App
We store personal information in the app and on our servers on behalf of the event organisers in order to provide you with a service. We only store information that you have made available in the course of submitting to or registering for an event or when using the app's networking features.
Specifically:
Your name
Your affiliation (if provided)
Your email address
Other contact information (if provided)
Your biographical details (if provided)
Messages that you send using the networking feature
Some technical information about your mobile device
If you wish to review, alter or remove your information you should contact the organisers.
Other users will be able to see your name and affiliation in the app's delegate list and networking directory list and in messages. Your biography may appear in the list of delegates. Other personal information about you will never be made public by us or shared with anyone.
We retain a copy of messages that you send when using the networking feature. This is in case of complaints by third parties. The messages will not be revealed, even to the event organisers, unless there are grounds to believe that you have sent abusive messages or committed an offence.
We also keep a record of technical information about your mobile device - its type, model number and UUID. This helps us to verify your right to use the messaging service and assists us in troubleshooting.
Device permissions
The app needs permission to use some of the facilities built into your mobile device such as the camera, data storage and "push" messages. This is simply so that you can use the app effectively and we can provide you with the service that you expect from the app. In some cases permission will be granted automatically in accordance with your device settings; in other cases you may have to give specific permission.
We have no access to any personal information stored on your phone such as contact details, photos and tweets made using the app, or notes that you make using the app's notepad.
If we provide a service where you can store personal information on our servers we may have some access to it but we will not use it in any way that is not explicitly sanctioned by you.
GDPR compliance
Hyperion uses your personal data on behalf of a event organiser. This makes us a data processor. The data controller is the event organiser.
Our contract with the event organiser gives us the lawful basis for processing your data on the grounds of legitimate interest. The Information Commissioner's Office (the ICO) states that we must "use people’s data in ways they would reasonably expect and which have a minimal privacy impact". We believe that because you have submitted an abstract or registered as an attendee or downloaded an app you will expect that the information that you have provided will be used in certain ways including to provide you with event-related services and that your name may be published in the app and online.
You have rights in respect of your personal information which are set out by the ICO here.
All data that we handle is securely stored on AWS cloud servers provided by Amazon. Details are available here. Any data used locally for the purposes of software development is behind both hardware and software firewalls with intrusion detection. We have implemented measures to provide "data protection by design and default" (see here).