Privacy Policy - EU Including Terms of Use
To be able to use certain or all functions of this App, you may need to submit certain personal information. The submission of the personal data is to an extent, or entirely, optional. This privacy policy informs you about the use of personal data submitted to us. The event organizer is the organization who sent you an invitation and possibly the code to the event, and/or organized the physical event connected to the App. According to applicable data privacy legislation, the event organization is the Data Controller of the personal information processed in the App. In the event of any uncertainties regarding who is the organizer of the event in any particular instance, or information on the Data Controller´s Data Protection Officer, if any, please contact Ventla International AB, dataprivacy@ventla.io for more information. Please be informed that if the use of the App is subject to an access code, the information therein, including the personal information submitted by you and others with access to the App, will be disclosed to everyone with the corresponding access to the App. If and to the extent the App is open, as decided by the Data Controller, the information therein, including personal information submitted by you, is accessible to anyone that may download the App from App Store or Google Play, or the like. Data Controller will always comply with applicable privacy laws. Data Controller will not disclose personal data to third parties without prior consent, unless specifically stated herein.
Personal Data to be Processed
Data Controller will process the following personal data, if and to the extent it is submitted by you: a) Name b) Title c) Telephone number d) E-mail address e) Employer/workplace f) Photo g) Social Media Profile(s) h) Presentation/Free text/Surveys Further, if you contact Data Controller we store correspondence or comments, which may contain personal data, to provide better service if you contact Data Controller again.
Principles of Processing
Data Controller will:
a) Process your personal data lawfully, fairly and in a transparent manner. b) Collect your personal data for the stated and legitimate purposes stated in this policy, and will not process your personal data in any way incompatible with these purposes. c) Collect and process personal data that is adequate, relevant, limited to and necessary for the purposes for which it is collected and used. d) Process your personal data only for as long as necessary for the purposes for which it was collected. e) Take appropriate technical and organizational measures to prevent unauthorized access, unlawful processing and unauthorized or accidental loss, destruction or damage to personal data, thereby ensuring an appropriate level of security. f) Take all reasonable steps to ensure that your personal data is accurate and updated without delay if Data Controller is informed or otherwise becomes aware of incorrect information. g) Upon request, delete personal data without unnecessary delay unless there are legal grounds for continuing the processing,
Data Controller may use the personal data submitted by you to contact you for marketing purposes, or as follow-up regarding the event attended by you.
Lawfulness of Processing Data Controller collects and processes your personal data if and to the extent you have given consent. You have the right to revoke such consent at any time, whereby your personal data will be deleted without delay. The lawfulness of the processing performed during the period when consent existed is not affected by a consent being withdrawn.
Data Controller will further process your personal data to the extent that Data Controller is required to do so by law or decision by authority.
Your personal data will be processed until your consent is withdrawn, or not later than 14 months from when you last used the App.
Personal Data Processors
Data Controller allows a Data Processor to process all personal data for the purpose of providing the functions of this App. Such processing will include hosting the platform, storage of personal data, reading personal data in the event of support or maintenance, deletion and/or modification of personal data and transfer of data, all as instructed by Data Controller. The Data Processor will store your personal data on servers that are within the EU/EEA border and are controlled by the Data Processor.
Transfer of Personal Data
The Data Processor engages subprocessors for providing certain services within the App. Data transfers to subprocessors outside of EU are safeguarded by EU-U.S. Data Privacy Framework. Subprocessors are being reviewed annually for compliance by the Data Processor.
In specific occasions transfer of personal data outside of the EU/EEA could occur for the purpose of support or bug fixing of the App. Such transfer is deemed a lawful basis for ensuring contractual obligations on service level can be met. In such occasions the EU Commission has not decided that such country ensures an adequate level of protection.
By consenting to this Privacy Policy, and by submitting your data, you explicitly consent to the possible transfer of your personal data to a third country as stated herein.
Security
Data Controller ensures that appropriate technical and organisational measures are taken to protect your personal data against unauthorised access or destruction, unlawful processing or accidental loss or damage.
Data Controller uses a secure server where your personal data is processed and limits access to personal data within the organisation. Authorisation to access personal data is provided only to individuals within the organisation, as well as within the Data Processor’s organisation, for the sole purpose of carrying out their duties.
Your rights
You are entitled to request access to and correction of personal data as well as deletion of personal data, treatment limitation or objection to treatment (if applicable according to relevant privacy legislation). Furthermore, you have a right receive the personal data that you have provided in a structured, commonly used and machine-readable format (portability). You also have the right to file a complaint with the supervisory authority.
How to delete your personal data
In accordance with this privacy policy, you may delete or request the deletion of your personal data through any of the following methods:
Email Request:
Send an email to dataprivacy@ventla.io requesting deletion.
Online Form:
Submit a deletion request via our online form at https://www.ventla.io/data-deletion-request/
Via the Native Mobile App:
1. Open the app menu and tap the profile icon at the top.
2. At the bottom of the profile page; tap the “Remove your account?” link.
Changes to this Privacy Policy
Data Controller reserves the right to amend this Privacy Policy as required, for example to comply with changes in laws and regulations. Such a change will be available through the App.
Terms of Use – Intellectual Property Rights
If and to the extent you choose to upload photos in the App, the Data Controller may freely use these for marketing purposes. Please note that if you upload photos of other people than yourself to the App, you must obtain their permission to do so.
Subprocessors
Data controller uses the following subprocessors to provide the functionality of the App:
1) Microsoft Ireland (EU)
Purpose: EU based hosting and storage of Ventla services
Scope: Encrypted storage of personal data as outlined in “Personal Data to be Processed”.
2) Twilio, Inc (US)
Purpose: Delivery of emails
Scope: E-mail address shared with Twilio.
Transfer mechanism: EU-US Data Privacy Framework
3) Stream.io, Inc (US)
Purpose: Provider of chat functionality.
Scope: Name and photo of participant shared with Stream.io
Data stored inside EU.
Contact:
For information on the Data Controller and/or Data Protection Officer (if any), please contact dataprivacy@ventla.io
Please note that the organizer of the event is the Data Controller according to applicable privacy legislation.