Personal Data Protection PolicyYour personal integrity matters to us, and we would therefore like to keep you informed about the ways we process your personal data.
GDPR (General Data Protection Regulation) is a new EU regulation that will take effect throughout the EU on May 25th 2018. An important aspect of the new regulation is the individual’s right to control their own personal data.
We welcome this important initiative, and will remain transparent about which type of information we collect and why, as well as safeguard your information to the best of our abilities. We will never sell your data to another company.
In order to process personal data, we need legal grounds to do so. Read on to learn what kind of information we collect, and what lawful basis we have for processing the data.
It may become necessary for us to adjust this policy in the future. Any changes will be posted here, or relayed via e-mail when applying to subscribers of our newsletter.
UKK is acting as Data Controller for our private customers, business customers, subscribers and business partners.
You are always welcome to get in touch if you have any questions: email@example.com or +46 (0)18 727 90 00.
These are the situations in which we gather data
When you start a subscription to our newsletter, we ask you to read this policy and consent to having your data processed in ways described as follows: We will retain your name and e-mail address, collect data based on your purchase history in our ticketing system Tickster and via ukk.se, to analyze your digital user pattern. We will save the data in order to create offers that are relevant to you. We also analyze the data to help improve our communication and advertising strategy.
UKK is always ultimately responsible for your personal data, but uses the service provider Apsis (acting as Data Processor) for newsletter send-outs. By subscribing to our newsletters you consent to having your information stored by Apsis.
Legal basis for processing: Consent
Subscibing to our newletters is free of charge.
If you choose to subscribe to newsletters from UKK, we will save your data and direct information messages to your e-mail address until you decide to end your subscription. You can cancel your subscription at any time using the unsubscribe link included in each letter.
You can always contact us and ask to have your subscription terminated. Contact: firstname.lastname@example.org or +46 (0)18 727 90 00
Under the tab Meetings & Events on ukk.se you are able to fill out a booking request form. This request is in no way a binding agreement. We will save the information that you have provided, in order to answer your request. Furthermore, we will save your name, business title, organization, e-mail address and phone number to be able to contact you with offers and information we think would be relevant to you based on the details of your request. You can always ask to have your information removed or decline further contact. For our business clients and other conference or private event clients we use the CRM system Lime (acting as Data Processor).
Legal basis: Legitimate interests
UKK uses as ticketing system called Tickster (acting as Data Processor). When you buy a ticket, we will save the information needed to deliver your order and to supply you with correct information. We will retain information on what you have purchased in order to tailor offers that are relevant to you, and to be able to analyze our sales performance. When you buy a ticket through Tickster, you need to accept the terms of purchase along with Tickster’s personal data policy before completing the purchase.
Legal basis: Contractual necessity, legitimate interests
When you reach out to us, for example by getting in touch with our front desk, our switchboard, the conference booking or one of our coworkers, we collect the personal data needed to be able to handle your request. Information commonly used in these cases is your name, phone number and e-mail address.
Legal basis: Legitimate interests
Applying for a job
When recruiting for open positions, we save your application and any attached supplementary documents for 6 months after the position has been filled. If you send us a spontaneous application, we will save your information for 12 months. Spontaneous applications should be sent to email@example.com.
Legal basis: Legitimate interests, consent
Fulfilment of the law
We process data in order to fulfil our legal obligations, for example keeping financial data in accordance to accounting regulations.
Legal basis: Legal obligations
Surfing on ukk.se – Cookies
If you do not accept saving cookies on your computer, you can change the settings in your web browser (Internet Explorer, Chrome, Safari, etc.) so that it does not save cookies, but the page may then not function as intended. You can find information on how to turn cookies off in the support section of your web browser.
What kind of data, how, where and why?
The type of data we collect
We collect two types of data – personal data and traffic data.
Personal data is information tied to you – for example your name, address, e-mail address and phone number. It could also be information about what products you have purchased, bookings and order history.
Traffic data is statistics like how many visitors our website has, what time of day most tickets are sold, how many of our customers that live in Uppsala etcetera. This data is not tied to you as a person.
How we collect data
We collect and process data that:
- You provide when you become a customer with us and when communicating with us, for example when buying a ticket, fill out a booking request form, apply for an open position, or contact us to receive information via e-mail or over the phone, or subscribe to our newsletter.
- We acquire from other sources, for example membership lists from Musikens Hus vänner, publicly accessible listings, and from our partners.
- Is being collected through fill-out forms on our website, for example customer surveys.
What we use the personal data for
In order to process personal data, there has to be legal grounds to do so in the Data Protection Regulation. It is called legal basis. It means that for our processing of your personal data to be legal, it needs to be justified by complying with one or more of these purposes:
- Contractual necessity (ticket delivery per e-mail, fulfilling your order)
- Consent (an active ”yes please” from you, as when you subscribe to a newsletter)
- Legal obligations (regarding for example warranties, accounting regulations, labor law)
- Legitimate interests (for example extending an offer on a similar product to an existing customer, or sending an invitation to an event that would be of interest to a specific group of professionals)
We save personal data
We do not keep any personal data longer than we need to. Some data is deleted instantly, other is kept for periods of varying lengths, depending on what the information is used for and what our legal obligations state. Personal data is handled within purpose-built, authorization protected systems. Data retained for statistical purposes is anonymized as extensively as possible. Personal data for ticket customers is purged 3 years after the latest ticket purchase.
Where we store personal data
We always strive to store your personal data within the EU/EES and according to the information security standards stated by the ISO 27001 certificate. In some cases data can be processed outside of the EU/EES, but security is then regulated within the bounds of the standard clauses approved by the European Commission.
We have signed Data Processing Agreements with all contractors that store and handle data on our behalf. Our IT-partner QD Sverige AB ensures our IT security and protection from data breach..
You control your data
You have the right to access the personal data that we have on you, free of charge. You also have the right to demand correction, completion or erasure of that data in our systems.
We are responsible for keeping your data safeguarded. We must therefore take careful measures to ensure that no information is handed out to the wrong person.
Hence you need to send us a signed petition via regular mail if you wish for us to supply you with a registry transcript. The petition should contain your full name, personal identification number, address of legal residency and phone number, a copy of your identification document, as well as your signature. When your full application has been received, it will be processed promptly. The letter should be addressed to:
Uppsala Konsert & Kongress
753 75 Uppsala
We will compile all the data that we have on you, to be collected at our front desk. You are required to show picture ID on pickup. If you wish, we are also able to send you the transcript via registered mail on your expense.
Corrections and deletion
Requests for having your personal data corrected, completed or deleted can be made directly to firstname.lastname@example.org, or by calling us on +46 (0)18 727 90 00. Instructions regarding changes or deletion will be forwarded to any Data Processors holding data on our behalf. Please note that there might be legal obligations that keep us from deleting your instantaneously.
Our views on integrity and personal data (UKK:s internal policy)
UKK respects the right to control your own data. We work transparently and with clarity. We do our best to inform, in order to give the individual full overview of how we work with personal data and for what purposes.
UKK is aware that sensitive personal information needs to be treated with extra caution, and should be purged frequently.
UKK has a clear purpose with all gathering of data. All of these purposes are ensured to have legal basis.
UKK is careful about all data handling, but especially so when it comes to personal data used for commercial purposes aimed at individuals (marketing and sales).
UKK is actively working with registry maintenance and information purging to ensure that correct and relevant data is stored, and kept to a minimum.
UKK trains its staff and follows routines to ensure quality in the handling of personal data.
UKK takes personal integrity very seriously, and holds it for granted to abide by the rules and regulations in place. Because we want to. Not because we have to.
Thank you for reading our policy!