Privacy Policy

Last updated: September 30, 2022

 

We process personal data

This is the Privacy Policy that governs how Algorethics Ltd (”Data Controller”), collect, receive, use, store and share Personal Data about you related to your participation in the event: the Data Conference of the DAMA Chapters of the EMEA Region (EMEA Data Conference) and the websites related thereto.

The EMEA Data Conference, and the responsible parties behind the conference are committed to respecting our members and participants legal rights to privacy and recognize the need for appropriate protection and management of any Personal Data that you choose to share with us as part of participating in the conference. As used in this Privacy Policy, “Personal Data” means any information that may, either alone, or in combination with other information, be able to identify you as an individual.

 

Contact information

The conference endeavours to comply with all applicable privacy laws. But If you wish to clarify anything with regards to the Privacy Policy or the conference’s use of Personal Data or exercise any rights as a registered party, please contact (”Data Controller”) at this e-mail address: [email protected] .

 

What kind of Personal Data do we process?

We collect Personal Data about various types of persons – in the latter we call it “data subjects”, they can be:

  • Speakers at the conference
  • Members of DAMA chapters
  • Sponsors
  • Visitors to the conference
  • Course participants
  • Volunteers to the conference

The Personal Data we collect during our interaction with the above listed “data subjects” are all categorized as common personal data as described in GDPR Art. 6. The information collected can be:

  1. Name
  2. E-mail address
  3. Job role
  4. Company name
  5. Industry
  6. Company country
  7. Phone number
  8. Biography
  9. Photo
  10. LinkedIn profile
  11. Country of origin
  12. Video and audio
  13. Country of DAMA Membership
  14. Body text (comments or message)
  15. Alias
 

How we process Personal Data

The GDPR art. 32 states, that the ”Data Controller” must establish appropriate organisational and technical security measures, to set up a suitable safeguard for the Personal Data that is being processed. The security measures must comply to the risks applied to the data subjects from the type of Personal Data that is being gathered and processed by the ”Data Controller” and the data processors involved in the processing.

The ”Data Controller” is obliged to evaluate the risks, that is opposed on the data subjects and establish a corresponding of technical and organizational measures to make sure, that physical person’s freedom rights are maintained. Depending on the criticality of processing these measures can be:

  1. Pseudonymisation or encryption of Personal Data
  2. Maintain an access management procedure, so only users with a legal and work-related interest in the processing of Personal Data are allowed access to it
  3. The ability to maintain continuous confidentiality, integrity, access, and robustness of processing systems- and/or services
  4. The ability to establish access in a timely fashion, in case of a physical or technical incident
  5. Establish a procedure for regular testing, assessment, and evaluation of the efficiency of the technical and organisational measures that are set up to maintain a suitable level of security around the processing of Personal Data.

According to GDPR art. 32 the ”Data Controller” is, if some or all these processing activities are outsourced to a data processor, obliged to make sure, that similar security measures are developed and implemented with the data processor. The ”Data Controller” is responsible for providing information to the data processor about risks and conditions, that can make the data processor capable of setting up the appropriate security measures.

 

Purpose and legal basis for processing your Personal Data

In the following, we will list up the different kinds of processing, that the conference performs with the input of your Personal Data. The description will reflect the actual processing activity, the attached legal basis for the individual activities and definition of the retention policy we have applied to the individual activities

Speaker at the conference

We make it possible to sign up as a speaker at the conference. The purpose of this activity is to build up a portfolio of candidates from which we may pick out individuals and forward them as speakers at the conference. In that process we collect information about the possible speaker e.g., name, email address, workplace, job-role, link to LinkedIn profile, country of origin and phone number. Furthermore, a short biography free text is required as well as a photo of the possible speaker and a more detailed description of the topic, that the speaker wants to propose for the conference. All Personal Data is collected to be able to get an impression of whether the speaker is a fit to the themes at the conference and to be able to get back to the candidate if they are selected to act as a speaker at the conference. All Personal Data that is collected is general information and thus regulated according to GDPR Art. 6. The legal basis claimed to process the information is both based on Art. 6, litra (a) as a consent is asked during the application process. Also, Art 6, litra (f) is assigned a legal basis, as the ”Data Controller” has a legal interest in getting in touch with a candidate, that has given a voluntary request to be assigned as a speaker at the conference.

The collected Personal Data will be deleted in two different stages – speakers not assigned to the program of the conference will have their information deleted after confirming the final programme of the conference. The speakers assigned to the programme of the conference will have their information deleted according to the general closure of the conference platform, while the speaker bio, picture and session details will remain visible in the conference website in perpetuity. Besides this, a data subject can of course exercise their general rights to be deleted, as mentioned in below chapter about Obligations and rights.

Registration as participant at the conference

The purpose of this activity is to collect information about the participant at the conference. This implies collecting name, email address, workplace, job title, whether you hold a membership of a DAMA chapter and if yes: In which country, and finally country of origin. Furthermore, it is possible to enter a short comment or message. All Personal Data is collected to be able to get back to the participant with links to the conference, and to be able to keep track of participants and whether they apply to our terms for free access. All Personal Data that is collected is general Personal Data and thus regulated according to GDPR Art. 6. The legal basis claimed to process the information is both based on Art. 6, litra (a) as a consent is asked during the application process. Also, Art 6, litra (f) is assigned a legal basis, as the ”Data Controller” has a legal interest in getting in touch with a conference guest to inform about matters concerning the execution of the conference.

The collected Personal Data will be deleted at the general closure of the conference platform. Besides this, a data subject can exercise their general rights to be deleted, as mentioned in below chapter about Obligations and rights.

Issuing marketing e-mails from conference sponsors to conference participants

The purpose of this activity is to share data collected about the participant at the conference registration activity mentioned previously. This implies that the collected name and email address are passed on to the registered sponsors and partners to the conference, thus allowing them to forward marketing e-mails to the conference participant. Personal Data that is collected during this is general Personal Data and thus regulated according to GDPR Art. 6. The legal basis claimed to process the information is based on Art. 6, litra (a) as a specific consent is asked during the application process. The collected Personal Data will be deleted at the general closure of the conference platform. Besides this, a data subject can exercise their general rights to be deleted, as mentioned in below chapter about Obligations and rights and by simply un-subscribing to the e-mails.

Participation in the conference

This activity deals with the collection of audio and video collected during the sessions of the conference. As a speaker you will appear on screen as the conference is on-line and the sessions are recorded. Hence this data will be stored according to the general retention period for the conference. The same conditions go for employees at the conference provider as well as conference participants. The collected video and audio remain available to the registered participants to the conference, thus allowing them to see sessions again at the conference platform. Personal Data that is collected during this activity is general Personal Data and thus regulated according to GDPR Art. 6. Thus, legal basis is considered Art 6, litra (f) as the ”Data Controller” claims to have a legal interest in keeping the material available for a short period of time after the event. Data retention will follow the general terms which is 6 months after closing the event.

 

Retention and deletion of your Personal Data

The privacy policy contains per processing activity a description of retention and deletion. The overall principle of the “Data Processor” is to collect and process as little Personal Data as possible, and make sure that it’s deleted once the legal basis for processing it has expired.

All collected personal data related to the preparation and execution of the conference will be discontinued after 12 months, meaning that it will be deleted or anonymized.

 

Sharing your Personal Data

We share Personal Data that we collect with other relevant parties to deliver our services related to the conference. Below is a list of these 3rd parties, and an explanation of the activities in which they are being used:

NAMEBUSINESS ID NO.ADDRESSPERSONAL INFORMATION BEING PROCESSEDPURPOSE OF PROCESSING
Godaddy.comGodaddy.com

Corporate Headquarters

2155 E. GoDaddy Way

Tempe, AZ 85284 USA

 

United Kingdom: Attn: Legal, Office of the DPO, 5th Floor, The Shipping Building, Old Vinyl Factory, 252-254 Blyth Road, Hayes, UB3 1HA

 

https://www.godaddy.com/en-uk/legal/agreements/privacy-policy

Name, Telephone number, Email address

Country, Company and Role, Candidate speaker’s bio details and photo (for conference speakers’ applicants)

To receive Conference attendee’s registration, conference speakers’ submission and general newsletter subscriptions
Intuit MailchimpRocket Science Group LLC

Legal

Attn. Legal Department, Mailchimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, Georgia, 30308

 

https://www.intuit.com/privacy/statement/

Name, Email address, Country, Company To provide email and marketing services related to online conference service features
Zoom

Zoom Video Communications

 

Zoom Video Communications

London, The Place, 4th Floor, 175 High Holborn

 

Legal Department

Lionheart Squared Limited

Attn: Data Privacy

17 Glasshouse Studios

Fryern Court Road

Fordingbridge

Hampshire

SP6 1QX

United Kingdom

 

https://explore.zoom.us/en/privacy/

Profile and Participant Information, Contacts and Calendar Integrations, Settings, Registration Information, Device Information, Meeting, Webinar, and Messaging Content and Context, Product and Website Usage, Communications with Zoom, Information from PartnersTo provide support to the conference live sessions with speakers and attendees
Whova

Whova, Inc

 

7310 Miramar Road, Suite 200, San Diego, CA 92126 Email: [email protected] Phone: +1 855-978-6578

 

https://whova.com/privacy/

a) Whova Usage  information. This may include information about any IP address used to access Whova Services and your activities on Whova Services.

b) Whova account information.  This may include information such as your name, email address, social network sign- in.

c) Search history and bookmark profiles on the used Whova Services. You may delete one or all at any time when Whova Services are available.

d) Certain functionalities of Whova Services require you to enter Personal Data to access your accounts with third-party websites, such as third-party social networks and websites.

To provide virtual conference services such as networking, live chats and polls, attendees and speakers community, virtual conference agenda management.

Account information is not provided to or shared with any third party

Search History and bookmarks is not shared with any third party

Third-party login credentials used in the Whova platform will be stored for user convenience of continuously accessing the third-party information upon user requests. Whova do not use this information for any other purpose. User third-party login credentials are hashed and stored with the strictest security standards.

VimeoVimeo.com, Inc.

Vimeo.com, Inc.

555 W 18th St

New York City, NY 10011-2822

United States of America

 

https://vimeo.com/privacy

Profile and Participant Information, Device Information, Webinar, and Messaging Content and Context, Product and Website UsageTo provide online video hosting, sharing, live streaming and related services through Vimeo owned-and-operated websites, including Vimeo.com and Livestream.com

 

Obligations and rights on processing Personal Data

Summing up our obligations, but also more on the data subjects’ rights

If we have collected personal from you, and the purpose for collecting this information is personal and described above as being processed in some form related to the DAMA EMEA conference you as a data subject enjoys a set of rights described in GDPR Chapter 3.

If you would like to access, amend, correct, erase (i.e., exercise your “right to be forgotten”), export (i.e., exercise your right to “data portability”), or object to or restrict the processing of Personal Data collected via our Site, you may submit a request to [email protected]

Depending on where you live, you may have a right to lodge a complaint with a local supervisory authority (“DPA”) if you believe that we have violated any of the rights concerning Personal Data about you.  We though encourage you to first reach out to us at the above email address to give us an opportunity to address your concerns directly.

You may choose not to receive future promotional or advertising emails from us by selecting an unsubscribe or “Manage Your Subscription” link at the bottom of each email that you receive from us, or by responding to the emails directly and requesting removal if such a link is not available. Additionally, you may send a request specifying your communications preferences to [email protected] . Customers cannot opt out of receiving transactional emails related to their financial transactions with us or our services. Please note that even if you opt out of receiving promotional emails, we may still send you a response to any “Contact Us” request as well as administrative, maintenance and operational emails (for example, in connection with a password reset request).

We are in all instances intending to follow the principles laid out in GDPR Art. 5 regarding principles relating to the appropriate processing of personal data. We therefore intend to process all Personal Data in our possession lawfully, fairly and in a transparent manner. We collect Personal Data to specified and defined purposes and limits our processing to only that. We seek to maintain updated information and make access to corrections to collected data as easy as possible for the data subjects. Once our legitimate interest in the collected Personal Data has ended, we make sure that its deleted or anonymized. We set up technical controls to secure access to Personal Data on a need-to-know basis, and to make sure that integrity of the data is maintained.

Your legal rights

From the GDPR act section III, data subjects can exercise a set of rights in relation to the Personal Data being processed about them. The following rights are also available for the data subject by contacting us at [email protected] The following list is showing the different demands they can raise against us as a ”Data Controller”, and that you can expect, that any of our data processors are able to honour as well.

By getting in touch you can:

  • Get insight to the information, that we process about you and how we got into possession of this information if they were not provided from the data subject
  • Have your Personal Data rectified in case you believe that we have the wrong data
  • Have your data deleted – exercise the “right to be forgotten”
  • Get your data in a readable format to transfer to another data processor
  • Avoid or restrict processing of your Personal Data
  • And the right to object to automated processing of your data

If you raise a request on any of the above-mentioned accounts, we will get back to you as soon as possible and at latest within a month from receiving your request.

If you after this still wish to raise a complaint, we ask you to contact your local Data Processing Authority (“DPA”) to raise your case with them

Cookies

We use cookies to make interactions with our website www.dama-emea.org (“site”) and subsites hereto easy and meaningful. When you visit our “site”, our servers may send a cookie to your computer. Alone, cookies do not personally identify you; they merely recognize your web browser. Unless you choose to identify yourself to us, either by responding to a promotional offer, opening an account, or filling out a web form, you remain anonymous to us.

We may use cookies that are session-based and persistent-based. Session cookies exist only during one session. They disappear from your computer when you close your browser software or turn off your computer. Persistent cookies remain on your computer after you close your browser or turn off your computer. Please note that if you disable your web browser’s ability to accept cookies, you will be able to navigate our Site, but you may not be able to successfully use all the features of our Site.

Please Note

This website uses cookies to ensure you get the best experience, both on this website and through other media. To find out more about the cookies we use, see our Cookie Policy. We won’t record your information when visiting our site. In order to comply with your preferences, we’ll have to use just one tiny cookie so that you’re not asked to make this choice again.