Baltic Sustainability Awards
Personal data processing rules
1. General issues.
These rules lay down a procedure by which Helve provides processing, security, and protection of participants' (the Participants) personal data at the Baltic Sustainability Awards (the Event) from September 15 to November 30, 2022.
2. Terms used in the Rules:
2.1. Processing - any operation or set of operations performed with personal data or sets of personal data, which is carried out with or without automated means, such as collecting, registering, organizing, structuring, storing, adapting or modifying, recovering, viewing, using, disclosing, transmitting, distributing or otherwise making them available, matching or combining, limiting, erasing or destroying;
2.2. Processor - SIA "Helve" (innovation management company, the organizer and initiator of the Event) and Typeform SL (survey platform provider);
2.3. Personal data - Participant's name, surname, e-mail address, phone number, organization, job title, country, and photomaterial from which a Person is identifiable;
2.4. A third party - a natural or legal person, public entity, agency, or entity other than the data subject.
3. Purpose of personal data processing.
Personal data are collected and further processed to ensure the participation of the Participant in the Event.
3.1.Purposes for personal data processing:
3.2. To ensure participation in the Event (name, surname, e-mail address, phone number, organization, job title, country);
3.3. To ensure the provision of organizational and operational information exchange of the Event (name, surname, e-mail, phone number);
3.4. To ensure the publicity, promotion of the Event, and public information (photo recording and filming during the Event).
4. Personal data registration at the Event.
4.1. Initial collection of participants' data is carried out by the Processor through registration for the Event, accompanied by these Rules and a statement of consent for data processing.
4.2. Upon registration, the Participants familiarize themselves with these Rules, and upon their approval, they confirm consent to their personal data being processed according to the Rules.
5. Terms of collection, storage and deletion of personal data.
Personal data collection is carried out until the end date of the participant registration process. Personal data is stored, processed only to the extent and within the time limit necessary for the fulfillment of the objectives specified in these Rules, and these are as follows:
5.1. Name and surname – until December 7, 2022.
5.2. E-mail - until December 7, 2022.
5.3. Video and photos- permanently (creating the Organizers event archive).
6. Participant's acknowledgement for the processing of personal data.
6.1. A Participant, acknowledging to have read the Rules, consents to their Personal data being processed following terms of these Rules.
6.2. If the Participant withdraws its consent to the processing of personal data, the Processor will erase all personal data submitted, except where erasure is impossible for technical reasons or where it causes disproportionate effort (for example, in case of already printed materials).
7. Audio and audio-visual recording.
7.1. A Participant, acknowledging to have read the Rules, confirms that he or she has been informed of the Event being photographed and filmed.
7.2. The Processor may use the materials produced as a result of a photo recording, in whole or in part, for publicity purposes and to inform about the course of the Event. The Participant is hereby informed that the Processor will use this right freely at its discretion, including the right to transfer them to third parties. The Participant has the right to request information from the Processor about third parties who have been given the right to use video and photo-recording material.
7.3. The Participant may object to the actions specified above in this section and request the Controller to discontinue them provided that the person in question is directly identifiable in the particular video or photograph and it is technically possible for the Processor to erase and/or discontinue the use of the particular photograph.
8. Participant's rights.
8.1. At any time request, the Processor information about the person specified in Article 13 of the General Data Protection Regulation;
8.2. Access the relevant data and receive the information specified in Article 15 of the General Data 17.3. Protection Regulation by contacting Helve;
8.3. Request the Processor to rectify, delete or limit personal data processing or to object to such processing in accordance with Articles 17 and 21 of the General Data Protection Regulation.
9. Helve’s duties in the processing of personal data.
While processing personal data, Helve ensures:
9.1. Access to information in accordance with Article 13 of the General Data Protection Regulation;
9.2. Implementation of technical and organizational measures for the security and protection of Personal data;
9.3. Upon request from the Participant, correction or erasure of his or her personal data.
9.4. The Processor undertakes to inform the Participant without delay about the personal data security breach if the personal data breach could create a high risk for the rights and freedoms of natural persons.
10. Communication and procedures for the exercise of the rights of the Participant.
10.1. The Participant may exercise its rights, including the right to object or to ask questions to the Processor in writing via the e-mail: firstname.lastname@example.org
10.2. If the personal data provided by the person changes, the person is entitled to request to rectify (align) his/her personal data by contacting the Processor by e-mail: email@example.com.
11. Other Processor of personal data.
11.2. In the course of the administrative organization of the Event, the Processor may, if necessary, engage other processors (identification card makers, photographers, etc.) by concluding contracts with them that will include a condition for compliance with these rules.
11.3. If another processor is engaged, then the Processor ensures that this Processor complies with these rules.
12. Processing security requirements
Taking into account state of the art, the implementation costs and the nature, extent, context, and purposes of the processing, as well as the various risks and risks of probability and severity concerning the Participant's rights and freedoms, Helve shall implement appropriate technical and organizational measures to ensure an adequate level of security.
12.1. The mandatory technical protection of personal data shall be implemented by Helve with physical and logical safeguarding means ensuring:
12.2. Protection against the threat of personal data generated by physical effects;
12.3. Protection through software tools, passwords, encryption, cryptography, and other logical safeguarding means.
12.4. When processing personal data, Helve shall ensure:
12.5. Access of authorized persons to the technical resources used for the processing and protection of personal data (including access to personal data);
12.6. That data carriers containing personal data are processed by authorized persons;
12.7. That the resources used in the processing of personal data are transferred to authorized persons.