GDPR is the European Unions General Data Protection Regulation, introduced May 25, 2018. The purpose is to increase the individual's rights over their own personal data and set a common standard for data storage throughout the EU. The regulation demands stricter requirements on how personal data is processed.
As an event organizer, it is important that you are aware and know how both you and Memlin handle the participants' data, not only to comply with the GDPR directive, but also to make your participants feel safe and secure.
Personal data is any type of information or data that can be attributed to an individual person.
As a Memlin user you act as the Personal Data Controllerer while Memlin act as the Personal Data Processor.
The Personal Data Controller is responsible for defining the purpose for collecting the specific data. The Controller is also responsible for keeping the data up to date. Data that is no longer needed shall be deleted immediately.
As Personal Data Processor Memlin will provide the needed tools so that the Controller can handle the data. Memlin stores all personal data within the EU and according to best practice in the industry. Data sent between participants and the system is always sent encrypted.
To provide the best possible service Memlin have some external service providers. These are referred to as Authorized Subprocessor in a data storage context (GDPR). We go a long way to make sure that our subprocessors follow the GDPR directives and handle the data correctly. Read about our subprocessors here: Subprocessors
The basic principle is that you only collect information that is needed to fulfill a predetermined purpose, for example in order to arrange an event booking and invoicing of customers. The data may only be stored for as long as necessary to complete the task and one should also make sure that the data is up-to-date.