GDPR (General Data Protection Regulation) is an EU regulation that was applied throughout the EU on May 25, 2018. GDPR replaces the Swedish Personal Data Act PUL and sets new demands on how to handle and protect personal data. GDPR regulates a variety of rights for individuals and obligations for companies, organizations and associations dealing with personal data. For this reason, Imponera AB clarifies the conditions that apply to the customers and participants who are connected via our database and to our conference system. The terms also describe how we treat and save the participant’s personal information.
The guiding principles of personal data processing are legality, limitation of purpose, task minimization, correctness, storage minimization as well as integrity and consent of the individual.
Imponera AB processes your personal data in accordance with the purposes and the legal grounds set out below. Imponera AB collects consent from the customer or from the registered person and with a clarification that consent can be revoked. We ensure that the data retrieval and processing is necessary as a part of fulfilling an agreement between Imponera AB, our customer and the participants to whom the information relates.
Our purpose for collecting and processing your personal data is to use only relevant information for our services to facilitate the various implementations / events that Imponera AB helps the customers with. The following explains how we at Imponera AB collect, use, transfer and store personal information such as contact information (your name, e-mail address, telephone number and postal address), organizational personal data (company name, job title) and billing information.
The participant always has the right to their personal information in our systems as follows:
The person who is responsible for the personal data and for the processing of the personal data is also responsible for their subcontractors, i.e. the person who decides that personal data shall be collected and what they are to be used for is the personal data controller in the opinion of the law. The responsibility for personal data follows the obligations to safeguard the data, to inform the data subject and about the other obligations of GDPR. It is the organization or company that gets this role, not the employees who perform the tasks. The person in charge is always 100 percent responsible. It is not possible to share this responsibility.
The person who is responsible and who processes personal data often has a subcontractor. It can be a data hall, a mail provider, a credit information company or another party. Such a party is called a personal data assistant. The person responsible for personal data has the full responsibility at all times.
To support the person responsible, the GDPR requires sharing data with someone else, such as a subcontractor, there must be a contract that binds the subcontractor to comply with the law’s requirements and this is handled through a personal data support agreement.
In an assistance agreement, each party must fulfill its obligations under applicable data protection legislation. Imponera AB is obliged to comply with the laws that accompany and follow within the framework of the agreement and for services that are called during the contract period according to the appendix of the agreement. When the customer provides personal information to Imponera AB, such as the user’s name and e-mail address, the customer is responsible for that these data are accurate and up-to-date and for legal reasons for the transfer of such personal data. Imponera AB is in turn responsible for legal basis of processing such personal data after receipt from the customer in an assistance agreement to the customer.
Imponera AB is, to a large extent, its personal data assistants and for the processing of personal data that takes place within the framework of the services we offer within our conference system and for services that handle tasks in the form of participant lists / material which have been sent to us by the customer and is handled for an event with a legitimate interest in our business. In cases where Imponera AB is responsible for personal data, Imponera AB will comply with the laws and regulations that must be followed according to the above stated requirements.
As (Personal Data) Processor, we are responsible for:
For certain events, Imponera AB may need to handle the participant’s information, for example, at hotel booking, restaurant activities for allergies and other subcontractors / subordinates who will work with us in an implementation where there is a requirement to use personal data or if it is necessary to be able to communicate with the participant via for example texts, e-mail and mail. These suppliers may then only use the information to implement that part of the agreement for the event’s requirements. When Imponera is involved in implementations outside of Sweden, the information regarding the participant may also be distributed to a country in and outside the EU / EEA if any of Imponera’s suppliers or partners are located there.
Most of the IT systems we use are located within the EU / EEA. Recurring suppliers outside the EU / EEA are MailChimp for e-mailing. Imponera will ensure that the personal data continues to be protected and will take necessary actions to legally transfer personal data to countries outside the EU / EEA.
Imponera AB cherishes a high level of protection for the individuals who are participants during any of the implementation that we arrange in cooperation with our customers and Imponera will under no circumstances sell / forward your personal information. When Imponera uses a subordinate, an underwriting agreement is signed between Imponera AB as a personal assistant and the subcontractor as subordinate where the principle of that agreement is the same as for the usual assistance agreement.
The personal data we handle for an event must be protected against unauthorized access, alteration or destruction. This protection consists of technical measures such as antivirus software, firewall, wireless networking with encryption and computers with updated programs. The external IT systems used must have a high level of security. We who work at Imponera AB have read and base our work off an internal policy with organizational measures that, for example, limit which employees can access different types of personal data. We follow the rules and regulations that apply to the collection of personal data and other precautionary measures based on the above-mentioned requirements set by the law.
Cookies are collected at imponera.se. When you visit Imponera’s website, certain information is collected using cookies. A cookie is a small text file that is stored in your browser. By continuing to use our website, you accept our cookies on your computer to analyze how you use our website. If you do not accept cookies in connection with your use of our site, you may stop using our site or remove and block our cookies.
For further questions regarding the above documentation:
Patrik Eriksson, CEO
582 26 LINKÖPING
firstname.lastname@example.org or telephone +46 13-138570