by SmartConcept
Privacybeleid
# Privacy Policy and Personal Data Protection
**Last updated:** 01/01/2025
## 1. Data Controller Information
**Organizer's Identity:**
- Name of the organizer/commercial organizer
- Full address
- Phone number
- Email address
**Data Protection Officer (DPO):**
- Name and contact details (email, phone) of the DPO
*(if applicable)*
The organizer, as the data controller, ensures the protection and confidentiality of personal data of exhibitors and visitors collected during the event and through the use of the application.
---
## 2. Purpose of Processing
The personal data of exhibitors and visitors were collected during the prior registration for the event for the purpose of:
- Identifying participants (exhibitors and visitors).
- Managing the allocation of badges containing personal information and a unique QR code.
- Facilitating the exchange of contact information between participants through the mobile application via QR code scanning.
- Allowing users to save contact cards obtained on their smartphones.
- Analyzing and improving the networking experience during the event (in an aggregated and anonymized manner, if applicable).
The processing is based on the execution of a contract (event registration) and/or the prior consent of the individual when necessary for data exchange via the application.
---
## 3. Data Collected
The personal data involved include, but are not limited to:
- Information provided during event registration: first name, last name, company, position, email address, phone number, postal address, etc.
- Information displayed on the badge (identity and QR code).
- Data transmitted during scanning via the application (identity, contact details, and other information previously validated by the participant).
This information allows for the identification of participants and facilitates the exchange of contact information during the event.
---
## 4. Collection and Use Methods
- **Initial Collection:** Data is collected during event registration through the designated form.
- **Collection via the Application:** When scanning a QR code between two participants, the information contained on the other user's badge is exchanged and displayed in the application.
- **Technical Support:** Exchanges are conducted directly between devices via the application, through storage in an external cloud, which is necessary for managing the contact list or for specific functionalities indicated to the user.
---
## 5. Data Sharing and Transfers
- **Internal Recipients:**
Only the organizer's services responsible for event management and, if applicable, the mobile application, have access to the data.
- **External Recipients:**
Data will not be shared with any unauthorized third parties. In the case of technical service providers (application hosting, maintenance, etc.), they act as processors and are bound by confidentiality obligations.
- **International Transfers:**
No personal data is transferred outside the European Union unless appropriate safeguards (standard contractual clauses, etc.) are in place and prior information is provided to participants.
---
## 6. Data Retention Period
Personal data is retained for the duration necessary for organizing the event and managing networking interactions (for example, during the event and for a defined period after its conclusion for potential management or analysis needs).
Beyond this period, data will either be deleted or anonymized in accordance with legal requirements and the purposes for which they were collected.
*It is recommended to specify an indicative duration, such as "data will be retained for 6 months after the event" or similar, to enhance transparency.*
---
## 7. Data Security
The organizer implements appropriate technical and organizational measures to ensure the security and confidentiality of personal data, such as:
- Encryption of data exchanges via the application.
- Restricted access to data to authorized personnel only.
- Implementation of backup processes and regular verification.
*Consider adding more details about access management, such as "access restricted to trained and authorized personnel" or "use of strong passwords," to further reassure users.*
---
## 8. Rights of Data Subjects
In accordance with applicable regulations, you have several rights regarding your personal data:
- **Right of Access:** You can request access to your personal data.
- **Right to Rectification:** You can request correction of inaccurate or incomplete data.
- **Right to Erasure ("Right to be Forgotten"):** You can request the deletion of your data, subject to legal retention obligations.
- **Right to Restriction of Processing:** You can request the limitation of processing your data.
- **Right to Object:** You can object to the use of your data for prospecting or analysis purposes.
- **Right to Data Portability:** You can request to receive your data in a structured and commonly used format.
To exercise these rights, please contact the DPO at the contact details provided above.
---
## 9. Complaint Procedure
If you believe that your rights are not being respected, you can lodge a complaint with the data controller (see contact details above) or contact the competent supervisory authority:
**Competent Authority Name**
Website: [https://www.cnil.fr](https://www.cnil.fr) *(replace with the appropriate authority if not in France)*
---
## 10. Changes to the Privacy Policy
The organizer reserves the right to modify this policy to reflect any legal or technological developments.
In the event of substantial changes, users will be informed via notifications in the application or by email.
We invite you to regularly review this page to stay informed of any modifications.
*Ensure that the notification mechanism (in-app or email) is operational, especially for users without an associated email account or those connected anonymously.*
---
## 11. Acceptance of the Privacy Policy
By using the application, you expressly accept this Privacy Policy and consent to the processing of your personal data in accordance with the provisions outlined above.
A checkbox or an equivalent mechanism will be presented to you during the first launch of the application to obtain your informed consent.
---
**Additional Remarks:**
- This policy applies solely to data related to the use of the application during the networking event.
- If additional options (such as subscribing to a newsletter or post-event commercial offers) are offered, additional information and specific consents may be required.
---
This example GDPR-compliant text aims to transparently inform exhibitors and visitors about the use of their personal data within the context of the event and the associated application.
Remember to precisely adapt it to your context and consult a legal expert to validate its compliance.