PARTICIPANTS’ PRIVACY POLICY

March 2023

PREAMBLE

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals regarding the processing of personal data and on the free movement of such data, otherwise known as the General Data Protection Regulation (hereinafter referred to as the GDPR) sets out the legal framework for the processing of personal data.

The GDPR strengthens the rights and obligations of data controllers, data processors, data subjects and data recipients.

In the case of our activity, we must process personal data.

Article 12 of the GDPR requires that data subjects be informed of their rights in a concise, transparent, comprehensible, and easily accessible manner.

1. PURPOSE

The purpose of this policy is to meet the information obligation of clients and prospects participating in events organised by Europa Group.

This policy also applies to all participants in an event, including the staff of the organisers and partners as well as their possible contractors.

2. PURPOSES OF THE PROCESSING

Depending on the case, the purposes are as follows:

For the sake of clarity, the following are considered as:

This list is intended to be as exhaustive as possible; any new purpose, modification or deletion of an existing processing operation will be brought to the attention of clients and prospects by an amendment to this policy.

3. LEGAL BASIS FOR PROCESSING

The data processed is based on the execution of the contract and the legitimate interest of having data concerning its customers and prospects.

Where necessary, the consent of the persons concerned is obtained.

4. TYPES OF DATA COLLECTED

Non-technical data (according to use cases)

Technical data (depending on use cases)

5. ORIGINS OF THE DATA

Data relating to customers or prospects (primary or otherwise) is generally collected directly from them.

It may also be collected indirectly, via third parties:

In this case, Europa Group will ensure that the third parties, organisations or legal entities are following the GDPR and that the data subjects are informed of this personal data management policy.

6. DATA RECIPIENTS - EMPOWERMENT & TRACEABILITY

The data collected may be shared in whole or in part depending on the purpose.

Internal recipients

The recipients of personal data of clients and prospects within Europa Group are subject to an obligation of confidentiality.

Europa Group decides which recipient may have access to which data according to an authorisation policy.

External recipients

Europa Group is in no way responsible for damage of any kind that may result from unlawful access to personal data.

All accesses concerning the processing of personal data of clients and prospects are subject to a traceability measure.

Furthermore, personal data may be communicated to any authority legally entitled to know them. In this case, Europa Group is not responsible for the conditions under which the personnel of these authorities have access to and use the data.

7. RETENTION PERIOD

The duration of data retention is defined regarding legal and contractual constraints and, failing that, according to needs and according to the following principles:

PROCESSING
RETENTION PERIOD

Data relating to customers participating in the event
5 years from the end of the event or according to the authorisations obtained.

Data relating to the personal space on the websites and applications
Deletion of data upon unsubscription or, failing that, after 2 years of inactivity.

Data relating to prospects
3 years from the date of collection or from the last positive act of the prospect (request for documentation, click on a hypertext link, etc.).

Technical data
1 year.

Banking data
Deleted as soon as the transaction is completed, except with the customer's express agreement.
If the transaction is contested: stored for 13 months following the debit date.

Cookies
Cookies are kept for 13 months from the time they are deposited on your terminal, starting from the last time you use the website or the mobile application.

After the set deadlines, the data are either deleted or kept after being anonymised, notably for statistical purposes. They may be kept in the event of pre-litigation and litigation.

Customers and prospects are reminded that deletion or anonymisation are irreversible operations that do not allow data to be restored subsequently.

8. RIGHT TO OBJECT

Customers and prospects have the right to object to any commercial prospecting by post, telephone, or electronic means, including profiling insofar as it is linked to such prospecting.

In the case of electronic prospecting, it will be possible at any time for customers to object to such prospecting either by clicking on the link in the e-mail sent or by modifying the account preferences on our websites.

By SMS, it is possible to object to any prospecting by sending "stop" to the number appearing in the message received.

9. RIGHT OF CONFIRMATION AND RIGHT OF ACCESS

Customers and prospects have the right to request confirmation as to whether data relating to them is being processed.

Customers and prospects also have a right of access, the latter being subject to compliance with the following rules:

Customers and prospects have the right to request a copy of their personal data. However, if additional copies are requested, customers and prospects may be required to pay for them.

If customers and prospects make their request for a copy of the data electronically, the information requested will be provided in a commonly used electronic form, unless otherwise requested.

Customers and prospects are informed that this right of access may not relate to confidential information or data or data which may not be disclosed by law.

The right of access must not be exercised in an abusive manner, i.e., on a regular basis with the sole aim of destabilising the service concerned.

10. UPDATING - UPDATING AND RECTIFICATION

Clients or prospects have the right to update:

11. RIGHT TO ERASURE

The right to erasure of customers and prospects shall not apply in cases where the processing is carried out to meet a legal obligation.

Apart from this situation, customers and prospects may request the deletion of their data in the following limited cases:

In accordance with the legislation on the protection of personal data, customers and prospects are informed that this is an individual right that can only be exercised by the person concerned in relation to his or her own information: for security reasons, the department concerned will therefore have to verify your identity in order to avoid any communication of confidential information about you to anyone other than you.

12. RIGHT TO RESTRICTION

Customers and prospects are informed that this right is not intended to apply insofar as the processing is lawful and any personal data collected is necessary for the performance of the commercial contract.

13. RIGHT TO PORTABILITY

Customers and prospects have the right to the portability of their data in the case of data communicated by the customers or prospects themselves, on online services offered by the person from whom the request is made and for purposes based solely on the consent of the persons or the execution of the contract. In this case the data will be provided in a structured, commonly used, and machine-readable format.

14. AUTOMATED INDIVIDUAL DECISION

No processing is based on automated individual decisions.

15. POST-MORTEM RIGHTS

Customers and prospects are informed that they have the right to formulate directives concerning the conservation, deletion, and communication of their post-mortem data. The communication of specific post-mortem directives and the exercise of their rights can be made by e-mail to data.officer@europa-group.com

16. OPTIONAL OR MANDATORY NATURE OF RESPONSES

Customers and prospects are informed on each personal data collection form of the compulsory or optional nature of the answers by the presence of an asterisk.

17. RIGHT OF USE

Customers' and prospects' data are subject to a right of use and processing of their personal data for the purposes set out above.

However, the enriched data that is the result of processing and analysis, otherwise known as "enriched data", remains the exclusive property of Europa Group (analysis of usage, statistics, etc.).

18. SUBCONTRACTING

Europa Group informs clients and prospects that it may involve any subcontractor of its choice in the processing of their personal data.

In this case, Europa Group ensures that the subcontractor complies with its obligations under the GDPR.

Europa Group undertakes to sign a written contract with all its subcontractors and imposes the same data protection obligations on the subcontractors as on Europa Group. Furthermore, Europa Group reserves the right to audit its subcontractors to ensure compliance with the provisions of the GDPR.

19. SECURITY

Europa Group is responsible for defining and implementing the technical security measures, physical or logical, that it deems appropriate to combat the accidental or unlawful destruction, loss, alteration, or unauthorised disclosure of data.

These measures mainly include:

20. DATA BREACH

Any data breach that we may suffer will be notified to the CNIL under the conditions prescribed by the regulations on personal data.

Customers and prospects are informed of any data breach that could pose a high risk to their privacy.

21. CROSS-BORDER FLOWS

Europa Group reserves the right to implement cross-border flows of the data it processes outside the EU.

In such a case, Europa Group will ensure that the rights of clients and prospects are respected and will, if necessary, sign one or more contracts to govern these flows with the recipient country or countries.

22. REGISTER OF PROCESSING OPERATIONS

Europa Group undertakes to keep an up-to-date register of all processing activities carried out.

This register is a document or application that makes it possible to identify all processing activities carried out by Europa Group.

Europa Group undertakes to provide the supervisory authority, on first request, with the information enabling the said authority to verify the compliance of the processing operations with the applicable data protection regulations.

23. DATA PROTECTION OFFICER

Europa Group has appointed a data protection officer.

The contact details of the data protection officer are as follows:

 

Name: Maître Éric Barbry, Cabinet Racine avocats
E-mail address: data.officer@europa-group.com
Phone: 01 44 82 43 00

 

In the event of new processing of personal data, Europa Group will first refer to the data protection officer.

If clients and prospects wish to obtain information or wish to ask a particular question, they will be able to contact the Data Protection Officer who will give them an answer within a reasonable timeframe regarding the question asked or the information required.

In the event of a problem with the processing of personal data, customers and prospects may refer the matter to the designated data protection Officer.

24. RIGHT TO LODGE A COMPLAINT WITH THE CNIL

Customers and prospects concerned by the processing of their personal data are informed of their right to lodge a complaint with a supervisory authority, namely the CNIL in France, if they consider that the processing of their personal data does not comply with the European data protection regulations, at the following address:

CNIL – Service des plaintes
3 Place de Fontenoy
TSA 80715 - 75334 PARIS CEDEX 07
Phone: 01 53 73 22 22

25. EVOLUTION

The present policy may be modified or amended at any time in the event of legal or jurisprudential developments, decisions, and recommendations of the CNIL (French Data Protection Authority) or practices.

Any new version of the present policy will be brought to the attention of clients and prospects by any means defined by Europa Group, including electronic means (distribution by e-mail or online, for example).

26. FOR FURTHER INFORMATION

For further information, you can contact the following department: data.officer@europa-group.com