Privacy Policy

Imponera’s Privacy Policy

Introduction

GDPR (General Data Protection Regulation) is an EU regulation that was applied throughout the EU on May 25, 2018. GDPR replaces the Swedish Personal Data Act PUL and sets new demands on how to handle and protect personal data. GDPR regulates a variety of rights for individuals and obligations for companies, organizations and associations dealing with personal data. For this reason, Imponera AB clarifies the conditions that apply to the customers and participants who are connected via our database and to our conference system. The terms also describe how we treat and save the participant’s personal information.

The guiding principles of personal data processing are legality, limitation of purpose, task minimization, correctness, storage minimization as well as integrity and consent of the individual.

Why does Imponera AB collect your information?

Imponera AB processes your personal data in accordance with the purposes and the legal grounds set out below. Imponera AB collects consent from the customer or from the registered person and with a clarification that consent can be revoked. We ensure that the data retrieval and processing is necessary as a part of fulfilling an agreement between Imponera AB, our customer and the participants to whom the information relates.

Our purpose for collecting and processing your personal data is to use only relevant information for our services to facilitate the various implementations / events that Imponera AB helps the customers with. The following explains how we at Imponera AB collect, use, transfer and store personal information such as contact information (your name, e-mail address, telephone number and postal address), organizational personal data (company name, job title) and billing information.

Collection and processing of personal data by Imponera AB

  • The personal data must be processed legally, correctly and in an open manner in relation to the data subject.
  • The personal data must be adequate, relevant and not too extensive in relation to the purpose.
  • The personal data must be accurate and, if necessary, updated. Measures must be taken if the personal data is incorrect in relation to the purposes for which they are to be processed.
  • The personal data will be stored in a way that makes it impossible to identify the data subject for a longer period than what is necessary, i.e. the personal data will only be saved if there is a need to save it and to fulfill the purposes for which the data has been collected in accordance with this privacy policy. Imponera AB saves personal data for a maximum of 15 months after the participant’s most recent encounter with us or the last time the participant has been in contact with our business in some way. In cases where personal data need not be saved, these data will be deleted immediately after the project has been completed.
  • Personal data shall be processed in a manner that ensures appropriate security and protection against unauthorized or unauthorized processing and against loss, destruction or accidental damage, using appropriate technical or organizational measures.

The participant always has the right to their personal information in our systems as follows:

  • The participant always has the right to see what information we have about the participant and how we handle his / her data.
  • The participant always has the right to have his / her information corrected if something is not correct, and get certain information removed from our systems.
  • The participant may at any time terminate / remove his or her participation in lists prior to upcoming events and invitations.

(Personal Data) Controller

The person who is responsible for the personal data and for the processing of the personal data is also responsible for their subcontractors, i.e. the person who decides that personal data shall be collected and what they are to be used for is the personal data controller in the opinion of the law. The responsibility for personal data follows the obligations to safeguard the data, to inform the data subject and about the other obligations of GDPR. It is the organization or company that gets this role, not the employees who perform the tasks. The person in charge is always 100 percent responsible. It is not possible to share this responsibility.

(Personal Data) Processor

The person who is responsible and who processes personal data often has a subcontractor. It can be a data hall, a mail provider, a credit information company or another party. Such a party is called a personal data assistant. The person responsible for personal data has the full responsibility at all times.

To support the person responsible, the GDPR requires sharing data with someone else, such as a subcontractor, there must be a contract that binds the subcontractor to comply with the law’s requirements and this is handled through a personal data support agreement.

In an assistance agreement, each party must fulfill its obligations under applicable data protection legislation. Imponera AB is obliged to comply with the laws that accompany and follow within the framework of the agreement and for services that are called during the contract period according to the appendix of the agreement. When the customer provides personal information to Imponera AB, such as the user’s name and e-mail address, the customer is responsible for that these data are accurate and up-to-date and for legal reasons for the transfer of such personal data. Imponera AB is in turn responsible for legal basis of processing such personal data after receipt from the customer in an assistance agreement to the customer.

Imponera AB is, to a large extent, its personal data assistants and for the processing of personal data that takes place within the framework of the services we offer within our conference system and for services that handle tasks in the form of participant lists / material which have been sent to us by the customer and is handled for an event with a legitimate interest in our business. In cases where Imponera AB is responsible for personal data, Imponera AB will comply with the laws and regulations that must be followed according to the above stated requirements.

As (Personal Data) Processor, we are responsible for:

  • Only process personal data according to documented instructions.
  • Make sure everyone who deals with the data is committed to observing confidentiality.
  • Maintain a customized high level of safety with both routines and equipment.
  • Allow the person responsible to approve any subordinates and sign an assistant agreement if the assistant is hired.
  • Assist the person in charge when someone registered wants to exercise their rights.
  • Assisting the person responsible for security, hacking and other obligations.
  • Delete or return data at termination of the agreement.
  • Give the responsible opportunity to verify that the assistant has fulfilled his obligations above.

(Personal Data) Sub Processor

For certain events, Imponera AB may need to handle the participant’s information, for example, at hotel booking, restaurant activities for allergies and other subcontractors / subordinates who will work with us in an implementation where there is a requirement to use personal data or if it is necessary to be able to communicate with the participant via for example texts, e-mail and mail. These suppliers may then only use the information to implement that part of the agreement for the event’s requirements. When Imponera is involved in implementations outside of Sweden, the information regarding the participant may also be distributed to a country in and outside the EU / EEA if any of Imponera’s suppliers or partners are located there.

Most of the IT systems we use are located within the EU / EEA. Recurring suppliers outside the EU / EEA are MailChimp for e-mailing. Imponera will ensure that the personal data continues to be protected and will take necessary actions to legally transfer personal data to countries outside the EU / EEA.

Imponera AB cherishes a high level of protection for the individuals who are participants during any of the implementation that we arrange in cooperation with our customers and Imponera will under no circumstances sell / forward your personal information. When Imponera uses a subordinate, an underwriting agreement is signed between Imponera AB as a personal assistant and the subcontractor as subordinate where the principle of that agreement is the same as for the usual assistance agreement.

IT / Privacy policy

The personal data we handle for an event must be protected against unauthorized access, alteration or destruction. This protection consists of technical measures such as antivirus software, firewall, wireless networking with encryption and computers with updated programs. The external IT systems used must have a high level of security. We who work at Imponera AB have read and base our work off an internal policy with organizational measures that, for example, limit which employees can access different types of personal data. We follow the rules and regulations that apply to the collection of personal data and other precautionary measures based on the above-mentioned requirements set by the law.

Cookies

Cookies are collected at imponera.se. When you visit Imponera’s website, certain information is collected using cookies. A cookie is a small text file that is stored in your browser. By continuing to use our website, you accept our cookies on your computer to analyze how you use our website. If you do not accept cookies in connection with your use of our site, you may stop using our site or remove and block our cookies.

For further questions regarding the above documentation:
Patrik Eriksson, CEO
Imponera AB
Hamngatan 15
582 26 LINKÖPING
info@imponera.se or telephone +46 13-138570