GDPR compliance

Happenings Group A/S has undergone independent audit and certification under ISAE 3000 (International Standard on Assurance Engagements) specifically for GDPR compliance. What is ISAE 3000?: ISAE 3000 is an international framework for independent auditors to evaluate and report on controls and processes. Our ISAE 3000 certification demonstrates that our GDPR compliance controls have been independently verified by qualified auditors. Scope of certification: Our ISAE 3000 certification covers the design and implementation of controls related to personal data protection, security measures, data subject rights, and compliance with GDPR requirements across our platform. Independent verification: Our GDPR compliance controls are regularly audited by independent third-party auditors who verify that our systems and processes meet the requirements set forth in GDPR and international data protection standards.

We adhere to the core principles of GDPR in all our data processing activities: Lawfulness, fairness, and transparency: We process personal data lawfully, fairly, and in a transparent manner. You always know what data we collect and why. Purpose limitation: We collect personal data for specified, explicit, and legitimate purposes and do not process it in ways incompatible with those purposes. Data minimization: We only collect personal data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed. Accuracy: We take reasonable steps to ensure that personal data is accurate and kept up to date. Inaccurate data is erased or rectified without delay. Storage limitation: We keep personal data only for as long as necessary for the purposes for which it was collected. Integrity and confidentiality: We process personal data securely using appropriate technical and organizational measures to protect against unauthorized access, loss, or damage. Accountability: We take responsibility for our data processing activities and can demonstrate compliance with GDPR principles.

We have implemented comprehensive technical and organizational measures to protect your personal data: Encryption: All data in transit is encrypted using TLS/SSL. Sensitive data at rest is encrypted using industry-standard encryption algorithms. Access controls: Strict access controls ensure that only authorized personnel can access personal data, and only to the extent necessary for their role. Monitoring and logging: We continuously monitor our systems for security threats and maintain detailed logs of data processing activities. Security testing: Regular security assessments, penetration testing, and vulnerability scans help us identify and address potential security risks. Staff training: All staff members receive regular training on data protection, privacy, and security best practices. Incident response: We have established procedures for detecting, investigating, and responding to data breaches in compliance with GDPR notification requirements. Vendor management: All third-party service providers are carefully vetted and must meet our security and privacy standards.

Under GDPR, you have the following rights regarding your personal data: Right of access: You have the right to obtain confirmation as to whether we process your personal data and to access that data. Right to rectification: You have the right to have inaccurate personal data corrected and incomplete data completed. Right to erasure: You have the right to have your personal data deleted in certain circumstances ("right to be forgotten"). Right to restriction: You have the right to restrict the processing of your personal data in certain situations. Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format. Right to object: You have the right to object to the processing of your personal data in certain circumstances. Rights related to automated decision-making: You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. Right to withdraw consent: Where processing is based on consent, you have the right to withdraw your consent at any time. To exercise any of these rights, please contact us at legal@happenings.dk. We will respond to your request within one month.

We process personal data as a controller and as a processor: As a controller: When you create an account or use our services directly, we act as a data controller and determine the purposes and means of processing your personal data. As a processor: When organizers and pages use our platform to manage their events and members, we act as a data processor, processing data on their behalf according to their instructions. Data processing agreements: We have data processing agreements in place with all organizers and pages who use our platform, clearly defining our responsibilities and obligations. International data transfers: Our primary data storage is located within the EU. Any transfers of personal data outside the EU are protected by appropriate safeguards in accordance with GDPR.

Data protection is an ongoing commitment at Happenings Group A/S: Data Protection Officer: We have appointed a Data Protection Officer who oversees our data protection strategy and ensures compliance with GDPR requirements. Regular audits: We conduct regular internal audits and engage independent auditors to verify our GDPR compliance and the effectiveness of our controls. Continuous improvement: We continuously review and improve our data protection measures to address emerging threats and evolving regulatory requirements. Transparency reports: We maintain transparency about our data processing activities and provide clear information about how we handle your personal data. Questions or concerns: If you have any questions about our GDPR compliance or data protection practices, please contact our Data Protection Officer at legal@happenings.dk.