GDPR

CIOFIRST

CIOFirst is engaged in a global compliance process with laws regarding protecting personal data. The purpose of this personal data policy (“the policy”) is to describe the characteristics of the processing of personal data carried out within the Website and to specify the conditions.

Under this policy, each company within the Website is responsible for the personal data it collects and stores. Each data controller’s names and contact details are listed in Annex 1.

CIOFirst’s data protection delegates can be contacted using the contact details indicated in Appendix 1 of this policy in case of questions or difficulties relating to the processing of personal data.

The collection, processing, and management of personal data as part of the Website’s human resources management are subject to a separate policy.

In this policy:

Website” means the CIOFirst and, individually and collectively, the Website companies listed in Appendix 1 of this policy.

“You or “User” means you and any person using or interacting with the Website Services.

“Services” means our websites, software applications, mobile applications, subscription services, and virtual or in-person events, whether operated by us or on our behalf.

  1. Types of Data Collected

The Website strives to minimise the collection of personal data. However, when this data is collected, it mainly falls into the following categories:

Identity information – for example, first name, last name, signature, email address, telephone number, signature, personal details.

Transactional and usage data – for example, browsing and purchase history, product reviews, survey responses, payment information (including banking details), and records detailing how you use our services.

Professional Data – for example, contact details, professional information, professional email address, training records, awards, current employment information, CV, public profile data.

Other data – which may include location, connection and browsing data (IP addresses, logs, etc.), user-generated content (including photographs and other images), voice data collection (voice command or telephone recording).

Concerning data relating to minors

The Website’s activities are not intended for minors.

Our products and services are intended for adults who are capable of making contractual commitments. However, access to the Services is not limited to adults as they do not contain any content prohibited to minors.

Therefore, we do not control whether a user is a minor or not.

When the user is a minor (between 13 and 16 years old depending on the state or territory), the processing of personal data must be subject to the prior consent of the holder of parental responsibility for the minor.

If information is collected about a minor via our services, the minor or his legal representative will have the possibility to contact the DPO of the company or site which processes the personal data concerned, in order to rectify, modify or delete this information. The contact details of the DPOs are included in Annex 1 of this policy.

  1. Why and How Personal Data are Collected

2.1 Purpose and legal basis of collection 

We will indicate the legal basis and purpose for collecting your personal data immediately before collection. Website companies process personal data for different purposes, each of which may rely on one or more legal bases, as indicated below:

PURPOSE RELEVANT LEGAL BASIS
– Place cookies and other trackers User Consent
– For marketing purposes (when consent is required)
– Maintain records for internal administrative purposes (customer complaints, loyalty, etc.). Compliance with the Website’s legal obligations
– Invoicing, tax declarations, staff training
– Management of the internal whistleblower system
– Processing is necessary to comply with legal requirements, to enforce our conditions of use and our code of conduct, to prevent fraud, to cooperate with law enforcement and regulatory authorities, and to stop other prohibited, illegal or harmful activities.
– Satisfaction surveys and market studies The processing is carried out in the legitimate interests of the Website.
– Analysis of connection and browsing data to personalize the user experience
– Establish the user’s browsing history in relation to third-party products and services advertised on our websites .
– Publication of paid business directories to market relevant products and offers.
– For marketing purposes: We send you marketing and event communications through various platforms such as email, telephone, text messaging, direct mail and online. If we send you a marketing communication, it will contain instructions on how to opt-out of receiving these communications in the future. However, please note that throughout the EEA (European Economic Area) we are not required to obtain prior consent if we market products or services similar to those that a user has already purchased from us . Likewise, there is no need to obtain prior consent in France, the United Kingdom, Ireland and Portugal when we market to a business email address and provide you with a way to opt out of receiving emails. other marketing communications free of charge.
– Execution of the Website’s contractual obligations towards a user Execution of the contract
– Communications with a third party following a user request (connection, quote, meeting with exhibitors at a trade show, viewing a webinar, etc. .)
– Sending transactional emails to users (notification of badge printing, reminder of event dates, etc.)
– Webinar registration
– Managing the provision and invoicing of services and products
– Manage our relationships with customers
– Respond to your requests or comments in written, electronic or verbal form
– for internal operational purposes, such as compliance with our internal policies or business practices, project management.

Means of communication

The Website may communicate with users using their personal data, which may take the form of an email, an SMS message or notification, a message on social media, a telephone call, a letter, a web application, a search engine or a promotional banner on the web.

2.2. How we collect your data 

2.2.1. User Interaction with the Website

Visiting our websites by users and accessing, using, downloading, or subscribing to certain services involves collecting personal data. Whenever personal data is collected, we specify:

  • The name and contact details of the company which supplies the services concerned,
  • The purposes for which the personal data are processed and the legal basis for the processing,
  • if the collection is necessary for the execution of the subscription or the purchase of the product,
  • Any subsequent treatments,
  • The recipients or categories of recipients of the data, if applicable,
  • Any possible transfer of data outside the United Kingdom or the EEA,
  • A reference to this policy for information on exercising your rights or any other information necessary…

2.2.2. Collection through cookies and other trackers

Cookies are small text files automatically saved in your browser by a website when you visit a website, read an email, install or use software or a mobile application. These cookies can be “first-party” (deposited by the website you are visiting) or “third-party” (deposited on domains different from the main website, generally managed by third parties in order to collect your browsing data during your navigation on different websites). The placement and use of third-party cookies by third-party companies is subject to their own conditions of use.

Cookies are classified as “essential” or “non-essential”. “Essential” cookies are strictly necessary for the provision of a service requested by the User or necessary for the operation of the Website’s sites and applications (shopping cart management, saving session identifiers, etc.) These cookies do not require your prior consent. Data protection laws in different jurisdictions may result in different consent requirements. Depending on the jurisdiction, some cookies are not classified as “essential” or are not exempt and, therefore, require your consent before being placed.

When necessary, the Website obtains your consent before placing a cookie on your device via a pop-up message. This will provide you with the list of cookies likely to be placed once your consent has been obtained, as well as the following information:

  • The purpose of each cookie placed.
  • the methods allowing you to refuse the deposit of cookies for non-essential purposes (via a link entitled “Cookies settings” or “cookie policy”); Or.
  • Alternatives to storing non-essential cookies.
  • Refusing the placement of cookies does not mean that there will be no advertising on your Internet browser, but only that the advertisements will not be adapted to your interests. Your browser settings may change how you access content and services that require the use of cookies. If the browser is configured to refuse all cookies, access to all or part of the site may be blocked.

Click on the Internet browser names below for more information about their settings:

TYPE OF COOKIES requiring consent Features 
Non-anonymized audience measurement cookies These cookies allow us to understand how visitors navigate the site: number of visitors, bounce rate, traffic sources, etc. (for example: Google Analytics…)
Advertisement These cookies are used for market research, visitor profiling, ad selection (for example: Criteo, Google, Adobe Advertising Cloud).
Video files These cookies help provide video players and other multimedia content. (for example: Vimeo; YouTube)
Social media These cookies allow content to be shared on social media sites (for example: LinkedIn, Facebook, Xing).
Personalized content These cookies allow the selection and distribution of personalized content based on the user (for example: Algolia).
  1. How We Share Collected Personal Data

We may share personal data for the purposes described above to the following people:

  • Name of Companies
  • The person who gives you access to our Services (for example, your employer or our subscriber)
  • Business partners with whom we provide co-branded services; the sponsors with whom we offer content, organize events, conferences and webinars.
  • Third parties who help us provide the Services or who act on our behalf (e.g. IT service providers, contractors, data controllers) or who provide professional advice (e.g. lawyers, accountants, consultants)
  • Our customers who purchase or use our Services or our customers’ service providers or vendors for the purpose of facilitating our customers’ use of our Services
  • Third parties when the law requires or authorizes us to disclose your personal information (for example, government agencies, law enforcement, courts pursuant to a subpoena or other public authorities).
  • Third parties in order to participate in or be the subject of a sale, merger, acquisition, restructuring, joint venture, assignment, transfer or other disposition of all or part of our business, assets or shares (including as part of any insolvency, bankruptcy or similar proceeding) or other similar transaction, in which case we may disclose your personal data to potential buyers, sellers, advisors or partners and your data may constitute an asset transferred in connection with a sale of business
  • Anyone with whom you have asked us to share information. For example, if you upload information to a public forum, it is shared publicly. We cannot control the use of information disclosed in these public forums. You should exercise caution when disclosing information in these public forums, especially your health information and location data, and be mindful of how you disclose your personal data. Content posted in public areas of the Services, including advice and opinions, represents the views and is the responsibility of those posting it. We do not approve, support, verify or agree with the content posted. If you have any questions or comments about any Content posted through the Services, please contact us using the contact information set out in Schedule 1.

Depending on the situation, the following categories of personal data have been disclosed for commercial purposes in the last twelve months: identity information, transactional and usage data, commercial data, location data, connection and user data. navigation (IP address; logs, etc.), photographs uploaded by users, collection of voice data (use of voice command or telephone recording), and information voluntarily made available by the user (forum, communications, discussion session, etc.).

  1. How To Exercise Your Rights (EEA, UK And Exclusive California)

5.1 Your rights

You have the right to exercise the following rights:

  • Permission to access. You have the right to request in writing details of your personal information and a copy of that personal information.
  • Right of rectification. The right to have inaccurate information about you corrected or deleted (including the right to ask us to complete information that you believe is incomplete).
  • Right to erasure (“right to be forgotten”). The right to have certain personal information about you deleted.
  • Right to restrict processing. You have the right to ask us to restrict the processing of your personal data in the following cases:
    • the accuracy of personal information is disputed;
    • the processing is lawful, but you object to the erasure of personal data; Or
    • we no longer need the personal information, but it is still necessary for the defense of legal rights
  • Right to object to processing. The right to object to processing of your personal information where our processing is based on the performance of a task carried out in the public interest or we have confirmed to you that the processing is necessary for our legitimate interests or those of a third. In the event of a decision based exclusively on automated processing producing legal or similarly significant effects concerning you, you also have the right to contest the decision and obtain human intervention from us.
  • Right to data portability. The right to request that we transfer the personal information you have provided to us to a third-party organization or you.
  • Right to object to marketing. You have the right to request not to receive marketing communications from us, whether some or all types of marketing communications.
  • Right to withdraw consent. The right to withdraw any consent you have previously given to us to process your personal data.

Any request relating to the exercise of your rights must be sent to the contact details of the company or website subject to your request which is responsible for your geographical area. You may be asked to provide evidence of your identity and the reasons for your request so that we can assess whether the rights can be exercised in the particular circumstances of the request. These contact details are available in Appendix 1 of this policy.

5.2. Right to decide the fate of your personal data post-mortem

You can decide what happens to your data after your death. To exercise this right, please send us an email:

  • With the subject “Post-mortem law”;
  • An indication of the person(s) who may act on your behalf after your death, as well as the instructions you wish us to follow.

If we do not receive instructions before your death, your personal representatives may request closure of your account(s) from the DPO of the relevant company or location. Contact details are provided in Appendix 1 of this policy.

5.3 Data Protection Officers ( DPOs) and Regulators

The Website has several data protection delegates, who can be contacted at the contact details indicated in Appendix 1 of this policy to answer any questions or difficulties concerning the processing of personal data.

You can also contact directly and/or file a complaint with the competent data protection regulatory authority:

Country Name of Authority Contact
South Africa
Samarth Bhargava Contact
  1. How to Exercise Your Rights (California)

If you are a California resident, you may have certain additional rights under the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”) (entry into force in January 2023). This section describes your rights under the CCPA and explains how to exercise them.

In the context of the article “How to exercise your rights (California)”:

The term “consumer” means California consumers, as defined in Section 17014 of Title 18 of the California Code of Regulations.

The terms “personal information,” “sensitive personal information,” “sale (of personal information),” and “sharing (of personal information)” are defined in California Civil Code Section 1798.140.

In some cases, due to the Website’s security and confidentiality obligations, requests can only be processed if you provide proof of identity. Only you or an authorized agent registered with the California Secretary of State that you authorize to act on your behalf may make a verifiable consumer request regarding your personal information. Unless you have provided an agent with a valid power of attorney, when using an authorized agent, you must: (1) provide the agent with a signed authorization clearly describing the agent’s authority to make a request in your name ; (ii) verify your own identity; and (iii) directly confirm that you have given the Authorized Agent permission to submit the request. This agent must also be able to verify their identity with us and provide us with their authorization to act on your behalf.

Your request should contain as much information as possible (including the company, brand, website or service to which your request relates) so that it can be processed upon receipt within a maximum period of 45 days, which may be extended once for an additional 45 days if reasonably necessary. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded.

Any request relating to the exercise of your rights must be sent to the contact details of the company concerned and competent for your geographical area indicated in appendix 1, or to the number (844) 467-9346 (9346), or via the form possibly available on one of our sites, if applicable.

We cannot respond to your request if we cannot verify your identity or authority to make the request and confirm that the personal information relates to you. Submitting a verifiable consumer request does not require you to create an account with us. One of our representatives will contact you to verify your identity. You may be required to provide additional information to verify your request. Depending on the nature of the request, we may require that additional verification steps be taken, including, but not limited to, providing a signed statement under penalty of perjury that you are the consumer whose personal information is the subject of the request. We will only use this information to verify the requester’s identity or authorization to make the request.

6.1 California Consumer Rights

You have the right, subject to the strict conditions of applicable law, to exercise the following rights.

6.1.1 Right of deletion

You have the right to ask us to delete any personal information we have collected from you. We may refuse your deletion request if retaining the information is necessary for us or our service providers to:

  • complete the transaction for which we collected the personal information, provide a product or service you requested, take actions reasonably anticipated within the scope of our ongoing business relationship with you, or perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent or illegal activities, or prosecute those responsible for these activities.
  • Debug products to identify and repair errors that impair intended functionality.
  • Exercise the right to freedom of expression, ensure the right of another consumer to exercise freedom of expression or exercise another right provided by law.
  • Comply with California’s Electronic Communications Privacy Act (Cal. Penal Code § 1546 ).
  • Allow only internal uses that reasonably meet consumer expectations based on your relationship with us.
  • comply with a legal obligation.
  • make other internal and legal uses of this information that are consistent with the context in which you provided it.

6.1.2 Right of correction

You have the right to ask us to correct any inaccurate personal information we hold about you, taking into account the nature of your personal information and the purposes for which your personal information is processed.

6.1.3 Right to information

You have the right to request, no more than twice in any 12-month period, that we disclose the following:

(1) The categories of personal information we collected, disclosed, sold or shared about you.

(2) The categories of sources from which your personal information is collected.

(3) The business or commercial purpose for collecting, selling or sharing your personal information.

(4) categories of third parties to whom we disclose, sell or share your personal information.

(5) The specific elements of personal information we have collected about you.

6.1.4 Right of withdrawal

You have the right, at any time, to ask us not to sell or share your personal information with third parties.

We have not sold any personal information in the last twelve months.   Over the past twelve months, we have shared personal information with our third-party advertising partners in order to provide advertisements about our products and services to you when you browse the Internet. Like most companies, the Website allows certain third-party advertising partners to place tracking technologies such as cookies and pixels on our websites. This technology allows these advertising partners to receive information about your activities on our website, which is then associated with your browser or device. These companies may use this information to provide you with more relevant advertising when you browse the Internet. This type of data sharing can be considered “sharing” personal information. You can opt out of this sharing by clicking on the “Do not share my information” link on our consumer sites.

6.1.5 Right to limit the use and disclosure of your sensitive personal information

You have the right at any time to request that a company that collects your sensitive personal information limit its use of that information to what is necessary to provide the services or goods that an average consumer requesting such goods or services could reasonably wait. The Website does not currently collect or process sensitive personal information.

6.1.6 Non-discrimination

The Website will not discriminate against you because you have exercised any of your rights, including:

– by refusing you goods or services;

– charge you different prices or rates for goods or services, including by granting you discounts or other benefits, or imposing penalties;

– provide you with goods or services of a different level or quality; And

– suggest that you may receive a different price or rate for the goods or services or a different level or quality of goods or services.

Note that the law does not prohibit a business from charging you a different price or rate, or providing you with a different level or quality of goods or services, if that difference is reasonably related to the value provided to the business with your personal information, or to offer loyalty programs, rewards, benefits, discounts or club cards consistent with this policy and California law.

6.2 Other California Consumer Rights

Some web browsers include a “Do Not Track” (DNT) feature that signals to websites you visit that you do not want your online activity tracked. Many websites and applications, including ours, do not currently respond to DNT signals from web browsers because these signals are not yet uniform. For more information on DNT signals, please visit the following sites https://allaboutdnt.com/ . Other third-party websites may keep track of your browsing activities when they serve content to you, allowing them to personalize what they show you on their websites.

California residents have the right to receive information identifying any third party companies or individuals with whom the Website shared your personal information during the preceding calendar year, as well as a description of the categories of personal information disclosed in that third party. You can obtain this information free of charge once a year by contacting us using the contact details given in Appendix 1.

  1. Data Transfers Outside the EEA/UK

If a Website company communicates personal data to another Website company or to a third party located in a country outside the European Economic Area (which, for this contract, is deemed to include the United Kingdom) which does not benefit from an adequacy decision from the European Commission, measures are taken to ensure that these personal data will benefit from a level of protection substantially equivalent to that imposed by the applicable regulations.

In this regard, the Website undertakes in particular to take into account:

– For restricted international data transfers, depending on the applicable law and jurisdiction, the European Commission’s Standard Contractual Clauses (“SCCs”) of June 4, 2021, or the Standard International Data Transfer Agreements (“IDTAs”) ”) entered into force in the United Kingdom on 21 March 2022, as made available by the relevant supervisory authorities, or the standard contractual clauses of any competent supervisory authority in order to ensure an adequate level of protection.

– Any other appropriate safeguards to ensure the lawful transfer of personal data (e.g. binding corporate rules, code of conduct, certification mechanism). If you are a data subject in the EEA and a member of the Website based in the United Kingdom processes your personal data, the Website has appointed its subsidiary IPD as its European representative to act on its behalf in relation to the EU GDPR compliance. Contact details for IPD can be found in Appendix 1 of this policy.

  1. STAFF RECRUITMENT

The website collects the information necessary to find the most suitable candidates for the vacancies. The Website will not disclose a person’s CV and contact details to a third party without their consent.

If you have applied for a position within the website and wish to modify or delete your personal data from our files, you can at any time send an email to the contact addresses indicated in Appendix 1 of this policy, specifying:

  • Your first and last name;
  • the entity with which you submitted your application, And
  • The date of your request

Proof of identity may be required.

When providing the website with the personal data of a former employer as a reference, you must first ensure that you have received consent from the reference person.

  1. Related Websites

The website provides links on its websites to other websites and services over which the Website has no control and which are not covered by this policy. You are responsible for reading the privacy statements posted on these websites.

ANNEX 1: COMPANIES IN THE CIOFIRST THAT PROCESS PERSONAL DATA

Please note that any communications addressed to UK-based Website companies from users in the EEA will be directed to IPD in France and its appointed representative.

Website companies Registered Address Countries covered Contact details
WM America Cape Town, South Africa European Union and United States dpo@ciofirst.com

The website reserves the right to modify this policy to ensure its compliance with current regulations. The most important updates may be published on the website (www.ciofirst.com) at the latest when said modifications come into force.