Nordic Ecommerce Summit AB
c/o 7A Odenplan
(hereafter ”we” or ”NES”)
2. Contact person for register matters
Nordic Ecommerce Summit AB
Attention: Legal Department
c/o 7A Odenplan
3. Name of register
Customer and marketing register
4. What is the legal basis for and purpose of the processing of personal data?
The basis for processing personal data is the legitimate interest of the company based on customer relationship or other appropriate connection.
The purpose of the processing of personal data is:
• organizing events,
• fulfillment of contractual obligations and other undertakings of the company,
• management of customer relations,
• analyzing and profiling of customer or other data subject,
• electronic and telephone direct marketing,
• targeting marketing within the networks of the company and other parties.
We use profiling to identify the data subjects’ personal profiles. We use this information to target marketing and to develop services.
5. What data do we process?
We process the following personal data of the customer or other data subject in connection with the customer register:
• basic information of the data subject such as name*, customer number, username and/or other identifiers, password, gender, mother tongue;
• contact information of the data subject such as email address, phone number, address;
• information regarding the company and its contact persons, such as business ID and names and contact information of the contact persons;
• possible direct marketing prohibitions and consents
• event participation details and possible information regarding the event, such as food limitations
• information regarding the customer relationship and contract, such as information of past and existing contracts and orders, other transaction information (job title/role, location, and language);
• email tracking data, to provide us with information about how you are interacting with the emails sent by us;
• other possible information collected based on the consent of the data subject
Providing the information marked with a star is a prerequisite for our contractual relationship and/or customer relationship. We cannot deliver the product and/or service without the necessary information.
6. From where do we receive information?
We receive data primarily from the following sources from the data subject himself (from events), from the population register, from our partners, from the authorities, from credit information agencies, from contact information service providers and from other similar reliable sources.
7. To whom do we disclose data and do we transfer data outside of EU or EEA?
We do not disclose data from the register to external parties except for our partners, sponsors, and co-organizers.
These co-organizers include those brands who are actively present on our partners page.
We use subcontractors that process personal data on behalf of and for us. We have outsourced the IT- and marketing management to an external service provider, to whose server the data is stored. The server is protected and managed by the external service provider.
We transfer personal data outside of EU/EEA (the United States of America, Australia, Germany, Ireland, Israel, Japan, and the UK). We have taken care of suitable safeguards for the transfer. We use standard contractual clauses accepted by EU or Privacy Shield -framework where applicable.
8. How do we protect the data and how long do we store them?
Only those of our employees, who on behalf of their work are entitled to process customer data, are entitled to use a system containing personal data. Each user has a personal username and password to the system. The information is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and the backup copies of them are in locked premises and can be accessed only by certain pre-designated persons.
We store the personal data for as long as is necessary considering the purpose of the processing. Max. 2 years from the date when data subject has last been active.
We regularly assess the need for data retention in light of applicable legislation. In addition, we take reasonable measures to ensure that the personal data in the register is not incompatible, obsolete or inaccurate considering the purpose of the processing. We rectify or delete such information without delay.
9. What are your rights as a data subject?
As a data subject you have a right to inspect the personal data concerning yourself, which is stored in the register, and a right to require rectification or erasure of the data, provided that the request has a legal basis. You also have a right to withdraw or change your consent.
As a data subject, you have the right, according to EU’s General Data Protection Regulation (applied from 25.5.2018) to object processing or request restricting the processing and lodge a complaint with a supervisory authority responsible for processing personal data.
For specific personal reasons, you also have the right to object to profiling and other processing operations, when the processing of your data is based on our customer relationship with you. In connection with your request, you will need to identify the specific situation, based on which you object
to the processing. We can refuse the request of objection only on legal grounds.
As a data subject you have the right to object to processing at any time free of charge, including profiling in so far as it relates to direct marketing.
10. Who can you be in contact with?
of any amendments made.
Last amended: 1.1.2020