Articles dans cette section

Privacy policy

  • Mise à jour
S’abonner

Pursuant to the amended Statute No. 78-17 of 6 January 1978 and the regulation (EU) 2016/679 of April 26, 2016, general regulation on data protection (hereinafter, “GDPR”) and the California Consumer Privacy Act (hereinafter, “CCPA”), the Company informs any person accessing the an Event, organized and hosted by the Clients of the Company (hereinafter, the “Client”), through its event platform (hereinafter, the “Attendee”) of its commitment to respect the confidentiality, integrity and security of the data that the Attendee will be required to communicate to it through the website https://sparkup.events  (hereinafter, the “Platform”).

Any personal data identifying the Attendee directly (in particular his or her surname, first name, contact information such as post address, electronic address, or telephone details) or indirectly are considered as confidential data and are treated as such, subject to changes in the legal framework on the qualification of personal data (hereinafter, the “Personal Data”).

This Attendee Privacy Policy does not apply to the Client itself. The Client will collect, process, use and share information, including Personal Data, about the Attendee in accordance with its own privacy policy. The Attendee shall refer to the Client’s Privacy Policy for more details. 

1. Identity of the Controller and/or Processor

The controller which collects and processes the Attendee’s data on the Platform for the purpose of accessing Event hosted by the Client might be: 

  • Meet & Connect, a limited liability corporation (“société par actions simplifiée”), duly organized and existing under the laws of France, registered with the Trade and Corporations Register of Créteil under identification number 895 208 395, having its registered office located at 4, rue de la Pompe, 94410, Saint-Maurice, France, duly represented by Wearemagic, a limited liability corporation (“société par actions simplifiée”), represented in turn by Mr. Vincent Bruneau acting as its President; and or,

  • The Client. In that case, the Company shall only be considered as a processor which collect and processes the Attendee’s Personal Data for the purpose of fulfilling its obligations to the Client that sponsored the Event and pursuant to a different agreement with that Client. 

2. Personal Data likely to be collected

In order to access the Platform and/or an Event, the Attendee agrees that the Company may collect the following categories of data:

  • Personal identification data: surname, first name, e-mail address;

  • Connection-related data: IP address, password; 

  • Information related to the Event (information provided by the Attendee for and/or in the Event when the Attendee fill out forms, questionnaires, survey responses, provide comments, upload content or correspond within the Event, etc.);

  • Technical and Usage Data: Internet connection, the device & the browser used by the Attendee to access the services, participation activity such as what logged on/logged off and similar types of information by the Attendee.

  • The Attendee’s user generated content: the information shared by the Attendee while he or she attends the Event, such as chats, comments, and any information that is uploaded to the Event. The Company will use the Attendee’s user content only in connection with providing the Event, while the Company reserves the right to monitor Attendee’s user generated content, the Company is not obligated to. The Company does not control the actions of other event participants and other event participants may share information the Attendee provides outside of the Event. Therefore, the Company cannot and do not guarantee that any content the Attendee or any user provides is private.

The Attendee undertakes to provide updated and valid Personal Data, within the framework of the information required on the Platform and guarantees not to make any false declaration or provide any erroneous information.

The Company do not knowingly collect the following types of information, and the Company direct the Client not to collect the following types of information: 

  • Social security numbers, pin numbers, driver’s license numbers or financial information;

  • Education records, current or past job history, or performance evaluations;

  • Behavioral profiles or profiles reflecting your psychological characteristics, attitudes, intelligence or abilities;

  • Health information, biometric information, genetic information, behavioral information, biological information, or sensory information;

  • Criminal convictions or offenses.

While we direct the Client not to collect the above information, the Company do not monitor the Client and the Client may nonetheless collect the above types of information. The Attendee shall therefore refer to the privacy policy of the Client.

3. Method of Personal Data’s collection

The Attendee consents to the collection of his/her Personal Data by the Company when he/she provides information during the following processes:

  • Filling registration forms; 

  • Attending an Event hosted by the Client

  • Using the Services when applicable. 

4. Legal basis for the collection and processing of Personal Data

Attendees’ Personal Data are collected on the basis of the following legal grounds: 

  • The specific, free and informed consent of the Attendee;

  • The performance of a legal obligation incumbent on the Company;

  • The performance of a contract concluded between the Company and the Attendee (in particular for the performance of the Attendee Terms of Use); or between the Attendee and the Client; or between the Company and the Client;

  • The legitimate interest of the Company.

When the Client is the Controller and the Company the Processor, the Client is responsible for obtaining any necessary consent and/or other legal basis for transferring any Personal Data to the Company. If the Attendee has any question about Personal Data that is collected or want to exercise its rights, as detailed below, the Company will direct the Attendee’s inquiry to the Client. 

5. Purposes of Personal Data processing 

Mandatory Personal Data are the data strictly necessary for the processing or requests of the Attendee. 

In the absence of communication of the said data, the Attendee is informed that certain services offered by the Company cannot be provided. The compulsory nature of the information requested is indicated to the Attendee at the time of collection. 

The optional Personal Data collected by the Company is intended to get to know the Attendee better and to improve his/her browsing experience on the Platform.

Personal Data is collected and processed for the following purposes, the Company being either Collector or Processor:

  • To perform the Company’s obligations under the agreement with the Client; 

  • To provide the Event and the Event content to the Attendee; 

  • To provide the Attendee with information about the Event; 

  • To Provide the Attendee with communications about the Event from the Client; 

  • For Contact and assistance regarding the Event;

  • To fulfill any other purpose for which the Attendee provide it;

  • To carry out the Company’s obligations and enforce the Company’s rights arising from any contracts entered into between the Attendee and the Company, to comply with any legal obligation the Company may have (or assist its customers or other parties in complying with their legal obligations), or where it is necessary for the Company legitimate interests (or those of a third party) and the Attendee’s interests and fundamental rights do not override those interests.

  • To allow the Attendee to participate in interactive features in the Event;

  • To protect the integrity and security of the services of the Company or to analyze, support or improve the features and functions of the services;  

  • For troubleshooting problems, detecting and protecting against error, fraud or other criminal activity;

  • To third-party contractors that provide services for the Company and who are bound by these same privacy restrictions;

  • To enforce the Attendee Terms of use

Attendees are informed that, subject to their prior, specific and positive consent, the Personal Data transmitted may be transferred to the Company’s business partners and/or companies belonging to the same group as the Company, so that the latter can inform Attendees about their offers and services.

6. Retention period of Personal Data

Personal Data is retained in accordance with the agreement between the Company and the Client as required to comply with a governmental authority or applicable federal, state, or local law, or regulations, as required to resolve disputes, or to enforce the Company’s agreements or as long as required to engage the uses described herein. The Company may retain the Attendee Personal Data longer in connection with its legitimate business interest.

The criteria used to determine our retention periods include the following:

  • The length of time the Company has an ongoing relationship with the Attendee and provides services to the Attendee (for example, for as long as the Attendee is accessing an Event);

  • Whether account owners modify, or their users delete information through their accounts;

  • Whether the Company has a legal obligation to keep the data (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or

  • Whether retention is advisable in light of the Company’s legal position (such as in regard to the enforcement of the Company’s agreements, the resolution of disputes, and applicable statutes of limitations, litigation, or regulatory investigation).

 

7. Recipient of Personal Data

The Attendee’s Personal Data is intended for use by the persons duly authorized to process it within the Company, in particular, and depending on the nature of the processing and the type of data, the persons in charge of the customer service, marketing, administrative, logistics and IT departments. 

While carrying out its activities and providing its services, the Company may use subcontractors who process the Attendee’s Personal Data on the Attendee’s behalf and on the Attendee’s instructions.

The Company warrants: 

  • That subcontractors, employees or collaborators guarantee the same level of protection as the Company and ensures that these subcontractors, employees or collaborators process Personal Data solely for the purposes authorized by the purposes pursued, with the required discretion and security;

  • That they process Personal Data solely for the purposes authorized by the purposes pursued, with the required discretion and security, and

  • To this end, they provide sufficient guarantees regarding the implementation of appropriate technical and organizational measures to ensure the security and confidentiality of the Attendee’s data.

The Company may disclose Personal Data to application services which provide services such as web chat, or email which the Attendee initiate through the services. The contracts of the Company with these third-party vendors or service providers outline the appropriate use and handling of the Attendee’s Personal Data and prohibit them from using any of the Personal Data for purposes unrelated to the product or the service they are providing. The Company requires such third parties to maintain the confidentiality of the information the Company provides to them. 

Finally, the Company may transfer or allow access to the Attendee’s Personal Data to administrative or judicial authorities in order to satisfy the requirements of any law, regulation, legal proceeding or enforceable governmental request.

8. International data transfers

The Company operates globally, which means Personal Data may be transferred, stored and processed outside the country or region where it was initially collected where the Company or its service providers have customers or facilities, including in countries where Event participants or account owners hosting Events that the Attendee participate in or receiving messages that the Attendee send are based. 

Therefore, by using the Company services or providing Personal Data for any of the purposes stated above, the Attendee acknowledge that the Personal Data may be transferred to or stored in the United States, as well as in other countries outside of the EEA, Switzerland, and the United- Kingdom. Such countries may have data protection rules that are different and less protective than those of the Attendee’s country.

In cases where the Company has recourse to subcontractors located in countries offering levels of protection that are not equivalent to the level of protection of personal data in the European Union, the Company undertakes to ensure that the said transfer is governed by the data protection agreements put in place between the European Union and the countries of destination, or by an adequacy decision of the European Commission concerning certain countries ensuring an adequate level of protection, or by the signature of standard contractual clauses established by the European Commission (“SCC”) or adopted by a supervisory authority and approved by the European Commission, or by the implementation of binding internal company rules (“BCR”), or by an approved code of conduct, an approved certification mechanism or an administrative arrangement or a legally binding and enforceable text adopted to enable cooperation between public authorities.

9. Measures implemented by the Company to ensure the security and confidentiality of Personal Data 

The Company undertakes to process Personal Data in a manner that is: 

  • Lawful;

  • Fair;

  • Transparent;

  • Proportionate;

  • Relevant;

  • Secure;

  • Within the strict framework of the purposes pursued and announced;

  • For the duration necessary for the processing operations put in place.

The Company implements and updates the appropriate technical and organizational measures to ensure the security and confidentiality of Personal Data, preventing them from being distorted, damaged or communicated to unauthorized third parties.

9. Attendee’s rights on Personal Data

9.1 If the Attendee is a European Economic Area Resident

It is possible for the Attendee, by simple written request, to access his/her Personal Data, to request its modification or correction, or to demand that it no longer appears in the Company’s database.

As part of the right of access, the Attendee is authorized, in accordance with article 15 of the GDPR, to question the Company in order to obtain: (i) communication of the Personal Data concerning him/her in an accessible form; (ii) confirmation that his/her Personal Data is or is no longer being processed; (iii) communication of the purposes of the processing, the categories of Personal Data processed and the recipients to whom his/her Personal Data is communicated; and (iv) the duration of the storage of his/her Personal Data or the criteria used to determine this duration.

In accordance with article 16 of the GDPR, the right of rectification gives the Attendee the right to require the Company to rectify, complete or update his/her Personal Data when it is inaccurate, incomplete, equivocal or out of date.

Under the conditions set forth in article 17 of the GDPR, the Attendee has a right to the deletion of his/her Personal Data, allowing him/her to ask the Company to delete his/her Personal Data as soon as possible, in particular when it is no longer necessary with regards to the purposes for which it was collected.

The Attendee also has the right to limit the processing of his/her Personal Data in the cases listed in article 18 of the GDPR. He/she may thus request that his/her Personal Data be kept only for the purposes of:

  • Verifying the accuracy of the Personal Data that it contests;

  • To be used for the purpose of ascertaining, exercising or defending his/her rights in court, even though the Company no longer has any use for it;

  • To verify whether the legitimate reasons pursued by the Company prevail over his/her own in the event that he/she opposes processing based on the legitimate interest of the Company;

  • Satisfy his request for limitation of the use of his data - rather than deletion - in the event that the processing of his data is unlawful.

In the circumstances provided for in article 20 of the GDPR, the Attendee has a right to the portability of his Personal Data, allowing him/her to recover from the Company the Personal Data he/she has provided, in a structured, commonly used and machine-readable format, for the purpose of forwarding them to another data controller.

In accordance with Article 21 of the GDPR, the Attendee has the right to object, at any time, to the processing of his Personal Data for commercial prospecting purposes.  

In accordance with article 85 of Law 78-17 of January 6, 1978 relating to data processing, files and freedoms, the Attendee has the possibility to define specific directives relating to the conservation, deletion and communication of his/her personal data post-mortem. These specific directives will only concern the processing carried out by the Company and will be limited to this scope only. 

In order to exercise the aforementioned rights of access, rectification, deletion, limitation, portability and opposition, the Attendee need only send his/her request to the data protection officer (DPO): 

  • By email to: [data@sparkup.app]; et/or, 

  • By post to the following address: 4, rue de la Pompe, 94410, Saint-Maurice.

The Company will provide the person exercising one of these rights with information on the measures taken, as soon as possible and in any event within one (1) month of receipt of the request. This period may be extended by two (2) months, depending on the complexity and number of requests. 

If the Company does not comply with the request, it will inform the person as soon as possible, and at the latest within one (1) month of receipt of the request, of the reasons for its inaction and of the possibility of lodging a complaint with a supervisory authority and of lodging a judicial appeal.

The exercise of these rights shall be free of charge. However, in the event of a manifestly unfounded or excessive request, the Company reserves the right: (i) to require payment of a fee taking into account administrative costs; or (ii) to refuse to comply with such requests.

In case the Company acts as a Processor, it is contractually required to provide the Attendee’s request to the Client and to allow the Client to respond to such requests. The Client is therefore responsible for any data rights requests in accordance with the applicable law. 

Without prejudice to any other administrative or jurisdictional remedies, the Attendee who considers that the processing of his/her Personal Data constitutes a violation of the provisions of the legislation in force may file a complaint with a competent supervisory authority such as the CNIL.

9.2 If the Attendee is a California Resident

As a California resident, the Attendee has certain rights with respect to its information, including Personal Data, pursuant to the CCPA. 

In case the Company acts as a processor, the Company is contractually required to provide the Attendee’s request to the Client customer and to allow our customer to respond to such request. The Client is therefore responsible for any data rights requests in accordance with pursuant to CCPA. 

Pursuant to CCPA, the Attendee may request information about how the Client and/or the Company collected and used its Personal Data in the last twelve (12) months, the categories of information collected, the sources from Personal Data was collected and the business or commercial purpose for which information was collected, and with whom information was shared, sold or disclosed, and obtain the personal data in a portable, and to the extent technically feasible, readily usable format. 

The Attendee may require the deletion or correction of Personal Data under certain circumstances. 

The Attendee may also request copies of the Personal Data collected within the preceding twelve (12) months or to delete information the Company and/or the Client may have collected from the Attendee. 

Some states provide additional rights to their residents. If the Company declines to process the Attendee’s request, the Attendee may have the right to appeal the Company’s decision. The Attendee can do so by replying directly to the Company’s denial or by email according to the information below.

To exercise its rights under CCPA, the Attendee may submit a request to the Company as described in the request information section below. 

Where applicable, the Company will share the Attendee’s request with the Client and/or the Company may decline the request as permitted by law. The Client and/or the Company will be required to verify the Attendee’s identity to process the requests and reserve the right to confirm the Attendee’s California residency. 

The Company or, where applicable, the Client is responsible for responding to CCPA requests within the legally required time periods.

Some states provide additional rights to their residents. If we decline to process your request, you may have the right to appeal our decision. You can do so by replying directly to our denial or emailing

These rights are not absolute, are subject to exceptions and limitations, and may not be afforded to residents of all states. In certain cases, the Company may decline requests to exercise these rights where permitted by law. The Company will need to verify the Attendee’s identity to process the Attendee’s access, deletion, and correction requests and reserve the right to confirm the Attendee’s state residency. 

10. Remedies in case of Personal Data’s violation

In the event of a violation of its Personal Data that may create a risk to its rights and freedoms, the Company shall notify the CNIL and any other supervisory authority, French independent administrative authority on personal data, of the violation as soon as possible, and, if possible, seventy-two (72) hours at the latest after becoming aware of it. The Company will also inform the Attendee as soon as possible in accordance with the provisions of article 34 of the GDPR and the CCPA.

11. Request for information

For any questions concerning the processing of their personal data and the exercise of their rights, Attendees may contact the dedicated service:

  • By email to: [data@sparkup.app]; et/or, 

  • By post to the following address: 4, rue de la Pompe, 94410, Saint-Maurice.

12. Modification of the privacy policy

The Company reserves the right to modify this privacy policy in order to comply with the obligations laid down by legislation protecting privacy or in order to adapt it to its practices. Consequently, the Attendee is invited to consult it regularly in order to take note of any changes and adaptations.

Articles associés

Commentaires

0 commentaire

Cet article n'accepte pas de commentaires.