Last update: May 10, 2023
We collect Personal Data about various types of persons – in the latter we call it “data subjects”, they can be:
The Personal Data we collect during our interaction with the above listed “data subjects” are all categorized as common personal data as described in GDPR Art. 6. The information collected can be:
The GDPR art. 32 states that: ”Data Controller must establish appropriate organisational and technical security measures, to set up a suitable safeguard for the Personal Data that is being processed. The security measures must comply to the risks applied to the data subjects from the type of Personal Data that is being gathered and processed by the ”Data Controller” and the data processors involved in the processing”.
The ”Data Controller” is obliged to evaluate the risks, that is opposed on the data subjects and establish a corresponding set of technical and organizational measures to make sure, that physical person’s fundamental freedom rights are maintained. Depending on the criticality of processing these measures can be:
According to GDPR art. 32 the ”Data Controller” is, if some or all these processing activities are outsourced to a data processor, obliged to make sure, that similar security measures are developed and implemented with the data processor. The ”Data Controller” is responsible for providing information to the data processor about risks and conditions, that can make the data processor capable of setting up the appropriate security measures.
In the following, we will list up the different kinds of processing, that the conference performs with the input of your Personal Data. The description will reflect the actual processing activity, the attached legal basis for the individual activities and definition of the retention policy we have applied to the individual activities.
Speaker at the conference
We make it possible to sign up as a speaker at the conference. The purpose of this activity is initially, before the conference is held, to build up a portfolio of candidates from which we may pick out individuals and sign them up as speakers at the conference. In that process we collect information about the possible speaker e.g., name, email address, workplace, job-role, link to LinkedIn profile, country of origin and phone number. Furthermore, a short biography free text is required as well as a photo of the possible speaker and a more detailed description of the topic, that the speaker wants to propose for the conference. All Personal Data is collected to be able to get an impression of whether the speaker is a fit to the themes at the conference and to be able to get back to the candidate if they are finally selected to act as a speaker at the conference. All Personal Data that is collected is general information and thus regulated according to GDPR Art. 6. The legal basis claimed to process the information is both based on Art. 6, litra (a) as a consent is asked during the application process. Also, Art 6, litra (f) is assigned a legal basis, as the ”Data Controller” has a legal interest in getting in touch with a candidate, that has given a voluntary request to be assigned as a speaker at the conference.
The collected Personal Data will be deleted in two different stages:
The data subject can of course at any given time exercise their general rights to have their personal data, as mentioned in below chapter about Obligations and rights.
Registration as participant at the conference
The purpose of this activity is to collect information about the participant at the conference. This implies collecting name, email address, workplace, job title, whether you hold a membership of a DAMA chapter and if yes: In which country, the country of origin and finally, payment method and billing details. Furthermore, it is possible to enter a short comment or message. All Personal Data is collected to be able to get back to the participant with tickets, instructions, and links to the conference, and to be able to keep track of participants, the services they purchased, and whether they apply to our terms for free access. All Personal Data that is collected is general Personal Data and thus regulated according to GDPR Art. 6. The legal basis claimed to process the information is both based on Art. 6, litra (a) as a consent is asked during the application process. Also, Art 6, litra (f) is assigned a legal basis, as the ”Data Controller” has a legal interest in getting in touch with a conference guest to inform about matters concerning the execution of the conference.
The collected Personal Data will be deleted at the general closure of the conference platform. Besides this, a data subject can always exercise their general rights to be deleted, as mentioned in below chapter about Obligations and rights.
Issuing marketing e-mails from conference sponsors to conference participants
The purpose of this activity is to share data collected about the participant at the conference registration activity mentioned previously. This implies that the collected name and email address are passed on to the registered sponsors and partners to the conference, thus allowing them to forward marketing e-mails to the conference participant. Personal Data that is collected during this is general Personal Data and thus regulated according to GDPR Art. 6. The legal basis claimed to process the information is based on Art. 6, litra (a) as a specific consent is asked during the application process. The collected Personal Data will be deleted at the general closure of the conference platform. Besides this, a data subject can always exercise their general rights to be deleted, as mentioned in below chapter about Obligations and rights and by simply un-subscribing to the e-mails.
Participation in the conference
This activity deals with the collection of audio and video collected during the sessions of the conference. As a speaker you will appear on screen as the conference is on-line and the sessions are recorded. Hence this data will be stored according to the general retention period for the conference. The same conditions go for employees at the conference provider as well as conference participants. The collected video and audio remain available to the registered participants to the conference, thus allowing them to see sessions again at the conference platform. Personal Data that is collected during this activity is general Personal Data and thus regulated according to GDPR Art. 6. Thus, legal basis is considered Art 6, litra (f) as the ”Data Controller” claims to have a legal interest in keeping the material available for a short period of time after the event. Data retention will follow the general terms which is 6 months after closing the event.
All collected personal data related to the preparation and execution of the conference will be discontinued after 12 months, meaning that it will either be deleted or anonymized.
We share Personal Data that we collect with other relevant parties to deliver our services related to the conference. Below is a list of these 3rd parties, and an explanation of the activities in which they are being used:
|BUSINESS ID NO.
|PERSONAL INFORMATION BEING PROCESSED
|PURPOSE OF PROCESSING
2155 E. GoDaddy Way
Tempe, AZ 85284 USA
United Kingdom: Attn: Legal, Office of the DPO, 5th Floor, The Shipping Building, Old Vinyl Factory, 252-254 Blyth Road, Hayes, UB3 1HA
Name, Telephone number, Email address
Country, Company and Role, Candidate speaker’s bio details and photo (for conference speakers’ applicants)
|To receive Conference attendee’s registration, conference speakers’ submission and general newsletter subscriptions
|Rocket Science Group LLC
Attn. Legal Department, Mailchimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, Georgia, 30308
|Name, Email address, Country, Company
|To provide email and marketing services related to online conference service features
Zoom Video Communications
Zoom Video Communications
London, The Place, 4th Floor, 175 High Holborn
Lionheart Squared Limited
Attn: Data Privacy
17 Glasshouse Studios
Fryern Court Road
|Profile and Participant Information, Contacts and Calendar Integrations, Settings, Registration Information, Device Information, Meeting, Webinar, and Messaging Content and Context, Product and Website Usage, Communications with Zoom, Information from Partners
|To provide support to the conference live sessions with speakers and attendees
7310 Miramar Road, Suite 200, San Diego, CA 92126 Email: [email protected] Phone: +1 855-978-6578
a) Whova Usage information. This may include information about any IP address used to access Whova Services and your activities on Whova Services.
b) Whova account information. This may include information such as your name, email address, social network sign- in.
c) Payment method and billing information. This may include, name, billing address, email, Credit Card details.
d) Search history and bookmark profiles on the used Whova Services. You may delete one or all at any time when Whova Services are available.
e) Certain functionalities of Whova Services require you to enter Personal Data to access your accounts with third-party websites, such as third-party social networks and websites.
To provide virtual conference services such as networking, live chats and polls, attendees and speakers community, virtual conference agenda management.
Account information is not provided to or shared with any third party
Search History and bookmarks is not shared with any third party
Third-party login credentials used in the Whova platform will be stored for user convenience of continuously accessing the third-party information upon user requests. Whova do not use this information for any other purpose. User third-party login credentials are hashed and stored with the strictest security standards.
555 W 18th St
New York City, NY 10011-2822
United States of America
|Profile and Participant Information, Device Information, Webinar, and Messaging Content and Context, Product and Website Usage
|To provide online video hosting, sharing, live streaming and related services through Vimeo owned-and-operated websites, including Vimeo.com and Livestream.com
|Stripe Payments Europe Limited
Stripe Payments Europe Limited
Attention: Stripe Legal
|Transaction Data. If you are an End Customer, when you make payments to, get refunds from, begin a purchase, make a donation or otherwise transact with a Business User that uses us to provide payment processing Business Services, we will receive Transaction Data. We may also receive your transaction history with the Business User.. Moreover, we may obtain information typed into a checkout form, even if you choose not to complete the form or purchase with the Business User.
Identity/Verification Information. Stripe provides a verification and fraud prevention Service that allows a Business User to verify Personal Data about you, such as your age (when purchasing age restricted goods) or your authorization to use a payment method. As part of these Services, you will be asked to share Personal Data with us for this purpose (e.g., your government ID, your image (selfie), and Personal Data you input or that is apparent from the physical payment method (e.g. credit card image)). To protect against fraud, we may compare this information with information about you we collect from Business Users, financial partners, business partners, identity verification services, publicly available sources, and other third party service providers and sources so that we can assess whether the person is likely to be you or a person purporting to be you.
Usage data about the online activity
|To support Payments related Business Services between participants and the conference provider, including to process online payment transactions, to calculate applicable sales tax, to invoice and bill, and to help conference provider to calculate their revenue, pay their bills and perform accounting tasks
If we have collected personal data from you, and the purpose for collecting this information is described above as being processed in some form related to the DAMA EMEA conference you as a data subject enjoys a set of rights described in GDPR Chapter 3.
If you would like to access, amend, correct, erase (i.e., exercise your “right to be forgotten”), export (i.e., exercise your right to “data portability”), or object to or restrict the processing of Personal Data collected by the “Data Controller”, you may submit a request to [email protected] with a written description of the changes you want made in relation to your personal data. The “Data Controller” will get back to you as soon as possible. Replying to your enquiry may take up to 30 days.
You may choose not to receive future promotional or advertising emails from us by selecting an unsubscribe or “Manage Your Subscription” link at the bottom of each email that you receive from us, or by responding to the emails directly and requesting removal if such a link is not available. Additionally, you may send a request specifying your communications preferences to [email protected] . Customers cannot opt out of receiving transactional emails related to their financial transactions with us or our services. Please note that even if you opt out of receiving promotional emails, we may still reserve the right to send you a response to any request as well as administrative, maintenance and operational emails (for example, in connection with a password reset request) you might send us via “Contact Us” forms.
We are in all instances intending to follow the principles laid out in GDPR Art. 5 regarding the appropriate processing of personal data. We therefore intend to:
Your legal rights
From the GDPR act section III, you, as a data subjects, can exercise a set of rights in relation to the Personal Data being processed about you. The following rights are also available for you by contacting us at [email protected]. The following list is showing the different demands you can raise against us as a ”Data Controller”, and that you can expect, that any of our data processors are able to honour as well.
By getting in touch you can:
If you raise a request on any of the above-mentioned accounts, we will get back to you as soon as possible and at latest within 30 days from receiving your request.
If you after this still wish to raise a complaint, we ask you to contact your local Data Processing Authority (“DPA”) to raise your case with them. We though encourage you to first reach out to us at the above email address to give us an opportunity to address your concerns directly.