Comexposium Group places particular importance on the protection of personal data. This is an essential condition of the trusting relationship that Comexposium Group wishes to establish with all those who entrust their personal data to it.
This Personal Data Protection Policy (hereinafter the "Policy") sets out the practices and conditions under which Comexposium (hereinafter the "Company") SAS with share capital of 60,000,000 euros whose registered office is located at 70 avenue du Général de Gaulle - 92058 Paris La Défense Cedex and registered with the Nanterre Trade and Companies Registry under number 316 780 519, as Data Controller, uses your Personal Data.
Personal Data (hereinafter referred to as "Data") is any information relating to an identified or identifiable natural person; ‘identifiable natural person’ means a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, identification number, location data, an online identifier, or to one or more elements specific to their physical, physiological, genetic, psychological, economic, cultural or social identity, as defined in applicable regulations.
1 – WHICH DATA IS COLLECTED?
Depending on how you interact with the Company and the purpose of the interaction, The Company may collect the following Data:
- Personal data relating to your identity: this includes your surname, first name, e-mail address, postal address or telephone number and your profile (visitor, exhibitor, supplier, etc.).
- Personal Data relating to your order: this refers to all the information required to satisfy and complete your order, in particular information relating to the credit card used (cardholder's name, card number, expiry date, etc.), details of the order, the date of the order, and exchanges with the commercial relations department. In all cases, payment data is processed in accordance with the applicable regulations and security standards.
- Personal Data relating to the connection and use of the Account when you are its holder: this Data refers to all the information you need to access your personal account, as well as that relating to the use of the Customer Account, in particular your login and password, your choices and preferences, and the history of events in which you have participated. In any case, the Customer Account is subject to specific general conditions of use.
- Data concerning your requests for information in the contact section: We process your personal data to respond to the requests stated via the contact form on our Website. This data includes your full name, your company, your e-mail address or your telephone number and your profile (applicant, visitor, exhibitor, supplier...).
- Browsing data (more information): this Data refers to the way the User navigates on the Website. This data may include the IP address, screen resolution, browser used, browsing time, search history, operating system used, language and pages viewed.
- Data on the use of social media: when you interact with social media features, these communications are governed by the personal data protection policies of the social media platforms to which we invite you to refer to.
2 - HOW IS YOUR DATA COLLECTED?
2.1. Depending on how you interact with The Company, it may collect your Data as described below.
2.2. The Company collects your Data directly from you when you complete a contact form or when you contact The Company (e.g. by sending an email).
2.3. The Company collects your Data indirectly when you browse the Site by means of cookies and tags under the conditions defined above. The Company also collects your Data through third parties including social media when you use the account you hold with said third parties to log in or register for an event.
2.4. When you submit Data to the Company, it is your responsibility to ensure that it is accurate and complete. When necessary, you must update your data.
2.5. The Data presented as mandatory is necessary to manage your request and to enable us to provide you with the requested services. The mandatory or optional nature of the Data is indicated on the forms, as well as the possible consequences in case of failure to respond.
3 - WHY IS YOUR DATA COLLECTED?
3.1 Your Data is processed by the Company for the following purposes, both in connection with your use of the Website and your participation in events organized by the Company or with which it has been entrusted.
3.2 Your Data is processed for the requests you make and to contact you.
- If you are a customer, based on the fulfilment of the contract signed with the Company (general pre-registration conditions, general conditions of sale of Tickets or general conditions of participation), your Data is processed to manage your requests for participation and orders and organize your participation and visits to the events we organize or whose organisation has been entrusted to us.
- If you are a professional prospect, the Company may send you its news and commercial information through all channels based on its legitimate interest in promoting the events it organizes.
- If you are a non-professional prospect, the Company may send you its news and commercial information via any channel if you have given your consent.
- If you are a candidate, the Company forwards your applications to the professionals interested in your candidacy.
3.3 In a continuous-improvement perspective of the events it organizes, your Data is also processed by the Company to send you post-event surveys and analyse the results.
3.4 Based on your consent, the Company may also send you, through all channels, news and commercial information concerning events organized by other entities of the Comexposium Group and/or partner services.
3.5 With your consent where required, your Data may also be processed to (i) analyse your preferences and habits, (ii) customise and optimise your experience the Comexposium Group Sites by allowing you to access certain features, as well as to develop the interactivity of the Sites, (iii) perform statistics, in particular on the effectiveness of the Comexposium Group prospecting campaigns.
4 - WHO ARE THE RECIPIENTS OF YOUR DATA?
4.1. Your Data is processed by the Company internal teams (Human Resources Department, Communication Department, Purchasing Department, Accounting). In addition, only service providers and their staff, who are limited in their ability to access your Data, are allowed to do so in view of the specific services entrusted to them and which they must perform on The Company’s own behalf in strict compliance with security and confidentiality obligations.
4.2. With your consent when required, your Data may be transmitted to the entities of the Group to which The Company belongs, and to partners in particular, so that they may send you information and news about the services and products they offer.
4.3. When required by applicable regulations, The Company may transmit your Data to the bodies and authorities legally authorised to access it (including the judicial and administrative authorities).
5 - HOW IS YOUR DATA PROTECTED?
The Company takes all appropriate organisational and technical measures to preserve the security, integrity and confidentiality of your personal data in order, in particular, to prevent them from being distorted, damaged, disclosed or accessed by unauthorized third parties.
The Company also implements internal procedures to guarantee the security of your Personal Data when it is used, transferred or stored. We also maintain the procedures in place to ensure compliance with Applicable Regulation.
These security procedures include:
- The commitment on the part of our service providers and subcontractors, when we use their services, in particular to make the Site and its content available to you, or to carry out your orders, to respect their contractual obligations in order to ensure adequate protection of the Personal Data to which they have access.
- Limiting access to your Personal Data to employees subject to an obligation of confidentiality, and whose access to your Personal Data is necessary to provide you with products and services and/or justified within the scope of their duties;
- Storage of your Personal Data on servers offering every guarantee of security. In accordance with Applicable Regulations, data is kept for the periods mentioned in article 7.
6 - WHAT ARE YOUR RIGHTS?
6.1. In accordance with the applicable regulations and under the conditions given therein, you may exercise the following at any time:
- Right of access: You may request from the Company information on the processing of your Data and a copy of said Data.
- Right to rectification: You may request the rectification of inaccurate personal Data concerning you when that held by the Company is incorrect or incomplete.
- Right to erasure (“right to be forgotten”): You have the right to obtain from the Company the erasure of your Data in the event of one of the reasons provided in the regulations (uselessness of the Data, withdrawal of your consent for the processing based on said consent, etc.).
- Right to object: You have the right to object to processing of your personal Data at any time for reasons relating to your particular situation, including for direct marketing purposes.
- Right to data portability: You have the right to receive your personal Data in a structured, commonly used, and machine-readable format. This right applies only when the Data is provided to The Company by you or is the result of your use of its services. This Data is processed based on your consent or the performance of a contract.
- Right to restriction of processing: You may ask The Company to suspend the processing of your Data in the event of one of the reasons provided in the regulations (challenge of the accuracy of the data, etc.).
Under the conditions defined by the regulations, you also have the right to define general or specific guidelines concerning what happens to your Data after your death. You are informed, however, that only specific directives relating to Data processing carried out by the Company for the purposes defined in this Policy will be recorded by the Company, subject to your specific consent.
6.2. When your Data is processed with your consent, you may revoke it at any time. However, you are advised that the processing implemented prior to this revocation will remain valid.
6.3. You can exercise your rights by contacting The Company:
- by e-mail to privacy@comexposium.com
- by post to: THE COMPANY - Privacy, 70 avenue du Général de Gaulle 92058 Paris La Défense cedex.
You are also informed that, in certain cases, the features of the Sites allow you to consult and modify the Data you have communicated to The Company. The Company takes utmost care with your Data; however if you consider that the processing infringes your rights, you have the right to file a complaint with the French Data Protection Agency (Cnil) - 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07.
7 - HOW LONG DO WE KEEP YOUR DATA?
7.1. The Company keeps your Data for a period of time that does not exceed the time required for the purposes set out in this Policy. Beyond that, your Data may be archived to comply with the legal obligations to which The Company is subject, or it may be deleted.
7.2. The Data used to establish proof of a right or contract, or kept in compliance with a legal obligation by The Company, will be archived in accordance with applicable provisions.
7.3. The Company takes into account the seasonality of the events it organizes. For this purpose, you will find below the storage times defined according to event type.
- Event Type: Quarterly, semi-annual, or annual
- Data Storage Time: 3 years from the last expression of interest of the contact (prospect) and 5 years from the last expression of interest of the contact (customer).
- Persons concerned: All types of event participants (exhibitors, visitors, partner guests, speakers...)
- Event Type:Biennial and triennial events
- Data Storage Time:Duration expiring at the end of the 2nd edition following the last expression of interest of the contact
- Persons concerned: All types of event participants (exhibitors, visitors, partner guests, speakers...)
7.4 When you make an online purchase, your bank details are stored for the following periods:
- Credit card number and validity date: 13 months, following the debit date, or 15 months in the case of deferred debit cards;
- Credit card visual cryptogram: for the duration of the transaction.
8 - TRANSFER OF DATA
For hosting and processing your Data, The Company focuses on resources located in the territory of the European Union. Nevertheless, if a transfer of Data to a third country outside the European Union becomes necessary, specific information will be provided to you by The Company.
9 - AMENDMENTS TO THIS DATA PROTECTION POLICY
9.1. Any amendments to this Policy by The Company will be updated on the Site.
9.2. The User is invited to consult this Policy regularly to review any updates or modifications.
9.3. If any of the clauses in this Policy are declared void or contrary to the regulations, they will be deemed unwritten but will not invalidate the other clauses of the Policy.