CDS Data Privacy & Protection Policy

Summary

This policy is intended to clearly communicate how Convention Data Services collects, uses, protects, and otherwise handles your Personally Identifiable Information on behalf of the event organizer who has contracted with CDS to provide registration and lead retrieval services.

What is Convention Data Services?

Convention Data Services (or CDS) is a software and services company specializing in registration and lead retrieval for the events industry. We process event registrations on behalf of tradeshows, associations, and corporations that manage live events and conventions. We also contract with exhibitors at those events to help them learn about and connect with attendees.

Privacy Statement

Convention Data Services, Inc. (CDS) is committed to respecting the privacy of our customers and all visitors to our websites. It is our belief that individuals ultimately have the right to understand and control how their personal data is used. We have instituted policies and procedures to ensure your privacy rights are protected.

Convention Data Services will, so far as is reasonably practical, comply with the privacy and data protection principles of all countries and with all laws within the United States to ensure that all data is:

• Fairly and lawfully processed
• Obtained and used for specific and clearly stated purposes
• Adequate, relevant, and not excessive
• Accurate and up to date
• Not kept for longer than necessary
• Processed in accordance with your rights
• Secure
• Not transferred to other countries without adequate protection

What is “Personally Identifiable Information (PII)?”

Personally identifiable information, or PII, as described in US privacy laws, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual. You can be identified from information such as your name, email address, phone number, home address, driver’s license number, and passport number. You may also be identified from information such as an online identifier, IP address, unique device ID, or website cookie; this type of information becomes PII when combined with information that further identifies who you are.

When Do We Collect Information?

Generally, those who wish to attend conventions, conferences, trade shows, or similar events will register for those events online or over the telephone. During the process of that registration, you share with us personal information about yourself which generally includes contact information, demographics pertaining to your trade or profession, and payment information. Alternatively, we may collect association membership data directly from the organization to which you belong.

It is CDS policy not to accept or store personally identifiable information from children under 16 years of age without parental consent.

What Information Do We Collect?

Our registration websites are somewhat different depending on requirements of show management, but we typically collect your contact information required for attendance at an event, including:

• Name
• Company/Title
• Address
• Email Address
• Phone Number

Additionally, we collect what is known as “demographic” information. Demographics vary widely from event to event, but in general are consist of information useful to exhibitors with whom you may wish to exchange information at the show. Examples include:

• Your role at your company
• Credentials for certain industries
• Whether you are able to purchase on behalf of your employer
• Product areas of interest to you

We also collect payment information to process payments, but we do not store credit card numbers.

How Convention Data Services Uses Your Data

We may use the information we collect from you when you register, make a purchase, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:

• Email advance notice of and/or invitation to events
• Send email to confirm your registration
• Personalize your experience and to allow us to deliver the type of content and product offerings in which you are most interested.
• Look up and print your physical badge for an event
• Generate certificates of attendance, credentials, etc. as may be applicable for your event
• Track attendance to event courses or sessions, where applicable
• Process your payment transactions
• Ask for ratings and reviews of services or products
• Administer a contest, promotion, survey or other site feature
• Follow up with you after correspondence (live chat, email or phone inquiries)
• Allow us to better service you in responding to your customer service requests.

How Convention Data Services May Share Your Data

• Share with the event organizer (trade association, etc.)
• Share with third parties involved in the event process at the request of event organizers (e.g., hotel booking companies, virtual event and networking companies).
• Potentially share with exhibitors and sponsors at the event through badge scanning onsite at the event. You control the access by physically presenting your badge for scanning.
• Share with exhibitors and sponsors you interact with in the virtual event.
• Some shows employ tools (Attendee List and Exhibitor Emails) which allow event exhibitors to send you email and/or direct mail. These applications generally do not allow exhibitors direct access to your contact information, and you may opt out of inclusion in these marketing lists during the registration process.
• Invite A Colleague/Customer Referral Programs – This service allows you to invite colleagues and customers by providing their name and email address. Convention Data Services will receive and store this information and use it to send an invitation on the attendee/exhibitor’s behalf.
• The Registration Resource Center allows other attendees to contact you within the application itself. Limited information such as name and company are shown.
• Some applications (Registration Resource Center, Geo Map, etc.) may provide limited information to other attendees, including name, title, company, and city.

Once your data has been shared with a third party, CDS no longer has direct control over that information, but we require our partners to agree to follow all state and country privacy laws.

Tracking

When you visit our websites, we may automatically collect statistics about your visit. This information does not identify you personally, but rather about your visit to our website. We may monitor statistics such as how many people visit our site, which pages people visit, from which domains our visitors come, and which browsers people use. We use these statistics about your visit for aggregation purposes, not to track what specific individuals are doing on our sites. We do this for many reasons, including the following:

1. To recognize new visitors to our websites
2. To recognize past visitors
3. To present more personalized content, to improve your website experience, optimize your browser experience, and provide site and service enhancements
4. So we can better understand our audience, our customers, our website visitors, and their respective interests

Cookies are small tracking files that a site or its service provider transfers to your computer’s hard drive through your Web browser that enables our systems to recognize your browser and capture and remember certain information. We use cookies in our sites so they “remember” who you are as you navigate from page to page and process the items in your shopping cart. Typically, a cookie will contain a user or session identifier without containing personal information about the user. We also use cookies to help us compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future. We, along with third-party vendors such as Google use cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together to track website and app performance.

Your Rights

We recognize that all personal information you submit to Convention Data Services belongs to you, and that we use your data only with your permission. You have the following specific rights:

• Informed: We will tell you exactly how we use your data in clear, plain language.
• Consent: Convention Data Services will not store or use your data without your consent. If we get your data from a membership organization or another source, we will ensure through a contract that they are also compliant with GDPR consent regulations.
• Access and Portability: View and download all personal data Convention Data Services may store.
• Modification: Request changes or updates to any personal data Convention Data Services stores.
• Erasure: Request that Convention Data Services purge all personal identifying information at any time.

How We Protect Your Personal Information

We implement a variety of security measures to maintain the safety of your personal information. Specific data security measures include:

• No sensitive personal information (SPI) such as credit card numbers, bank account numbers, passport, and social security numbers, is stored on CDS servers. Transactions involving credit cards are processed directly through a payment gateway such as PayPal and full credit card numbers are not stored.
• All personal data is stored on physically secure hardware behind network firewalls Access to the data requires login credentials.
• All data processed through websites is encrypted in transit and at rest.
• In the unlikely event of a data breach, Convention Data Services has policies in place to notify affected parties.
• Data security is regularly audited by third parties.

Other Third-Party Websites and Links

Registration websites or Convention Data Services corporate website may contain links to other web sites. Please note that this Data Protection and Privacy Policy does not cover the privacy practices of the web sites of our partners and affiliates, and we are not responsible for the privacy practices or the content of such web sites, partners, or affiliates. You should be careful to review any privacy policies of such web sites, partners or affiliates. CDS does require its partners to comply with all privacy and data security policies and regulations.

Adherence to Privacy Laws and Practices

Convention Data Services recognizes principles and requirements of international and domestic privacy acts including but not limited to General Data Protection Regulation (GDPR), California Consumer Privacy Act, CAN SPAM, Mexico, Canadian Anti-Spam Law, OPPA, Fair Information Practices, Nevada privacy laws and Personal Information Protection Law of the People's Republic of China (PIPL) through our Privacy and Data Protection Policy.

Contact Us

If you have any questions regarding this Privacy Policy, what personal data we have collected relating to your registration or information request; the practices of Convention Data Services; you, or an agent authorized on your behalf, request to be forgotten, please contact us at:

Convention Data Services

7 Technology Park Drive

Bourne, Massachusetts 02532

USA

dataprivacy@cdsreg.com

800-548-9299

Should you wish to view, modify, or erase your data, or need to know with whom CDS has shared or sold your data, you can make that request by sending an email to dataprivacy@cdsreg.com. Convention Data Services will respond to any requests for information or erasure within 30 days.

Changes to This Policy

This Privacy Policy may be amended from time to time to reflect changes in data privacy and protection regulations.