Controller’s information clause
Pursuant to article 13 and article 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: "GDPR"), we would like to inform you that:
The Controller of your personal data is Vention Solutions Inc. with headquarters in PRINCETON SOUTH CORPORATE CTR STE 160, 100 CHARLES EWING BLVD EWING, NEW JERSEY 08628 UNITED STATES OF AMERICA.
The Controller processes personal data of persons ("Participant(s)") who have filled out the account registration form ("Form") necessary to allow the Participant to take part in the events organized by the Controller or other entities within the group of the Controller (“Event(s)”).
Categories of Personal Data
The personal data processed by the Controller include: name, surname, e-mail address, password, name of the employer; any other data which the Participant includes in the Form; image of the Participant contained in the photo and video materials produced following taking part of the Participant in the Event.
Purposes and legal grounds for processing
The Participant’s personal data will be processed for the purposes of:
- registration of the account and making any other actions (sending tickets, etc.) strictly necessary to allow the Participant to take part in the Event(s) - i.e. on the basis of the consent referred to in Article 6(1)(a) of the GDPR and given by the Participant before submitting his/her data via the Form;
- carrying out direct marketing activities (e.g. sending questionnaires, informing about future Events, etc.) - i.e. on the basis of the consent referred to in Article 6(1)(a) of the GDPR and given by the Participant separately after registration of the Participant’s account;
- making and publishing photo and video reports following the Event, as well as using photo and video materials from past Events for advertising of future Events – i.e. on the basis of the legitimate interest referred to in Article 6(1)(f) of the GDPR;
defending against and pursuing claims - i.e. on the basis of the legitimate interest referred to in Article 6(1)(f) of the GDPR;
- fulfilling the Controller's (or other Controller’s group entity’s) legal obligations - i.e. on the basis referred to in Article 6(1)(c) of the GDPR.
Information about the data source
The Controller obtains the Participant’s personal data directly from the Participant or as a result of taking part of the Participant in the Event.
Providing personal data by the Participant is voluntary, but necessary to take part in the Event.
The Controller may share personal data with the following recipients or categories of recipients:
- service providers who provide services on behalf of or for the Controller. In contracts concluded with such service providers, the Controller requires compliance with applicable data protection regulations;
- to other entities within the group of the Controller;
- if such an obligation results from a legal obligation, to the extent necessary also to other third parties, in particular state authorities.
Access to personal data is provided only to those persons in the case of whom such access is justified due to the tasks performed and services rendered. All persons authorized to process personal data are obliged to keep the data confidential and protect them against unauthorized disclosure.
Participants' personal data processed:
- in order to register the account (“Account”) necessary to allow the Participant to take part in the Event(s) – will be stored until the Participant revokes his/her consent or deletes his/her Account;
- in order to carry out direct marketing activities (e.g. sending questionnaires, informing about future Events, etc.)– on the basis of a separate consent given by the Participant - will be stored until the Participant revokes his/her consent or deletes his/her Account;
- in order to make and publish photo and video reports following the Event, as well as use photo and video materials from past Events for advertising of future Events - will be stored for a period no longer than necessary for the aforementioned purpose;
in justified cases, e.g. in order to defend against claims and pursue claims – will be stored at the latest until the expiry of the period of the statute of limitations for the claims;
- in order to comply with legal obligations incumbent on the Controller (or other entities within the group of the Controller) – will be stored for a period no longer than necessary for the aforementioned purpose.
In the case of a claim filed by a Participant, the period for storing and processing his/her personal data may be extended if it is necessary for handling the claim and possible defense against such claim.
In connection with the processing of personal data, the Participant has the following rights: access to data, rectification of data, deletion of data, restriction of data processing, data portability and the right to object to data processing. You are entitled to these rights in the cases and to the extent provided for by applicable law. In connection with data processing, you also have the right to file a complaint with the supervisory authority.
Data transfer to third countries outside the EEA
The Controller stores Participants' data in IT infrastructure provided by external entities, including email boxes whose servers may be located outside the European Economic Area, and thus transfers personal data to recipients located outside the European Economic Area. The Controller transfers Participants' personal data using mechanisms that comply with applicable law. For more information on the existing safeguards implemented by the Controller to ensure the processing of personal data in accordance with applicable law and on how to obtain a copy of the data or on where and how to access the data, please contact the Controller as indicated in this clause.
The Controller transfers personal data in accordance with the requirements of the GDPR, contained, inter alia, in Article 46 of the GDPR, in particular on the basis of standard contractual clauses.
Information about the lack of automated decision-making
The Controller will not process your personal data for the purpose of automated decision making, including profiling.
In matters concerning the processing of personal data, the Participant may contact the Controller:
- by sending traditional correspondence to PRINCETON SOUTH CORPORATE CTR STE 160, 100 CHARLES EWING BLVD EWING, NEW JERSEY 08628 UNITED STATES OF AMERICA, or
- through a dedicated e-mail address: email@example.com.
In exercising his or her rights, a Participant who has made a request or demand for the processing of his or her personal data may be asked to respond to questions that will allow the Participant to verify his or her identity.
In addition, a Participant has the right to file a complaint against the processing of his/her personal data to the relevant data protection authority.