Privacy Notice

With this Privacy Notice we provide you information on why and how we process your personal data in our business operations. 

We process your personal data as a controller for the following purposes:

  1. Provision of our service to the Organizers
  2. Provision of our service to the Attendees
  3. Event purposes as a joint controller 
  4. Strategic analysis of customer data to develop services and fulfill customer needs
  5. Marketing to Organizers
  6. Business partner relationships
  7. Recruiting
  8. Communications
  9. Website control

WHAT DEFINITIONS ARE USED IN THIS PRIVACY NOTICE?

Attendee means our customer who uses our service to participate in events of the Organizers.

Controller means a party that is in charge of the personal data processing activities. 

Data subject is a term for a human being in accordance with data protection laws. 

DPO means an independent representative of a controller or a processor who helps the controller or the processor ensure that it complies with relevant data protection laws. 

Joint controllers mean two or more controllers that jointly act as controllers for certain personal data. Joint controllers share the responsibility for such personal data. 

Legal basis for processing means the legal basis with which the controller processes personal data of a data subject. Article 6 of the GDPR contains provisions on legal basis for processing. 

Organizer means our customer that uses our service to arrange events to which Attendees may participate.

Personal data means any data concerning a data subject or data with which a data subject can be identified with. 

Privacy Notice means a data protection document that has been drafted according to Articles 13 and 14 of the GDPR, and with which the controller may inform its data subjects of the ways their personal data is processed. 

Processor means a party that processes personal data for and on behalf of the controller.

Purpose for processing means the reason why the controller processes personal data of a data subject. 

CONTACT DETAILS OF THE CONTROLLER AND THE DPO

Brella Ltd. (business ID: 2765076-7) is the controller for all personal data referred to in this Privacy Notice unless otherwise explicitly stated. We are located at Kivääritehtaankatu 6 C, 40100 Jyväskylä. 

You can reach our DPO by e-mail at dpo@brella.io.

In case you have any questions related to your personal data, please be in contact with our acting DPO. 

IS THERE A JOINT CONTROLLER FOR YOUR DATA?

Please note that our subsidiary Brella Inc. and an Organizer may act as joint controller for your personal data. 

Brella Inc. is a joint controller with us for the personal data of the Organizers that have concluded the Organizer Terms with Brella Inc. rather than Brella Ltd. We are jointly liable for the controllership.

An Organizer is a joint controller with us when we process personal data of the Attendees for c) event purposes as a joint controller. For clarity, an Organizer is a joint controller only for the personal data concerning its own events. Please see Section 9 of the Organizer Terms for details about the relevant joint controllership agreement.

WHY DO WE PROCESS YOUR PERSONAL DATA?

We process your personal data for the below mentioned purposes of processing. Below you will also find information on what personal data we process and what are the legal basis for our processing activities. 

Provision of our service to the Organizers

Explanation: Personal data is processed to provide our service to the Organizers. 

Category of data subjects: Organizers’ contact persons.

Categories of personal data: Contact details.

Legal basis for processing: Performance of our contractual obligations with Organizers. 

Provision of our service to the Attendees

Explanation: Personal data is processed to provide our service to the Attendees. 

Category of data subjects: Attendees.

Categories of personal data: Contact details, employer’s name and details, job title and status and social media accounts.

Legal basis for processing: Performance of our contractual obligations with Attendees. 

Event purposes as a joint controller

Explanation: Personal data is processed for the purposes of events arranged through our service. 

Category of data subjects: Attendees.

Categories of personal data: Contact details, employer’s name and details, job title and status, social media accounts and behavioral data in the service.

Legal basis for processing: Performance of our contractual obligations with Attendees. 

Please note that the Organizer in whose event you are participating is a joint controller for the personal data processed for these purposes.

Strategic analysis of customer data to develop services and fulfill customer needs

Explanation: Personal data is processed to develop our services and better fulfill customer needs. 

Category of data subjects: All our customers.

Categories of personal data: Contact details and data related to the use of our service.

Legal basis for processing: Our legitimate interests, according to which we develop our services and better fulfill customer needs. Our interests override the interests of our customers and potential customers since we process personal data in accordance with applicable laws.  

NB! You have a right to object data processing for these purposes (see section concerning your rights). 

Marketing to Organizers

Explanation:  Personal data is processed to market our services.

Category of data subjects:  Organizers’ contact persons.

Categories of personal data: Contact details. 

Legal basis for processing: Our legitimate interests, as we need to market our services in order to carry out business. Our interests override the interests of our customers and potential customers since we carry out marketing in accordance with applicable laws.  

NB! You have a right to object data processing for these purposes (see section concerning your rights). 

Business partner relationships

Explanation: Personal data is processed to conclude and carry out business relationships. 

Category of data subjects: Business partners (contact persons).

Categories of personal data: Contact details.

Legal basis for processing: Performance of our contractual obligations with our business partners.  

Recruiting

Explanation: Personal data is processed to carry out recruiting.

Category of data subjects: Job applicants.

Categories of personal data: Contact details and other data disclosed to us, such CVs, relevant job history and expertise. 

Legal basis for processing: Our legitimate interests, according to which we carry out our recruiting. Our interests are in line with those of the job applicants, as they expect us to process their data for recruiting purposes.

NB! You have a right to object data processing for these purposes (see section concerning your rights). 

Communications

Explanation: Personal data is processed to carry out communications.

Category of data subjects: People who contact us.

Categories of personal data: Contact details and other data disclosed to us.

Legal basis for processing: Our legitimate interests, according to which we carry out our communications. Our interests are in line with those of the people who contact us, as they expect us to process their data for communications purposes.

NB! You have a right to object data processing for these purposes (see section concerning your rights). 

Website control

Explanation: Personal data is processed to use cookies and DNS.

Category of data subjects: People visiting our website.

Categories of personal data: IP addresses.

Legal basis for processing: Consent based on the Act on Electronic Communications Services of Finland (917/2014).

FROM WHERE DO WE COLLECT YOUR PERSONAL DATA?

We collect your personal data from different sources, depending on our purposes for processing personal data. 

a) Provision of our service to the Organizers and e) Marketing to Organizers

We collect personal data for these purposes from the contact people of the Organizers, our business partners and public sources (such as the internet and trade register).

b) Provision of our service to the Attendees and c) Event purposes as a joint controller

We collect personal data for these purposes from the Attendees themselves and the Attendees’ social media profiles if the Attendees determine to share the data of their social media profiles with us. 

d) Strategic analysis of customer data to develop services and fulfill customer needs

We collect personal data for these purposes from the data subjects themselves. 

f) Business partner relationships

We collect personal data for these purposes from the contact people of the business partners, our other business partners and public sources (such as the internet and trade register).

g) Recruiting

We collect personal data for these purposes from the job applicants themselves and their LinkedIn profiles if they determine to share the data of their LinkedIn profile with us.

h) Communications

We collect personal data for these purposes from the people contacting us themselves.

i) Website control

We collect personal data for these purposes from cookies and other similar technologies. 

DO WE TRANSFER YOUR PERSONAL DATA?

We may transfer your personal data to third parties, as it is a normal course of doing business in a digitalized world. When personal data is transferred to third parties, we ensure that we conclude adequate personal data processing agreements and safeguards in relation to the data transfers. 

Your personal data may be transferred to data storage service providers and communications services providers. 

We may transfer personal data outside the EU and the EEA. When doing so, we ensure adequate safeguards for the data transfer, such as standard contractual clauses.

DO ORGANIZERS TRANSFER ATTENDEES’ PERSONAL DATA OUTSIDE THE BRELLA SERVICE?

The Organizer may transfer Attendee’s personal data it receives for c) event purposes as a joint controller outside the Brella service. The Organizer’s decision to transfer personal data outside the Brella service is always made solely by the Organizer and solely for the purposes of the Organizer. Therefore, the Organizer is always the sole controller for the personal data being transferred and the possible latter personal data processing activities as well as all related obligations, such as informing data subjects in accordance with Articles 13 and 14 of the GDPR.

Brella’s role in the said data transfers is dependent on the Organizers chosen method of transfer:

  • Use of Blendr-service available in the Brella service: Brella is the Organizers processor, and the service provider of Blendr-service (QlikTech International AB) is the subprocessor of Brella. 
  • Use of other methods: Brella is a third party in the data transfers, meaning that Brella takes no part in the transfers nor any other related personal data processing activities. Therefore, Brella is not a controller, a joint controller or a processor for such transfers. 

DO WE USE AUTOMATED MEANS OF PROCESSING PERSONAL DATA?

Yes. We use automated means of processing for c) event purposes as a joint controller to match Attendees in accordance with their interests and expertise with suitable events, Organizers and other Attendees. Therefore, the processing does not have significant legal effects on Attendees, as it only enhances the user experience of the Attendees.

DO WE MONITOR THE ATTENDEES’ BEHAVIOR?

Yes. We monitor the Attendees’ behavior for c) event purposes as a joint controller to be able to match them with suitable events, Organizers and other Attendees.

HOW LONG DO WE RETAIN YOUR PERSONAL DATA?

The retention period of your personal data depends on the purposes for which we process your personal data. We inspect the necessity of the personal data stored regularly and keep records of the inspections.

a) Provision of our service to the Organizers, b) Provision of our service to the Attendees, c) Event purposes as a joint controller and f) Business partner relationships

We process and store your personal data for as long as it is necessary to fulfil the contractual obligations.

d) Strategic analysis of customer data to develop services and fulfill customer needs

We process and store your personal data for as long as it is necessary to fulfil the purpose of data processing. 

e) Marketing to Organizers

We process and store your personal data for as long as you inform us that you do not want to receive our marketing, or we notice that you do not want to receive our marketing.

g) Recruiting

We retain necessary data for a period of 12 months from the receival day of your job application. 

h) Communications

We process and store your personal data for as long as it is necessary to fulfil the purpose of data processing.

i) Website control

Retention period depends on each cookie used. 

WHAT DATA PROTECTION RIGHTS DO YOU HAVE?

You may have the right to use the below listed data protection rights. The contacts concerning the rights shall be submitted to the controller’s contact person. Your rights can be put into action only when you have been satisfactorily identified.

You may also have a right to lodge a complaint with the data protection authorities, if you think that the processing of your personal data infringes data protection laws. 

Right to inspect

The data subject has the right to inspect what, if any, data the controller has stored of her/him.

Right to rectify and erasure

The data subject has a right to request the controller to rectify or erase the personal data concerning the data subject on the grounds provided by law.

Right to restriction of processing

The data subject can request the controller to restrict the processing of the personal data concerning the data subject on the grounds provided by law.

Right to data portability

The data subject shall have the right to receive the personal data concerning her/him, which he/she has provided to the controller, in a structured, commonly used and machine-readable format where the processing is based on consent or a contract

Right to object

Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning her/him for such marketing.

Where personal data are processed on the basis of the legitimate interests of the controller, the data subject shall have the right to object the processing of personal data concerning her/him for such purposes in accordance with the law

Automated individual decision-making, including profiling

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

Right to withdraw consent

Where the legal basis for the processing of personal data is the consent of the data subject, the data subject shall have the right to withdraw her/his consent.

CAN THIS PRIVACY NOTICE BE AMENDED?

We have a unilateral right to modify this Privacy Notice. The modifications take effect immediately when we post the up to date version of our Privacy Notice to our website.

Last update on 23 March 2021. 

The leading event platform

Brella is perfect for all event types and formats. Schedule a call with our experts to see if our platform is a fit for your needs.

Contact sales