General Data Protection Regulation (GDPR) and Privacy Policy

This page is updated on a regular basis. Last updated 22/01/2019
 
1. Data Controller
Konventum A/S


2. Contact Information

Konventum A/S
Gl. Hellebækvej 70, 3000 Helsingør
VAT no. 31163633
Phone number: +45 49280900

Email address: GDPR@konventum.dk 
 
3. Personal Data
When you stay as a guest at Konventum, we register your name, your contact information, and payment details. These personal data are based on our legitimate interest in being able to manage your stay with us, cf. GDPR’s Article 6 (1) (f). 

When you participate in a course, we register your name, your contact information, and course history. Our processing of personal data is based on our legitimate interest in performing our contract with LO concerning course implementation and administration, cf. GDPR’s Article 6 (1) (f).

As a participant in a function, an event, or similar activities, we occasionally take pictures and record video, which will be made publicly available on our different communication channels and platforms to raise awareness of our company and promote Konventum. We always make sure that the pictures and videos are harmless in nature, so as to avoid offending anyone. Regarding pictures, our legal basis is either your consent (portrait shots) or our legitimate interest (action shots) in branding our company, cf. GDPR’s Article 6 (1) (a and f). Video recordings are equally based on our legitimate interest in promoting our company, cf. GDPR’s Article 6 (1) (f).

When you as a customer, partner, or supplier obtains a quote or signs a contract or a sales contract with Konventum, we register your name and contact information. We register your personal data to comply with our contractual obligations to you, including delivery of goods and services. Our legal basis is therefore the performance of the contract we have with you or our legitimate interest in starting or maintaining the customer relationship and deliver the service, cf. GDPR’s Article 6 (1) (b and f).

It is only Konventum who processes the data that you share with us as a guest, a participant in an event, a customer, a partner, supplier, etc., or when you share data with us as a result of your behaviour on our communication channels and platforms, e.g. your online behaviour.
You can read more about our use of cookies and the technology that Konventum uses for marketing, marketing research, and tracking of sales data here:

We do not register any sensitive personal data about our guests, course participants, event participants, customers, partners, etc., in our systems.

Personal data are kept for 1 year, unless you actively consent to letting us keep your personal data longer. 
 
4. Costumer Profile
If you are registered as a guest with Konventum, you will automatically receive a link from our customer database that allows you to create a customer profile.

With a customer profile you can actively consent to letting Konventum retain your personal data for more than the standard 1-year period. This will allow Konventum to improve your experience as a returning customer by utilizing the history of your former events, visits, preferences, and other relevant information.

You can retrieve the declaration of consent or make changes to your consent here: Declaration of Consent.
 
5. Recipients of Personal Data
Konventum only shares your personal data with others when it is strictly necessary.
Konventum discloses your payment details to PBS when you buy our products, participates in an event, or pays for your stay. Entry of credit card information in connection with online payment is always carried out on an encrypted page, and the transfer of data is also encrypted (as required by PBS). Konventum will not have access to the credit card information at any time.

Additionally, Konventum shares data with partners and suppliers, which we have approved to help us run and manage our company, for example a supplier for our IT system. They are operating exclusively under Konventum’s instructions and are not allowed to process your personal data for their own purposes.

Data shared with Konventum are under no circumstances sold on to a third party.
If Konventum needs to transfer your personal data to a third party country, i.e. a country outside of EU/EEA, for example in cases where we use a third party country IT supplier, we will make sure that the transfer is always carried out in a legal manner, i.e. via a transfer that complies with the data protection regulation.  
 
6. Retention Period
Konventum retains your personal data until it is no longer necessary in order to fulfil the purpose for which the data are processed.

Information about you as a guest will be retained for 1 year (unless active consent is provided for extended storage of information).

Pictures and videos from events will be retained for as long as they stay relevant to our marketing purposes, or – regarding portrait shots – until you withdraw your consent.

Information about you as a partner or supplier will be retained until termination of contract, or until there no longer is a contract or other reasons to retain the data.
 
7. The Rights of the Data Subject
Konventum has taken measures to protect your personal data and safeguard your rights. Please note that you are entitled to exercise a right at any time, but that the possibility to comply with such request in certain cases can be limited, e.g. because certain specified conditions needs to be met, or an exception applies.

This means that you can request for access to and to receive a copy of the personal data that we process about you. You also have the right to object to our processing of your personal data, and this right can be applied at any time if we process your personal data for marketing purposes. Furthermore, you have the right to request rectification of incorrect information, deletion of personal data, and restriction of personal data processing. Finally, you have the right to request for data portability, i.e. you can request to receive the personal data that you have shared with us in a structured, commonly used, and machine-readable format, as well as having these personal data transferred to another data controller.

If you have consented to the processing of your personal data, you have the right to withdraw that consent at any time. Should you choose to withdraw your consent, it will not affect the processing of personal data that preceded the withdrawal.

You can request to exercise your rights by filling out the following form: Personal Data
 
8. Secure mail / Encryption of Emails
Konventum uses encryption when transmitting confidential and sensitive personal data in emails on the internet.

Konventum can send and receive secure emails using the following encryption methods:

  • TLS 1.2
  • Office Message Encryption (OME)
  • Secure/Multipurpose Internet Mail Extensions (S/MIME)
  • Information Rights Management (IRM).

 
9. Data Processor Agreements
Konventum has entered into data processor agreements with all of the company’s system suppliers, IT partners and consultants.
 
10. Documentation Obligation
Konventum will make all necessary documentation available to relevant authorities (The Danish Data Protection Agency). This includes, but is not limited to:

  • Data Processor Agreements
  • Process Descriptions (Data mapping)
  • Data Flow Analysis
  • Data Protection Policy
  • IT Security Policy
  • Risk Assessment
  • Contingency Plan in Case of Data Breach
  • Test Documentation

 
11. Publicly Available Documents
Documents relating to our handling of staff data can be provided on request from The Danish Data Protection Agency. Contact information for The Danish Data Protection Agency is available at their website: www.datatilsynet.dk
 
12. Data Breaches
Konventum A/S is obligated to report any personal data breach to The Danish Data Protection Agency using The Data Protection Agency's notification form, which will be available here without any unnecessary delay and at the latest 72 hours after we have discovered the breach.

Konventum A/S has drafted a contingency plan in case of data breach.
 
13. Third Party Websites
This website can also contain links to other websites, websites that are being run by Konventum’s partners, other associated companies, or social media.

When you click a link to websites that belong to Konventum or a third party, please bear in mind that these websites have their own data protection policy. Konventum cannot be held responsible for how these third parties process personal data.
 
14. Questions and Complaints
If you have questions with respect to how Konventum processes your personal data, please contact us using the contact information found in point 2.

You can also complain to The Danish Data Protection Agency, which is the authority that, among other things, oversees how companies in Denmark processes personal data.  Contact information for The Danish Data Protection Agency is available at their website: www.datatilsynet.dk
 
15. Changes to the Personal Data Protection Policy
All future changes to our privacy policy will be published on this website. You should check our policy regularly to ensure that you are up to date with any new provisions or changes.