GDPR (General Data Protection Regulation) is a new EU regulation that applies throughout the EU on May 25, 2018. GDPR replaces the Swedish Personal Data Act PUL and sets new demands on how to handle and protect personal data. GDPR regulates a variety of rights for individual individuals and obligations for companies, organizations and associations dealing with personal data. For this reason, Imponera AB clarifies the conditions that apply to the customers and participants who are connected via our database and to our conference system. The terms also describe how we treat and save the participant’s personal information.
The guiding principles of personal data processing are legality, limitation of purpose. task minimization, correctness, storage minimization as well as integrity and consent of the individual.
Imponera AB processes your personal data in accordance with the purposes and the legal grounds set out below. Imponera AB collects consent from the customer or from the registered person and with a clarification that consent can be revoked. We ensure that the data retrieval and processing is necessary as a part of fulfilling an agreement between Imponera AB, our customer and the participants to whom the information relates.
Our purpose of collecting and processing your personal data is to use only relevant information for our services to facilitate the various implementations / events that Imponera AB helps our customers with. The following explains how we at Imponera AB collect, use, transfer and store personal information such as contact information (your name, e-mail address, telephone number and postal address), organizational personal data (company name, job title) and billing information.
The participant always has the right to their personal information in our systems as follows:
The person who is responsible for the personal data for the processing of the personal data is also responsible for their subcontractors, ie the person who decides that personal data shall be collected and what they are to be used for is the personal data controller in the opinion of the law. The responsibility for personal data follows the obligations to safeguard the data, to inform the data subject and about the other obligations of GDPR. It is the organization or company that gets this role, not the employees who perform the tasks. The person in charge is always 100 percent responsible. It is not possible to share this responsibility.
Often the person who is responsible and who processes personal data has a subcontractor. It can be a data hall, a mail provider, a credit information company or another party. Such a party is called a personal data assistant. The person responsible for personal data has the full responsibility at all times.
To support the person responsible, the GDPR requires sharing data with someone else, such as a subcontractor, there must be a contract that binds the subcontractor to comply with the law’s requirements and this is handled through a personal data support agreement.
In an assistance agreement, each party must fulfill its obligations under applicable data protection legislation. Imponera AB is obliged to comply with the laws that accompany and follow within the framework of the agreement and for services that are called during the contract period according to the appendix to the agreement. When the customer provides personal information to Imponera AB, such as the user’s name and e-mail address, the customer is responsible for the fact that these data are accurate and up-to-date and for legal reasons for the transfer of such personal data. Imponera AB is in turn responsible for legal basis for processing such personal data after receipt from the customer in an assistance agreement to the customer.
Imponera AB is, to a large extent, its personal data assistants and then for the processing of personal data that takes place within the framework of the services we offer within our conference system and for services that handle tasks in the form of participant lists / material and which have been sent to us by the customer and is handled for an event with a legitimate interest in our business. In cases where Imponera AB is responsible for personal data, Imponera AB will comply with the laws and regulations that must be followed according to the above stated stated requirements.
As (Personal Data) Processor, we are responsible for:
For certain events, Imponera AB may need to handle the participant’s information, for example, at hotel booking, restaurant activities for allergies and other subcontractors / subordinates who will work with us in an implementation where there is a requirement to use personal data or if it is necessary to be able to communicate with the participant via ex sms, e-mail and mail. These suppliers may then only use the information in order to implement that part of the agreement for the event’s requirements. When Imponera has involvement / implementation outside Sweden, the participant’s tasks may also be handed out to a country in and outside the EU / EEA about any of Imponera’s suppliers or partners who are there.
Most of the IT systems we devote ourselves are located within the EU / EEA. Recurring suppliers outside the EU / EEA are MailChimp for mailing. Imponera will take steps to ensure that the personal data continues to be protected and also take the necessary steps to legally transfer personal data to countries outside the EU / EEA.
Imponera AB cherishes a high level of protection for the individuals who are participants during any of the implementation that we arrange in cooperation with our customers and Imponera will under no circumstances sell / forward your personal information. When Imponera uses a subordinate, an underwriting agreement is signed between Imponera AB as a personal assistant and the subcontractor as subordinate where the principle of that agreement is the same as for the usual assistance agreement.
The personal data we handle for an event must be protected against unauthorized access, alteration or destruction. This protection consists of technical measures such as antivirus software, firewall, wireless networking with encryption and computers with updated programs. The external IT systems used must have a high level of security. We who work at Imponera AB have read and work on the basis of an internal policy with organizational measures that, for example, limit which employees are allowed to access different types of personal data. We follow the rules and regulations that apply to the collection of personal data and other precautionary measures based on the above-mentioned requirements set by the law.
Cookies are collected at imponera.se. When you visit Imponera’s website, certain information is collected using cookies. A cookie is a small text file that is stored in your browser. By continuing to use our website, you accept our cookies on your computer in order to analyze how you use our website. If you do not accept cookies in connection with your use of our site, you may stop using our site or remove and block our cookies.
For further questions regarding the above documentation:
Patrik Eriksson, CEO
582 26 LINKÖPING
email@example.com alt telefon +46 13-138570