Effective Date: January 27th, 2021

1. Definition and nature of personal data

The Airfair platform, accessible through airfair.io , (hereinafter referred to as the "Platform"), for the purposes of using the provided networking services that enable you to increase your professional network and discover relevant content may request some personal information about you.

We also collect some of your personal data when you register directly on our Platform to participate in a professional event, or when an event organizer wishes to provide you with our services within the context of the event for which you are registered and sends us your contact details in order that we may contact you.

The term "personal data" designates all data that allows an individual to be identified directly or indirectly, which corresponds in particular to your surname, first names, e-mail address, telephone numbers, country of origin, time zone, and data relating to your usage of the platform, your profiles on social networks, the name of your company, your job title and areas of expertise, the type of people you wish to meet, the themes which you are interested in, your IP address, navigation data, data from recordings of calls with our teams (for example: the content and dates of the calls), as well as any other information you provide to us about yourself. See table in part 4 of the document.

2. Purpose of this Policy

The purpose of this charter (hereinafter referred to as the "Policy ") is to inform you of the means by which we collect and process your personal data, with the strictest respect for your rights.

3. Identity of the entity responsible for collecting and processing data

Responsibility for the collection and processing of your personal data lies with the company AirfairCTWW SAS, a French simplified joint stock company, registered with the Registry of Trade and Companies of Bobigny under number 889 006 706, whose head office is located at 7 Place de l'Hôtel de Ville 93600 Aulnay-sous-Bois, (referred to within the framework of this Policy as "Us" or "We").

4. Collecting and processing personal data

Purpose of the processing

Data collected

Legal basis

Retention period

Access and use of the Platform

  • First Name

  • Last Name

  • Company Name

  • Company Size

  • Company Industry

  • Email

  • Position

  • Department

  • Product categories of interest related to the vendors present at the event

  • User calendar during the event

  • IP address

  • User agent

Performance of the contract between the User and Airfair.io

Duration of your use of the Services + 3 years from the last connection date

Customer management operations

  • Call Data Record (CDR)

Performance of the contract between the Organizers and Airfair.io

Duration of the contract with the Organizer + applicable statute of limitation

Promotional advertisement, newsletters and invitations

  • First Name

  • Last Name

  • Company Name

  • Company Size

  • Company Industry

  • Email

  • Position

  • Department

  • Product categories of interest related to the vendors present at the event

  • Content sessions watched

  • Product categories of interest related to the vendors present at the event

Consent

Until You opt-out or maximum 3 years after the last contact with our Services

Suggestion for networking connections

  • Company Name

  • Company Size

  • Company Industry

  • Position

  • Department

  • Product categories of interest related to the vendors present at the event

  • Pages visited

  • Visitors and exhibitors that you interacted with or that you interacted with

Our legitimate interests to promote our Services and provide You with interesting features

Duration of your use of the Services + 3 years from the last connection date

Analytics and statistics of the Services

  • Number of calls

  • Number of messages

  • Pages visited

  • Visitors and exhibitors that you interacted with or that you interacted with

  • Company Name

  • Company Size

  • Company Industry

  • Position

  • Department

  • Product categories of interest related to the vendors present at the event

Cookies

Our legitimate interests to provide You with the best quality of Service and improve our Products and Services

Consent

As long as identifying data is necessary to provide analytics and statistics

13 months from the consent collection

Comply with legal and regulatory obligations

  • User consent confirmation

Legal obligation provided by EU or national laws

Applicable statute of limitation

We shall inform you, when requesting your personal data, if certain information must be provided or if it is optional. We shall also inform you of the consequences should you not wish to provide this information.

We also inform you that we are likely to collect your data indirectly, either from organizers of events which you are attending, and thus enabling you to use our services, or from other users of our services.

In this respect, you are hereby informed that we may reuse your personal data that is stored in the address book of another user of our services who has expressly authorized us to access their contacts to put you in contact with each other.

5. Recipients of the processed data

Our company's staff, monitoring or control services (auditors in particular) and our subcontractors (hosting service provider, newsletter publishing tool, telephone call monitoring and recording service provider, audience measurement tool) will have access to your personal data.

For the purposes of the networking service, we will also provide your personal data to the organizers of professional events for which you are registered and for which you have used the services of the Platform. The event organizer may use this data for the same purposes and under the same conditions as those referred to in this Policy. The event organizer remains solely responsible for their respect of their own legal and declarative obligations with regard to their processing of your personal data, which they carry out themselves, with their own means and for their own requirements. We are only responsible for our use of your personal data, thus excluding any other use by the event organizer.

Government agencies or representatives of the law, ministerial officers or organizations responsible for the collection of debts may also be recipients of your personal data, for the sole purposes of meeting our legal obligations.

We may transfer your information to service providers, advisers, potential transaction partners or other third parties within the scope of any review, negotiation or completion of a business acquisition should our company be sold to or merge with another company, or should we sell, liquidate or transfer all or part of our assets.

6. Assignment of personal data

Your personal data will not be assigned to, rented to or exchanged with any third party, with the exception of the organizers of events for which you are registered and to whom we provide data concerning you, and of the exhibitors with whom you intended to connect, in relation with their events.

We may generate, and share with organizers and exhibitors of events for which you are registered, usage statistics collected by individuals during an event, in order to calculate the rate of use of our services and have a clear understanding of interactions within their community. This data includes both anonymous generic usage data (e.g. number of users, average number of user contacts, percentage of user additions, number of active users) and personal data related to events organized by the organizer and for which you are registered.

7. Data retention period

As provided above, your personal data is retained for a defined period. Below are all the specific duration that may apply to the retention of your personal data.

(i) Regarding data relating to customer and prospect management:

Your personal data shall not be retained any longer than is strictly necessary for the management of our business with you. However, data proving the existence of a right or a contract must be kept in order to adhere to legal obligations and shall be held for the term stipulated by the applicable law.

Regarding potential prospecting operations for customers, their data may be held for a period of three(3) years after the last contact with the customer.

Personal data relating to a prospective customer, who is not already a customer, may be held for a period of three (3) years from the moment it is collected or from the last contact with the prospective customer.

(ii) Regarding user data:

Your personal data is kept for a period of 3 (three) years from the date of your last use of the application.

(iv) Regarding the management of opt-out lists compiled during prospecting activities:

Information enabling recognition of your right to opt-out is retained for a minimum of three (3) years following the exercising of your right to opt out.

(v) Regarding web audience tracking statistics:

Information stored in users' terminals, or any other means used to identify users and enabling them to be tracked or to measure the frequency of their visits, shall be retained for no longer than thirteen (13) months after collection of their consent.

(vii) Regarding call recording data:

The data collected from the recordings of telephone calls are kept for a maximum period of six (6) months.

(viii) Regarding the management of your requests to exercise your rights under the GDPR:

Information enabling the management of your requests to exercise your rights under the GDPR will be kept for 3 (three) years from the date of your request.

8. Security

We take all necessary precautions and appropriate organizational and technical measures to maintain the security, integrity and confidentiality of your personal data, and especially to prevent it from being altered or damaged and to prevent any third party from accessing it.

This includes:

  • Following OWASP security guidelines and use top-notch software technologies to mitigate against software vulnerabilities.

  • Protecting customers from threats by applying security controls at every layer from physical to application, and with the ability to rapidly deploy security updates without service interruption.

  • Using DDoS protection can ensure that you will be able to run your event safely, and won't get impacted by any disturbance on the network.

  • Requiring strong passwords when registering to use the platform (and verifying that the passwords given by users are not compromised)

  • Respecting the security measures put in place by our data hosting provider, Amazon Web Service

  • Enforcing a strong data access control policy, on a need to-know-basis

  • Anonymizing logs collected

9. Hosting

Your data is stored solely on the servers of Amazon Web Service, located in Ireland, within the European Union.

Your data will not be transferred outside the European Union as part of our conditions of use of the services we offer.

10. Cookies and analytics

We use cookies to make interactions with our service easy and meaningful. We use cookies (and similar technologies, like HTML5 localStorage) to keep you logged in, remember your preferences, and provide information for future development of Airfair.io.

A cookie is a small piece of text that our web server stores on your computer or mobile device, which your browser sends to us when you return to our site. Cookies do not necessarily identify you if you are merely visiting Airfair.io; however, a cookie may store a unique identifier for each logged in user. The cookies Airfair.io sets are essential for the operation of the website, or are used for performance or functionality. By using our website, you agree that we can place these types of cookies on your computer or device. If you disable your browser or device’s ability to accept cookies, you will not be able to log in or use Airfair.io’s services.

Airfair.io sets the following cookies on our users for the following reasons:

Necessary :

  • Authentication cookie (stored for 15 days)

  • Messaging cookie

Performance & analytics:

  • Sentry.io

  • Google analytics

3rd-party:

  • Customer service: Intercom

  • Messaging: Sendbird

Certain pages on our site may set other third party cookies. For example, we may embed content, such as videos, from another site that sets a cookie. While we try to minimize these third party cookies, we can’t always control what cookies this third party content sets.

11. Access to and rectification, restriction or erasure of your personal data

You have the right to obtain and, where appropriate, rectify or delete any data concerning you, via online access to your account. You can also get in touch with the point of contact indicated in Article 17.

You can request the restriction of processing of personal data concerning you in certain cases as defined in Article 18 of the GDPR.

Finally, we would like to remind those whose data is collected on the basis of our legitimate interests, as mentioned in the Article “Legal basis for processing your data”, that they may at any time oppose the processing of data concerning them. We may, however, be required to continue processing their data if there are legitimate reasons for this processing which may prevail over your rights and freedoms or if the processing is necessary to establish, exercise or defend our legal rights.

You can unsubscribe from our promotional emails using the link provided in our emails. Even if you choose to no longer receive promotional messages from us, you will continue to receive our administrative messages.

12. Portability of your personal data

You have data portability rights regarding the personal data that you provide us, understood as data that you have actively and consciously declared in order to access and use our services, as well as data generated from your activity using the services. We remind you that these rights do not relate to data collected and processed on any other legal basis than the consent or implementation of the contract binding us.

These rights can be exercised free of charge, at any time, and in particular when closing your account on the Platform, in order to recover and keep your personal data.

In this context, we will send you your personal data, through any pertinent channels, in a commonly-used and machine-readable standard open format, in accordance with industry standards.

13. Lodging a complaint with a supervisory authority

You are also hereby informed that you have the right to lodge a complaint with a competent supervisory authority (e.g. the French National Commission for Information Technology and Liberties in France - CNIL) in the Member State in which your place of residence or your workplace is located, or the place where your rights have been violated, if you consider that the processing of your personal data within the context of this Policy constitutes a violation of the applicable legal texts.

Such a complaint may be brought before an administrative or jurisdictional court without prejudice to any other claim. In such a case, you also have the right to an effective judicial and administrative redress if you consider that the processing of your personal data within the context of this Policy constitutes a violation of the applicable legal texts.

14. Right to define guidelines for the processing of your data after your death

You have the right to define guidelines for the retention, erasure and communication of your personal data after your death. These directives can be general i.e. relating to all personal data concerning you. In this case, they must be registered with a trusted digital third party certified by the CNIL (French Data Protection Agency). Directives may also be specific to data processed by our company. In this case, you should send these directives to us at the points of contact indicated in Article 17. You can designate in your directives a person responsible for seeing to it that your directives are carried out. This person will then be authorized, after you pass away, to review the aforementioned directives and request that we carry them out. If you do not specify a particular person, your heirs will be authorized to review the aforementioned directives and request that we carry them out. You can change or revoke your guidelines at any time.

15. Data of minors

We do not knowingly collect, retain or process personal information from children under the age of 13, and no part of our service is intended for children, except in the case it was duly authorized by their legal representatives. If you learn that a child has provided us with personal information in violation of this privacy policy, you can notify us at dpo@Airfair.io

16. Amendments

We reserve the right to amend this privacy policy Policy at any moment, at our sole discretion, either in its entirety or in part. Such amendments shall come into effect once the new Policy is published.

Your use of the Platform following the entry into effect of these amendments, shall constitute acknowledgement and acceptance of the new Policy. Failing that, and if you are not in agreement with the new Policy, you should refrain from accessing the Platform.

17. Point of contact for personal data

If you have any questions regarding our data processing activities, or if you wish to exercise any of your rights, you can contact us at the following points of contact:

- Email Address: dpo@airfair.io

- Postal address : 7 Place de l'Hôtel de Ville 93600 Aulnay-sous-Bois

Did this answer your question?