Who is responsible for processing your personal data?
Sweden MEETX AB, corp. ID no. 556265-4011 (“MEETX”) and the organiser are jointly responsible for processing your personal data. The organiser of your event is shown on your booking and in our communication regarding the congress or conference.
The organiser and MEETX jointly determine the purpose and means of processing your personal data. You can always contact one of these parties to exercise your rights. MEETX and the organiser have agreed on their respective roles and relationships in relation to you as a data subject. MEETX, in relation to the organiser, has accepted principal responsibility for ensuring that your rights in accordance with the applicable General Data Protection Regulation (GDPR) are observed in connection with administration of the congress or conference. When processing personal data, MEETX is responsible for taking appropriate technical security measures. If you would like to know more about the essence of the arrangement between the organiser and MEETX, you are welcome to contact us.
How to contact us
If you have any questions about our processing of your personal data or if you want to exercise any of your rights as outlined below, please contact MEETX or the organiser. You can contact MEETX by e-mail at firstname.lastname@example.org or by telephone on +46 (0)31 708 86 90.
Sweden MEETX AB
SE-412 94 Gothenburg, Sweden.
The organiser’s contact details are shown on your booking and in our communication regarding the congress or conference.
How and why do we process your personal data?
We process your personal data when you participate, will participate or have participated in one of the congresses or conferences that we administer.
When we process your personal data, we have a shared responsibility with the congress or conference organiser (“the organiser”). The organiser may also have its own data protection responsibilities for how it processes your personal data in other respects, and is then responsible for informing you of this separately.
MEETX has received the data from you or from your organisation/company. When we write “you” below, we also mean your organisation/company, where applicable. In some cases, MEETX may have received your contact details from the organiser (e.g. if you are a member of the association that has asked us to organise the congress or conference). MEETX may also have received your personal data from a third party who has previously administered the congress or conference.
Would you like more information about how we process your personal data? Below you can read more about:
- Why we process your personal data
- What personal data about you we process
- On what legal basis in accordance with the General Data Protection Regulation we are able to process your personal data
- How long we process your personal data for
- What your obligations are in terms of providing us with data, and what happens if you do not
- Who has access to your personal data
- If we share your personal data outside the EU/EEA and, if so, why
- From whom we collect your personal data
- What rights you have to affect how we process your personal data
Detailed description of how we process your personal data
Balancing of interests
For some purposes, we process your personal data taking a balancing of interests as the legal basis for the processing. In the balancing of interests, we have assessed that our legitimate interest in carrying out the processing outweighs your interest and your fundamental rights to not have the data processed. What constitutes our legitimate interest is shown in the tables above. If you would like detailed information about the balancing of interests we have carried out, you can contact us. You will find our contact details in the introduction to this policy.
Who has access to your personal data?
Your personal data is basically only processed by MEETX and the organiser. However, we cooperate with other companies and organisations that may have access to your personal data if this is necessary to fulfil our commitments to you, or if the recipient is an external or internal IT provider employed by us to assist us technically with any part of our operation in the capacity of data processor.
Below we describe with whom we share your personal data. You can contact us if you would like further information on who has access to your personal data.
- If MEETX has been commissioned to manage your reservation of accommodation and food, we will share your personal data with the specific hotel, facility and restaurant(s) you will visit during your congress or conference. If required, we will also share your data with travel suppliers, exhibition suppliers, communication agencies, printing companies or other parties involved in the planning of the congress or conference. However, each of these only has access to your personal data to the extent necessary to fulfil their obligations in relation to us or for us to be able to make bookings for you.
- In order for you to be invited to the next congress or conference on the same or a similar topic, we may also share your personal data with a new organiser, even if the congress or conference will be administered by someone other than MEETX next time.
- We share information about you with our specially selected internal and external IT suppliers for administration of your registration for the congress or conference. However, these suppliers only have access to your personal data to the extent necessary to fulfil their obligations in relation to us.
- In order for participants to know who else is participating in the congress or conference, we may provide a list of participants.
- In order to administer your payment, we will share your personal data with the supplier(s) who provide the service we use to make the payment.
- When you participate as a speaker or contributor at one of our conferences, your data will be visible to the participants and in marketing contexts. We also cooperate with other companies and organisations that may have access to your personal data if this is necessary to fulfil our commitments to you as our customer, or if the recipient is an external or internal IT provider employed by us to assist us technically with any part of our operation. You can contact us if you would like further information on what parties have access to your personal data.
Transfer outside EU/EEA
As a rule, we process your personal data within the EU/EEA, but in some circumstances, we may use suppliers outside the EU/EEA.
When we transfer personal data outside the EU/EEA, this is only done if we have a legal basis for the transfer in accordance with applicable laws and regulations for data protection. This means that we may transfer personal data to Privacy Shield-certified processors in the United States. According to a decision of the European Commission, personal data may be transferred to recipients in the United States, provided that the recipient is Privacy Shield-certified. Privacy Shield is an agreement between the EU and the United States that aims to protect EU citizens’ fundamental rights and to guarantee legal certainty for companies that transfer personal data to the United States. For recipients that are not Privacy Shield-certified, we may transfer your personal data outside the EU/EEA, subject to standard data protection provisions adopted by the European Commission. We may also transfer your personal data to a country that the European Commission has deemed to have an adequate level of protection for the processing of personal data.
What rights do you have to affect how we process your personal data?
You have certain rights with regard to the processing of your personal data. You are welcome to contact us to exercise your rights. Our contact details can be found on the first page of this policy.
Withdrawing your consent
You have the right at any time to withdraw all or part of any consent you have given to the processing of personal data. However, if you withdraw your consent, this has no effect on our processing of your personal data during the period prior to the withdrawal.
Right of access
You are entitled to obtain confirmation as to whether or not personal data relating to you is being processed, as well as access to information on how such personal data is being processed, such as the purposes of the processing and the categories of personal data concerned. You are also entitled to a copy of the personal data being processed.
Right to rectification
You are also entitled, without undue delay, to have incorrect personal data corrected, as well as to provide information to supplement any incomplete personal data.
Right to erasure (the right to be forgotten)
In certain circumstances, you are entitled to request the erasure of your personal data. You have this right if:
- the personal data is no longer necessary for the purposes for which it was collected or was being processed;
- you withdraw your consent on which the processing is based and where there is no other legal basis for the processing;
- you object to the processing and there are no legitimate grounds to continue with the processing that outweighs your legitimate grounds for it not to continue;
- the personal data has been processed unlawfully; or
- the personal data must be erased in order to comply with a legal obligation to which MEETX is subject.
MEETX will erase your personal data on request, provided MEETX does not have a duty to save the personal data in accordance with applicable laws and regulations for data protection.
Right to restriction of processing
In certain circumstances, you are entitled to request that the processing of your personal data be restricted. You have this right if:
- you dispute the accuracy of the data (but only for a period that enables us to verify this);
- the processing is unlawful and you object to your personal data being erased, and instead request a restriction on its use;
- you need the personal data in order to exercise or defend legal claims, despite the fact that we no longer need the personal data for our purpose of the processing; or
- you have objected to the processing and we have not checked whether our legitimate interest in processing your personal data outweighs your legitimate grounds to have the processing of your personal data restricted.
Right to object to processing
You are entitled to object at any time to the processing of your personal data based on a balance of interests. However, this does not apply if we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms or if it is done for the establishment, exercise or defence of legal claims.
You are also entitled to object to your personal data being processed for marketing purposes. If you object to marketing, your personal data will no longer be processed for such purposes.
Right to lodge a complaint
You are entitled to lodge complaints with the competent supervisory authority (without prejudice to any other administrative or judicial remedy). Such complaints can be lodged with the authority of the Member State in the EU/EEA where you have your normal residence, where you work, or where a breach of the applicable laws and regulations for data protection is alleged to have occurred. The competent supervisory authority in Sweden is the Swedish Data Protection Authority.
Right to data portability
You are entitled, in certain circumstances, to have the personal data concerning you provided to you in a structured, commonly used and machine-readable format and you are entitled to transfer the said data to another data controller (data portability). You have the right to data portability when:
- the processing is based on your consent or a contract; and
- the processing is automated.
You are entitled to transfer personal data directly from us to another data controller when this is technically possible.