Expo Connexion

Data Processing Policy (GDPR)

1. Legal Framework

This data processing policy is established in accordance with the General Data Protection Regulation (GDPR - EU Regulation 2016/679) and applicable data protection laws.

Expo Connexion is committed to ensuring the protection of personal data and respecting the privacy of all users of its services.

2. Data Controller

Company Name: Expo Connexion

Legal Form: [Legal Form]

Registered Address: [Complete Address]

SIRET Number: [SIRET Number]

Share Capital: [Amount]

DPO (Data Protection Officer): dpo@expoconnexion.com

3. Data Processing Principles

The processing of your personal data is based on the following principles:

  • Lawfulness: Data is processed lawfully, fairly and transparently
  • Purpose limitation: Data is collected for specified, explicit and legitimate purposes
  • Data minimization: Only necessary data is collected
  • Accuracy: Data is accurate and kept up to date
  • Storage limitation: Data is retained only as long as necessary
  • Integrity and confidentiality: Data is secure
4. Categories of Data Processed

4.1 Identity Data

  • First and last name
  • Date and place of birth (if applicable)
  • Gender (if applicable)
  • Identity documents (if applicable)

4.2 Contact Data

  • Mailing address
  • Email address
  • Fixed and mobile phone numbers
  • Professional contact details

4.3 Professional Data

  • Company name
  • SIRET/SIREN number
  • Job title and position
  • Industry sector
  • Business information

4.4 Login Data

  • Login credentials
  • Passwords (encrypted)
  • IP address
  • Login logs
  • Navigation data
5. Purposes and Legal Bases
PurposeLegal BasisDuration
Application managementContract execution3 years
Communication with organizersContract execution3 years
Customer relationship managementLegitimate interest3 years
Direct marketingConsent3 years
Website securityLegitimate interest1 year
Accounting obligationsLegal obligation10 years
6. Data Recipients

6.1 Internal Recipients

  • Sales department
  • Administrative department
  • Technical department
  • Management

6.2 External Recipients

  • Exhibition organizers (application data only)
  • ZOHO CRM (data processor, GDPR compliant)
  • Web hosting and database providers (Vercel and Convex, both GDPR compliant)
  • Legal authorities (by judicial request only)

No data is sold or transferred to third parties for commercial purposes.

7. Data Transfers Outside the EU

Some of our service providers may be located outside the European Union. In such cases, we ensure that:

  • The country benefits from an adequacy decision by the European Commission, or
  • Standard contractual clauses are in place, or
  • The provider is Privacy Shield certified (for the United States), or
  • Other appropriate safeguards are implemented
8. Rights of Data Subjects

You have the following rights regarding your personal data:

8.1 Right of Access (Art. 15 GDPR)

You can request a copy of all personal data we hold about you.

8.2 Right to Rectification (Art. 16 GDPR)

You can request correction of inaccurate or incomplete data.

8.3 Right to Erasure (Art. 17 GDPR)

You can request deletion of your data under certain conditions.

8.4 Right to Restrict Processing (Art. 18 GDPR)

You can request restriction of the processing of your data.

8.5 Right to Data Portability (Art. 20 GDPR)

You can receive your data in a structured and machine-readable format.

8.6 Right to Object (Art. 21 GDPR)

You can object to the processing of your data for legitimate reasons.

8.7 Right to Withdraw Consent

You can withdraw your consent at any time for consent-based processing.

How to exercise your rights?

Contact us by email at: dpo@expoconnexion.com
Or by mail to: Expo Connexion - DPO Service - [Address]

We will respond to your request within a maximum of one month.

9. Security Measures

We implement appropriate technical and organizational measures:

9.1 Technical Measures

  • Encryption of sensitive data (SSL/TLS)
  • Encrypted passwords (secure hashing)
  • Firewalls and intrusion detection systems
  • Regular and secure backups
  • Regular system updates
  • Access control and strong authentication

9.2 Organizational Measures

  • Personnel training on data protection
  • Strict confidentiality policy
  • Data access on a "need to know" basis
  • Confidentiality clauses with data processors
  • Data breach procedures
10. Breach Notification

In the event of a personal data breach that could pose a high risk to your rights and freedoms, we commit to:

  • Notifying the CNIL within 72 hours
  • Informing you without undue delay
  • Documenting the breach and measures taken
  • Implementing corrective measures
11. Data Protection Impact Assessment (DPIA)

For processing activities likely to pose high risks, we conduct Data Protection Impact Assessments (DPIA) in compliance with Article 35 of the GDPR.

12. Records of Processing Activities

In accordance with Article 30 of the GDPR, we maintain a record of all personal data processing activities. This record is available upon request from our DPO.

13. Complaint to the CNIL

If you believe your rights are not being respected, you have the right to file a complaint with the National Commission for Computing and Liberties (CNIL):

CNIL (French Data Protection Authority)

3 Place de Fontenoy - TSA 80715

75334 PARIS CEDEX 07

Tel: +33 1 53 73 22 22

Website: www.cnil.fr

14. DPO Contact

For any questions regarding the processing of your personal data:

Data Protection Officer (DPO)

Email: dpo@expoconnexion.com

Mail: Expo Connexion - DPO - [Complete Address]