ORGANISERS' PRIVACY POLICY

ORGANISERS' PRIVACY POLICY

March 2023

1. GENERAL PROVISIONS

1.1. PREAMBLE

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals regarding the processing of personal data and on the free movement of such data, otherwise known as the General Data Protection Regulation (hereinafter referred to as the GDPR) sets out the legal framework applicable to the processing of personal data.

The GDPR strengthens the rights and obligations of data controllers, data processors, data subjects and data recipients.

Subsequently, and to implement the changes of the RGPD, the law n°78-17 of 6 January 1978 known as the Data Protection Act was amended by the law n°2018-493 of 20 June 2018 by the ordinance n°2018-1125 of 12 December 2018 on data protection.

The regulations applicable to the protection of personal data thus include the following texts:

  • the RGPD
  • the French Data Protection Act (Loi Informatique et Libertés), as updated by the aforementioned texts.
  • the recommendations of the CNIL.

Article 12 of the RGPD requires that data subjects be informed of their rights in a concise, transparent, understandable, and easily accessible manner.

This privacy policy covers the personal data of event partners.

Partners are understood to be companies or other entities, public or private, which participate in the event as exhibitor, stand, dedicated space, conference, advertiser, etc.

1.2 PURPOSE

The purpose of this policy is to meet the obligation to provide information on the processing of personal data of partners.

If the staff of the partners and their possible service providers attend the event, their personal data will be processed in accordance with the online participant privacy policy.

1.3. GENERAL PRINCIPLES

No processing shall be carried out on your data if it does not relate to personal data collected by or for its services or processed in connection with its services and if it does not comply with the general principles of the GDPR.

Any new processing, modification or deletion of existing processing will be made known to the partners' contact persons by means of an amendment to this policy.

2. IDENTIFICATION OF TREATMENTS

2.1. CATEGORIES OF DATA COLLECTED AND ORIGIN OF THE DATA

The data collected are:

Non-technical data (depending on the use case)

  • identity of the contact person(s) in charge of a file (e.g., title, surname, first name)
  • professional or personal details of the contact person(s) in charge of a file, at the choice of the persons concerned (e.g., email, postal address, fixed or mobile telephone number, fax number)
  • professional information of the person(s) in charge of a file (e.g., position, grade, function)
  • Photos when you grant this right.
  • Professional life (profession, function, speciality, professional number, etc)
  • Financial data (bank card, RIB, etc.)

Technical data (depending on use cases)

  • Identification data (IP)
  • Connection data (logs in particular)
  • Acceptance data (click)
  • Location data
  • Traceability data (access to the places where the event takes place)
  • Cookies

2.2. PURPOSES OF THE PROCESSING

Pre-contractual exchanges
The data of the organisers' contact persons are processed for the purpose of establishing contractual relations for the organisation of events by Europa Group.

Contract and follow-up of the contract
The data of the organisers' contact persons are processed for the purpose of follow-up of the contractual relations for the organisation of events by Europa Group.

Invoicing, payment, and accounting
The data of the organisers' contact persons is used for invoicing and payment of the services provided.

Organiser relationship management
The data of the organisers' contact persons is processed to communicate with them in the context of questions that they may ask during the current or future execution of a contract with Europa Group.

Sending of canvassing, newsletters, or news feeds
The data of the organisers' contact persons is processed for the purposes of commercial canvassing, sending of newsletters or news feeds.

Management of access of third-party personnel to Europa Group's premises
The data of the organisers' contacts are processed to secure their access to Europa Group's premises (e.g.: keeping a register, access badges, etc.).

Video images (video surveillance)
Certain specific areas of our premises are subject to video surveillance, which results in the processing of data of third parties who may be filmed.

2.3. RETENTION PERIODS

The duration of data retention is defined regarding legal and contractual constraints and, failing that, according to needs and according to the following principles:

Contracts concluded with organisers
5 years from the end of the contractual relationship
10 years for contracts concluded by electronic means over 120 euros

Commercial correspondence (order forms, delivery notes, invoices, etc.)
10 years from the end of the accounting period

Data processed for canvassing purposes
3 years from the date of collection of the data or the last positive act (request for documentation, click on a hypertext link, etc.)

Images from video protection cameras
For a maximum of one month

Access to buildings
For up to one month

Technical data
1 year from collection

Cookies
Cookies are kept for 13 months from the time they are deposited on your terminal, starting from the last time you use the website or the mobile application.

The periods indicated are necessarily extended for the legal period of prescription as evidence in the event of litigation. In the latter case, the retention period is extended for the duration of the dispute.

Once the time limits have expired, the data are either deleted or kept after being anonymised, particularly for statistical purposes. They may be kept in the event of pre-litigation and litigation.

Customers and prospects are reminded that deletion or anonymisation are irreversible operations that do not allow data to be restored later.

2.4. LEGAL BASIS

The processing of the data of contact persons with the organisers as presented above is based on pre-contractual or contractual execution.

2.5. RECIPIENTS OF THE DATA

The recipients of the data are the natural or legal persons who receive the personal data. Data recipients may therefore be employees of Europa Group as well as external organisations.

The data collected and processed in the context of relations with the organisers are only accessible to authorised internal and external recipients, and to the following recipients:

  • the staff of the competent departments authorised to manage relations with the organisers' contacts and their line managers.
  • the staff of the support services, i.e., the administrative services, the logistics and IT services and their line managers
  • service providers or support services (e.g., IT service provider)
  • the competent authorities if we are required to share certain data with judicial officers, departments responsible for internal control procedures, etc.

3. MANAGEMENT OF PEOPLE'S RIGHTS

3.1. RIGHT OF ACCESS AND RIGHT TO COPY

Organisers have the right to ask us whether we are processing data about their members (staff, managers, etc.) in the context of contracts concluded with them or in the context of marketing messages sent to them.
They may also request a copy of their members' data being processed.
However, in the event of a request for additional copies, the organisers may be required to bear the cost of the new copy.

If requests from organisers are made electronically, the information requested will be provided in a commonly used electronic form, unless otherwise requested.

The organisers are informed that this right of access may not relate to confidential information or data or to information which may not be disclosed by law.
The right of access must not be exercised in an abusive manner, i.e., on a regular basis with the sole aim of destabilising the proper performance of our services.

3.2. RIGHT OF RECTIFICATION

Organisers have the right to request the rectification of certain data concerning their personnel that are obsolete or erroneous.

3.3. RIGHT TO ERASURE

The organisers may only invoke the right to erasure of their staff data in the following cases:

  • the contract has been terminated and is no longer in effect
  • staff members whose data are processed and who are no longer employed by one of the organisers and who therefore wish to be deleted from the organisers' database.

3.4. RIGHT TO LIMITATION

The organisers are informed that this right is not intended to apply to the extent that the conditions required by the applicable regulations are not fulfilled regarding the processing of the personal data of their staff members.

3.5. RIGHT TO PORTABILITY

The organisers are informed that this right is not intended to apply insofar as the conditions required by the applicable regulations are not met regarding the processing of the personal data of their staff members.

3.6. EXERCISE OF INTERLOCUTORS' RIGHTS

To exercise their rights, organisers should contact us at data.officer@europa-group.com.

4. SUPPLEMENTARY PROVISIONS

4.1. SUBCONTRACTING

We may use any subcontractor of our choice to process the personal data of contact persons with the organisers.
In this case, we shall ensure that the subcontractor complies with its obligations under the GDPR.
We undertake to sign a written contract with all our subcontractors and impose the same data protection obligations on them as we impose on ourselves. In addition, we reserve the right to audit our processors to ensure compliance with the provisions of the GDPR.

4.2. REGISTER OF PROCESSING

We undertake to maintain a register of all processing activities carried out where required by law.
This register is a document or application allowing us to list all the processing activities carried out by Europa Group.
We undertake to provide the CNIL, on first request, with information enabling it to verify the compliance of the processing operations with the data protection regulations in force.

4.3. SECURITY MEASURES

We implement such physical or logical technical security measures as we consider appropriate to protect against accidental or unlawful destruction, loss, alteration, or unauthorised disclosure of data.

These measures mainly include:

  • management of authorisations to access data
  • the use of security protocol or solutions.
  • encryption products
  • anti-virus software
  • firewall
  • securing the Wi-Fi network and remote access,
  • https security access
  • security patch policy
  • Conducting external audits
  • adoption of an information systems security policy
  • adoption of continuity / disaster recovery plans.

In any event, we undertake, in the event of a change in the means of ensuring the security and confidentiality of personal data, to replace them with means of superior performance. No change may lead to a reduction in the level of security.

4.4. DATA BREACH

Any data breach that we may suffer will be notified to the CNIL under the conditions prescribed by the regulations on personal data.
Contact persons for the organisers are informed of any data breach that could pose a high risk to their privacy.

4.5. CROSS-BORDER FLOWS

Europa Group reserves the right to implement cross-border flows outside the EU of the data it processes.
In such a case, Europa Group will ensure that the rights of the organisers are respected and will, if necessary, sign one or more contracts allowing it to control these flows with the recipient country or countries.

5. CONTACTS

5.1. DATA PROTECTION OFFICER

Europa Group has appointed a Data Protection Officer.
The contact details of the data protection officer are as follows:

Name: Maître Eric Barbry, Cabinet Racine Avocats ;
E-mail address: data.officer@europa-group.com
Phone: 01 44 82 43 00

In the event of new processing of personal data, Europa Group will first refer the matter to the Data Protection Officer.
If the organisers wish to obtain specific information or wish to ask a specific question, they may refer the matter to the Data Protection Officer, who will give them an answer within a reasonable period regarding the question asked or the information required.
In the event of problems with the processing of personal data, the organisers may refer the matter to the appointed Data Protection Officer.

5.2. RIGHT TO LODGE A COMPLAINT WITH THE CNIL

Organisers have the right to lodge a complaint with a supervisory authority, namely the Cnil in France, if they consider that the processing of personal data concerning them does not comply with European data protection regulations, at the following address:

CNIL – Service des plaintes
3 Place de Fontenoy
TSA 80715 - 75334 PARIS CEDEX 07
Phone: 01 53 73 22 22

5.3. EVOLUTION

This policy may be modified or amended at any time in the event of legal or jurisprudential developments, decisions, and recommendations of the CNIL, or changes in usage.
Any new version of this policy will be brought to the attention of the organisers by any means we choose, including electronically (e.g., distribution by e-mail or online).

5.4. FOR FURTHER INFORMATION

For further information, you can contact the following departments data.officer@europa-group.com.