Privacy Policy

Last update: May 10, 2023


We process personal data

This is the Privacy Policy that governs how Algorethics Ltd (”Data Controller”), collect, receive, use, store, share and delete Personal Data about you related to your participation in the event: “The conference of DAMA Chapters of the EMEA region” and the websites related thereto.

The EMEA Data conference, and the responsible parties behind the conference are committed to respecting our members and participants legal rights to privacy and recognize the need for appropriate protection and management of any Personal Data that you choose to share with us as part of participating in the conference. As used in this Privacy Policy, “Personal Data” means any information that may, either alone, or in combination with other information, be able to identify you as an individual.


Contact information

The conference intends to comply with all applicable privacy laws. But If you wish to clarify anything with regards to the Privacy Policy or the conference’s use of Personal Data or exercise any rights as a registered party, please contact the Data Controller at this e-mail address: [email protected] .


What kind of Personal Data do we process?

We collect Personal Data about various types of persons – in the latter we call it “data subjects”, they can be:

  • Speakers at the conference
  • Members of DAMA chapters
  • Sponsors
  • Visitors to the conference
  • Course participants
  • Volunteers to the conference

The Personal Data we collect during our interaction with the above listed “data subjects” are all categorized as common personal data as described in GDPR Art. 6. The information collected can be:

  1. Name
  2. E-mail address
  3. Job role
  4. Company name
  5. Industry
  6. Company country
  7. Phone number
  8. Biography
  9. Photo
  10. LinkedIn profile
  11. Country of origin
  12. Video and audio
  13. Country of DAMA Membership
  14. Body text (comments or message)
  15. Alias
  16. Payment methods
  17. Billing details

How we process Personal Data

The GDPR art. 32 states that: ”Data Controller must establish appropriate organisational and technical security measures, to set up a suitable safeguard for the Personal Data that is being processed. The security measures must comply to the risks applied to the data subjects from the type of Personal Data that is being gathered and processed by the ”Data Controller” and the data processors involved in the processing”.

The ”Data Controller” is obliged to evaluate the risks, that is opposed on the data subjects and establish a corresponding set of technical and organizational measures to make sure, that physical person’s fundamental freedom rights are maintained. Depending on the criticality of processing these measures can be:

  1. Pseudonymisation or encryption of Personal Data.
  2. Maintain an access management procedure, so only users with a legal and work-related interest in the processing of Personal Data are allowed access to access it.
  3. The ability to maintain continuous confidentiality, integrity, access, and robustness of processing systems- and/or services.
  4. The ability to establish access in a timely fashion, in case of a physical or technical incident.

According to GDPR art. 32 the ”Data Controller” is, if some or all these processing activities are outsourced to a data processor, obliged to make sure, that similar security measures are developed and implemented with the data processor. The ”Data Controller” is responsible for providing information to the data processor about risks and conditions, that can make the data processor capable of setting up the appropriate security measures.


Purpose and legal basis for processing your Personal Data

In the following, we will list up the different kinds of processing, that the conference performs with the input of your Personal Data. The description will reflect the actual processing activity, the attached legal basis for the individual activities and definition of the retention policy we have applied to the individual activities.

Speaker at the conference

We make it possible to sign up as a speaker at the conference. The purpose of this activity is initially, before the conference is held, to build up a portfolio of candidates from which we may pick out individuals and sign them up as speakers at the conference. In that process we collect information about the possible speaker e.g., name, email address, workplace, job-role, link to LinkedIn profile, country of origin and phone number. Furthermore, a short biography free text is required as well as a photo of the possible speaker and a more detailed description of the topic, that the speaker wants to propose for the conference. All Personal Data is collected to be able to get an impression of whether the speaker is a fit to the themes at the conference and to be able to get back to the candidate if they are finally selected to act as a speaker at the conference. All Personal Data that is collected is general information and thus regulated according to GDPR Art. 6. The legal basis claimed to process the information is both based on Art. 6, litra (a) as a consent is asked during the application process. Also, Art 6, litra (f) is assigned a legal basis, as the ”Data Controller” has a legal interest in getting in touch with a candidate, that has given a voluntary request to be assigned as a speaker at the conference.

The collected Personal Data will be deleted in two different stages:

  1. speakers not assigned to the program of the conference will have their information deleted after confirming the final programme of the conference,
  2. while the speakers assigned to the programme of the conference will have their information deleted according to the general closure of the conference platform. The speaker bio, picture and session details will remain visible in the conference website according to the retention policy for the conference platform.

The data subject can of course at any given time exercise their general rights to have their personal data, as mentioned in below chapter about Obligations and rights.

The collected Personal Data of the speakers assigned to the final programme of the conference is used to create a speaker profile in the event platform, where the data subject is asked to confirm the information included and to accept the event platform Terms and Privacy Policy (see Sharing your Personal Data below)

Registration as participant at the conference

The purpose of this activity is to collect information about the participant at the conference. This implies collecting name, email address, workplace, job title, whether you hold a membership of a DAMA chapter and if yes: In which country, the country of origin and finally, payment method and billing details. Furthermore, it is possible to enter a short comment or message. All Personal Data is collected to be able to get back to the participant with tickets, instructions, and links to the conference, and to be able to keep track of participants, the services they purchased, and whether they apply to our terms for free access. All Personal Data that is collected is general Personal Data and thus regulated according to GDPR Art. 6. The legal basis claimed to process the information is both based on Art. 6, litra (a) as a consent is asked during the application process. Also, Art 6, litra (f) is assigned a legal basis, as the ”Data Controller” has a legal interest in getting in touch with a conference guest to inform about matters concerning the execution of the conference.

The collected Personal Data will be deleted at the general closure of the conference platform. Besides this, a data subject can always exercise their general rights to be deleted, as mentioned in below chapter about Obligations and rights.

Issuing marketing e-mails from conference sponsors to conference participants

The purpose of this activity is to share data collected about the participant at the conference registration activity mentioned previously. This implies that the collected name and email address are passed on to the registered sponsors and partners to the conference, thus allowing them to forward marketing e-mails to the conference participant. Personal Data that is collected during this is general Personal Data and thus regulated according to GDPR Art. 6. The legal basis claimed to process the information is based on Art. 6, litra (a) as a specific consent is asked during the application process. The collected Personal Data will be deleted at the general closure of the conference platform. Besides this, a data subject can always exercise their general rights to be deleted, as mentioned in below chapter about Obligations and rights and by simply un-subscribing to the e-mails.

Participation in the conference

This activity deals with the collection of audio and video collected during the sessions of the conference. As a speaker you will appear on screen as the conference is on-line and the sessions are recorded. Hence this data will be stored according to the general retention period for the conference. The same conditions go for employees at the conference provider as well as conference participants. The collected video and audio remain available to the registered participants to the conference, thus allowing them to see sessions again at the conference platform. Personal Data that is collected during this activity is general Personal Data and thus regulated according to GDPR Art. 6. Thus, legal basis is considered Art 6, litra (f) as the ”Data Controller” claims to have a legal interest in keeping the material available for a short period of time after the event. Data retention will follow the general terms which is 6 months after closing the event.


Retention and deletion of your Personal Data

The privacy policy contains per processing activity a description of retention and deletion. The overall principle of the “Data Processor” is to collect and process as little Personal Data as possible, and make sure that it’s deleted once the legal basis for processing it has expired.

All collected personal data related to the preparation and execution of the conference will be discontinued after 12 months, meaning that it will either be deleted or anonymized.


Sharing your Personal Data

We share Personal Data that we collect with other relevant parties to deliver our services related to the conference. Below is a list of these 3rd parties, and an explanation of the activities in which they are being used:


Corporate Headquarters

2155 E. GoDaddy Way

Tempe, AZ 85284 USA


United Kingdom: Attn: Legal, Office of the DPO, 5th Floor, The Shipping Building, Old Vinyl Factory, 252-254 Blyth Road, Hayes, UB3 1HA

Name, Telephone number, Email address

Country, Company and Role, Candidate speaker’s bio details and photo (for conference speakers’ applicants)

To receive Conference attendee’s registration, conference speakers’ submission and general newsletter subscriptions
Intuit MailchimpRocket Science Group LLC


Attn. Legal Department, Mailchimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, Georgia, 30308

Name, Email address, Country, Company To provide email and marketing services related to online conference service features

Zoom Video Communications


Zoom Video Communications

London, The Place, 4th Floor, 175 High Holborn


Legal Department

Lionheart Squared Limited

Attn: Data Privacy

17 Glasshouse Studios

Fryern Court Road




United Kingdom

Profile and Participant Information, Contacts and Calendar Integrations, Settings, Registration Information, Device Information, Meeting, Webinar, and Messaging Content and Context, Product and Website Usage, Communications with Zoom, Information from PartnersTo provide support to the conference live sessions with speakers and attendees

Whova, Inc


7310 Miramar Road, Suite 200, San Diego, CA 92126 Email: [email protected] Phone: +1 855-978-6578

a) Whova Usage  information. This may include information about any IP address used to access Whova Services and your activities on Whova Services.

b) Whova account information.  This may include information such as your name, email address, social network sign- in.

c) Payment method and billing information. This may include, name, billing address, email, Credit Card details.

d) Search history and bookmark profiles on the used Whova Services. You may delete one or all at any time when Whova Services are available.

e) Certain functionalities of Whova Services require you to enter Personal Data to access your accounts with third-party websites, such as third-party social networks and websites.

To provide virtual conference services such as networking, live chats and polls, attendees and speakers community, virtual conference agenda management.

Account information is not provided to or shared with any third party

Search History and bookmarks is not shared with any third party

Third-party login credentials used in the Whova platform will be stored for user convenience of continuously accessing the third-party information upon user requests. Whova do not use this information for any other purpose. User third-party login credentials are hashed and stored with the strictest security standards., Inc., Inc.

555 W 18th St

New York City, NY 10011-2822

United States of America

Profile and Participant Information, Device Information, Webinar, and Messaging Content and Context, Product and Website UsageTo provide online video hosting, sharing, live streaming and related services through Vimeo owned-and-operated websites, including and
StripeStripe Payments Europe Limited

Stripe Payments Europe Limited
1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland

Attention: Stripe Legal

Transaction Data. If you are an End Customer, when you make payments to, get refunds from, begin a purchase, make a donation or otherwise transact with a Business User that uses us to provide payment processing Business Services, we will receive Transaction Data. We may also receive your transaction history with the Business User.. Moreover, we may obtain information typed into a checkout form, even if you choose not to complete the form or purchase with the Business User.
Identity/Verification Information. Stripe provides a verification and fraud prevention Service that allows a Business User to verify Personal Data about you, such as your age (when purchasing age restricted goods) or your authorization to use a payment method. As part of these Services, you will be asked to share Personal Data with us for this purpose (e.g., your government ID, your image (selfie), and Personal Data you input or that is apparent from the physical payment method (e.g. credit card image)). To protect against fraud, we may compare this information with information about you we collect from Business Users, financial partners, business partners, identity verification services, publicly available sources, and other third party service providers and sources so that we can assess whether the person is likely to be you or a person purporting to be you.
Usage data about the online activity
To support Payments related Business Services between participants and the conference provider, including to process online payment transactions, to calculate applicable sales tax, to invoice and bill, and to help conference provider to calculate their revenue, pay their bills and perform accounting tasks


Obligations and rights on processing Personal Data

If we have collected personal data from you, and the purpose for collecting this information is described above as being processed in some form related to the DAMA EMEA conference you as a data subject enjoys a set of rights described in GDPR Chapter 3.

If you would like to access, amend, correct, erase (i.e., exercise your “right to be forgotten”), export (i.e., exercise your right to “data portability”), or object to or restrict the processing of Personal Data collected by the “Data Controller”, you may submit a request to [email protected] with a written description of the changes you want made in relation to your personal data. The “Data Controller” will get back to you as soon as possible. Replying to your enquiry may take up to 30 days.

You may choose not to receive future promotional or advertising emails from us by selecting an unsubscribe or “Manage Your Subscription” link at the bottom of each email that you receive from us, or by responding to the emails directly and requesting removal if such a link is not available. Additionally, you may send a request specifying your communications preferences to [email protected] . Customers cannot opt out of receiving transactional emails related to their financial transactions with us or our services. Please note that even if you opt out of receiving promotional emails, we may still reserve the right to send you a response to any request as well as administrative, maintenance and operational emails (for example, in connection with a password reset request) you might send us via “Contact Us” forms.

We are in all instances intending to follow the principles laid out in GDPR Art. 5 regarding the appropriate processing of personal data. We therefore intend to:

  1. process all Personal Data in our possession lawfully, fairly and in a transparent manner.
  2. We collect Personal Data to specified and defined purposes only and limits our processing to only that.
  3. We seek to maintain updated information and make access to corrections to collected data as easy as possible for the data subjects.
  4. Once our legitimate interest in the collected Personal Data has ended, we make sure that its deleted or anonymized.
  5. We set up technical controls to secure access to Personal Data on a need-to-know basis, and to make sure that integrity of the data is maintained.

Your legal rights

From the GDPR act section III, you, as a data subjects, can exercise a set of rights in relation to the Personal Data being processed about you. The following rights are also available for you by contacting us at [email protected]. The following list is showing the different demands you can raise against us as a ”Data Controller”, and that you can expect, that any of our data processors are able to honour as well.

By getting in touch you can:

  • Get insight to the information, that we process about you and how we got into possession of this information if they were not provided by you
  • Have your Personal Data rectified in case you believe that we have the wrong information
  • Have your data deleted – exercise the “right to be forgotten”
  • Get your data in a readable format to transfer to another data processor
  • Avoid or restrict processing of your Personal Data
  • And the right to object to automated processing of your data

If you raise a request on any of the above-mentioned accounts, we will get back to you as soon as possible and at latest within 30 days from receiving your request.

If you after this still wish to raise a complaint, we ask you to contact your local Data Processing Authority (“DPA”) to raise your case with them. We though encourage you to first reach out to us at the above email address to give us an opportunity to address your concerns directly.


We use cookies to make interactions with our website (“site”) and subsites hereto easy and meaningful. When you visit our “site”, our servers may send a cookie to your computer. Alone, cookies do not personally identify you; they merely recognize your web browser. Unless you choose to identify yourself to us, either by responding to a promotional offer, opening an account, or filling out a web form, you remain anonymous to us.

We may use cookies that are session-based and persistent-based. Session cookies exist only during one session. They disappear from your computer when you close your browser software or turn off your computer. Persistent cookies remain on your computer after you close your browser or turn off your computer. Please note that if you disable your web browser’s ability to accept cookies, you will be able to navigate our Site, but you may not be able to successfully use all the features of our Site.

Please Note

This website uses cookies to ensure you get the best experience, both on this website and through other media. To find out more about the cookies we use, see our Cookie Policy. We won’t record your information when visiting our site. In order to comply with your preferences, we’ll have to use just one tiny cookie so that you’re not asked to make this choice again.