User Data Protection and Privacy Policy (GDPR)

Definitions

1. Controller - the Registered User within the meaning of the Terms of Service of the platform MyOwnConference, to which this document is attached;
2. Processor - the Website Owner, company AKOVANA UAB, within the meaning of the Terms of Service of the platform MyOwnConference, to which this document is attached;
3. Agreement - the agreement regarding the entrustment of personal data processing as regulated herein.

The remaining capitalized terms are as defined in the Terms of Service of the platform MyOwnConference, to which this document is attached.

Data Processing Agreement

1. Platform MyOwnConference acknowledges its role as the data controller of its user's data, which encompasses the data within the scope specified in Attachment A (hereafter referred to as "Personal Data").
2. It is understood that platform MyOwnConference has entered into a Platform Use Agreement (hereafter referred to as the "Service Agreement"). The execution of the Service Agreement by MyOwnConference necessitates processing Personal Data under its control.
3. According to this agreement, the platform MyOwnConference entrusts the designated data processor with the processing of Personal Data, as defined by the REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (EU) 2016/679 of 27 April 2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, from now on referred to as the GDPR), within the scope outlined in Attachment A and exclusively to fulfill the Service Agreement.
4. The designated data processor acknowledges its understanding of the GDPR, affirming its adherence to the provisions of the GDPR. The processor also ensures that adequate technical and organizational measures are in place to meet the requirements of the GDPR and protect the rights of the data subjects.
5. The data processor is authorized to conduct the processing operations of Personal Data as outlined in Attachment B.
6. The data processor is not permitted to engage sub-processors without the prior written consent of MyOwnConference, whether specific or general. In cases of general consent, the data processor is obliged to inform MyOwnConference of any intended changes concerning the addition or replacement of sub-processors at least 21 days prior to the commencement of processing by the new sub-processor. The absence of a clear decision from MyOwnConference by the specified date will be interpreted as a refusal to consent to the engagement of the new sub-processor.
7. Upon obtaining the consent from MyOwnConference as stated in point 6, the data processor is entitled to utilize the services of sub-processors, ensuring that any agreements for entrusting personal data processing are at least as stringent as this Agreement and comply with the provisions of the GDPR.
8. In instances where the data processor employs the services of a sub-processor for specific processing activities on behalf of MyOwnConference, the sub-processor is bound to adhere to the same data protection standards as specified in this Agreement, particularly ensuring that adequate technical and organizational measures are in place to meet GDPR requirements. If the sub-processor fails to fulfill its data protection obligations, the primary data processor will bear full responsibility towards MyOwnConference for the performance of the sub-processor's duties.
9. The data processor commits to effectively upholding MyOwnConference's rights as stipulated in this Agreement, the GDPR, other relevant EU legislations, the member state's laws applicable to the processor or sub-processor, and Polish law. This also includes enforcing the obligations outlined in the aforemeThe data processor hereby informs MyOwnConference that it engages the services of other sub-processors for processing the Personal Data entrusted by MyOwnConference. MyOwnConference consents to this arrangement.ntioned legal frameworks and this Agreement.
10. The data processor hereby informs MyOwnConference that it engages the services of other sub-processors for processing the Personal Data entrusted by MyOwnConference. MyOwnConference consents to this arrangement.
11. As of September 2021, MyOwnConference has adopted the 2021 Standard Contractual Clauses (SCCs) in its dealings with third-party service providers such as Hetzner and CDN77.
12. Furthermore, the European Commission and the United States have reached a preliminary agreement on a new Trans-Atlantic Data Privacy Framework, aimed at facilitating data transfers and addressing the
Schrems II decision of July 2020. For more information, please visit EU Commission Press Release.
13. MyOwnConference is solely responsible for:
13.1. Fulfilling all obligations related to personal data protection laws applicable to MyOwnConference, especially concerning individuals whose data is processed;
13.2. Determining the scope of personal data processed, as well as defining the purpose and means of processing.

MyOwnConference bears exclusive responsibility for any consequences resulting from non-compliance with the aforementioned obligations, including potential liability for recourse towards the data processor.

Processor Obligations

1. MyOwnConference commits to processing Personal Data strictly within the bounds and scope outlined in this Agreement, except as noted in clause 4(1).
2. Personal Data processing by MyOwnConference, including assisting and fulfilling related obligations, shall adhere strictly to the general regulations on personal data protection, particularly the GDPR, other applicable EU laws, and relevant national legislation.
3. Specifically, MyOwnConference ensures the following measures:
3.1. Data processing occurs exclusively based on documented instructions from the Data Controller, including data transfers to other countries or international organizations, unless mandated by EU or applicable national law. In such instances, MyOwnConference will inform the Data Controller in writing of these legal requirements at least 21 days before processing, provided the law doesn't restrict such disclosure for significant public interest reasons.
3.2. Individuals involved in processing Personal Data are bound by confidentiality commitments or statutory secrecy obligations.
3.3. MyOwnConference implements all necessary actions as per Articles 30, 32, 35, and 36 of the GDPR, consistently updating the Data Controller on these actions. Initial assessments under Articles 32, 35, and 36 will be provided to the Data Controller before commencing any data processing activities.
3.4. Compliance with the terms for engaging sub-processors is strictly maintained as outlined in paragraph 1(6-9).
3.5. Given the nature of the processing, MyOwnConference ensures, through proper technical and organizational measures, that the Data Controller can fulfill the obligations of responding to data subjects' requests under Chapter III of the GDPR.
3.6. Considering the processing nature and available information, MyOwnConference assists the Data Controller in fulfilling obligations stipulated in Articles 30–36 of the GDPR.
3.7. MyOwnConference promptly forwards all requests or communications from data subjects to the Data Controller within 12 hours electronically, and original documents are sent by mail to the Data Controller's registered office within 3 days.
3.8. Detailed responses to the Data Controller's inquiries concerning this Agreement are provided by MyOwnConference within 3 days of receiving the request, sent electronically to privacy@myownconference.com.
3.9. Following the termination or expiration of this Agreement, or earlier upon the Data Controller's request, MyOwnConference will stop processing Personal Data. Depending on the Data Controller's decision, MyOwnConference will either delete or return all Personal Data and delete any existing copies, unless retention is mandated by EU or national law.
3.10. MyOwnConference provides all necessary information to prove compliance with Article 28 of the GDPR and cooperates with the Data Controller's audits and inspections. Should MyOwnConference believe that an instruction infringes GDPR or other relevant data protection laws, it will promptly inform the Data Controller.
4. Additional Obligations of MyOwnConference include:
4.1. Adhering to the Data Controller's directions and advice regarding the scope, purposes, and methods of Personal Data processing.
4.2. Implementing comprehensive technical and organizational measures to ensure complete protection of the processed Personal Data, particularly against unauthorized access, acquisition, alteration, or destruction.
4.3. Restricting access to the IT systems and devices used for data processing exclusively to individuals authorized by MyOwnConference for data processing.
4.4. Maintaining accurate records of all individuals engaged in the processing of Personal Data.
5. MyOwnConference commits to promptly notifying the Data Controller of any Personal Data protection breaches electronically, within 12 hours of becoming aware of the incident. The breach notification will, at a minimum:
5.1. Describe the nature of the Personal Data breach, including, if possible, the categories and approximate numbers of data subjects and Personal Data records affected.
5.2. Provide the contact details of the data protection officer or another contact for further information.
5.3. Outline the likely consequences of the Personal Data breach.
5.4. Detail the measures taken or proposed by MyOwnConference to address the Personal Data breach, including, if applicable, measures to mitigate its potential adverse effects.
6. MyOwnConference is also responsible for documenting all relevant details and evidence related to the breach, aiding the Data Controller in understanding the incident's specifics, including its nature, scope, consequences, timing, responsible parties, and affected individuals. MyOwnConference will maintain an incident log documenting all Personal Data breaches, detailing the nature of the breach, its consequences, and the remedial actions taken.

3

1. Myownconference.com shall address any discrepancies identified during evaluations, audits, or inspections within the timeframe specified by the User, ensuring resolution no later than 7 days from the date of notification.
2. Myownconference.com commits to providing the User, at its own expense, with all necessary information to confirm that all legal obligations related to data processing are being upheld. This information will be furnished within deadlines that facilitate the User's compliance with these legal requirements.

4

1. MyOwnConference assumes full responsibility for the protection of data, ensuring compliance with all obligations related to data processing. This includes responsibilities associated with third-party services utilized by MyOwnConference for executing this Agreement. Specifically, MyOwnConference is accountable for preventing unauthorized access or misuse of personal data processed under this Agreement.
2. MyOwnConference commits to promptly inform the data owners, no later than 3 days from the occurrence of the following events: any legal proceedings, whether administrative or judicial, concerning the processing of personal data by MyOwnConference; any decisions by authorities related to data processing directed at MyOwnConference; and any known or expected audits or inspections concerning data processing, especially those conducted by data protection authorities.
3. MyOwnConference will consistently document all processes related to personal data processing, including details, scope, and legal basis of actions taken, adherence to this Agreement, compliance with GDPR, relevant EU and member state laws applicable to MyOwnConference, and Polish regulations concerning data protection. Documentation of these processes will be made available to data owners upon request, in written or electronic form, within 3 days of receiving such a request from the data owner.

Confidentiality and Data Protection

1. MyOwnConference commits to maintaining the strictest confidentiality regarding all information, data, materials, and documents, including Personal Data received from users or obtained in any manner, whether intentionally or incidentally, in oral, written, or electronic form, related to the processing of Personal Data (‘Confidential Data’).
2. MyOwnConference asserts that, in adherence to the obligation of confidentiality concerning Confidential Data, such data shall not be used, disclosed, or made accessible without the explicit written consent of the user, except for the purpose of fulfilling service agreements or when the disclosure of information is mandated by applicable law or the terms of the service agreement.
3. MyOwnConference and its users shall employ all necessary measures to ensure that the communication methods used to receive, transmit, or store Confidential Data offer robust protection, particularly for the Personal Data processed, against any unauthorized access aimed at reviewing its content.

Duration of Data Processing Agreement

This Data Processing Agreement remains valid for the duration necessary to fulfill the obligations of the Service Agreement concluded between myownconference.com and the User. It will terminate concurrently with the cessation or expiration of the aforementioned Service Agreement. In all instances, this Agreement will remain effective no longer than until the objectives of data processing, as outlined in §1(3), have been met.

Section 7

1. This Data Protection Agreement serves as an integral component of the Terms of Service for myownconference.com, functioning as a supplementary attachment.
2. For any aspects not specifically addressed within this agreement, the prevailing regulations of applicable law shall be in effect, including but not limited to the provisions of the General Data Protection Regulation (GDPR).

Attachment A

The Range of Guests’ Personal Data

1. E-mail;
2. User’s Website address;
3. Nickname;
4. Password;
5. Name and Surname, in case our user will collect it;
6. Telephone number, in case our user will collect it;
7. Country, in case our user will collect it,
8. Position and Companies’ name, in case our user will collect it;
9. Time zone, in case our user will collect it;
10. Photograph (avatar), in case our user will collect it;
11. IP address;
12. Operating System;
13. Name and version of the Browser;
14. Type of device;
15. Date and hour of entry and exit to and from a webinar;
16. Role of a participant of a meeting;
17. Activity of a browser tab;
18. Establishing connection;
19 Connection summary;
20. Problem with connection;
21. Responses to requests;
22. Action confirming participation in a meeting and lack of this action;
23. Commencement and ending of transmitting;
24. Establishing connection and its summary;
25. Start playback of a uploaded MP4 video, Youtube, Vimeo;
26. Stop playback of a video;
27. Change of playback position;
28. Ending of playback of a video;
29. Start slideshow;
30. Stop slideshow;
31. Start screen sharing;
32. Stop screen sharing;

Attachment B

Operations of Personal Data Processing

1. Collecting through Internet;
2. Storage;
3. Transmitting in an electronical form to the Collector;
4. Analysis and deduplication;

Contacting our privacy team

For any queries, thoughts, or remarks related to our Privacy Policy, cookies, or GDPR, please don’t hesitate to reach out to us. You can email us directly at privacy@myownconference.com.

Modifications to this document

We retain the right to adjust and enhance our current Privacy Policy. It is your responsibility to stay updated and familiarize yourself with any potential alterations in a prompt manner.

(Last edited: July 10, 2023. Revision: 3.10)