In the Terms and Conditions of Use (TCU), the terms and expressions identified by a capital letter have the following signification, whether they are used in singular or plural.
“Events”: refers to any manifestation organized by the Organizer and to which guests participate;
“Guest” or “Visitor”: refers to any person invited by the Organizer to register and participate in the Event using the Service;
“Organizer”: refers to the legal entity organizing the event which invites guests using the Service;
“Service”: refers to the online software of Welkom and associated Apps;
“Data”: refers to the personal data of the guests collected online, transferred by client to the Welkom software thanks to automated means of importation or using the API;
“API”: refers to the Machine to Machine programming interface proposed by Welkom to use its softwares;
“Presentation”: refers to the overall service ordered by the Organizer to Welkom and covered by the TCU;
“Processing”: the overall collection and usage process of the guests’ personal data on the Welkom platform for the organization of the event by the organizer.
For information purposes, here is the list:
- To invite “guests”
- Importation of invitation lists
- Sending of invitation emails
- To register “guests”
- Registration forms
- Importation of the attendance list
- Registration via API
- To collect online payments
- To confirm “guests”
- To send confirmation of registration emails
- To publish confirmation of registration documents
- To publish accreditation documents (badges/tickets) with identification codes
- To control “guests”
- To scan the guests’ identification codes for identification purposes
- To verify access authorizations
- To notify the organizer
- For every guest registration
- For every guest passage
- To publish the personal data of the guests
- To publish on the event website the data of the guests
- To open user areas for guests
- To modify the published data
- To make guests participate
- To save and publish the comments of the guests
- To save and publish the votes of the guests
- To discuss with guests
- To respond to messages
- To stock messages
a. Respect of Luxembourgish and European principles on personal data protection
The Parties agree to collect and process personal data in compliance with regulation currently in force regarding data processing; in particular the European regulation n°2016/679 (GDPR).
In accordance with such law, the Organizer is responsible for the Data Processing undertaken within the framework of the contract.
b. Existence of a system to report security breaches and complaints
The Provider shall communicate with the Client in case of security breaches having direct or indirect consequences with Data Processing. Furthermore, the Provider ought to report to the Client any complaint filed by any person concerned about data processing undertaken in the frame of the contract. In case a security breach is discovered or if any complaint is filed, the Provider must inform the Client as soon as possible and in a maximum time frame of 48 hours.
c. Data Processing Means
In order to follow the terms of the contract, the Provider will process data using the following means of processing:
• The online software Welkom (invitation, registration, badges, tickets, access control)
The different software is Web Apps developed in Javascript with Firestore databases:
• Exhibitors iOS/Android App (lead capture and access control)
• Organizer iOS/Android App (attendance list)
d. Outsourcing
Conditioned to the Client’s acceptance, the Provider shall inform the Client of the outsourcing of the Contract execution by the following subcontractors:
• Google cloud (infrastructure as a Service, cloud)
• Tally (forms)
Stripe (payment)
The Provider remains the only responsible for the Client of the execution of contractual obligations resulting from this document.
e. stence of simple procedures to allow the respect of the rights on personal data protection
The Provider ought to cooperate with the Client to help him meet his legal obligations on personal data protection in order to respect the rights of people in compliance with the European regulation n°2016/679 (GDPR).
a. The duration of data retention is limited and reasonable in respect of the purpose for which they have been collected
The Provider gives the Client the possibility to delete, at all times, the data stored on its interface. The Provider shall not retain data more than 30 months after the end of the event, or sooner if the Organizer requests so.
b. Data destruction and data recovery
At all times during the period of the contract and for a duration of 3 months following the termination of the contract, the Provider gives the Organizer the possibility to collect its data according to API and export formats available in the Welkom software.
c. Duty of cooperation with competent data protection authorities
The Parties shall cooperate with data protection legal bodies, especially in case of control where information requests can be addressed to them.
d. Audits
The Client is entitled to proceed to any verification he judges useful to assess the respect of the Provider’s contractual obligations including the realization of an audit. The Provider ought to respond to the Client’s audit questions asked by the Client himself or by a third support person. The third person shall be selected by the Client himself who acknowledges his independence from the Provider and his adequate qualification. Thus, the third person shall be free to provide the Client with the details of his remarks and the conclusion of his audit. The audit shall allow an analysis of the said Contract and the respect of the GDPR especially by verifying the overall security measures implemented by the Provider; by verifying the logs for data location, copy, and deletion; by verifying measures implemented for data deletion to prevent illegal data transmission to unauthorized jurisdictions or to prevent data transmission to a country which was not authorized by the Client. The audit shall verify that confidentiality and security measures that are implemented cannot be bypassed without being detected and notified.
The amount of time spent by the Provider on monitoring the audit will be counted by Welkom and charged to the Organizer 800€ a day excl. taxes.
a. Recipients
The Provider shall give the Client all useful information on Data recipients so that he can inform those concerned by data processing and answer their access requests.
b. Clear and comprehensive indications of countries hosting the Provider’s servers
The Provider shall inform the Client that their data will be host in servers located in the following countries: The Netherlands and Belgium
a. Indications on the Provider’s obligations regarding data safety and indication that he can only act upon the Client’s request
Within the framework of the Contract, the Provider solely will act on the Client’s request. Thus, the Provider shall not use Data for his personal benefit or for the benefit of a third person. The Provider shall take any necessary disposition to ensure data security especially to protect them against any illegal or accidental destruction; accidental loss, alteration, dissemination, or unauthorized access especially when the processing entails data transmission in a network and against any other form of illegal processing or communication to unauthorized persons.