Customers: Our Customers are typically large corporations and organizations that contract with Certain to provide one or more Certain Services for managing their conferences and other events. The Customer’s employees, independent contractors, and other associates interact with the Certain Services on behalf of the Customer.
Customer Contacts: These are individuals and businesses who interact with our Customers through one or more Certain Services in connection with our Customer’s event. They include attendees who register for the event using Certain Services; exhibitors; suppliers of services to our Customer for the event (such as hotels, convention and visitor bureaus, and destination management companies); and buyers of services on behalf of our Customer to manage the event.
Visitors: These are individuals who interact with certain.com in order to learn more about Certain and our services, to request a demo, to download information, or similar purposes.
Our Certain Services allow our Customers to collect a variety of Personal Data from and about their Customer Contacts such as name, organization, title, mailing address, e-mail address, telephone number, social media account ID, credit or debit card number, and content that the Customer Contact chooses to upload.
One way our Customers collect Personal Data is that our Customer’s event attendees view a Certain-Powered Website that contains questions created by our Customer. By responding to these questions, the attendee gives our Customer information about the attendee’s plans for attending that specific meeting. The same process is used by our Customer to register attendees. Other similar methods are made available to Customer Contacts to voluntarily provide information to our Customer.
Also, our Customers collect Personal Data by entering information regarding Customer Contacts into a Certain-Powered Website, when permitted by applicable law, including by having a legitimate business interest or obtaining explicit consent from a Customer Contact.
Personal Data may be collected by our Customer automatically, as Customer Contacts interact with our Certain Services, using customary information-gathering technologies such as cookies.
Our Customers use Personal Data in planning and managing their events and related activities. For example, if a Customer Contact chooses to use the Certain Services to conduct business with our Customer (such as registering for an event, or providing input related to the event), any Personal Data or other information provided by the Customer Contact will be transferred to, and under the control of, our Customer.
Our Customers will also have access to information (including Personal Data) related to how the Customer Contact interacts with the Certain Services they choose to use.
In collecting and using Personal Data, our Customers act as data controllers with regard to the Customer Contact, under the European Union General Data Protection Regulation (“GDPR”). Certain cannot, and does not, take responsibility for the privacy practices of our Customers or their meeting planners, event organizers, or other suppliers. Certain encourages Customer Contacts to review the particular Customer’s privacy policies to understand its privacy practices and procedures.
Certain processes Personal Data of Customer Contacts that has been collected by our Customers solely to provide the Certain Services that our Customers have contracted us to provide, as described below, or as required by law. In using and processing Personal Data, Certain acts under the GDPR solely (a) as the data processor with regard to the Customer Contact and (b) as instructed by our Customer as the data controller.
We will only process Personal Data if we have a legal basis for doing so. Lawful bases for processing include your consent, processing that is necessary for the performance of a contract with our Customer, and our “legitimate interests” or the legitimate interest of others (e.g. our Customers) such as:
We will retain Personal Data for as long as your account is active or as needed to provide you services. We will retain and use Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Unless otherwise provided in our contract with our Customer, when the contract terminates we generally process Personal Data for no more than ninety (90) days after termination and then remove it from our system.
When the Personal Data is credit card information, we store it for a shorter period. Certain collects credit card data and names in order to process credit card transactions, and the data is passed on to a credit card processor such as MasterCard or Visa to complete each transaction. With the exception of the credit card number, Certain does not store any of that transaction’s Personal Data. The credit card number is stored on our secure servers for a maximum of ninety (90) days, primarily for the convenience of the customer who makes another transaction during that 90-day period.
Individuals in certain jurisdictions, such as the European Union, have certain rights with respect to their Personal Data, such as rights to access it; correct inaccurate information; object to its collection or use for certain purposes; erase it; restrict its further processing; ask for a copy; withdraw your consent of processing; and file a complaint with the appropriate supervisory authority.
Certain respects your control over your information and, upon request, we will confirm whether we hold or are processing information that we have collected from you. You also have the right to amend or update inaccurate or incomplete personal information, request deletion of your personal information, or request that we no longer use it. Under certain circumstances we will not be able to fulfill your request, such as if it interferes with our regulatory obligations, affects legal matters, we cannot verify your identity, or it involves disproportionate cost or effort, but in any event we will respond to your request within a reasonable timeframe and provide you an explanation. In order to make such a request of us, please email us at email@example.com.
Certain processes Personal Data under the direction and instructions of our Customers and has no direct control or ownership of the Personal Data. Our Customers are responsible as data controllers for complying with any laws or regulations requiring notice, disclosure or obtaining consent prior to transferring Personal Data to Certain for processing. Any Customer Contact that wishes to exercise any of the rights mentioned above should directly contact our Customer. If our Customer instructs Certain to remove particular Personal Data in accordance with applicable law, Certain will process this instruction within thirty (30) days.
Technologies such as: cookies, beacons, tags and scripts are used by Certain and our partners, affiliates, analytics and related service providers in connection with Certain Websites and Certain-Powered Websites in providing the Certain Services and related customary business purposes. These technologies are used in analyzing trends, administering the site, tracking user movements around the site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.
Log Files – As is true of most websites, we gather certain information automatically and store it in log files. This information may include Internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. We do not link this automatically collected data to other information we collect about you.
We use Local Storage Objects (LSOs) such as HTML5 to store content information and preferences. Third parties with whom we partner to provide features on our site, or to display advertising based upon a user’s Web browsing activity, use LSOs such as HTML5 or Flash to collect and store information. Various browsers may offer their own management tools for removing HTML5 LSOs. To manage Flash LSOs please click here: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html
A Visitor who is examining certain.com for informational purposes will have Personal Data, such as the Visitor’s IP address, collected as described above regarding cookies and similar technologies.
If a Visitor requests a demo of the Certain Services or decides to download a buyer’s guide, with the Visitor’s permission we will collect and/or process Personal Data such as the Visitor’s name, email address and phone number. We will use this information to fulfill the Visitor’s order, send the Visitor the requested product or service information or respond to customer service requests.
The Personal Data of Visitors has substantially the same rights as Personal Data of Customer Contacts.
If you choose to provide us with your Personal Data, we may transfer that Personal Data within Certain, across borders and from your country to other countries around the world.
EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework
Certain is responsible for the processing of personal data it receives, under the EU-U.S. DPF and Swiss-U.S. DPF, and subsequently transfers to a third party acting as an agent on its behalf. Certain complies with the EU-U.S. DPF and Swiss-U.S. DPF Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
The Federal Trade Commission [OR U.S. Department of Transportation] has jurisdiction over Certain’s compliance with the EU-U.S. DPF and Swiss-U.S. DPF. In certain situations, Certain may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the EU-U.S. DPF and the Swiss-U.S. DPF, Certain commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the Swiss-U.S. DPF to TRUSTe, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. These dispute resolution services are provided at no cost to you.
For complaints regarding EU-U.S. DPF and Swiss-U.S. DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.
All elements of the Certain Information Technology Operations and Security Program are structured to minimize or prevent damage that could result from accidental or intentional events. This includes actions that might lead to breach of confidentiality, result in fraud or abuse, or delay the execution of operations. To learn more about our data retention policy in its suite of applications, please click HERE.
The security of your Personal Data is important to us. When you enter information on our site we encrypt the transmission of that information using reasonably secure connectivity that leverages TLS (transport layer security).
We follow generally accepted standards to protect the Personal Data submitted to us, both during transmission and once we receive it. If you have any questions about security on our site, you can contact us at firstname.lastname@example.org.
You may choose whether or not to provide Personal Data to Certain. If you choose not to provide the Personal Data we request, you can still visit most of the Certain-Powered Websites, but you may be unable to access certain options, offers and services (such as Certain software) that involve our interaction with you.
When we collect your Personal Data, we will provide a means for you to opt-out of Certain sharing your Personal Data with our business partners. For example, should you elect to receive our Newsletter and/or promotional communications, you may opt-out of receiving further communications by following those instructions in the email and/or via the unsubscribe link contained in the email. Even if you opt-out of such uses, you understand and consent to Certain sharing your Personal Information with third party payment processors to help us deliver programs, products, information and services.
For attendees of our Customer’s event, if you decide to use Certain’s services we will only send email messages directly relating to registrations, including:
Our Customer has the option of using your Personal Data, which we provide to them, in order to send you information. Certain is not responsible for the privacy practices of our Customers.
We may post our clients’ comments, testimonials & reviews on our website which may contain Personal Data. We do obtain the customer’s consent via email prior to posting the testimonial to post their name along with their comments. If you wish to update or delete your testimonial, you can contact us at email@example.com.
The use of information collected through the Certain Services shall be limited to the purpose of providing the service for which the Customer has engaged Certain.
Certain processes information under the instructions of its Customer and has no direct relationship with the individuals whose Personal Data it processes. Certain acknowledges that you have the right to access your Personal Data. If you are a customer of one of our Customers and would no longer like to be contacted by one of our Customers that use our service, please contact the Customer that you interact with directly. We may transfer Personal Data to companies that help us provide our service. Transfers to subsequent third parties are covered by the service agreements with our Customer.
Certain, Inc. | 1 Montgomery Street, Suite 3440 | San Francisco, CA 94104