UPDATED: June 11, 2018
Poken: A GES Company
This Policy was last updated on 11 June 2018 to take into account new requirements under the General Data Protection Regulation regarding how we inform you about the ways in which we use your personal data, and your rights in relation to that data.
Most of the time, when Poken processes your personal data it will be as part of providing a Service to an organizer or exhibitor, in which case that organizer or exhibitor will be the controller of (and legally responsible for the protection of) your personal information. However, when providing customers directly with access to their Poken account (or when retaining organizer or exhibitor details for marketing purposes or other purposes set out in this notice) Poken may also be a controller of your personal information.
OUR COMMITMENT TO PROTECTING YOUR PRIVACY
PERSONAL INFORMATION WE COLLECT
WHY WE ASK FOR YOUR PERSONAL INFORMATION
OUR LEGAL BASIS FOR USING YOUR PERSONAL INFORMATION
SHARING YOUR PERSONAL INFORMATION
your profile and communication preferences
how we safeguArd your information
OUR COMMITMENT TO PROTECTING YOUR PRIVACY
- Poken will process your information in a professional and accountable manner including using appropriate technical and organisational measures to safeguard your personal information from unauthorized access, theft, or loss;
- Poken will provide you with the ability to delete your Poken account upon request, at any time. If you wish to do this please contact us using the details below; and
- Poken will respect your rights under data protection laws. For more information on your rights, please refer to the “YOUR RIGHTS” section of this statement.
PERSONAL INFORMATION WE COLLECT
We collect personal information from you whenever you use our Services.
Some of this personal information you give to us directly, such as information collected from you through the following:
- Our on-line ordering service, customer service phone centre, or through representatives at events you organize, exhibit at or attend; and
- Submissions you voluntarily make such as when requesting customer service; providing complaints; requesting brochures, newsletters or other information; establishing an account profile with us; participating in loyalty programs or marketing campaigns; completing surveys and comment cards; and other interactions;
- Use of our websites, interactions with our emails, and through methods outlined throughout contractual agreements that may be held between both parties; and
- At a tradeshow or an event where you sign up to and/or use a Poken smart device, the Poken app or an interactive lanyard to upload data or share your contact details with organisers and/or exhibitors or share information that you have collected within your personal Poken account.
Other personal information is collected indirectly, for example your browsing history on our sites.
Types of personal information we may collect includes:
|Category of personal data||Examples of your personal data|
|Contact information||Name, address, email address, IP address, phone number|
|Poken Account Information||Date of birth (for age verification), device number, uploads made, downloads made, information collected via the device, details of events attended (time, date, name, location, exhibitors visited at each event)|
|Transaction information||Contact information (above), together with purchase details, delivery details, payment details, billing address and any communications we have about your relationship with us (including any Services).|
|Legal information||Fraud checks or flags raised about your transactions, payment card refusals, complaints, copies of documents you provide to prove your identity where the law requires this.|
|Preference information||Your marketing preferences, Service(s) preferences, your Subscription Centre settings, any account preferences, any preferences we have observed, such as the types of offers that interest you, or the areas of our website that you visit.|
|Communications||Communications we may have with you, whether relating to a transaction or not.|
|Voluntary information||Any voluntary information you provide us with, such as hobbies and interests, and responses to surveys or competition entries.|
|Observed information||Details of your online browsing activities on our website, such as the pages, products or areas of our website that you view, or which link has brought you to our website from our email communications or third-party websites.
Information that is collected on you as a visitor (which may include your role as an, exhibitor and/or organiser) attending a trade show or other event, where our Services are being provided (typically where an interactive lanyard is scanned by you or the Poken Smart Device). This may include your location at the event, the other areas of the event you have visited and any seminars, presentations or sessions you sign up for on the day of the event.
This information may be identifiable to you because you are logged in to your account, or because we have collected details of your IP address or the device that you have used to access the website. This may also give us the geographic region which your device reports that you are located in.
WHY WE ASK FOR YOUR PERSONAL INFORMATION
We may ask for and use your personal information for the following purpose(s):
- Our Services:
- To deliver the Services you have requested, including providing and administering your personal Poken account with us, if you chose to establish one (and to confirm your age for age verification purposes);
- To process your order, including payment authorisation and collection of sums owed;
- To deal with any customer care issues you may have;
- To manage any registered accounts you may have with us;
- To notify you of any changes to our Services;
- To create and secure an on-line account in our Subscription Centre, if you choose to establish one.
- Marketing purposes:
- To communicate with you regarding an upcoming show or event
- To promote relevant suggestions related to your areas of interest or based on previously conducted business through a genuine understanding from us that there is a legitimate interest for that contact to take place;
- To deliver information you request and communicate about us and other GES group entities and associated brands, and recent developments that may be of interest to you;
- To advertise our products and services to you if they are relevant and appropriate to you;
- To maintain a profile of our ongoing relationship (described in the section titled “your profile and communication preferences” below) that allows us to better serve you and tailor our offers so that they are more likely to be of interest to you;
- To share with other companies within the Viad/GES group as needed for reasonable management, analysis, planning and decision making, including in relation to taking decisions regarding expansion and promotion of our websites and services and for use by those companies for the other purposes described in this policy;
- If you visit our websites, you may receive personalized banner advertisements whilst browsing other websites. This is known as behavioral marketing and such advertisements are provided to us by our third-party providers using ‘cookies’ placed on your computer or other devices. You can remove or disable cookies at any time. Please see our ‘Cookies’ section for further information.
- Research and development
- To obtain your feedback, provide customer service, and track our performance;
- To ensure that all our online content that you access (whether as part of a Service or not) is presented in the most effective manner for you;
- To operate our websites more effectively and to promote our services on our website;
- To manage, conduct research, and improve how we operate and promote our services including, without limitation, through the use of non-personal anonymous, aggregate, and statistical information;
- Analysis and profiling
- To analyse your responses to our marketing communications (e.g. whether you open communications and/or interact);
- To analyse your browsing and purchasing activity;
- To use the analyses mentioned above, together with other demographic data, to contact you with information on products and offers relevant to you;
- To analyse customer choices in respect of our services to understand our target audience for the purposes of selecting similar customers for advertising purposes.
- Legal Requirements
- For pursuing legal claims, crime and fraud prevention, detection and related matters;
- To verify your identity when considered necessary and/or appropriate;
- To assist in issues relating to your personal safety and the safety of others; and
- To comply with laws applicable to our operations, to respond to requests from government authorities, to enforce our rights and protect property, and to satisfy our record keeping, regulatory, and legal requirements;
- If ownership of all our part of our business changes, or we undergo a reorganisation or asset sale, including a merger or transfer, we will transfer your personal information to the new owner, receiver or successor company to enable us to continue to provide our services to you.
OUR LEGAL BASIS FOR USING YOUR PERSONAL INFORMATION
We use the data we collect about you for various purposes. European data protection legislation sets out specific “lawful bases” for processing personal data. The basis on which we process different information about you and the purpose of that processing are explained below.
Relevant personal information: Transaction information, Preference information, Communications, Preference information, Voluntary information, Poken Account Information, Observed information.
Relevant processing purposes: Our Services, Marketing purposes, Research and development, Analysis and profiling, Legal Requirements.
Relevant personal information: Contact information, Preference information, Observed information.
Relevant processing purposes: Marketing purposes and Analysis and profiling.
Where you have provided us with your consent through a show organiser or have made choices using the Subscription Centre we also rely on the consent you have provided as the legal basis for processing your personal information for marketing purposes. If you have not accessed your Subscription Centre, we may also send you marketing in respect of specific show services on the basis of our legitimate interests, as set out above. You have the right to withdraw your consent at any time and we will cease to process your personal data after your consent is withdrawn.
Compliance with legal obligations
Relevant personal information: Legal information, Transaction information, Communications (where relevant), Preference information in the case of marketing and cookie preferences only.
Relevant processing purposes: Legal Requirements.
We collect and process certain personal information about you to confirm your identity, keep records required by law or to evidence our compliance with laws, including tax laws, consumer protection laws and data protection laws. To provide information to law enforcement agencies or other authorities where we are required to do so.
Performance of a contract with you (as an individual, sole trader or as part of a partnership)
Relevant personal information: Transaction information, Communications, Poken Account Information, Observed Information (to the extent it exists within your Poken Account).
Relevant processing purposes: Our Services.
If you are a contracting with us as an individual, sole trader or as part of a partnership, then we also process your personal information as required to fulfil that contract, to provide any products or services and to deal with any queries, concerns or legal issues that may arise under that contract.
SHARING YOUR PERSONAL INFORMATION
We may disclose your information to our affiliates and other third parties with a need to know for purposes related to the services. We ensure that third parties to whom we disclose your information protect it consistent with the principles articulated in this Policy. Affiliates and third parties that may receive your information may provide any service necessary for any of the purposes described in the section titled “WHY WE ASK FOR YOUR PERSONAL INFORMATION” above.
When you chose to attend an event, we will also disclose some of your information to the organiser of the event and with exhibitors at those events (where you choose to share your detailed with them through your Poken Smart Device, interactive lanyard or Poken mobile app). We will only do this when you take the positive action (ie scanning your interactive lanyard or connecting your Poken Smart Device with an exhibitor/speaker/sponsor device) for us to do so. Information on who you have chosen to share your data with will be accessible through your Poken Account, where you have chosen to create one.
Wherever it is possible and reasonable, we will disclose only the minimum information necessary to complete and process a request and/or order and, in respect of any financial details provided, we will never transfer payment card information for such purposes.
Our computer infrastructure is primarily provided by its affiliate Global Experience Specialists, Inc., from data centres located in the United States. Other group affiliates that may receive your information are listed in the section titled “PRIVACY NOTICES” below. Poken is a wholly-owned subsidiary of Viad Corp, a publicly held company traded on the New York Stock Exchange (NYSE:VII).
To make certain services available to you, we may need to share your personal information with some of our trusted third-party suppliers. These include IT, delivery, marketing, financial and legal service providers. Our Poken platform is hosted by Amazon Web Services, Ireland.
We may share your personal information with:
- Specialist marketing agencies, including market research agencies:
- Payment services providers as required for card payments
- Governmental bodies, regulators, law enforcement agencies, courts/tribunals and insurers where we are required to do so to:
- comply with our legal obligations
- to exercise our legal rights (e.g. for a court case)
- for the prevention, detection, investigation of crime or prosecution of offenders
- for the protection of our employees and customers
We only allow our 3rd party service providers to handle your personal information when we have confirmed that they apply appropriate data protection and security controls, which may require contractual obligations relating to data protection and security being implemented. This means our suppliers can only use your personal information to assist in us providing our services to us and to you and not for any other purposes.
The nature of our business and our operations require us to transfer your personal data to some group affiliates and divisions (as documented within this policy) and third party service providers that may be located in countries outside of European Economic Area (“EEA”). Such transfers are subject to specific rules under data protection laws.
Should we have to transfer your data outside of the EEA we will take appropriate steps to protect your data in line with our legal obligations to do so. Such steps include that a number of GES/Viad affiliate entities in the United States maintain active certifications on the EU-U.S. Privacy Shield Framework. Further information regarding Privacy Shield is available at https://www.privacyshield.gov.
For additional information relevant to transfers of information regarding European Union citizens, please see the section titled “PRIVACY NOTICES” below.
YOUR PROFILE and COMMUNICATIONS PREFEReNCES
In addition to the recording of your chosen interactions with organizers and exhibitors through your Poken account, as described above. In respect of the provision of any Services to you, from our initial engagement with you, we may track your interactions with us so that we can better understand the scope of our relationship with you. For each interaction, we retain your name when you purchase goods or services from us, as well as the nature and amount of the purchase. We combine that with information with a record of information you request from us, how you respond to our emails, and your activity at our websites.
It is your responsibility to keep any usernames and passwords confidential and protect them from disclosure.
We do not intend to collect any sensitive information from you and will not conduct any automated decisions without your knowledge. Any information is only used for purposes of our ongoing relationship. Information you provide us with will not be used to market any third-party services.
RETENTION OF PERSONAL INFORMATION
We will retain the information we collect for a period of three (3) years from your last activity with us, unless you request us to delete it sooner by contacting us as provided in the section titled “CONTACT US” below.
Any information that must be maintained for legal purposes such as specific financial information will be done so in accordance with the relevant legislation and any applicable local / regulatory guidance (which may be for a longer period, often up to 7 years).
OUR WEBSITES AND COOKIES
Tracking Activity on Our Website:
The way we collect information specifically about you is by using cookies. A “cookie” is an electronic file that holds small strings of text. When you visit our website, we send a cookie to your browser so that we can recognize it when you or another user of your computer return to our website. We want to recognize your browser so we can make the best use of your time when visiting our website. Cookies are also used for technical purposes for the operation of our websites, including website navigation.
For your security, if you are registered for online services or have an account with us, we cannot give you access to your account information on our website unless your browser is set to accept cookies from us.
Do Not Track:
If you refuse or delete cookies, some of our website functionality may be impaired. Please refer to your browser’s Help instructions to learn more about how to manage cookies and the use of other tracking technologies.
You have the ability to accept or decline cookies by modifying the settings in your browser.
Links to Third Party Sites:
How We Safeguard Your Information
We employ reasonable technical and organisational measures to protect against the loss of, or unauthorized access to, the information under our control. Steps we’ve taken to enhance network and information security include the implementation of Secure Socket Layer (SSL) encryption technology for payment transactions, digital certificates, password protection for all web applications that contain personal information, and industry standard infrastructure security. Although we take measures to protect your information, we cannot guarantee that your information will always remain secure.
All our web applications that deal with your personal information require a username and password to gain access. This allows us to verify who you are, thereby allowing you access to your account information, and preventing unauthorized access. You should not divulge this username and password to anyone.
Poken does not permit the creation of accounts by minors. As a result it does not expect to process personal data as a controller in respect of children. We request date of birth from customers wishing to open an account to ensure that the people purchasing and/or using our Services, and making inquiries at our websites, are not minors.
You have certain legal rights, which are briefly summarised below, in relation to any personal data about you which we hold.
Where our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. If you do decide to withdraw your consent we will stop processing your personal data for that purpose, unless there is another lawful basis we can rely on – in which case, we will let you know. Your withdrawal of your consent won’t impact any of our processing up to that point.
Where our processing of your personal data is necessary for our legitimate interests, you can object to this processing at any time. If you do this, we will need to show either a compelling reason why our processing should continue, which overrides your interests, rights and freedoms or that the processing is necessary for us to establish, exercise or defend a legal claim.
|Your right||What does it mean?||Limitations and conditions of your right|
|Right of access||Subject to certain conditions, you are entitled to have access to your personal data (this is more commonly known as submitting a “data subject access request”).||If possible, you should specify the type of information you would like to see to ensure that our disclosure is meeting your expectations.
We must be able to verify your identity. Your request may not impact the rights and freedoms of other people, eg privacy and confidentiality rights of other individuals.
|Right to data portability||Subject to certain conditions, you are entitled to receive the personal data which you have provided to us and which is processed by us by automated means, in a structured, commonly-used machine readable format.
|If you exercise this right, you should specify the type of information you would like to receive (and where we should send it) where possible to ensure that our disclosure is meeting your expectations.
This right only applies if the processing is based on your consent or on our contract with you and when the processing is carried out by automated means (ie not for paper records). It covers only the personal data that has been provided to us by you.
|Rights in relation to inaccurate personal or incomplete data||You may challenge the accuracy or completeness of your personal data and have it corrected or completed, as applicable.
We encourage you to notify us of any changes regarding your personal data as soon as they occur, including changes to your contact details, telephone number.
|This right only applies to your own personal data. When exercising this right, please be as specific as possible.|
|Right to object to or restrict our data processing||Subject to certain conditions, you have the right to object to or ask us to restrict the processing of your personal data.||As stated above, this right applies where our processing of your personal data is necessary for our legitimate interests. You can also object to our processing of your personal data for direct marketing purposes.|
|Right to erasure||Subject to certain conditions, you are entitled to have your personal data erased (also known as the “right to be forgotten”), eg where your personal data is no longer needed for the purposes it was collected for, or where the relevant processing is unlawful.||We may not be in a position to erase your personal data, if for example, we need it to (i) comply with a legal obligation, or (ii) exercise or defend legal claims.|
|Right to withdrawal of consent||As stated above, where our processing of your personal data is based on your consent you have the right to withdraw your consent at any time.||If you withdraw your consent, this will only take effect for future processing.|
You also have the right to lodge a complaint with a supervisory authority in your local jurisdiction. For example, in the UK, this would be the Information Commissioner’s Office.
We provide you with several options to manage your information:
- Each email we send you will have links to “Manage Subscription” or “Unsubscribe”;
- You may forward your requests to us in writing at our Compliance Manager as provided below in the section titled “CONTACT US”; and
- You may contact us directly through any of our operating divisions.
We will require you to reasonably verify your identity before proceeding with the request. You will need to provide two copies of your ID which can include your:
- driving licence or passport;
- utility bill (covering the last 3 months);
- bank or credit card statement (account redactions acceptable as long as last 4 digits of the card are displayed); or
- current vehicle registration document.
Once verified, a request received by us will only be processed by Poken, you will need to make separate requests to another entity should you need to.
All requests to either obtain a copy of or permanently delete (also referred to as a right to be forgotten) all or part of your information must be forwarded to us as provided in the section titled “CONTACT US” below.