Our data protection work
Acadermia must process personal data as part of its day-to-day business. We care about your privacy, and we strive for high levels of security in our work with data protection. It is important to us that everyone affected is confident about the methods we use to process personal data.
Do you want to know if we have stored any personal data related to you? Or have you found inaccuracies in the data we have stored about you? If so, you may file a request to our data protection service for rectification or erasure of your personal data. More information about your rights can be found in the policy.
At Acadermia, we care about your personal privacy. We strive to maintain a high level of security in our work with data protection. This policy describes how we gather and use personal data and how we work to protect this data using both technological and organizational safeguards. “Personal data” refers to all types of data that can be linked to you as a living, natural person. The policy also describes your rights with regard to how we process your personal data and how you can exercise these rights.
Acadermia processes personal data in accordance with the General Data Protection Regulation (Regulation No. 2016/679 of the European Parliament and of the Council, also called “GDPR”).
Personal data controller
The personal data controller is Acadermia AB, Klubbvägen 9, 13337 Saltsjöbaden, Sweden.
Which personal data does Acadermia process?
The personal data we process depends on your relationship with us. We have described in the following table the most common categories of personal data that we process. We gather the information directly from you, from our partners and suppliers or from publicly available registers. This data may also be gathered via digital channels, for example when you visit one of our websites or use a mobile app.
Acadermia does not gather personal data from children. To buy tickets to our events, you must be at least 18 years old.
In some cases, we gather personal data from you, but the data refers to someone else. For example, if you buy a ticket to an event, you can sometimes purchase person-specific tickets to multiple people or register multiple people to activities during an event. If you are an exhibitor, you may also register in the same way the people who will be working at your stand or register several contact persons in your organization. In such situations, we assume that the person who provides us with the personal data of other people has their consent or in some other way has a valid reason for providing us with this information. We will inform concerned persons about our personal data processing policy during our first contact with them.
|Your role||Examples of personal data we process|
|General visitor to events open to the public||Name, contact details, purchase and visit history|
|Professional visitor at events not open to the public||Name, position, gender, company/organization, contact details, areas of interest, purchase and visit history|
|Participant in competitions and surveys, subscriber to newsletters||Name, contact details|
|Exhibitor||Name, position, company/organization, contact details, invoicing information, purchase history, dialogue history|
|Organizer||Name, position, company/organization, contact details, invoicing information, purchase history, dialogue history|
|Stand builder||Name, position, company/organization, contact details, invoicing information, purchase history, dialogue history|
|Partner||Name, position, company/organization, contact details, dialogue history|
|Supplier||Name, position, company/organization, contact details, invoicing information, delivery history, dialogue history|
|Journalist/Media Representative||Name, position, company/organization, contact details, visit history|
Your personal data can also be found in different types of data logs that are necessary for several of our digital systems to function properly. These logs refer to, for example, access to information, incoming and outgoing emails or telephone conversations.
We also occasionally document Acadermia’s events with photos, video recordings or audio recordings, and these may sometimes constitute personal data.
Please note that Acadermia does not gather any information about credit card payments. All payment information is handled by third-party suppliers, who are independent controllers for the processing.
Legal basis and purpose for processing personal data
Acadermia processes personal data for several different purposes. The primary purposes are so that we can
- Process orders, purchases, customer service matters and communication with visitors, exhibitors and organizers
- Document, evaluate, develop and market our operations
- Fulfill our commitments as partners and a member of society
- Stop fraud and prevent crime
Marketing mailings from us always offer the possibility of “opting out” of future similar mailings.
All processing of personal data that Acadermia carries out can be justified based on one or several of the following legal grounds:
Compliance with a legal obligation
Example: We need to process some personal data to fulfill the requirements set out in the Accounting Act.
Example: When you buy a ticket online to one of Acadermias’s events, we must obtain some personal data from you, so we can send you the ticket. If you are an exhibitor at an event, we must process your personal data to be able to deliver ordered services and invoice what you have ordered.
Example: If you are professionally active in a certain industry and Acadermia organizes an event in this industry, we may contact you to market the event. We believe that our interests as a company in marketing our events override your interests as a professional not to be subject to marketing. Contact us if you would like more information about the assessment we have made in this matter.
Example: When you subscribe to one of our newsletters or participate in one of our competitions, we ask if you consent to us processing your personal data. In cases where processing is justified only by consent, you may withdraw your consent at any time and request that we cease with the processing in question. Contact us if you would like to withdraw your consent.
With regard to photos, video recordings and audio recordings, Acadermia has a legitimate interest in documenting its operations. This means, for example, that general photos (“exhibition crowds” or “mingle shots”) may be used without every individual person in the picture being asked for consent. The right to use photos where individuals are in focus is regulated in a separate agreement with our professional contacts, for example exhibitors and partners. If you have not signed such an agreement with Acadermia, for example if you are a visitor to one of our events, we must ask for your consent at the time the photo is taken before we may use a photo where you are in focus. The same applies to video and audio recordings.
Storage periods and safeguards
We store your personal data as long as it is necessary to fulfill the purposes described above. The data is then erased or anonymized in a secure manner, so it can no longer be linked to you. Unless agreed otherwise, and if the law does not require us to keep the data longer, the storage periods set out below apply. If you would like us to terminate the storage of your personal data earlier than this, you may request that we do so. See the section entitled “Your rights”.
If you are in contact with us as part of your profession, for example as an exhibitor or a visitor to a trade fair or other event that is not open to the public, we will save your personal data for four years after your most recent activity. “Activity” refers to when you, for example, buy a ticket or register for a new event, participate in a competition, engage in a dialogue with us via email or by telephone or click on a link in one of our newsletters.
If we have not been in contact with you yet, for example because we are in the midst of planning an event together with an organization in which you are a member and you are thus a potential exhibitor, we will save your personal data for at the most one year from the date that we gathered the data.
Photos, video recordings and audio recordings
Recordings that document our operations will be saved for different periods of time depending on the purpose. If they are of future historical interest, we will save them as long as the technological lifetime allows.
Transfer of personal data to others
Acadermia will never sell your data to a third party if we have not received your consent to do so. However, we may turn over your personal data to the following categories of recipients:
Example: Acadermia may turn over necessary information to authorities such as the Swedish Police or the Swedish Tax Agency if we are obligated to do so by law.
Another personal data controller (with Acadermia as partner)
Example: If Acadermia arranges an event in cooperation with another organization, for example a trade association, both Acadermia and the trade association will have access to your personal data. Both parties are then personal data controllers for their own processing of your personal data.
Processor (with Acadermia as the controller)
Example: If Acadermia employs another organization to carry out certain services on its behalf – for example seminar bookings, ticket sales, transports, telemarketing or the operation of IT systems – this could mean either that the organization gathers personal data for us, or needs access to the personal data Acadermia has gathered. In this case, we are the controller and the other organization is the processor. We then enter into a processor agreement with the aim of ensuring that personal data is processed correctly and securely.
Transfer of personal data to countries outside the EU/EEA
Acadermia’s basic principle is that we do not transfer personal data to organizations outside of the EU/EEA. The exception is operations conducted in a third country that is considered to have an adequate protection level in accordance with the European Commission’s decision under Article 45 of the GDPR.
Links in Acadermia’s digital channels
There may be links in Acadermias’s digital channels (e.g. our websites) that lead to other digital channels which are governed by privacy protection rules other than those set out here. In these cases, Stockholmsmässan is not responsible for any data or processing of data in another organization’s digital channel.
According to GDPR, if you are listed in a register you have a number of rights vis-a-vis Acadermia. If you would like to exercise these rights, please e-mail us at firstname.lastname@example.org
In order to protect you and your personal data, Acadermia will not turn over data to anyone whose identity has not been verified. If we, regardless of the reason, cannot fulfill your request, we will explain why.
For all rights listed below, if you so desire, you may request that we extend your request to our partners, if we have shared your personal data with any of them.
Right of access to your personal data
You are entitled to obtain confirmation as to whether Acadermia is processing your personal data and in such a case obtain a summary of the personal data in question.
Right to rectification
Acadermia strives to ensure that all data processed by us is accurate. If you discover inaccuracies in your data, you may request that we rectify the inaccurate data. We will then rectify the error.
Right to data portability
If you would like to receive your personal data from Acadermia in order to be able to use it elsewhere, you are entitled in some cases to receive the data in a structured, commonly used and machine-readable format and transmit it to another controller. However, this assumes that the transfer is technically feasible, that the other party accepts the formats we provide and that this can occur with reasonable effort on our part.
Given the limited volume of personal data that Acadermia processes, it will almost always be easier for you to provide the other party with your personal data. Please also note that this right is limited to data that is processed with your consent or to fulfill contractual obligations with you and that it only applies to the personal data you have submitted yourself.
Right to restriction of processing
If you would like Acadermia to process your personal data only for limited purposes, you can request a restriction of processing. This applies, for example, if you consider the information to be inaccurate, that our processing is unlawful, that we no longer need the data for the purpose of the processing, or when you have objected to processing on the grounds of legitimate interests pending the verification of whether our interest overrides your interest. We will then mark the data to ensure that it does not become subject to additional processing and cannot be changed.
Right to erasure (“right to be forgotten”)
If you would like us to cease all processing of your personal data, you may request erasure in some cases. We will then erase all data that can be linked to you as a person. When the erasure is completed, you will receive a confirmation via email, after which we will also delete the sent email.
Please note that an erasure means that we will remove all information about you, including information that you at one point requested to be forgotten. If you would like, we can instead keep your email address in one place, namely on the Forgotten list, with people who do not want to be in our systems at all. If, at some future point in time, we were to obtain your email address in some other way, for example from an organization in which you are a member, we will be able to immediately see that you do not wish to receive any mailings from Acadermia. There will therefore be no need for you to once again request erasure of your data.
If you think we have made a mistake
If you consider Acadermia’s processing of your personal data to be in conflict with applicable legislation, or that we have processed a request from you improperly when you wanted to exercise your rights in accordance with the above, you may report this to the Swedish Data Protection Authority (Privacy Protection Authority).