Privacy Policy

EAFP Annual Conference 2026 mobile application

Last updated: 21 May 2026

This Privacy Policy explains how your personal data is collected and used when you use the
EAFP Annual Conference 2026 mobile application (the “App”). The App is provided to
registered attendees of the EAFP 2026 conference to help them view their details, connect with other
attendees, follow the programme and receive conference updates.

Please read this policy together with any information you were given when you registered for the
conference. By using the App you confirm that you have read and understood this policy.

1. Who is responsible for your data

The data controller for the App is:

  • ERP Konverents MTÜ (the conference organiser)
  • Registered address: Maakri tn 44-36, Tallinn 10145, Estonia
  • Privacy contact e-mail: eafp2026@erpmusic.com

If you have any questions about this policy or about how your data is handled, please contact us at
the e-mail address above.

2. What data we collect

2.1 Registration details (provided before the conference)

When you registered for the conference you provided certain details to the organiser. These details
are loaded into the App and shown to you on your profile screen:

  • Full name
  • E-mail address
  • University or organisation
  • Department
  • Country

These fields are read-only inside the App — you cannot change them yourself. To correct
them, please contact us (see section 9).

2.2 Profile details you add in the App

You can optionally add or change the following on your profile:

  • Interests — a list of topics you choose to share
  • “Other” note — a free-text comment for other attendees
  • Profile photo — an image you upload from your gallery or take with your camera
  • Visibility setting — whether your details are visible to all attendees, your name
    only, or you appear anonymously

2.3 Content you create in the App

  • Messages and photos you send in private, group, session and general chats
  • Questions you submit to live session Q&A
  • Answers you give to polls, session quizzes and the conference feedback quiz
  • Favourites and matches — other attendees you mark as favourites
  • Networking game activity — QR codes you scan during the in-app networking game

2.4 Notification data

If you turn on push notifications, the App stores a push notification token for your
device so we can send you messages and announcements, together with your notification on/off preference.

2.5 Usage and device data

To understand how the App is used and to improve it, the App records:

  • Which screens you view and which features you use
  • Your in-app presence and “last seen” time while the App is open
  • Your device platform (Android, iOS or web)

This usage information is linked to your attendee profile. The App does not collect your
precise location, and does not use third-party advertising or third-party analytics services.

2.6 Information stored on your device

The App saves a small amount of data locally on your device, including your login session, your
display and notification preferences, and — only if you choose to enable this — copies of photos
from chats saved to your device gallery.

2.7 Device permissions

The App may ask for permission to use your camera (to take a profile or chat photo and to
scan QR codes in the networking game), to show notifications, and to save photos to
your device. You can grant or refuse these permissions in your device settings at any time.

3. How we use your data

Purpose Data used
Identify you and let you log in E-mail address, login session
Show your profile and let other attendees find and connect with you Registration details, profile details, visibility setting
Provide chat, Q&A, polls, quizzes, favourites and the networking game Content you create, profile details
Send announcements and message notifications Push notification token, notification preference
Maintain, secure and improve the App Usage and device data
Respond to your requests and provide support E-mail address and any information you give us

4. Legal bases for processing (GDPR)

We process your personal data under the EU General Data Protection Regulation (GDPR) on the
following legal bases:

  • Performance of a contract / pre-contractual steps — providing the conference and the
    App to you as a registered attendee.
  • Your consent — for optional profile details, sharing content with other attendees, and
    push notifications. You can withdraw consent at any time.
  • Our legitimate interests — operating, securing and improving the App, and enabling
    networking between attendees, in a way that does not override your rights.

5. Who your data is shared with

  • Other attendees — your profile and the content you post are visible to other App users
    according to the visibility setting you choose.
  • Google / Firebase — the App runs on Google’s Firebase platform (Cloud Firestore,
    Firebase Storage, Cloud Functions and Firebase Cloud Messaging). Google acts as our processor and
    hosts the data on our behalf.
  • The conference organising team — authorised organisers can view and manage conference
    content and attendee data through an administration tool.

We do not sell your personal data and we do not share it with advertisers.

6. International data transfers

Firebase is operated by Google. Depending on Google’s infrastructure, your data may be processed
on servers located outside Estonia and the European Economic Area. Where this happens, the transfer
is protected by appropriate safeguards such as the European Commission’s Standard Contractual
Clauses.

7. How long we keep your data

We keep your personal data for as long as needed to run the conference and the App, and for a
reasonable period afterwards for follow-up and administration. After that, the conference data —
including profiles, chats, and quiz responses — is deleted or anonymised. You may ask us to delete
your data sooner (see sections 8 and 9).

8. Your rights

Under the GDPR you have the right to:

  • Access the personal data we hold about you
  • Have inaccurate data corrected
  • Have your data erased (“right to be forgotten”)
  • Restrict or object to processing
  • Receive your data in a portable format
  • Withdraw consent at any time, without affecting processing already carried out
  • Lodge a complaint with a supervisory authority — in Estonia this is the Estonian Data
    Protection Inspectorate (Andmekaitse Inspektsioon, www.aki.ee/en)

9. How to access, change or delete your data

Some data you can manage yourself in the App: you can edit your interests, your “Other” note,
your profile photo and your visibility setting on the profile screen, and you can turn notifications on
or off.

For anything else — including correcting your name, e-mail, organisation, department or country, or
requesting a copy or full deletion of your data and account — please e-mail
eafp2026@erpmusic.com. We will respond within the time limits
set by the GDPR.

10. Security

We use the security measures provided by the Firebase platform to protect your data, including
access controls and encryption in transit. No system can be guaranteed to be completely secure, but
we take reasonable steps to protect your information against loss, misuse and unauthorised access.

11. Children

The App is intended for adult conference attendees and is not directed at children. We do not
knowingly collect personal data from children. If you believe a child has used the App, please
contact us so we can remove the data.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last
updated” date at the top of this page. Significant changes may also be communicated through the App
or by e-mail.

13. Contact us

For any privacy question or request, contact:

© 2026 ERP Konverents MTÜ. EAFP Annual Conference 2026 application.