PARTICIPANTS’ PRIVACY POLICY

Effective date:March 2023
Last updated: Oct 2024

PREAMBLE

The Personal Data Protection Act 2012 (“PDPA”) sets out the legal framework applicable to the collection, use and processing of personal data in Singapore.

This privacy policy (“Policy”) sets out the basis on which Europa Organisation Asia Pte. Ltd. and Europa Group (both referred to as “Europa”) may collect, use, manage, disclose or otherwise process Personal Data (as defined below) in accordance with the PDPA.

Europa respects the confidentiality of Personal Data and privacy of individuals and is committed to complying with PDPA and other applicable data protection laws, including the European Union General Data Protection Regulation (“GDPR”), where applicable. For collection of Personal Data under the GDPR, please refer to our GDPR privacy policy.

This Policy applies to all Individuals, being clients or prospects participating in events organised by Europa, who provide Europa with Personal Data or whose Personal Data is otherwise collected, used and/or disclosed by Europa in connection with and/or for the purposes of its operations.

1. DEFINITIONS

For the purposes of this Policy:

“Event organiser” means Europa Group;

“Individual” means a natural person, whether living or deceased and “Individuals” shall be construed accordingly;

“Partner” means a company or other entity, public or private, which participates in an event as exhibitors, stands, dedicated space, conferences, etc;

“Personal Data” means data, whether true or false, that is capable of identifying an Individual, whether on its own or in conjunction with other data accessible to Europa. Personal Data may include, without limitation, with respect to an Individual, name, NRIC/FIN, residential address, email address, telephone number, nationality, gender, date of birth, marital status and photographs and video recordings;

“Service Provider” means any company or other entity that provides services for the smooth running of an event (reception, security, logistics, etc.); and

“Website” means any event specific website.

Other terms used in this Policy shall have the meanings given to them in the PDPA (where the context so permits).

2. GENERAL PRINCIPLES

No collection or processing shall be carried out on Personal Data unless (a) it is provided to Europa voluntarily by the Individual directly or via a third party who has been duly authorised by the Individual to disclose his/her Personal Data to Europa (“Authorised Representative”) after (i) the Individual (or his/her Authorised Representative) has been notified of the purposes for which the data is collected, and (ii) the Individual (or his/her Authorised Representative) has provided written consent to the collection and usage of his/her Personal Data for those purposes, or (b) collection and use of Personal Data without consent is permitted or required by the PDPA or other regulation.

Europa shall seek the Individual’s consent before collecting any additional Personal Data and before using his/her Personal Data for a purpose which has not been notified to the Individual (except where permitted or authorised by applicable regulations.

3. PURPOSES OF COLLECTION, USE AND DISCLOSURE OF PERSONAL DATA

Europa may collect and use Personal Data for various purposes including the following:

• Promotion of events and similar events.
• Commercial canvassing.
• Animation of communities.
• Creation and management of personal spaces on websites and applications related to events.
• Management of registration and participation in an event.
• Management of applications to an event participation fund.
• Management of contributions to the programme of events
• Management of contributions to books and journals published in connection with events or not.
• Management of access and traceability in the sites hosting the events and the various dedicated areas.
• Management of certificates of attendance and various certificates, invitation letters.
• Management of the purchase or subscription of other products and services online.
• Legal declarations to the authorities of the countries hosting the events or of the countries of origin of the participants in the events (as required).
• Service improvement and satisfaction surveys.
• Statistics.
• Rights and complaints management.
• Management of de-subscription requests.
• Management of payments and debt collection where necessary
• Communication of participants' data to third parties (event organisers, partners, service providers).
• Drawing up a list of participants in an event.
• Complying with any applicable laws, regulations, codes of practice, guidelines, or rules, or assisting in law enforcement and investigations conducted by any governmental and/or regulatory authority where Europa operates.
• Transmitting to any unaffiliated third parties including Europa’s third-party service providers and agents, and relevant governmental and/or regulatory authorities, whether in Singapore or abroad, for the aforementioned purposes.

The purposes listed above may continue to apply even in situations where the Individual’s relationship with Europa (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable Europa to enforce their rights under a contract with the Individual).

4. RELIANCE ON THE LEGITIMATE INTERESTS EXPECTION

In compliance with the PDPA, Europa may collect, use or disclose Personal Data without the Individual’s consent for the legitimate interests of Europa or another person. In relying on the legitimate interests exception of the PDPA, Europa will assess the likely adverse effects on the Individual and determine that the legitimate interests outweigh any adverse effect.

5. TYPES OF DATA COLLECTED

Subject to the PDPA, the types of Personal Data collected may include:

Non-technical data (according to use cases)

• Identification (surname, first name, nickname, etc.).
• Contact details (email and/or postal address, landline and/or mobile phone number, etc.).
• Photo in cases where access to the event requires a photo, particularly for identification and security purposes.
• Professional life (profession, position, speciality, business numbers, etc.).
• Financial data (bank card, RIB, etc.).
• Video images (filmed conferences, video surveillance, etc.).

Technical data (depending on use cases)

• Identification data (IP).
• Connection data (logs in particular).
• Acceptance data (click).
• Location data.
• Traceability data (access to the places where the event takes place).
• Cookies

6. ORIGINS OF THE PERSONAL DATA

Personal Data relating to customers or prospects is generally collected directly from them.

It may also be collected indirectly, via third parties:

• via event organisers (membership files, prospects, participants, website users, etc.).
• via Europa Group's partners and suppliers involved in the organisation and holding of events.
• via the employers of the persons concerned.
• via sponsorship actions.
• via companies specialising in the sale or rental of databases.

In this case, Europa will ensure that the third parties, organisations or legal entities are following the PDPA and Personal Data has been collected in accordance with the PDPA where applicable.

7. DATA RECIPIENTS

Personal Data may be disclosed:

(i) where such disclosure is required for performing obligations in the course of or in connection with the provision of the goods and services requested by the Individual;

(ii) to third party service providers, agents and other organisations engaged by Europa to perform any of the functions with reference to the purposes listed herein.

Recipients may be:

Internal recipients

• authorised staff of the marketing department, the sales department, the departments responsible for handling customer relations and canvassing, the administrative departments, the logistics and IT departments and their line managers
• authorised staff of the departments responsible for internal control procedures.

Europa decides which recipient may have access to which data according to an authorisation policy. Recipients of Personal Data within Europa are subject to an obligation of confidentiality.

External recipients

• Event Organiser
• Europa Group's subcontractors and service providers.
• Europa Group's subsidiaries.
• exhibitors and event partners in certain cases (e.g., visit to their stand, participation in a promotional or sponsored session, etc.) where you have given your consent.
• all event participants in certain cases (e.g., publishing the list of participants)
• accreditation bodies, bodies awarding subsidies for participation fees.
• the authorities of the countries hosting the congress or of the participants' countries of origin, in the context of the application of legal provisions
• organisations, court officials and legal officers, in the context of their debt collection duties.
• the organisation in charge of managing the "Do not call" list.
• Authorised external staff of the supervisory authorities (e.g., auditors).

All accesses concerning the processing of Personal Data are subject to a traceability measure.

8. RETENTION OF PERSONAL DATA

Europa may retain Personal Data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws.

Europa will cease to retain Personal Data, or remove the means by which the data can be associated with the Individual, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the Personal Data was collected, and is no longer necessary for legal or business purposes.

9. WITHDRAWING CONSENT

Where applicable, the consent provided by an Individual for the collection, use and disclosure of his/her Personal Data will remain valid until such time it is being withdrawn by the Individual in writing. The Individual may withdraw consent and request Europa to stop collecting, using and/or disclosing his/her Personal Data for any or all of the purposes listed above by submitting a request in writing or via email to the Data Protection Officer.

Upon receipt of a written request to withdraw consent, Europa may require reasonable time (depending on the complexity of the request and its impact on the relationship of Europa with the Individual) for the request to be processed and for Europa to notify the Individual of the consequences of Europa acceding to the same, including any legal consequences which may affect the Individual’s rights and liabilities to Europa. In general, Europa shall seek to process a request within ten (10) business days of receiving it.

Whilst Europa respects any decision to withdraw consent, Europa may not be, depending on the nature and scope of the request, in a position to continue providing goods or services to the Individual and Europa shall, in such circumstances, notify the Individual before completing the processing of the Individual’s request. Should the Individual decide to cancel his/her withdrawal of consent, the Individual shall inform Europa in writing.

Withdrawing consent does not affect Europa’s right to continue to collect, use and disclose Personal Data where such collection, use and disclose without consent is permitted or required under applicable laws.

10. ACCESS TO, AND CORRECTION OF, PERSONAL DATA

An Individual may make (a) an access request for access to a copy of his/her Personal Data which Europa holds or information about the ways in which Europa uses or discloses his/her Personal Data, or (b) a correction request to correct or update any of his/her Personal Data which Europa holds by submitting a request in writing or via email to the Data Protection Officer.

A reasonable fee may be charged for an access request. If so, Europa will inform the Individual of the fee before processing the request.

Europa will respond to a request as soon as reasonably possible. In general, response will be within ten (10) business days. Should Europa not be able to respond to the request within thirty (30) days after receiving the request, Europa will inform the Individual in writing within thirty (30) days of the time by which Europa will be able to respond to the request. If Europa is unable to provide the Individual with any Personal Data or to make the correction requested by the Individual, Europa shall generally inform the Individual of the reasons why Europa is unable to do so (except where Europa is not required to do so under the PDPA).

If a request for a copy is made electronically, the information requested will be provided in a commonly used electronic form, unless otherwise requested.

The right of access must not be exercised in an abusive manner, i.e., on a regular basis with the sole aim of destabilising the proper performance of Europa’s services.

11. ACCURACY OF PERSONAL DATA

Europa generally relies on Personal Data provided by the Individual (or the Authorised Representative). In order to ensure that the Personal Data is current, complete and accurate, the Individual shall update Europa if there are changes to his/her Personal Data by informing the Data Protection Officer in writing or via email.

12. AUTOMATED INDIVIDUAL DECISION

No processing is based on automated individual decisions.

13. OPTIONAL OR MANDATORY NATURE OF RESPONSES

Individuals are informed on each Personal Data collection form of the compulsory or optional nature of the answers by the presence of an asterisk.

14. SECURITY MEASURES

Europa implements administrative, physical and technical measures as Europa considers appropriate to protect against unauthorised access, collection, use, disclosure, copying, modification, disposal of Personal Data or similar risks.

These measures mainly include:

• management of authorisations to access data
• the use of security protocol or solutions.
• encryption products
• anti-virus software
• firewall
• securing the Wi-Fi network and remote access,
• https security access
• security patch policy
• Conducting external audits
• adoption of an information systems security policy
• adoption of continuity / disaster recovery plans.

However, no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, Europa strives to protect the security of the Individual’s information and is constantly reviewing and enhancing their information security measures.

15. DATA BREACH

Any data breach will be handled in accordance with the PDPA.

16. CROSS-BORDER TRANSFERS OF PERSONAL DATA

In course of providing services, Europa may transfer Personal Data outside Singapore.

Europa will take all reasonable steps to ensure that Personal Data remains protected and handled in accordance with the principles set out in this Policy, regardless of the country to which it is transferred.

Europa will take steps to ensure that the Personal Data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.

17. RECORDS

Europa keeps a record of all access requests received and processed.

18. DATA PROTECTION OFFICER

An Individual may contact Europa’s data protection officer (“Data Protection Officer”) if he/she has any enquiries or feedback on Europa’s personal data protection policies and procedures, or if he/she wishes to make any request, in the following manner:

Name: Nana Anastasia SULAIMAN
Contact No.: 6226 2969
Email Address: dposingapore@dsavocats.com

19. RIGHT TO LODGE A COMPLAINT WITH THE PDPC

Individuals have the right to lodge a complaint with the Personal Data Protection Commission, if they consider that the processing of their Personal Data does not comply with the PDPA.

20. EFFECT AND CHANGES

This Policy applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of an Individual’s Personal Data by Europa.

Europa may revise this Policy from time to time without any prior notice. Individuals may determine if any such revision has taken place by referring to the date on which this Policy was last updated.

Any new version of this Policy will be brought to the attention of the Event Partners by any means Europa elects, including electronically (e.g., distribution by e-mail or online). Event Partner’s continued use of Europa’s services constitutes acknowledgement and acceptance of such changes.