Privacy Policy
Last update: April 8th, 2020
Introduction
The activities of Showcare Event Solutions (“Showcare”) require users to provide certain Personal Data. The procedures for collecting and processing your Personal Data must therefore respect certain basic rights, in the spirit of fairness and transparency. Showcare commits to collecting, processing, or storing your Personal Data solely to carry out defined, legitimate, and relevant purposes. Trust in the security of exchanges and transactions is an essential requirement. Showcare intends to protect their customers, clients of our customers, website visitors and all other users from any fraudulent conduct. This Privacy Policy applies to Showcare, its subsidiaries and sets out our practices regarding data collected through any of our transactional online platforms or through other web-based or mobile services (our “Websites”), as well as information handed to us by one of our customers.
Definition
Personal Data: Any information relating to an identified or identifiable natural person, whether directly or indirectly. Other Data: Other information collected about an individual or a business that does not permit to identify a person, whether the information is taken individually or in aggregate with other data. Processing: Any operation or set of operations which is performed, whether or not by automated means, and applied to Personal Data or sets of Personal Data (such as collection, recording, storage, modification, consultation, disclosure, reconciliation, erasure or destruction, etc.) Data Controller: The natural or legal person, public authority, service or other organism which, alone or jointly, determines the means and the purposes of Processing. Data Controller must ensure protection of Personal Data processed by Sub-Processors. Data Processor or Sub-Processor: The natural or legal person, public authority, service or other organism which processes Personal Data or Other Data, whether or not they are a third party. A Processor or Sub-Processor must act in accordance with instructions received from the Data Controller. Data Subject: A natural person, identified or identifiable by the Personal Data.
Data collection and usage
Visitors of our Corporate Website Personal Data may be collected on our corporate website, www.showcare.com. Such information can include professional contact information in order to respond to RFPs or provide information about Showcare services. For the purpose of engaging in a sales dialog, Showcare may: Respond to direct inquiries by email or phone in the purpose of addressing website visitors’ inquiries; Use responses obtained for research purposes and for improving our services to existing customers; Contact visitors to provide customer services and; Keep visitors and customers updated about changes to our services, changes to existing agreement’s terms and conditions or privacy matters.
Lead retrieval platform
Personal Data collected via our lead retrieval platform, www.showlead.com or lead retrieval order forms will be used in order to fulfill the contracted services. Personal Data collected for that purpose may include, an individual name, business contact information and payment information. Lead retrieval customers may: Be contacted by phone call, email or text messages solely for exhibitors currently under contract and; Share the information with Sub-Processors only for the purpose of fulfilling its contractual obligations, as set out in the lead retrieval agreements.
Virtual event platform
All data processed via the virtual event platform is collected on behalf of our customers for the purpose of delivering a virtual event. For these services, Showcare acts as a Data Processor and is bound to instructions or codes of conduct laid out by the event organizers, which are acting as Data Controllers. Showcare may share your information with Sub-Processors only for the purpose of fulfilling its contractual obligations. These transfers of information are subject to the provision in this Privacy Policy as well as the instructions provided by the Data Controller. Occasionally, organizers may share Personal Data to Showcare in the form of attendee, speaker or exhibitor lists, or from an export of their system. However, Showcare must ensure the appropriate use of Personal Data under the various laws and regulations before accepting to process data on the Controller’s behalf. Showcare must warn the Controller if any part of the instructions provided would break such laws or regulations. Authorized processing activities are as follows:
- Gathering Personal and Other Data of the Registrants to complete profile files, through the Websites; Sending confirmation emails to Registrants following registration with temporary credential information; Manually correcting, entering or deleting attendee files as per Organizer or Registrant request; Storing Profile information on private cloud infrastructure; Monitoring user actions – e.g., posting a comment, liking a page, following an exhibitor, attending a session, asking questions in the Q&A section; Anonymizing monitored information on an encrypted private cloud; Packaging anonymized data into specific reports for Organizer, Sponsors, Exhibitors, and Speakers; Upon Organizer’s written request, contacting Registrants for any other matter; Collecting shipping and paying personal information for e-commerce purchases performed on the platform; We may also use or share your Personal Data in these cases only:
- When it is necessary for compliance with a legal obligation to which the Controller is subject, including but not limited to comply with subpoena or other legal or government requests; Processing is necessary in order to protect the vital interests of the Data Subject or of another natural person; If Showcare is involved in a merger or acquisition process, whether being for the entirety or a portion of the business, with your prior consent; When Showcare is the Data Controller, for any other purpose, including sharing Personal Data with third parties. When we disclose your Personal Data to third parties, we take reasonable measures to ensure that the rules set forth in this Privacy Policy are complied with and these third parties provide sufficient guarantees to implement appropriate technical and organizational measures.
Online registration platform
- All data processed via the online registrations platforms, paper registration forms or through the assistance phone numbers are collected on behalf of our customers for the purpose of registering attendees to an event. For these services, Showcare acts as a Data Processor and is bound to instructions or codes of conduct laid out by the event organizers, which are acting as Data Controllers. Showcare may share your information with Sub-Processors only for the purpose of fulfilling its contractual obligations. These transfers of information are subject to the provision in this Privacy Policy as well as the instructions provided by the Data Controller. Occasionally, organizers may share Personal Data to Showcare in the form of attendee or exhibitor lists, or from an export of their system. However, Showcare must ensure the appropriate use of Personal Data under the various laws and regulations before accepting to process data on the Controller’s behalf. Showcare must warn the Controller if any part of the instructions provided would break such laws or regulations. Authorized processing activities are as follows:
- Gathering Personal and Other Data of the Data Subjects to complete registration files, through the registration platforms, phone, fax or mail; Running, designing, processing and transferring reports and lists containing Personal and Other Data to customers, organizers or any other party designated by the customers; Manually correcting, entering or deleting attendee files as per organizers or Data Subjects’ request; Sending confirmation emails to Data Subjects following registration; Contacting data subjects by mail, fax or phone regarding incomplete registration files that would prevent them from attending the customer’s event; Upon organizer’s written request, contacting Data Subjects for any other matter; Printing and/or otherwise Processing badges that may contain Personal Data; Including on the badges an encrypted barcode or chip that may contain Personal Data; Upon organizer’s request, mailing badges to Data Subjects or other parties designated by the organizer; Securely transferring Personal Data to one or many of the authorized Sub-Processors, given it being required for the fulfillment of the registration services; Transferring contact information to exhibitors when badges are scanned by them; Scanning badges for compiling list of Data Subjects attendance to sessions, meeting or training; Designing and creating certificates of training session attendance for Data Subjects.
We may also use or share your Personal Data in these cases only:
- when it is necessary for compliance with a legal obligation to which the Controller is subject, including but not limited to comply with subpoena or other legal or government requests; processing is necessary in order to protect the vital interests of the Data Subject or of another natural person; if Showcare is involved in a merger or acquisition process, whether being for the entirety or a portion of the business, with your prior consent; when Showcare is the Data Controller, for any other purpose, including sharing Personal Data with third parties. When we disclose your Personal Data to third parties, we take reasonable measures to ensure that the rules set forth in this Privacy Policy are complied with and these third parties provide sufficient guarantees to implement appropriate technical and organizational measures.
Data subject’s rights
On written request and subject to proof of identity, you may access the Personal Data that we hold, used or communicated and ask that any necessary corrections be made, where applicable, as authorized or required by law. However, to make sure that the Personal Data we maintain about you is accurate and up to date, please inform us immediately of any change in your Personal Data by mail or e-mail. Under the General Data Protection Regulation (“GDPR”), you may be entitled to additional rights, including: (i) the right to withdraw consent to processing where consent is the basis of processing; (ii) the right to access your Personal Data and certain other supplementary information, under certain conditions; (iii) the right to object to unlawful data processing, under certain conditions; (iv) the right to erasure of Personal Data about you, under certain conditions; (v) the right to demand that we restrict processing of your Personal Data, under certain conditions, if you believe we have exceeded the legitimate basis for processing, processing is no longer necessary, are processing, or believe your Personal Data is inaccurate; (vi) the right to data portability of Personal Data concerning you that you provided us in a structured, commonly used, and machine-readable format, under certain conditions; (vii) the right object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you, under certain conditions; (viii) the right to lodge a complaint with data protection authorities. If you want to learn more about your rights under the GDPR, you can visit the European Commission’s page on Data Protection at: http://ec.europa.eu/justice/data-protection/index_en.htm As Showcare is a Data Processor to the event organizers in the registration process, data-related requests related to registration to an event should be made to the organizers. They would in turn transfer the request to Showcare and any other Processors involved in the registration process. Data Subjects may give, change or revoke consents at any time by contacting Showcare at the coordinates in the Contact Us section below.
Lead retrieval services
Showcare is a Data Processor in the lead retrieval services as it does not determine the purpose of processing the information gathered during events and is solely a provider and facilitator of information exchange between attendees and exhibitors. Exhibitors should always ask for consent before gathering leads from attendees and respect attendees’ choice to opt out of transferring their Personal Data. In the same way, attendees agreeing to have their badges scanned are deemed disclosing their Personal Data consenting to the use intended by the exhibitors and are free to deny such access to their information.
Cookies
Showcare uses “cookies” (i.e., small pieces of data that are saved to your device) on its corporate website as well as on its online platforms. Cookies used are the following:
- Session cookies: When a user starts browsing the web site, the web server sends the user a cookie containing a unique session identifier. The server uses this cookie to track who the user is, where the user is within the application and what information the user is interacting with. Session cookies also help to improve page load times, since the amount of information in a session cookie is small and requires little bandwidth. Session cookies are not kept after a user closes the browser.
- Analytics Cookies: Google Analytics is Google’s analytics tool that helps website and app owners to understand how their visitors interact with their websites. It uses cookies to collect information and report website interaction statistics without personally identifying individual visitors to Google. No Personal Data is gathered with the use of these cookies. Event organizers’ tracking cookies may be used on the registration platforms hosted by Showcare. In these case, Showcare does not process and see information gathered by the cookies and cannot guarantee how the organizers use them and their privacy policies should be consulted to know more about cookie usage.
Data retention
Your Personal Data may be stored and processed in any country where we have facilities or in which we engage third party service providers. By using the Websites, you consent to the transfer of information to countries outside your country of residence, which may have different data protection rules than in your country. While such information is outside of Canada, it is subject to the laws of the country in which it is held, and may be subject to disclosure to the governments, courts or law enforcement or regulatory agencies of such other country, pursuant to the laws of such country. However, our practices regarding your Personal Data will at all times continue to be governed by this Privacy Policy and, if applicable, we will comply with the GDPR requirements providing adequate protection for the transfer of Personal Information from the EU/EEA to third country. Data under Showcare custody is treated with the utmost attention. Through every step of the processing, controls and measures are put in place in order to guarantee privacy and protection when they are collected, transferred, processed or stored. No difference in data treatment exists whether Showcare is a Data Controller or Processor. We will maintain your Personal Data for as long as they are needed, or as required by applicable laws, regulations, or government orders. Personal Data is classified based on the risk associated to it. Depending on the sensitivity of the information, it can be retained in our database for a period not exceeding two years from the last known use subject to applicable laws. Various techniques are used in order to destroy Personal Data, such as pseudonymization of Personal Data. Specific data may be stored for one year if they relate to payment information, in order to be able to fulfill claim, refund or credit requests, subject to applicable laws.
Social media and links
Showcare’s Websites, including event registration websites, may contain links to social medias, other websites as well as social media features and widgets such as the Like, Follow and Share buttons. These features may set cookies in order to be used and may be hosted by third parties. Interactions with these social media links or features are under the conditions of the privacy policy of such third parties and Showcare is not responsible for collection and processing of these organizations. If you’re a redirected to other websites via links on any of our Websites, your interactions are governed by the policies of these websites, and any Personal Data disclosed on those sites will be treated under said policies. The inclusion of a link on our Websites does not indicate endorsement by Showcare.
Children’s privacy
The Websites are not directed to children under the age of 16, and we do not knowingly collect Personal Data from children under the age of 16 without obtaining parental consent, unless required by our customers. If you are under 16 years of age, then please do not use or access the Websites at any time or in any manner. If we learn that Personal Data has been collected on the Websites from persons under 16 years of age and without verifiable parental consent, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 16 years of age has provided Personal Data, then you may alert us as set forth in the “Contact Us” section and request that we delete that child’s Personal Data from our systems.
Data security
Data security is one of Showcare’s priorities. Our data is stored in a secured data center, protected and monitored 24 hours and seven days a week with limited, internal only user access. Data is also secured when transferred as Showcare uses the industry’s recommended encryption technologies. Hardware is also encrypted and protected against breaches. Software updates and hardware replacement are performed periodically at Showcare to ensure latest protection against intrusions. However, no electronic system is entirely secure. In case of a data breach, in the event of a Personal Data breach, Showcare assesses the risk for the Data Subjects and, if there is a risk, notifies the competent supervisory authority in accordance with applicable laws. Under applicable laws, if the risk assessment indicates a high risk for the Data Subjects, Showcare communicates the breach of Personal Data to the Data Subjects. A specific procedure concerning the management of security incidents has been formalized. If a data breach affects information gathered as performing Data Processor duty, Showcare will notify the Data Controller as soon as practicable in accordance with applicable laws. If Showcare is informed of a data breach from one of its own Sub-Processors, Showcare will notify in turn the Data Controller, if Personal Data held on its behalf is breached, as soon as practicable, in accordance with applicable laws.
Contact us
If you have any questions or comments about this Privacy Policy or your Personal Data, to make an access or correction request, to exercise any applicable rights, to make a complaint, or to obtain information about our policies and practices with respect to any service providers, our Privacy Officer (or Data Protection Officer) can be reached by mail or email using the following contact information:
Showcare Event Solutions Corp
1200 G. St. NW, Suite 800
Washington, DC, 20005-6705
United States
privacy@showcare.com