PARTNERS’ PRIVACY POLICY

Effective date:March 2023
Last updated: Sept 2024

1. GENERAL PROVISIONS

1.1. PREAMBLE

The Personal Data Protection Act 2012 (“PDPA”) sets out the legal framework applicable to the collection, use and processing of personal data in Singapore.

This privacy policy (“Policy”) sets out the basis on which Europa Organisation Asia Pte. Ltd and Europa Group (both referred to as “Europa”) may collect, use, manage, disclose or otherwise process Personal Data (as defined below) in accordance with the PDPA.

Europa respects the confidentiality of Personal Data and privacy of individuals and is committed to complying with the PDPA and other applicable data protection laws, including the European Union General Data Protection Regulation (“GDPR”), where applicable. For collection of Personal Data under the GDPR, please refer to our GDPR privacy policy.

This Policy applies to all Individuals being, or affiliated in any way, with an Event Partner (as defined below) who provide Europa with Personal Data or whose Personal Data is otherwise collected, used and/or disclosed by Europa in connection with and/or for the purposes of its operations.

1.2 DEFINITIONS

For the purposes of this Policy:

“Individual” means a natural person, whether living or deceased and “Individuals” shall be construed accordingly;

“Event Partner” means a company or other entity, public or private, which (a) has contacted Europa through any means to find out more about Europa’s events or (b) may, or has, participated in any of Europa’s event as exhibitor, stand, dedicated space, conference, advertiser, etc.;

“Personal Data” means data, whether true or false, that is capable of identifying an Individual, whether on its own or in conjunction with other data accessible to Europa. Personal Data may include, without limitation, with respect to an Individual, name, NRIC/FIN, residential address, email address, telephone number, nationality, gender, date of birth, marital status and photographs and video recordings; and Other terms used in this Policy shall have the meanings given to them in the PDPA (where the context so permits).

1.3. GENERAL PRINCIPLES

No collection or processing shall be carried out on Personal Data unless (a) it is provided to Europa voluntarily by the Individual directly or via a third party who has been duly authorised by the Individual to disclose his/her Personal Data to Europa (“Authorised Representative”) after (i) the Individual (or his/her Authorised Representative) has been notified of the purposes for which the data is collected, and (ii) the Individual (or his/her Authorised Representative) has provided written consent to the collection and usage of his/her Personal Data for those purposes, or (b) collection and use of Personal Data without consent is permitted or required by the PDPA or other regulation.

Europa shall seek the Individual’s consent before collecting any additional Personal Data and before using his/her Personal Data for a purpose which has not been notified to the Individual (except where permitted or authorised by applicable regulations.

2. IDENTIFICATION OF TREATMENTS

2.1. CATEGORIES OF PERSONAL DATA COLLECTED AND ORIGIN OF THE PERSONAL DATA

The types of Personal Data collected may include:

Non-technical data (depending on the use case)

• identity of the contact person(s) of an Event Partner and/or attending one of Europa’s events, including the Event Partner's representatives, personnel, service providers who attend the event (e.g., gender, surname, first name)
• subject to the below exclusion, contact details (e.g., email, mailing address, fixed or mobile telephone number, fax number)
• professional information of the person(s) in charge of a file (e.g., position, grade, function)
• photographs and video recordings where access to the event requires a photo, notably for identification or security purposes.

Unless provided otherwise under the PDPA, business contact information, including business email addresses, office telephone numbers, job titles, and related data, is excluded from the scope of this Policy. Such information is not considered personal data under the PDPA. Europa may collect, use, and disclose business contact information without seeking consent, for purposes related to its business operations and communications.

Technical data (depending on use cases)

• Identification data (IP)
• Connection data (logs in particular)
• Acceptance data (click)
• Location data
• Traceability data (access to the places where the event takes place)
• Cookies

2.2. PURPOSES OF COLLECTION, USE AND DISCLOSURE OF PERSONAL DATA

Europa may collect and use Personal Data for various purposes, including the following:

Pre-contractual exchanges
Personal Data may be collected, used and disclosed for the purpose of participation in events organised by Europa, on its behalf or on behalf of third parties..

Contract and follow-up of the contract
Personal Data may be collected, used and disclosed for the purpose of performing obligations in the course of or in connection with the Event Partner’s participation in events organised by Europa, on its behalf or on behalf of third parties.

Invoicing, payment, and accounting
Personal Data may be collected, used and disclosed for the purpose of invoicing and processing payment of the services provided.

Partner relationship management
Personal Data may be collected, used and disclosed for the purpose of responding to, handling, and processing queries, requests, applications, complaints, and feedback from an Event Partner and managing the relation with the Event Partner.

Sending of canvassing, newsletters, or news feeds
Personal Data may be collected, used and disclosed for the purpose of commercial canvassing, sending of newsletters or news feeds.

Management of access to event venue
Personal Data may be collected, used and disclosed for the purpose of securing an Individual’s access to an event venue (e.g.: keeping a register, access badges, etc.).

Video images (video surveillance)
Certain areas (event venue, Europa premises, etc.) may be subject to video surveillance, resulting in the collection of Personal Data of Individuals who may be filmed.

Statistical reporting
Personal Data may be collected, used and disclosed for statistical purposes.

Compliance with laws
Personal Data may be collected, used and disclosed for the purpose of complying with any applicable laws, regulations, codes of practice, guidelines, or rules, or assisting in law enforcement and investigations conducted by any governmental and/or regulatory authority.

Incidental business purposes
Personal Data may be collected, used and disclosed for any other incidental business purposes related to or in connection with the above.

Other purposes
Personal Data may be collected, used and disclosed for any other reasonably appropriate purposes from the surrounding circumstances for which the Individual has provided the information.

Transmission to third-parties
Personal Data may be collected, used and disclosed for the purpose of transmission to any unaffiliated third parties including Europa’s third-party service providers and agents, and relevant governmental and/or regulatory authorities, whether in Singapore or abroad, for the aforementioned purposes.

The purposes listed in the above clause may continue to apply even in situations where the Event Partner or the Individual’s relationship with Europa (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable Europa to enforce its rights under a contract with the Event Partner or the Individual).

2.3. RELIANCE ON THE LEGITIMATE INTERESTS EXCEPTION

In compliance with the PDPA, Europa may collect, use or disclose Personal Data without the Individual’s consent for the legitimate interests of Europa or another person. In relying on the legitimate interests exception of the PDPA, Europa will assess the likely adverse effects on the Individual and determine that the legitimate interests outweigh any adverse effect.

2.4. RETENTION OF PERSONAL DATA

Europa may retain Personal Data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws.

Europa will cease to retain Personal Data, or remove the means by which the data can be associated with the Individual, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the Personal Data was collected, and is no longer necessary for legal or business purposes.

2.5. RECIPIENTS OF THE PERSONAL DATA

Personal Data may be disclosed:

(i) where such disclosure is required for performing obligations in the course of or in connection with the provision of the goods and services requested by the Individual;

(ii) to third party service providers, agents and other organisations engaged by Europa to perform any of the functions with reference to the purposes listed herein.

Personal Data collected and processed in the context of relations with the Event Partners are only accessible to authorised internal and external recipients, and to the following recipients:

• the staff of the competent departments authorised to manage relations with the Event Partners' contacts and their line managers.
• the staff of the support services, i.e., the administrative services, the logistics and IT services and their line managers
• service providers or support services (e.g., IT service provider)
• the competent authorities if Europa is required to share certain data with judicial officers, departments responsible for internal control procedures, etc.

Regarding internal recipients, Europa decides which recipient may have access to which data according to an authorisation policy and ensures that they are subject to an obligation of confidentiality.

Regarding external recipients, Europa informs the Individuals that the Personal Data of those who contact our Event Partners may be communicated to some of Europa’s service providers, if necessary, to the company sponsoring the event or to any authority legally entitled to know about it (tax and social authorities in particular).

3. INDIVIDUALS' RIGHTS

3.1. WITHDRAWING CONSENT

Where applicable, the consent provided by an Individual for the collection, use and disclosure of his/her Personal Data will remain valid until such time it is being withdrawn by the Individual in writing. The Individual may withdraw consent and request Europa to stop collecting, using and/or disclosing his/her Personal Data for any or all of the purposes listed above by submitting a request in writing or via email to the Data Protection Officer.

Upon receipt of a written request to withdraw consent, Europa may require reasonable time (depending on the complexity of the request and its impact on the relationship of Europa with the Event Partner or the Individual as the case may be) for the request to be processed and for Europa to notify the Event Partner and the Individual of the consequences of Europa acceding to the same, including any legal consequences which may affect the Event Partner or Individual’s rights and liabilities to Europa. In general, Europa shall seek to process a request within ten (10) business days of receiving it.

Whilst Europa respects any decision to withdraw consent, Europa may not be, depending on the nature and scope of the request, in a position to continue providing goods or services to the Event Partner or the Individual, as the case may be, and Europa shall, in such circumstances, notify the Event Partner and the Individual before completing the processing of the Individual’s request. Should the Individual decide to cancel his/her withdrawal of consent, the Individual shall inform Europa in writing.

Withdrawing consent does not affect Europa’s right to continue to collect, use and disclose Personal Data where such collection, use and disclose without consent is permitted or required under applicable regulations.

3.2. ACCESS TO, AND CORRECTION OF, PERSONAL DATA

An Individual may make (a) an access request for access to a copy of his/her Personal Data which Europa holds or information about the ways in which Europa uses or discloses his/her Personal Data, or (b) a correction request to correct or update any of his/her Personal Data which Europa holds by submitting a request in writing or via email to the Data Protection Officer.

A reasonable fee may be charged for an access request. If so, Europa will inform the Individual of the fee before processing the request.

Europa will respond to a request as soon as reasonably possible. In general, response will be within ten (10) business days. Should Europa not be able to respond to the request within thirty (30) days after receiving the request, Europa will inform the Individual in writing within thirty (30) days of the time by which Europa will be able to respond to the request. If Europa is unable to provide the Individual with any Personal Data or to make the correction requested by the Individual, Europa shall generally inform the Individual of the reasons why Europa is unable to do so (except where Europa is not required to do so under the PDPA).

If requests are made electronically, the information requested will be provided in a commonly used electronic form, unless otherwise requested.

The right of access must not be exercised in an abusive manner, i.e., on a regular basis with the sole aim of destabilising the

Europa keeps a record of all access requests received and processed.

3.3. ACCURACY OF PERSONAL DATA

Europa generally relies on Personal Data provided by the Individual (or the Authorised Representative). In order to ensure that the Personal Data is current, complete and accurate, the Individual shall update Europa if there are changes to his/her Personal Data by informing the Data Protection Officer in writing or via email.

4. SUPPLEMENTARY PROVISIONS

4.1. SUBCONTRACTING

Europa may use any subcontractor of its choice to process Personal Data. In this case, Europa shall ensure that the subcontractor complies with its obligations under the PDPA and other applicable regulations ( including GDPR), as the case may be.

4.2. SECURITY MEASURES

We undertake to maintain a register of all processing activities carried out where required by law.

This register is a document or application allowing us to list all the processing activities carried out by Europa Group.

We undertake to provide the CNIL, on first request, with information enabling it to verify the compliance of the processing operations with the data protection regulations in force.

4.3. SECURITY MEASURES

Europa implements administrative, physical and technical measures as Europa considers appropriate to protect against unauthorised access, collection, use, disclosure, copying, modification, disposal of Personal Data or similar risks.

These measures mainly include:

• management of authorisations to access data
• the use of security protocol or solutions.
• encryption products
• anti-virus software
• firewall
• securing the Wi-Fi network and remote access,
• https security access
• security patch policy
• Conducting external audits
• adoption of an information systems security policy
• adoption of continuity / disaster recovery plans.

In any event, Europa undertakes, in the event of a change in the means of ensuring the security and confidentiality of Personal Data, to replace them with means of superior performance. No change may result in a reduction in the level of protection of Personal Data.

However, no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, Europa strives to protect the security of the Individual’s information and is constantly reviewing and enhancing their information security measures.

4.4. DATA BREACH

Any data breach will be handled in accordance with the PDPA and other applicable regulations.

4.5. CROSS-BORDER TRANSFERS OF PERSONAL DATA

In course of providing services, Europa may transfer Personal Data outside Singapore.

Europa will take all reasonable steps to ensure that Personal Data remains protected and handled in accordance with the principles set out in this Policy, regardless of the country to which it is transferred.

Europa will take steps to ensure that the Personal Data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.

5. CONTACTS

5.1. DATA PROTECTION OFFICER

An Individual may contact Europa’s data protection officer (“Data Protection Officer”) if he/she has any enquiries or feedback on Europa’s personal data protection policies and procedures, or if he/she wishes to make any request, in the following manner:

Name: Nana Anastasia SULAIMAN
Contact No.: 6226 2969
Email Address: dposingapore@dsavocats.com

5.2. RIGHT TO LODGE A COMPLAINT WITH THE PDPC

Individuals have the right to lodge a complaint with the Personal Data Protection Commission, if they consider that the processing of their Personal Data does not comply with the PDPA.

5.3. EFFECT AND CHANGES

This Policy applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of an Individual’s Personal Data by Europa.

Europa may revise this Policy from time to time without any prior notice. Individuals may determine if any such revision has taken place by referring to the date on which this Policy was last updated.

Any new version of this Policy will be brought to the attention of the Event Partners by any means Europa elects, including electronically (e.g., distribution by e-mail or online). Event Partner’s continued use of Europa’s services constitutes acknowledgement and acceptance of such changes.