GDPR (General Data Protection Regulation) is a new EU regulation that will come into force throughout the EU on 25 May 2018. GDPR replaces the Swedish Personal Data Act PUL and sets new requirements for how to handle and protect personal data. The GDPR regulates a number of rights for individuals and obligations for companies, organizations and associations that process personal data. Due to this, Imponera AB clarifies the conditions that apply to the customers and participants who are connected via our database and to our conference system. The terms also describe how we process and save the participant’s personal information.
The guiding principles for personal data processing are legality, purpose limitation. task minimization, accuracy, storage minimization as well as integrity and consent from the individual.
Why does Imponera AB collect your information?
Imponera AB processes your personal data in accordance with the purposes and legal grounds set out below. Imponera AB obtains consent from the customer alternatively from the registered person and with a clarification that consent can be revoked. We ensure that data collection and processing is necessary as part of fulfilling an agreement between Imponera AB, our customer and the participants to whom the data relates.
Our purpose with the collection and processing of your personal data is to only use relevant information for our services to facilitate the various implementations / events that Imponera AB helps our customers with. The following explains how we at Imponera AB collect, use, transfer and store personal information such as contact information (your name, e-mail address, telephone number and postal address), organizational personal information (company name, job title) and invoicing information.
Collection and processing of personal data at Imponera AB
- The personal data must be processed legally, correctly and in a transparent manner in relation to the data subject.
- The personal data must be adequate, relevant and not too extensive in relation to the purpose.
- The personal information must be correct and, if necessary, updated. Measures must be taken if the personal data are incorrect in relation to the purposes for which they are to be processed.
- Personal data shall be processed in a way that ensures appropriate security and protection against unauthorized or unauthorized processing and against loss, destruction or damage by accident, using appropriate technical or organizational measures.
The participant is always entitled to their personal data in our systems as below:
- The participant always has the right to take part in what information we have about the participant and how we handle his or her information.
- The participant always has the right to have their information corrected if something is not correct, and to have certain information removed from our systems.
- The participant can at any time end / delete their participation on lists for upcoming events and invitations.
Personal data manager
The person who is responsible for personal data for the processing of personal data is also responsible for his subcontractors, ie the person who decides that personal data is to be collected and what it is to be used for is the person responsible for personal data within the meaning of the law. The personal data responsibility comes with obligations to protect the data, to inform the data subject and whether the other obligations GDPR requires. It is the organization or company that gets this role, not the employees who perform the tasks. The person in charge is always 100 percent responsible. This responsibility cannot be shared.
Often the person who is responsible and who processes personal data has a subcontractor. It can be a data center, an email provider, a credit reporting company or another party. Such a party is called a personal data assistant. The person who is responsible for personal data has full responsibility at all times.
To support the person responsible, the GDPR requires that data be shared with someone else, for example a subcontractor, there must be an agreement that binds the subcontractor to comply with the law’s requirements and this is handled via a personal data assistant agreement.
In an assistant agreement, each party must fulfill its obligations in accordance with applicable data protection legislation. Imponera AB is obliged to comply with the laws that accompany and follow within the framework of the agreement and for services that are called during the agreement period in accordance with the appendix to the agreement. When the customer provides personal data to Imponera AB, such as the user’s name and e-mail address, the customer is responsible for this information being correct and up-to-date and for the legal basis for the transfer of such personal data. Imponera AB is in turn responsible for the legal basis for the processing of such personal data after receipt from the customer in an assistant agreement to the customer.
Imponera AB is largely part of its business personal data assistants and then for the processing of personal data that takes place within the framework of the services we offer within our conference system and for services that handle data in the form of participant lists / materials and which have been sent to us by customer and handled for an event with a legitimate interest in our business. In cases where Imponera AB is responsible for personal data, Imponera AB will comply with the laws and regulations that must be complied with in accordance with the above stated requirements.
As assistant managers, we are responsible for:
- Only process personal data according to documented instructions.
- Make sure that everyone who processes the data has undertaken to observe confidentiality.
- Maintain an adapted high level of safety both with routines and in equipment.
- Have the person in charge approve any sub-assistants and sign an assistant agreement if an assistant is hired.
- Assist the person in charge when someone registered wants to exercise their rights.
- Assist the person responsible for security, data breaches and other obligations.
- Delete or return data upon termination of the agreement.
- Give the person in charge the opportunity to check that the assistant has fulfilled his / her obligations above.
For certain events, Imponera AB may need to handle the participant’s information further in, for example, hotel booking, restaurant operations for allergies and other subcontractors / assistants who will work with us in an implementation where there is a requirement to use personal information or if it is necessary to communicate with the participant via eg sms, e-mail and mail. These suppliers may then only use the information for the purpose of implementing that part of the agreement for the event’s requirements. As Imponera has a commitment / implementation outside Sweden, the participant’s information may also be disclosed to a country in and outside the EU / EEA about any of Imponera’s suppliers or partners who are located there.
Most of the IT systems we use are located within the EU / EEA. Recurring suppliers outside the EU / EEA are MailChimp for e-mailing. Impressa will take measures to ensure that personal data remains protected and will also take the necessary measures to legally transfer personal data to countries outside the EU / EEA.
Imponera AB safeguards a high level of protection for the individuals who are participants during any of the implementations that we arrange in collaboration with our customers and Imponera will not under any circumstances sell / pass on your personal data. When Imponera uses a sub-assistant, a sub-assistant agreement is signed between Imponera AB as a personal assistant and the subcontractor as an assistant, where the principle for that agreement is the same as for the ordinary assistant agreement.
IT / Security Policy
The personal data we handle for an event must be protected against unauthorized access, alteration or destruction. That protection consists of technical measures such as antivirus software, firewall, wireless network with encryption and computers with updated software. The external IT systems used must have a high level of security. We who work at Imponera AB have taken part in and work on the basis of an internal policy with organizational measures that, for example, limit which employees are allowed to take part in different types of personal data. We follow the rules and regulations that deal with the collection of personal data as well as other precautionary measures based on the above-mentioned requirements set by law.
Cookies are collected on imponera.se. When you visit Impona’s website, certain information is collected using cookies. A cookie is a small text file that is stored in your browser. By continuing to use our website, you accept our cookies on your computer to be able to analyze how you use our website. If you do not accept cookies in connection with your use of our website, you can stop using our website or delete and block our cookies.
For further questions regarding the above documentation are responsible:
Patrik Eriksson, CEO
582 26 LINKÖPING
firstname.lastname@example.org or telephone 013-138570