Last updated on February 27, 2020
1. Personal data policy in SvendborgEvent
This document describes how we collect, process and store personal information. It is our clear goal to create transparency around our personal data processing, as well as protect information in accordance with the law.
2. What is Personal Information?
Personal information includes any kind of information about an identified or identifiable natural person. There are two types of personal information: Sensitive Personal Information and General Personal Information.
Sensitive information is: race or ethnic origin, political, religious or philosophical beliefs, trade union affiliation, genetic and biometric data, health information or information about a natural person's sexual relations or sexual orientation.
General personal information is: All other information that is not "sensitive". Including name, address, financial circumstances, customer relations, etc. CPR can, cf. section 11 of the Personal Data Act, be processed if it follows from law or provisions laid down in accordance with law and is not considered sensitive information.
3. What personal data do we process and what is the purpose?
In order to provide services (contract fulfillment) to our member associations and customers, including invoicing, servicing boards, sending out newsletters and relevant information and documentation as well as servicing customers in the physical store and registering employees and remunerating artists, we only treat the information as factual are necessary to provide the service and comply with the law.
This information is:
Name and surname
Date of birth (+ possibly CPR no. In the case of an employment relationship)
4. How do we collect information?
Collection of personal information can be done in one of the following ways:
Via telephone contact, where your data is entered in a member overview, or the accounting system by the company staff.
Via email contact, where your data is copied into the administration system by the company staff.
Via personal contact in connection with ticket sales. We enter information into the ticket systems, which then store data in their system. We use the following ticket systems - Billetten, Ticketmaster, Rottefælden, Billetlugen and Billet.dk - You can read more on their websites about their storage of personal data
Via electronic creation in connection with voting for SVEND - the whole of Denmark's award party
5. How long do we keep information?
Cf. Section 10 of the Accounting Act, we store the personal data for 5 years, calculated from the end of the financial year in question, where a purchase was last completed. (Accounting Act's requirement for documentation).
6. Who has access to the information?
Only trusted individuals for business purposes may have access to all or part of stored personal data. These are:
The company's administrative staff, who are responsible for bookkeeping, invoicing and communication with authorities.
The company's administrative staff, who are responsible for recruitment, employment, internships and contact with the authorities.
The company's administrative staff, who are responsible for servicing member associations' board members, meeting minutes, etc.
7. Disclosure of information.
In order to fulfill purchase agreements etc., we pass on the information necessary to implement the agreement and identify the participant / payer. At the same time, we pass on information to the public authorities, cf. the applicable legislation.
Information about payer ID and amount is passed on to NETS / ePay in order to complete payment.
8. Storage of Data and Data Processors.
This deals with personal data collected in digital form via our website, emails and newsletters.
Data is stored in the company's accounting system (data provider is Navision, C5), in our mail correspondence (data provider is Svendborg Municipality), in our electronic payment system MobilePay MyShop (data provider is Nets / Mobile Pay), or in the company's electronic archive in Dropbox (data provider is Dropbox) and Google Drive (data provider is Google) Newsletter provided by Mailchimp. Tickets are provided by Billetten, Ticketmaster, Rottefælden, Billetlugen and Billet.dk. Gift cards are handled by SparXpress and Cardcoin. Salary is handled via Dataløn.
Our data processor agreements with the above data processors ensure that they live up to a high standard of information security and comply with the requirements of the Personal Data Regulation.
9. Cookies and logs
Which pages visitors have visited and when.
What IP address the visitors have.
Where in the country do visitors come from.
What language visitors use.
Which browser and OS visitors use.
What keywords visitors have used to generate content.
Which page visitors come from (external and internal links).
Which links visitors have clicked on.
Visitors to our website indicate acceptance of these statistics cookies. If you turn off cookies in your browser, you will still be able - and without restrictions - to use our website.
Instructions on how to delete or block cookies can usually be found in your browser's help file.
If you use one of our IT services that requires login, your actions will be recorded in our logs. This registration takes place in accordance with current legal requirements for registration of activities in IT systems to prevent misuse and hacking. These digital tracks are stored in accordance with the agreement with our data processors for max. 5 years.
10. Your rights
All are guaranteed the following rights in accordance with current legislation:
The right to receive information about a processing of his personal data (duty to provide information).
As a starting point, you have the right to know who is responsible for the data, what the purpose of the processing is and who receives / processes the information.
This Personal Data Policy basically contains all this information.
The right to access his personal data (right of access).
You can ask to be told what information we process and a possible printout or copy of the information collected.
The right to have incorrect personal data rectified (the right to rectification).
If you believe that the information we have about the person in question is incorrect, inaccurate or incomplete, you can ask for the information to be corrected.
The right to have his personal data deleted (the right to be forgotten).
If you believe that the information we have about the person in question is not necessary in relation to the purpose for which it was originally collected, you can ask to have the information deleted. Please note, however, that we have a duty and right to store certain personal data in order to comply with the rules in the Public Information Act and the municipal guidelines as well as the accounting obligation.
The right to move his personal data (data portability).
In principle, you have the right to receive information about yourself in a structured, commonly used and machine-readable format, and you have the right to transfer this information to another company.
The right to object: You have the right to object to the use of personal data for e.g. direct marketing and profiling. However, we do not use profiling and possibly marketing will always be linked to an explicit consent.
By contacting us regarding. one of the above points (insight, correction, deletion, etc.) you will receive no later than one month after a message about what we do when contacted. If, for example. asks to have its information corrected or deleted, we will normally investigate whether all conditions are met, including whether there is a home in the legislation for continued processing of data. If we consider that the objection is justified, we will make sure to accommodate the request.
By alm. customer relationships, invoicing and bookkeeping, we do not need consent to be able to process data, as the legality of the processing (cf. Article 6, EU Data Regulation) is related to e.g. for necessary data processing for the purpose of fulfilling the contract, including the purchase of services
But to be able to collect personal data for other purposes, e.g. additional information regarding. subscribe to our newsletter, we can make use of consent if necessary.
Consent can be in writing or orally, but we must be able to document that the consent has been given. In most cases, this consent will have some form of a check box on our website or during the registration process where our IT systems will record the time and form. Consent can also be given via email or other digital communication.
In connection with the giving of consent, you will be informed about the details, including the purpose and the recall process. In general, however, it must be possible to revoke the consent in an equally simple and accessible way as consent was originally given.
In addition, the consent is always specific with a clear indication of what the consent is given for. It also means that in some cases we will have to obtain more consents from the individual, depending on the purpose. Eg. "newsletter subscription" and "purchase of service" will require two separate consents. It is important to mention that consent is always voluntary. In practice, this means that we will never condition the purchase of a service with a consent of e.g. newsletter.
Of course, we make sure that data is stored securely and discreetly. Our security measures are divided into the organizational and the technical measures.
The organizational security measures mean that only the company's trusted persons with business purposes have access to your personal information. This is done in connection with the purchase of benefits, payroll administration, invoicing and communication. In addition, our other employees have limited access to your personal information, including only information that is relevant to the conduct of events or experiences (see also section 6).
Our staff is continuously instructed and instructed on data security, including how they process and protect the information. We also keep a record of our data processing activities, which are subject to the Danish Data Protection Agency's control.
The technical security measures are related to our use of IT systems for registration and administration of services. We only use approved IT systems where the manufacturer and supplier can enter into a data processor agreement and thus guarantee compliance with the data processor regulation.
Data is located in a safe place and has the necessary level of protection.
Your data is encrypted on the server, and all communication (eg by a registration and payment) takes place via a secure and encrypted communication between your browser and our server
On our internal IT systems (PCs etc.) there is a clear division into who has access to what and both the PCs and the programs used are protected with a user login and password. The PCs are secured with updated virus protection and firewall. Our IT system is administered by Svendborg Municipality, which performs daily backup of your data in accordance with current legislation.
When destroying or repairing IT equipment, make sure that information does not come to the knowledge of unauthorized persons.
The event manager as data manager is responsible for assigning user logos, as well as ensuring that both electronic data and all physical media (ring binders, participant lists, etc.) are stored in a secure manner and in a locked office.
13. The use of images
SvendborgEvent regularly publishes photos from its own events and activities on our website, in newsletters, printed matter and social media.
The pictures are always published on the basis of the Danish Data Protection Agency's guidelines. You can read more at www.datatilsynet.dk
14. Complaints and contact information
Complaints about the company's processing of personal data, objections and questions regarding. the company's personal data policy is addressed to the event manager:
Event Manager Anja Haas