Updated September 2023
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regards to processing of personal data and on the free movement of such data, otherwise known as General Data Protection Regulation (hereafter GDPR) lays down the legal framework applying to personal data processing.
The GDPR strengthens the rights and obligations of data controllers, subcontractors, data subjects and recipients of data.
In the context of our business activities, we need to process personal data.
To facilitate the understand of this policy, please be advised that:
the “data controller”: Fem Tech Connect;
the “subcontractor”: means any natural or legal person who processes personal data on Fem Tech Connect’s behalf;
the “data subjects”: means clients and/or prospects for services proposed by Fem Tech Connect for its own profit or for third parties;
the “services”: means all events organised or sponsored by Fem Tech Connect, or in which Fem Tech Connect participates; all other products or services.
The “event”: describes a congress, a conference, an exhibit, a seminar, etc, whether in the form of a physical or virtual meeting
the “data recipients”: means any natural or legal person who receives personal data from Fem Tech Connect. Data recipients can be Fem Tech Connect employees as well as external agencies (event organisers, partners, exhibitors, banking institutions, legal authorities, etc.).
According to Article 12 of the GDPR, data subjects must be informed of their rights in a concise, transparent, readily intelligible and easily accessible form.
The purpose of this policy is to comply with the obligation to provide information of Fem Tech Connect in application of the GDPR (Article 12) and to formalise Fem Tech Connect’s clients and prospects’ rights and obligations with regards to the processing of their personal data.
This policy is intended to apply in the context of the implementation of the processing of clients and/or prospects’ personal data.
Fem Tech Connect makes every effort to process data within the framework of a structured internal governance. Having made this clear, this policy relates only to the processing for which Fem Tech Connect is accountable and therefore does not relate to the processing not created or exploited outside of governance rules established by Fem Tech Connect (so-called “shadow IT”).
Personal data processing may be managed directly by Fem Tech Connect or through a subcontractor specifically designed by Fem Tech Connect.
This policy exists independently from any other document that may apply as part of the contractual relationship between Fem Tech Connect and its clients and prospects.
No processing is undertaken by Fem Tech Connect with regards to clients and prospects’ data if it does not pertain to personal data collected by or for our services or processed in relation to our services and if it does not meet RGDP general principles.
Use cases of Fem Tech Connect are as follows:
Promotion of events;
Prospecting, commercial actions and follow-up;
Community management (users, members, customers, participants);
Creation and management of personal spaces on websites and applications linked to events;
Management of registration and participation in an event;
Management of applications for indirect sponsorship for an event;
Management of contributions to the programme of events;
Access management and traceability in the sites hosting the events and the different dedicated areas;
Management of certificates of attendance and various certificates, letters of invitation;
Management of the purchase of or subscription to other products and online services;
Legal declarations to the authorities of the countries hosting the events or countries of origin of the event participants (as necessary);
Improvement of services and satisfaction surveys;
Statistics;
Management of rights and claims;
Management of requests to unsubscribe;
Management of payments and receivables when necessary.
Management of Newsletters subscription
Management of applications regarding financial help.
This list is intended to be as exhaustive as possible, any new instances of use and any modification or deletion of an existing data handling process will be brought to the attention of clients and prospects through a change in this policy.
LEGAL BASIS:
Execution of a contract via the general terms and conditions of sale, Ex: Registration for an event, order form, etc.
Legitimate interest, Ex: The video protection camera images are kept for a maximum of one month, etc.
Consent, Ex: Newsletter, cookie management, contact request, satisfaction survey, communication of offers and news, etc.
Non-technical data (according to instance of use):
Identification (Last name, First name, User ID, etc.)
Contact details
Photo, in case the data subject grants such rights
Professional life details if required
Banking details if required (in case of online transaction)
Video and images (video-recording of the congress, photographs, video surveillance)
Technical data (according to instance of use):
Identification data (IP)
Connection data (especially logs)
Acceptance data (click)
Location data
Traceability data (access to conference rooms)
Our clients or prospects’ data are generally collected directly from them (direct collection).
Collection can also take place indirectly:
Through event organisers (members, prospects, participants, website users, etc)
Through partners and suppliers of Fem Tech Connect involved in the organisation of the event
Through the data subjects’ employers;
Through sponsorship
Through specialised partners (database selling or leasing)
Fem Tech Connect will ensure that third parties, organisations or companies are in compliance with the GDPR and that the persons concerned are informed of our policy of personal data management.
Fem Tech Connect ensures that the data is accessible only to authorised internal or external recipients.
Internal recipients:
Authorised personnel from the marketing department, sales department, customer relationship and prospecting departments, administrative services, logistical and IT services and their supervisors;
Authorised personnel from the controlling department (auditors, internal controlling process departments, etc.);
Recipients from clients and prospects’ personal data at Fem Tech Connect are bound by a duty of confidentiality.
Fem Tech Connect authorises recipients to access specific data based on an authorisation policy.
External recipients
The organiser(s) of the event;
Authorised subcontracting personnel;
Subsidiaries of Fem Tech Connect ;
Exhibitors and event partners in certain cases (example: visit to the stand, participation in a sponsored session, etc);
The authorities of the countries hosting the congress or the countries of origin of the participants, within the framework of the application of legal provisions;
Agencies, paralegals and departmental officers, particularly in the context of their debt collection missions;
The organisation in charge of managing the telephone solicitation opt-out registry;
Authorised external staff of oversight services (e.g. auditor).
Recipients from clients and prospects’ personal data at Fem Tech Connect are bound by a duty of confidentiality.
Fem Tech Connect cannot assume any liability for any damage resulting from unlawful access to personal data.
Any access related to clients and prospects’ personal data processing can be traced.
Furthermore, personal data may be shared with any lawfully entitled authority. In such a case, Fem Tech Connect cannot be held responsible for the conditions under which the personnel of such authorities accesses and processes these data.
The data retention period is set by Fem Tech Connect with regards to legal and contractual restrictions by which it is bound, and by default according to its needs and notably according to the following principles:
Processing:
Client data – Retention period : For the duration of contractual relations with Fem Tech Connect, increased by 3 years for management and prospecting purposes, without prejudice to retention obligations or the limitation period
Member and website user data – Retention period : Until unsubscribing from the member area and 1 year after the last intervention
Prospect data – Retention period : 3 years from collection by Fem Tech Connect or from the last contact initiated by the prospect
Technical data – Retention period : 1 year
Cookies – Retention period : 13 months
Banking data – Retention period : Deleted as soon as the transaction is successfully completed, unless client gives explicit consent. In case of transaction dispute, retention for 13 months as archive according to debit card
Anti-money laundering – Retention period : 5 years
Past the set time limits, data are either deleted or retained after being made anonymous, notably for statistical use. They can be kept in case of pre-litigation and litigation.
Clients and prospects are reminded that data deletion and anonymisation are irreversible and that Fem Tech Connect will be unable to recover them thereafter.
Clients and prospects have the right to request confirmation from Fem Tech Connect whether data pertaining to them are being processed.
Clients and prospects also have the right to access their data. This right is conditional on compliance with the following rules:
The request originates from the individual themselves and a copy of a valid proof of identity is available;
The request must be submitted in writing to the following e-mail: data.officer@femtechconnect.com
Clients and prospects have the right to request a copy of their personal data being processed by Fem Tech Connect. However, in case an additional copy is being requested, Fem Tech Connect may charge the cost of producing these copies to the clients and prospects who request them.
If clients and prospects request their copy of their data electronically, the requested information will be provided electronically in a commonly used form, unless otherwise requested.
Clients and prospects are hereby informed that this access right cannot apply to confidential information or data, or those which cannot be disclosed by law.
The access right must not be exercised in an abusive way, meaning in a regular manner with the express purpose of disrupting the applicable department.
Fem Tech Connect complies with updating requests:
automatically for online requests on entry fields which can be technically or legally updated;
upon written request from the individuals themselves who shall show proof of identity.
Clients and prospects’ right to erasure will not apply in case data is processed to comply with a legal obligation.
Outside of this situation, clients and prospects have the right to request the erasure of their data in the following limiting situations:
Personal data is no longer necessary with regards to the purpose for which they were collected or processed;
When the person concerned withdraws consent upon which the data processing is based and that there is no other legal basis for the processing;
The person concerned opposes processing that is necessary with regards to the legitimate interests of Fem Tech Connect and that no compelling legitimate purpose exists for the processing;
The person concerned opposes the processing of their personal data for prospecting purposes, including for profiling;
The personal data have been unlawfully processed;
In accordance with personal data protection legislation, clients and prospects are hereby informed that this individual right can be exercised exclusively by the person concerned with respect to their own information: for security reasons, the applicable department will therefore verify your identity to avoid communicating any of your confidential information to someone other than you.
Clients and prospects are hereby informed that this right is not intended to apply to the extent that Fem Tech Connect is processing data in a lawful manner and that all personal data collected are required to carry out the commercial contract.
Fem Tech Connect gives the right to data portability in the specific case where data shared by clients or prospects themselves, on online services offered by Fem Tech Connect itself and based on the individual’s express consent. In that case the data will be shared in a commonly used, machine-readable structured format.
Fem Tech Connect does not make automated individual decisions.
Clients and prospects are hereby informed that they have the right to give guidelines regarding the post-mortem storage, erasure and sharing of their data. Sharing specific guidelines post-mortem and exercising their rights is to be done by e-mail at the following email address: data.officer@femtechconnect.com . The request shall be accompanied by a copy of a signed proof of identity.
Clients and prospects are informed on each personal data collection form of the voluntary or compulsory nature of their answers by an asterisk.
If answers are compulsory, Fem Tech Connect explains to clients and prospects the consequences of a lack of answer.
Clients and prospects grant Fem Tech Connect a right to use and process their personal data for the above-outlined purposes.
However, all enhanced data resulting from processing and analysis from Fem Tech Connect, otherwise named enhanced data remain the exclusive property of Fem Tech Connect (usage analysis, statistics, etc.).
Fem Tech Connect hereby informs its clients and prospects that it may mandate any subcontractor of its choice in the context of processing their personal data.
In such a case, Fem Tech Connect will ensure that the subcontractors fulfil their obligations with respect to the GDPR.
Fem Tech Connect commits to signing a written contract with all of its subcontractors and imposes the same personal data protection obligations to its subcontractors than it imposes on itself. Furthermore, Fem Tech Connect reserves the right to carry out an audit of its subcontractors to ensure their full compliance with GDPR provisions.
It is up to Fem Tech Connect to define and implement technical security measures, physical or logical, that it deems appropriate to prevent data destruction, loss, alteration or unauthorised disclosure of data in an accidental or unlawful manner.
These measures mainly include:
Data access authorisation management;
The implementation of a security protocol or security solutions.
In case of personal data breach, Fem Tech Connect undertakes to notify the CNIL under the conditions outlined by the GDPR.
If said breach exposes clients and prospects to serious risk and that data was not protected, Fem Tech Connect:
will notify the clients and prospects concerned;
will share with the clients and prospects concerned the appropriate information and recommendations.
Fem Tech Connect, as data controller, commits to maintaining an up-to-date register of all data processing activities.
This register is a document or application enabling the identification of the overall processing undertaken by Fem Tech Connect, as processing controller.
Fem Tech Connect commits to providing the supervisory authority on first request the information permitting that authority to ensure compliance with the current existing data protection law (“Réglementation informatique et libertés”).
Clients and prospects concerned by personal data processing are hereby informed of their right to file a claim with a supervisory authority, namely the CNIL in France, if they believe that personal data processing pertaining to them does not comply with the GDPR, at the following address:
CNIL – Service des plaintes
3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07
Phone : 01 53 73 22 22
This policy may be modified or adjusted at any time in case of changes in legislation, case law, in decisions or recommendations from the CNIL, or changes in custom.
Employees will be informed of any new revision to this policy through any means FEM TECH CONNECT deems appropriate, including electronically (for instance through e-mailing or online).
For any additional information, you may contact the following department: data.officer@femtechconnect.com
For any general information on personal data protection, you may visit the CNIL website: www.cnil.fr.