Your data is safe with us!

Scattered registers, i.e. participant lists saved here and there can cause problems. Scattered registers form easily at events, when there’s an undeniable need to share specific participant information with third parties like catering or accomodation representants.

Lyyti offers one centralized participant database for safe storage of personally identifiable information. The data can be shared securely via online reports, which can be regulated closely by the sender: the report can be password protected, access can be restricted and the report set to expire at a certain time. Thanks to online reports, the recipient never needs to save any personal data onto their own device.

The online reporting feature is included in all Lyyti license types.

The privacy policy is the document that clarifies to the registered person how and why their data is stored and handled. One organization can have several privacy policies due to having several registers, e.g. one for marketing purposes and another for customer data. The privacy policy needs to be accessible to the registered persons.

All our clients have the option of creating and publishing (in several languages if needed) one privacy policy for their Lyyti events. In practice this is sufficient when the client only maintains one register.

One privacy policy feature is included in all Lyyti license types.

If an organization is managing events that form separate filing systems or registers (e.g. client events related to the marketing register or internal events related to the employee register), there may be a need to manage several different privacy policies.

A person can be entered into a filing system in Lyyti based on explicit consent, where the person ticks a box to agree to be registered. The registration can also be based on other terms, which are to be clarified to the person about to be registered when they are signing up. In this case explicit consent isn’t needed, as long as the terms are presented clearly to the registered person.

Several separate registers in Lyyti is an especially useful model of conduct for event agencies. In this model, the client is producing events for their client, which makes them not a register controller, but a processor. An event agency can create client-specific privacy policies, manage client-specific consent questions and edit or remove data in client-specific registers.

The several registers feature is available in Lyyti licenses that include the Compliance Center. The Compliance Center is included in licenses purchased or updated after Jan 1st 2017.

If the participant’s/registered persons explicit consent is requested for something (e.g. for a newsletter), the consent information can be stored and handled in Lyyti. The consent question feature is easy to use and transparent for both user and participant. If consent has been given in a previous event, Lyyti will recognize this based on the email adress connected to the participation, which eliminates repeated consent questions.

One consent question and consent management is included in all Lyyti license types.

When a need arises for several separate consent questions (e.g. several different newsletters or other marketing consent), an unlimited amount can be created in Lyyti. The relevant consent questions can be selected for each event at the user’s discretion.

The several consent questions feature is available in Lyyti licenses that include the Compliance Center. The Compliance Center is included in licenses purchased or updated after Jan 1st 2017.

According to Article 15 in the regulation the registered person (in this case the participant) has the right to access their personal data and information about how this personal data is being processed, and to request changes or erasure.

Lyyti has solved this by providing a search feature that retrieves all data on a participant and compiles it into either a PDF-file or machine language. The search can be executed either within the events belonging to one user, or within all events belonging to the entire organization.

Participant data retrieval from one user’s events at a time is included in all Lyyti license types.

Participant data retrieval from the entire organization’s events and the PDF or machine language file generation is available in Lyyti licenses that include the Compliance Center. The Compliance Center is included in licenses purchased or updated after Jan 1st 2017.

When an organization manages more than one register, the participant data search can be performed in either just one register or all existing registers at once.

Participant data retrieval from one or more registers is available in Lyyti licenses that include the Compliance Center. The Compliance Center is included in licenses purchased or updated after Jan 1st 2017.

Personally identifiable information loses its sensitivity status when all data that could help tie the information to a natural person is removed. The process is known as anonymisation, after which the data isn’t subject to the GDPR anymore. Such anonymised event data can be used for statistics etc. The need for anonymisation may arise either from the registered person’s request or when the need to process certain personal information is gone (e.g. a sufficiently long time has passed since the event).

An anonymisation feature for processing an individual participant at a time is included in all Lyyti license types.

When an organization controls several registers, a need may arise to find and anonymise a registered person within just one of many registers. A good example is a company that requires explicit consent for entering a participant in their participant register, but want to keep their participant register and marketing register separated.

Event agencies and conference organizers appreciate this feature, because this way different clients’ participant registers can be kept separately and the participant search is easy to direct to the correct register.

Anonymisation spanning one or several registers is available in Lyyti licenses that include the Compliance Center. The Compliance Center is included in licenses purchased or updated after Jan 1st 2017.

Anonymisation of an entire event at one click is a handy feature for getting rid of personally identifiable data in e.g. old, archived events.

Anonymisation of an entire event is available in Lyyti licenses that include the Compliance Center. Since anonymisation cannot be undone, this feature is only accessible to the admin user.

Automatic anonymisation is a set of tools for the admin user to set certain organization-wide rules for anonymisation with. Data can be set to be anonymised at a certain point in time, or a certain field or question can be anonymised automatically at the admin user’s discretion.

This set of tools is particularly useful to large organizations and other clients who want to standardize and centralize data management and anonymisation practices for the entire organization.

Automatic anonymisation is available in Lyyti Enterprise licenses.

Event participation often acts as an expression of consent, e.g. when a participant signs up for an event and simultaneously agrees to receive a newsletter as stated in the marketing register privacy policy. In these cases the consent information, along with the participant information, needs to be entered into another system (e.g. a marketing platform), where the register is processed further.

Consent information export via reports and Excel file generation is available in all Lyyti license types.

Users who generally manage and process their registers in another system (CRM, marketing platform, HR-system etc) despite managing their events in Lyyti, appreciate the fact that the consent information can be managed automatically. Automatic consent information export (and import) can be facilitated via Lyyti’s API.

Export and import of consent information via API is available in Lyyti Enterprise licenses.

Information considering a natural person’s health situation, political activity or sexual orientation are examples of sensitive personal information. Sensitive personal information should only be processed and stored when it is absolutely necessary and removed once it’s no longer needed.

Lyyti offers tools for flagging certain questions as sensitive data and for scheduling removal of said data. The admin user can set the sensitive data rules for the entire organization, ensuring safe and certain removal of sensitive data.

Sensitive personal data management tools are available in Lyyti Enterprise licenses.

Please bear in mind that events themselves don’t need to be deleted, because they are not personally identifiable information.

When it comes to personal data contained in past events, it’s good to reflect on these points:

Is the organizer under some legal obligation to retain the data, e.g. relating to proof of education or bookkeeping purposes?
Does the organizer have a lawful basis and purpose for data processing, e.g. in events aimed at customers who are already in the customer register?
Does the organizer have a reason to store the data in connection to legitimate economic activity or to fulfill contractual obligations (e.g. a recurring event where previous participation may affect future guest lists)?
If there’s no need to hang on to personal data from past events, it may be in order to anonymise e.g. events that have ended more than two years ago, instead of removing them completely. We recommend that this is done one event at a time, as anonymisation can not be undone.