Brella Oy's Privacy Notice

With this Privacy Notice we provide you information on why and how we process your personal data in the course of our business operations.

We process your personal data for the following purposes in the course of our business operations:

(1) Customer relationships with organizers
(2) Customer relationships with attendees
(3) Strategic analysis of customer data to develop services and fulfill customer needs
(4)
Marketing to organizers
(5) Business partner relationships
(6) Recruiting
(7) Communications
(8) Cookie use

1)      WHAT DEFINITIONS ARE USED IN THIS PRIVACY NOTICE?

Controller means a party that is in charge of the personal data processing activities.

Data subject is a term for a human being in accordance with data protection laws.

DPO means an independent representative of a controller or a processor who helps the controller or the processor ensure that it complies with relevant data protection laws.

Joint controllers mean two or more controllers that jointly act as controllers for certain personal data. Joint controllers share the responsibility for such personal data.

Legal basis for processing means the legal basis with which the controller processes personal data of a data subject. Article 6 of the GDPR contains provisions on legal basis for processing.

Personal data means any data concerning a data subject or data with which a data subject can be identified with.

Privacy Notice means a data protection document that has been drafted according to Articles 13 and 14 of the GDPR, and with which the controller may inform its data subjects of the ways their personal data is processed.

Processor means a party that processes personal data for and on behalf of the controller.

Purpose for processing means the reason why the controller processes personal data of a data subject.

2)      WHO IS THE CONTROLLER OF YOUR PERSONAL DATA?

Brella Oy (2765076-7) acts as a controller for all personal data referred to in this Privacy Notice. We are located at Kivääritehtaankatu 6 C, 40100 Jyväskylä.

3)      DO WE HAVE A DATA PROTECTION OFFICER (DPO)?

Yes, we have appointed a DPO. You can contact our DPO by e-mail at dpo@brella.io.

4)      IS THERE A JOINT CONTROLLER FOR YOUR DATA?

Please note that our subsidiary Brella Ltd and an organizer may act as joint controller for your personal data.

Brella Ltd is a joint controller with us for all the personal data we process. We are jointly liable for the controllership.

An organizer is a joint controller with us when we process personal data for the purposes of customer relationships with attendees. For clarity, an organizer is a joint controller only for the personal data concerning its own events. Please see Section 9 of the Organizer Terms for details about the relevant joint controllership agreement.

5)      WHY DO WE PROCESS YOUR PERSONAL DATA?

We process your personal data in for the below mentioned purposes of processing. Beneath each purpose for processing, you will also find information on what personal data we process and what are the legal basis for our processing activities.

Customer relationships with organizers

We process the personal data of the organizers’ contact persons for the purposes of customer relationships with the organizers. For these purposes we process the contact persons’ contact details.

The legal basis for processing is the performance of our contractual obligations.

Customer relationships with attendees

We process the personal data of the attendees for the purposes of customer relationships with the attendees. For these purposes we process the attendees’ contact details, employer’s name and details, job title and status, social media accounts and behavioral data in the service.

The legal basis for processing is the performance of our contractual obligations.

Please note that the organizer, in whose event you are participating, is a joint controller for the personal data processed for these purposes.

Strategic analysis of customer data to develop services and fulfill customer needs

We process the personal data of all our customers to develop our services and better fulfill customer needs. For these purposes we process all our customers contact details and data related to the use of Brella’s service.

The legal basis for processing is our legitimate interests, according to which we develop our services and better fulfill customer needs.

NB! You have a right to object data processing for these purposes (see section concerning your rights).

Marketing to organizers

We process the personal data of the organizers’ contact persons for the purposes of marketing our services to the organizers. For these purposes we process the contact persons’ contact details.

The legal basis for processing is our legitimate interests, according to which we execute, establish and develop our customer relationships and business operations.

NB! You have a right to object data processing for these purposes (see section concerning your rights).

Business partner relationships

We process the personal data of the business partners’ contact persons for the purposes of business partner relationships. For these purposes we process the contact persons’ contact details.

The legal basis for processing is the performance of our contractual obligations.

Recruiting

We process the personal data of job applicants for recruiting purposes. For these purposes we process the job applicants’ contact details and other data disclosed to us, such CVs, relevant job history and expertise.

The legal basis for processing is our legitimate interests, according to which we govern our recruiting practices.

NB! You have a right to object data processing for these purposes (see section concerning your rights).

Communications

We process the personal data of people who contact us for communications purposes. For these purposes we process the person’s contact details and other data disclosed to us.

The legal basis for processing is our legitimate interests, according to which we govern our communications.

NB! You have a right to object data processing for these purposes (see section concerning your rights).

Cookie use

We process IP address data of the people who visit our website for purposes concerning the use of cookies.

The legal basis for processing is consent based on the Act on Electronic Communications Services of Finland (917/2014).

6)      FROM WHERE DO WE COLLECT YOUR PERSONAL DATA?

We collect your personal data from different sources, depending on our purposes for processing personal data.

Customer relationships with organizers and direct marketing to organizers

We collect personal data for these purposes from the contact people of the organizers, our business partners and public sources (such as the internet and trade register).

Customer relationships with attendees

We collect personal data for these purposes from the attendees themselves and the attendees’ social media profiles if the attendees determine to share the data of their social media profiles with us.

Strategic analysis of customer data to develop services and fulfill customer needs

We collect personal data for these purposes from the data subjects themselves.

Business partner relationship

We collect personal data for these purposes from the contact people of the business partners, our other business partners and public sources (such as the internet and trade register).

Recruiting

We collect personal data for these purposes from the job applicants themselves and their LinkedIn profiles if they determine to share the data of their LinkedIn profile with us.

Communications

We collect personal data for these purposes from the people contacting us themselves.

Cookies

We collect personal data for these purposes from cookies.

7)      DO WE TRANSFER YOUR PERSONAL DATA?

We may transfer your personal data to third parties, as it is a normal course of doing business in a digitalized world. When personal data is transferred to third parties, we ensure that we conclude adequate personal data processing agreements and safeguards in relation to the data transfers.

Your personal data may be transferred to data storage service providers and communications services providers.

We may transfer personal data outside the EU and the EEA. When doing so, we ensure adequate safeguards for the data transfer, such as standard contractual clauses.

Please note that the organizers may transfer the attendees’ personal data to their sponsors. When doing so, the organizers are solely in charge of such personal data transfers and possible latter personal data processing activities, as well as all related obligations, such as informing data subjects in accordance with Articles 13 and 14 of the GDPR. We take no part in those personal data transfers nor any other related personal data processing activities, and therefore we do not act as controller, joint controller or processor for such personal data processing activities.

8)      DO WE USE AUTOMATED MEANS OF PROCESSING PERSONAL DATA?

Yes. We use automated means of processing to match attendees in accordance with their interests and expertise with suitable events, organizers and other attendees. Therefore, the processing and does not have significant legal effects on attendees, as it only enhances the user experience of the attendees.

As our automated means of processing is an integral part of our service, the automated processing is carried out as a part our customer relationships with attendees.

9)      DO WE MONITOR THE ATTENDEES' BEHAVIOR?

Yes. We monitor the attendees’ behavior in our service to be able to match them with suitable events, organizers and other attendees.

The monitoring is carried out as a part our customer relationships with attendees.

10)      HOW LONG DO WE RETAIN YOUR PERSONAL DATA?

The retention period of your personal data depends on the purposes for which we process your personal data. We inspect the necessity of the personal data stored regularly and keep records of the inspections.

Customer relationships with organizers

We process and store your personal data for as long as it is necessary to fulfil the contractual obligations.

Customer relationships with attendees

We process and store your personal data for as long as it is necessary to fulfil the contractual obligations.

Strategic analysis of customer data to develop services and fulfill customer needs

We process and store your personal data for as long as it is necessary to fulfil the purpose of data processing.

Marketing to organizers

We process and store your personal data for as long as you inform us that you do not want to receive our marketing, or we notice that you do not want to receive our marketing.

Business partner relationships

We process and store your personal data for as long as it is necessary to fulfil the contractual obligations.

Recruiting

We retain necessary data for a period of 12 months from the receival day of your job application.

Communications

We process and store your personal data for as long as it is necessary to fulfil the purpose of data processing.

Cookie use

Retention period depends on each cookie used.

11)      WHAT DATA PROTECTION RIGHTS DO YOU HAVE?

You may have the right to use the below listed data protection rights. The contacts concerning the rights shall be submitted to the controller’s contact person. Your rights can be put into action only when you have been satisfactorily identified.

You may also have a right to lodge a complaint with Tietosuojavaltuutettu, if you think that the processing of your personal data infringes data protection laws.

Right to inspect

The data subject has the right to inspect what, if any, data the controller has stored of her/him.

Right to rectify and erasure

The data subject has a right to request the controller to rectify or erase the personal data concerning the data subject on the grounds provided by law.

Right to restriction of processing

The data subject can request the controller to restrict the processing of the personal data concerning the data subject on the grounds provided by law.

Right to data portability

The data subject shall have the right to receive the personal data concerning her/him, which he/she has provided to the controller, in a structured, commonly used and machine-readable format where the processing is based on consent or a contract

Right to object

Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning her/him for such marketing.

Where personal data are processed on the basis of the legitimate interests of the controller, the data subject shall have the right to object the processing of personal data concerning her/him for such purposes in accordance with the law

Automated individual decision-making, including profiling

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

Right to withdraw consent

Where the legal basis for the processing of personal data is the consent of the data subject, the data subject shall have the right to withdraw her/his consent.

12)      WHERE CAN YOU MAKE REQUESTS OR INQUIRIES RELATED TO YOUR DATA AND THIS PRIVACY NOTICE?

You can make all requests and inquiries related to your data and this Privacy Notice to our DPO at dpo@brella.io.

13)      CAN THIS PRIVACY NOTICE BE AMENDED?

We have a unilateral right to modify this Privacy Notice. The modifications take effect immediately when we post the up to date version of our Privacy Notice to our website.

Last update on 24 August 2020.

Matchmaking software made for all events.
Start now with our customer success heroes.

Contact sales

Follow us and subscribe to our news

  • Facebook
  • Twitter
  • Instagram
  • LinkedIn