Depending on the criticality of processing these measures can be:
According to GDPR art. 32 the data controller is, if some or all these processing activities are outsourced to a data processor, obliged to make sure, that similar security measures are developed and implemented with the data processor. The data controller is responsible for providing information to the data processor about risks and conditions, that can make the data processor capable of setting up the appropriate security measures.
Purpose and legal basis for processing your personal information
In the following, we will list up the different kinds of processing, that the conference performs with the input of your personal information. The description will reflect the actual processing activity, the attached legal basis for the individual activities and definition of the retention policy we have applied to the individual activities.
Speaker at the conference
We make it possible to signup as a speaker at the conference. The purpose of this activity is to build up a portfolio of candidates from which we may pick out individuals and forward them as speakers at the conference. In that process we collect information about the possible speaker e.g., name, email address, workplace, job-role, link to LinkedIn profile, country of origin and phone number. Furthermore, a short biography free text is required as well as a photo of the possible speaker and a more detailed description of the topic, that the speaker wants to propose for the conference. All personal information is collected to be able to get an impression of whether the speaker is a fit to the themes at the conference and to be able to get back to the candidate if they are selected to act as a speaker at the conference. All personal information that is collected is general information and thus regulated according to GDPR Art. 6. The legal basis claimed to process the information is both based on Art. 6, litra (a) as a consent is asked during the application process. Also, Art 6, litra (f) is assigned a legal basis, as the “Data controller” has a legal interest in getting in touch with a candidate, that has given a voluntary request to be assigned as a speaker at the conference.
The collected Personal Information will be deleted in two different stages – speakers not assigned to the program of the conference will have their information deleted after confirming the final programme of the conference. The speakers assigned to the programme of the conference will have their information deleted according to the general closure of the conference platform. Besides this, a data subject can of course exercise their general rights to be deleted, as mentioned in below chapter about Obligations and rights.
Retention and deletion of your personal information
Sharing your personal information
We share personal information that we collect with other relevant parties to deliver our services related to the conference. Below is a list of these 3rd parties, and an explanation of the activities in which they are being used:
BUSINESS ID NO.
PERSONAL INFORMATION BEING PROCESSED
PURPOSE OF PROCESSING
2155 E. GoDaddy Way
Tempe, AZ 85284 USA
United Kingdom: Attn: Legal, Office of the DPO, 5th Floor, The Shipping Building, Old Vinyl Factory, 252-254 Blyth Road, Hayes, UB3 1HA
Name, Telephone number, Email address
Country, Company and Role, Candidate speaker’s bio details and photo (for conference speakers’ applicants)
To receive Conference attendee’s registration, conference speakers’ submission and general newsletter subscriptions
1 Sir John Rogerson’s Quay, Dublin 2
25 First Street, 2nd Floor, Cambridge, MA 02141, USA
Name, Email address, Country, Company
To provide email and marketing services related to online conference service features
Zoom Video Communications
Zoom Video Communications
London, The Place, 4th Floor, 175 High Holborn
Lionheart Squared Limited
Attn: Data Privacy
17 Glasshouse Studios
Fryern Court Road
Profile and Participant Information, Contacts and Calendar Integrations, Settings, Registration Information, Device Information, Meeting, Webinar, and Messaging Content and Context, Product and Website Usage, Communications with Zoom, Information from Partners
To provide support to the conference live sessions with speakers and attendees
7310 Miramar Road, Suite 200, San Diego, CA 92126 Email: firstname.lastname@example.org Phone: +1 855-978-6578
a) Whova Usage information. This may include information about any IP address used to access Whova Services and your activities on Whova Services.
b) Whova account information. This may include information such as your name, email address, social network sign- in.
c) Search history and bookmark profiles on the used Whova Services. You may delete one or all at any time when Whova Services are available.
d) Certain functionalities of Whova Services require you to enter Personal Data to access your accounts with third-party websites, such as third-party social networks and websites.
To provide virtual conference services such as networking, live chats and polls, attendees and speakers community, virtual conference agenda management.
Account information is not provided to or shared with any third party
Search History and bookmarks is not shared with any third party
Third-party login credentials used in the Whova platform will be stored for user convenience of continuously accessing the third-party information upon user requests. Whova do not use this information for any other purpose. User third-party login credentials are hashed and stored with the strictest security standards.
555 W 18th St
New York City, NY 10011-2822
United States of America
Profile and Participant Information, Device Information, Webinar, and Messaging Content and Context, Product and Website Usage
To provide online video hosting, sharing, live streaming and related services through Vimeo owned-and-operated websites, including Vimeo.com and Livestream.com
Obligations and rights on processing personal information
Summing up our obligations, but also more on the data subjects’ rights
If we have collected personal from you, and the purpose for collecting this information is personal and described above as being processed in some form related to the DAMA EMEA conference you as a data subject enjoys a set of rights described in GDPR Chapter 3.
If you would like to access, amend, correct, erase (i.e., exercise your “right to be forgotten”), export (i.e., exercise your right to “data portability”), or object to or restrict the processing of Personal Data collected via our Site, you may submit a request to email@example.com
Depending on where you live, you may have a right to lodge a complaint with a supervisory authority (“DPA”) if you believe that we have violated any of the rights concerning Personal Data about you. We encourage you to first reach out to us at the above email address to give us an opportunity to address your concerns directly.
You may choose not to receive future promotional or advertising emails from us by selecting an unsubscribe or “Manage Your Subscription” link at the bottom of each email that you receive from us, or by responding to the emails directly and requesting removal if such a link is not available. Additionally, you may send a request specifying your communications preferences to firstname.lastname@example.org . Customers cannot opt out of receiving transactional emails related to their financial transactions with us or our services. Please note that even if you opt out of receiving promotional emails, we may still send you a response to any “Contact Us” request as well as administrative, maintenance and operational emails (for example, in connection with a password reset request).
We are in all instances intending to follow the principles laid out in GDPR Art. 5 regarding principles relating to the processing of personal data. We therefore intend to process all personal information in our possession lawfully, fairly and in a transparent manner. We collect personal information to specified and defined purposes and limits our processing to only that. We seek to maintain updated information and make access to corrections to collected data as easy as possible for the data subjects. Once our legitimate interest in the collected personal information has ended, we make sure that its deleted or anonymized. We set up technical controls to secure access to personal information on a need-to-know basis, and to make sure that integrity of the data is maintained.
Your legal rights
From GDPR act, data subjects can exercise a set of rights in relation to the personal information being processed about them. The following rights are also available for the data subject by contacting us at email@example.com. The following list is showing the different demands they can raise against us as a data controller, and that you can expect, that any of our data processors are able to honour as well.
By getting in touch you can:
If you raise a request on any of the above mentioned accounts, we will get back to you as soon as possible and at latest within a month from receiving your request.
If you after this still wish to raise a complaint, we may have to ask you to contact your local Data Processing Authority (“DPA”) to raise your case with them.