How we secure your personal data at IDENTI

General provisions

When a website visitor leaves a comment, we collect the data visible in the commenting form, such as the IP address of the visitor and their browser fingerprint, as a way of preventing spam.

At IDENTI, processing of the accredited people data is the core of our work and that’s why we put special emphasis on the security and confidentiality of personal information. IDENTI is primarily an administrator of information on accredited people. In order to securely and quickly issue IDs, we created, based on years-long experience and good practices, a unique IT system according to the requirements regarding the protection of personal information, which are defined by the current law and international norms concerning information security.

We also use the services of processing entities, who process data on behalf of our company, including:

As an aware and responsible organization, we implemented appropriate technical and organizational measures to ensure a degree of security that is appropriate for a possible risk of violation of rights or liberties of a natural person, with a different possibility of occurrence and importance of the risk. The IDENTI system is equipped with functionalities required by the GDPR, such as control over the operators acitvities and generating personal data in a commonly used and machine-readable format. We developed and constantly update security procedures, which we introduce to our team at training sessions organized at our Accreditation Center before every event. In order to constantly oversee the security of personal information, we appointed the Data Protection Officer.

How we use the data

Personal data of accredited people, which includes a first name, last name and photo, is used for efficient and effective production of badges for sports events and other mass events. As a standard, we process the data of accredited participants for 90 days afer the end of an event for which they were accredited. To improve the process of registration for events, we introduced an option of permanent saving of users in the database of the IDENTI system. It eliminates the necessity to enter the data of these users to the system each and every time and taking photos before each event. With their agreement, people who are accredited for many events because of their job can permanently (until the withdrawal of their consent) save their data in the IDENTI database. In this case, we process the system users data also in between events. We can assure you that the personal information entrusted with us won’t be used in any other way than those stated above.

Contact information obtained from our contractors, including their employees information, is used to sign and efficiently execute a contract for the production of badges for accredited participants. After each event, in compliance with the law on the safety of mass events, and in order to settle the payment for our work, we hand over a record of printed badges to an event organizer.

As an employer we process the personal data of our employees and people who work with us based on other arrangements than an employment relationship.

How and on what basis we process your data

Above all we make every effort to protect the interests of people whose data we process. Especially, we make sure that the data is

We process your data usually when their processing is necessary to issue an identification card for an event.

In some cases, processing is required to fulfil a legal obligation that we have as an administrator. That type of obligations stem from, for example, regulations of the law on the safety of mass events, employment law or the accounting act.

Your rights in connection with personal data processing

We try to give any necessary information concerning personal data processing and carry out communication with you in a concise, clear, understendable and easily available form, using explicit and simple language, given your right to:

Every registered user of the system can use their rights regarding personal data processing, that is: accessing the data, correcting it, managing their consent to processing and deleting it.

In order to get information concerning the execution of a specific right, you can contact our Data Protection Officer at the following email address:

How we’re going to contact you

We give information in writing or in another way, including – in appropriate situations – electronically. If you request it, we can give information verbally, if we are first able to confirm your identity in another way. If you send your request electronically, as much as possible, the information will be given also electronically, unless you choose another preferred form of communication.

How long you’ll have to wait for the execution of your rights connected with personal data processing

We try to give information without undue delay – usually within a month of receiving the request.

Subcontractors – our processing entities

If work work with entities who process personal information on our behalf, we use only the services of the processing entities that ensure enough of a guarantee to implement proper technical and organizational measures so that the processing is compliant with the regulations of the GDPR and protects the rights of the people who the data concerns. IDENTI assures that the processing of the entrusted personal information takes place only within the European Economic Area.

We check in detail the entities that we entrust with processing your data. We sign with them contracts that protect your personal information.

How we secure the processing of your personal data

In order to be compliant with the legal requirements we developed specific procedures which include issues such as:

We regularly check and update our documentation so that we are able to confirm the execution of legal requirements in accordance with the accountability principle formulated in the GDPR. Taking care of the interest of the people who the data concerns, we try to incorporate in it all of the current recommendations of the European Data Protection Board and the Personal Data Protection Office.

Data retention, i.e. its shelf life

We store personal information in a form that allows us to identify a person who the data concerns for a period of time no longer than it is necessary for the purposes for which the data is processed – in case of users who do not register in our system it is 90 days after the end of an event where they were accredited. After that time, the data is anonymized (deprived of features that enable identification of a specific person) or deleted. Personal data deletion is complete and permanent. In the retention procedure we guarantee:

The processing period for the data is determined first based on legal regulations (for example a storing period for employee documentation, accounting documents). The retention policy includes both the data processed on paper, as well as electronically.

If a system user agrees to the processing of their data, we’ll be processing their personal information until their consent is withdrawn.

Personal data processing authorization

We make sure that each person who is authorized by us and has access to your personal data, processes it only according to our instructions. We carefully determine and assign levels of data access and privileges in the IDENTI system to the system operators.

Karolina Nowak-Różycka