Brella Service's Privacy Notice
With this Brella Service’s Privacy Notice we provide you information on why and how we process your personal data in our Brella service.
If you would like to know how we process personal data during our other business operations, please have a look at our General Privacy Notice.
1. WHAT DEFINITIONS ARE USED IN THIS PRIVACY NOTICE?
Attendee means our customer who uses our Brella service to participate in Events.
Controller means a party that is in charge of the personal data processing activities.
Data subject is a term for a human being in accordance with data protection laws.
DPO means an independent representative of a controller or a processor who helps the controller or the processor ensure that it complies with relevant data protection laws.
Event means an event organized by an Organizer via Brella service.
Event Data means all personal data of the Attendee that is processed in Events.
Joint controllers mean two or more controllers that jointly act as controllers for certain personal data. Joint controllers share the responsibility for such personal data.
Legal basis for processing means the legal basis with which the controller processes personal data of a data subject. Article 6 of the GDPR contains provisions on legal basis for processing.
Organizer means our customer that uses our Brella service to arrange Events to which Attendees may participate.
Personal data means any data concerning a data subject or data with which a data subject can be identified with.
Privacy Notice means a data protection document that has been drafted according to Articles 13 and 14 of the GDPR, and with which the controller may inform its data subjects of the ways their personal data is processed.
Processor means a party that processes personal data for and on behalf of the controller.
Purpose for processing means the reason why the controller processes personal data of a data subject.
Speaker means a person who performs at an Event.
Sponsor means a user of our Brella service that sponsors an Event.
2. WHO IS THE CONTROLLER AND/OR JOINT CONTROLLER FOR YOUR DATA?
An Organizer is a controller for all Event Data of an Attendee and personal data of a Speaker that is processed in connection to the Organizer’s Event. A Sponsor may also be a controller of Event Data, if an Organizer discloses said data to the Sponsor. If you wish to know more about personal data processing activities of the Organizer or the Sponsor, please be directly in touch with the Organizer or the Sponsor.
Brella Ltd. (business ID: 2765076-7) is the controller for all personal data referred to in this Privacy Notice unless otherwise explicitly stated. We are located at Kivääritehtaankatu 6 C, 40100 Jyväskylä. Our US-based entity Brella Inc. is a joint controller with Brella Ltd. for the personal data of the Organizers that have concluded the Organizer Terms with Brella Inc. and not with Brella Ltd.
3. IS BRELLA ALSO A PROCESSOR?
Yes, Brella is also a processor of an Organizer when Brella processes Event Data of the Attendee and personal data of a Speaker in connection to the Organizer’s Event.
If you wish to know more about personal data processing activities of the Organizer, please be directly in touch with the Organizer.
4. WHY DO WE PROCESS PERSONAL DATA? WHAT PERSONAL DATA DO WE PROCESS? WHAT IS OUR LEGAL BASIS FOR PROCESSING?
We process personal data to be able to provide the Brella service to our data subjects, develop our services for the Organizers and market our own services to Organizers. We process the following personal data of our data subjects: name, basic information and data related to the use of the Brella service.
Our legal basis for processing personal data depends on the purpose for which we process personal data. Therefore, our legal basis is the performance of a contract in contractual matters and our legitimate interests in business development and marketing matters.
5. FROM WHERE DO WE COLLECT PERSONAL DATA?
We collect personal data from the Brella service when our data subject uses the Brella service, social media pages if our data subject wishes to use their social media profile in signup to the Brella service and email communications. Also, when we process personal data related to Organizers and Sponsors, we collect personal data from the contact persons of the Organizers and Sponsors, our business partners and public sources (such as the internet and trade register).
6. DO WE TRANSFER YOUR PERSONAL DATA?
We may transfer your personal data to third party service providers, as it is a normal course of doing business in a digitalized world (i.e. data storage service providers and communications services providers). When personal data is transferred to third parties, we ensure that we conclude adequate personal data processing agreements and safeguards in relation to the data transfers.
As our servers are located within the EU, by default we shall not transfer your personal data outside the EU/EEA. However, if you use our service outside the EU/EEA or to transfer personal data outside the EU/EEA we may transfer personal data outside the EU and the EEA. When doing so, we ensure adequate safeguards for the data transfer, such as standard contractual clauses.
As a part of Brella service, we transfer the Attendee’s personal data to the Organizer in whose Event the Attendee participates via Brella service as well as the Sponsor of such an Event, provided that the Organizer enables the sharing of personal data with the Sponsor via the Brella service. We carry out these data transfers, as the Organizers and Sponsors have a right to process all data related to their Events.
Our Brella service also enables the Organizer to transfer Attendees’ personal data outside the Brella service via QlikTech International AB’s Blendr-service or Zapier Inc’s services. When doing so, the Organizer acts as the controller of the Attendees’ personal data, Brella acts as the Organizer’s processor and QlikTech International AB / Zapier Inc acts as the subprocessor of Brella. Please note that when you decide to use Zapier Inc’s services, you shall transfer personal data outside the EU/EEA.
7. DO WE SHARE ATTENDEE’S EVENT DATA WITH OTHER ORGANIZERS?
No. We do not share Attendee’s Event Data with any other Organizer than the one organizing the Event.
8. DO WE PROVIDE MARKETING TO ATTENDEES?
No. We do not market any services to the Attendees, be they our own, the Organizer’s or third-party services.
9. HOW LONG DO WE RETAIN YOUR PERSONAL DATA?
The retention period of personal data depends on the purposes for which we process personal data. We inspect the necessity of the personal data stored regularly and keep records of the inspections.
When we process personal data for contractual purposes, we process and store personal data for as long as it is necessary to fulfil the contractual obligations, and for other purposes, we process and store personal data for as long as it is necessary to fulfil the purpose of data processing.
10. WHAT DATA PROTECTION RIGHTS DO YOU HAVE?
You may have the right to use the below listed data protection rights under the GDPR:
- Right to inspect (art. 15)
- Right to rectify (art. 16)
- Right to erasure (art. 17)
- Right to restriction of processing (art. 18)
- Right to data portability (art. 20)
- Right to object (art. 21)
- Automated individual decision-making, including profiling (art. 22)
If you would like to use your rights or inquire something about data protection, please be in touch with our DPO at firstname.lastname@example.org.
You may also have a right to lodge a complaint with the data protection authorities, if you think that the processing of your personal data infringes data protection laws.
11. HOW CAN YOU DELETE YOUR DATA FROM BRELLA?
You can request for your personal data to be deleted from Brella by contacting our DPO at email@example.com.
12. WHO CAN YOU CONTACT? DOES BRELLA HAVE A DPO?
We have a DPO, who you can reach by e-mail at firstname.lastname@example.org.
In case you have any questions related to your personal data, please be in contact with our acting DPO.
13. CAN THIS PRIVACY NOTICE BE AMENDED?
We have a unilateral right to modify this Privacy Notice. The modifications take effect immediately when we post the up-to-date version of our Privacy Notice to our website.
Last update on 25th of October 2022.