Purpose of processing personal information and legal basis
Personal information given to the Controller (Travel Agency and Professional Congress Organizer) shall be processed in accordance the EU General Data Protection Directive (679/2016). Personal Information provided by the Customer may be given to our partners in arranging the travel and other services and also to relevant officials and authorities. Personal Information of the client may be transferred and processed outside the EU/EEA area.”
Storage period of personal data
Personal data will be stored for as long as it is necessary to facilitate the services for theCustomer. Only the financial information (invoices etc.) required by law will be stored for eight (8) years and other personal data will be deleted.
Data security principles
Data will be stored in a technically secure location. Physical access to the data is preventedby means of access control and other security measures. Access to the data requiressufficient rights and identification. Unauthorized access is also preventedby means of e.g. firewalls and other technical protection measures.
Data contained inthe register can only be accessed by the Controller and separately named technical and ICT supportpersons. Only the named persons have the right to process and maintain informationcontained in the register. The users are bound by confidentiality obligation.
The rights of the Customer
The right to request from the Controller access to his or her personal data and the right to request that any error in the said data be corrected or removed or its processing be restricted, and to oppose to the processing or transferring of the said data from one system to another