Data security is our top priority. Within any area that affects IT security, we have well-established procedures that secure your data.
Activities are automatically logged
All participants' actions are recorded, ensuring a solid overview down to the smallest detail.
We are always disposal to your organisation's data security expert to guarantee compliance with security policies. Our extensive experience in the field allows you to quickly describe a policy for how Conference Manager processes your confidential data.
Conference Manager is encrypted via TLS (https). The encryption certificates are often updated and the keys are also changed according to set standards. Whether it is setup and management of events or participants' enrolment process, data is completely secured, when using Conference Manager.
As a starting point, we save data for 6 months, after your event has been organised, in order to meet the typical legislation. Should the need be different, our standard packages contain data storage for 6, 24 or 60 months. All data is stored in Conference Manager's own data centre, and we do not use external parties for operation or hosting. Thus, we have no data located outside the EU/EEA.
GDPR - EU Data Protection Regulation
It is now well-known that the EU Data Security Regulation, also known as the Personal Data Regulation, entered into force on May 25, 2018.
Everyone must therefore have a data-processing agreement that complies with the requirements of GDPR. In practice it is impossible to overcome satisfactory GDPR implementation without IT systems matching the regulatory requirements. This means, among other things, that you should be able to:
- ensure obtaining informed consent (and in some cases explicit consent) for processing personal data
- allow for revocation / cancellation of consent to the treatment, unless the treatment is required by law
- ensure transparency in processing so that individuals can accurately inform how and for what purpose their personal data are processed
- ensure documentation of who has had access to personal data
- allow people to delete their data
Conference Manager enables you to easily comply with the regulations. Without the use of a specific IT system, it becomes an almost impossible task.
Data processing agreement
Conference Manager has no independent right to your data. It is you, as our customer, who is the data manager for the content you provide in Conference Manager, and therefore you have a requirement to ensure that we meet our obligations.
Therefore, we conclude with all our customers a data processing agreement. It is an integral part of our agreement. Data Processing Agreement ensures that:
- It is described how and for how long we process and store your data
- A clear instruction has been given about how and what Conference Manager must do with your data and what to ensure
- That we have established (and continuously ensure) appropriate security measures
- Data can only be processed within the EU / EEA
- The type and categories of data are described based on your specific events
- Employees who may come into contact with data are subject to confidentiality
- We provide assistance to you if you have to provide information to authorities or registered persons, etc.
- Deletes your data permanently in accordance with our agreement, and at the latest when the agreement ends
Conference Manager has spent more than 1.5 years implementing a full ISO27001 Read more about ISO27001 here.
It is a continuous process involving all departments and employees.
Data security standards are rooted in management and derive from a management desire to be the indisputably, most secure system within our area.
Therefore, we have also employed additional colleagues in order to ensure the separation of work functions today, so that no employee can access confidential data independently. It means that:
- No developers have access to live production data or systems
- No developer can launch a new code without management approval, and the new development has been subject to review and testing, and everything is documented
- Operations and development functions are divided by separate responsibilities
- Support is an independent function which, as the only one, can access live data, with authorisation from the customer in each case
The information system includes a wide range of security features, including policies for development, test, employee policies in various situations, which devices may be used with Conference Manager, network Infrastructure, logging, etc.
Journalization/logging of all accesses to the systems and what has been done, is done by employees from Conference Manager or by an employee of the customer.
If you need additional information about our ISO27001 or other information regarding security, please contact our CEO, Rasmus Teilmann, at +45 2523 1142 or e-mail email@example.com.