Privacy matters
Event managers have a lot of things to keep control of. One important issue is the participants personal data and how it’s used. Personal data is needed for managing the event and to communicate with participants.
Don’t t let data handling be a headache. By using Invajo we can help you keep track of your and your participants privacy rights. This is not an on or off switch but something that needs to worked on in the daily business. By using tools like Invajo privacy can be managed in a proper and non difficult way.
What's personal data?
-
What's GDRP?
-
Roles
-
Schrems II
-
Invajo and Schrems II
GDPR is the European Unions General Data Protection Regulation, introduced May 25, 2018
The purpose is to increase the individual's rights over their own personal data and set a common standard for data storage throughout the EU. The regulation demands stricter requirements on how personal data is processed.
As an event organizer, it is important that you are aware and know how both you and Invajo handle the participants' data, not only to comply with the GDPR directive, but also to make your participants feel safe and secure.
As a Invajo user you act as the Personal Data Controller while Invajo act as the Personal Data Processor
The Personal Data Controller is responsible for defining the purpose for collecting the specific data. The Controller is also responsible for keeping the data up to date. Data that is no longer needed shall be deleted immediately.
As Personal Data Processor Invajo will provide the needed tools so that the Controller can handle the data. Invajo stores all personal data within the EU and according to best practice in the industry. Data sent between participants and the system is always sent encrypted.
The CJEU made the Privacy Shield invalid, not SCC:s by default
In 2020 the Court of Justice of the European Union (CJEU) ruled that the EU-US Privacy Shield are not a lawful mechanism for transferring personal data outside of the EU. This became known as the ‘Schrems II’ judgement, based on the initiator Max Schrems.
The Court also held that the standard contractual clauses (or SCCs) remain a valid data transfer mechanism but clarified that the SCC data transfers need to be analyzed on a case-by-case basis to ensure EU standards of data protection are met.
Invajo quickly moved into adding SCC to its current DPAs with subcontractors
Even though SCC´s are in place for all US-based subcontractors we did not stop there. As there can be new judgements and to make it easier to comply to GDPR for our users we decided to create an alternative platform with subcontractors fully owned by Europeans companies. Now we can offer an alternative platform which is based on subcontractors which are solely European companies. It’s s important to note that the old platform remains and relies on SCC:s, which means it’s also valid.
Things to consider as an event organizer
Only relevant information
Gather and collect only the relevant and most necessary information needed from your participants.
Delete information
Delete or anonymize information that's no longer needed.
Protect your data
Protect sensitive information by avoiding distributing them.
Agreements regulating your data
Before using Invajo you need to comply to our User Terms, Privacy Policy and accept our Data Privacy Addendum (DPA) in the process of creating your account. You can also provide your own DPA if you need, and we will review it.
All of these are also for your protection and regulates how data is handled and by whom.
Please review these documents to make you feel confident in Invajo and our dedication to protect your data.