Effective Date: March 16, 2021
Customers: Our Customers are typically large corporations and organizations that contract with Certain to provide one or more Certain Services for managing their conferences and other events. The Customer’s employees, independent contractors, and other associates interact with the Certain Services on behalf of the Customer.
Customer Contacts: These are individuals and businesses who interact with our Customers through one or more Certain Services in connection with our Customer’s event. They include attendees who register for the event using Certain Services; exhibitors; suppliers of services to our Customer for the event (such as hotels, convention and visitor bureaus, and destination management companies); and buyers of services on behalf of our Customer to manage the event.
Visitors: These are individuals who interact with certain.com in order to learn more about Certain and our services, to request a demo, to download information, or similar purposes.
What kinds of Personal Data do our Customers collect?
Our Certain Services allow our Customers to collect a variety of Personal Data from and about their Customer Contacts such as name, organization, title, mailing address, e-mail address, telephone number, social media account ID, credit or debit card number, and content that the Customer Contact chooses to upload.
How do our Customers collect Personal Data?
One way our Customers collect Personal Data is that our Customer’s event attendees view a Certain-Powered Website that contains questions created by our Customer. By responding to these questions, the attendee gives our Customer information about the attendee’s plans for attending that specific meeting. The same process is used by our Customer to register attendees. Other similar methods are made available to Customer Contacts to voluntarily provide information to our Customer.
Also, our Customers collect Personal Data by entering information regarding Customer Contacts into a Certain-Powered Website, when permitted by applicable law, including by having a legitimate business interest or obtaining explicit consent from a Customer Contact.
Personal Data may be collected by our Customer automatically, as Customer Contacts interact with our Certain Services, using customary information-gathering technologies such as cookies.
How do our Customers use Personal Data?
Our Customers use Personal Data in planning and managing their events and related activities. For example, if a Customer Contact chooses to use the Certain Services to conduct business with our Customer (such as registering for an event, or providing input related to the event), any Personal Data or other information provided by the Customer Contact will be transferred to, and under the control of, our Customer.
Our Customers will also have access to information (including Personal Data) related to how the Customer Contact interacts with the Certain Services they choose to use.
In collecting and using Personal Data, our Customers act as data controllers with regard to the Customer Contact, under the European Union General Data Protection Regulation (“GDPR”). Certain cannot, and does not, take responsibility for the privacy practices of our Customers or their meeting planners, event organizers, or other suppliers. Certain encourages Customer Contacts to review the particular Customer’s privacy policies to understand its privacy practices and procedures.
How does Certain process Personal Data collected by our Customers?
Certain processes Personal Data of Customer Contacts that has been collected by our Customers solely to provide the Certain Services that our Customers have contracted us to provide, as described below, or as required by law. In using and processing Personal Data, Certain acts under the GDPR solely (a) as the data processor with regard to the Customer Contact and (b) as instructed by our Customer as the data controller.
- To provide the contracted Certain Services to our Customers and their Customer Contacts.
- To prevent or address service or technical problems and responding to support issues.
- Responding to our Customer’s instructions or as may be required by law, in accordance with the relevant agreement between our Customer and Certain.
- In certain situations, Certain may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
- As required by law, such as to comply with a subpoena, or similar legal process.
- When we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
- If Certain is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Website of any change in ownership or uses of your Personal Data, as well as any choices you may have regarding your Personal Data.
- To establish and utilize, in conjunction with the information technology infrastructure, including data mining and other advanced analytical tools, in order to access, receive, and analyze data and information in furtherance of Certain’s business and market intelligence capabilities.
- To any other third party with your prior consent to do so.
On what legal basis does Certain process Personal Data collected by our Customers?
We will only process Personal Data if we have a legal basis for doing so. Lawful bases for processing include your consent, processing that is necessary for the performance of a contract with our Customer, and our “legitimate interests” or the legitimate interest of others (e.g. our Customers) such as:
- Personalizing, improving or operating our services and business.
- Better understanding the needs and interests of our Customers and Customer Contacts.
- Fulfilling requests related to the Certain Services.
- Complying with our legal and contract obligations, resolving disputes with users, and enforcing our agreements.
- Protecting, investigating and deterring fraudulent, harmful, unauthorized or illegal acts.
How long does Certain store Personal Data?
We will retain Personal Data for as long as your account is active or as needed to provide you services. We will retain and use Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Unless otherwise provided in our contract with our Customer, when the contract terminates we generally process Personal Data for no more than ninety (90) days after termination and then remove it from our system.
When the Personal Data is credit card information, we store it for a shorter period. Certain collects credit card data and names in order to process credit card transactions, and the data is passed on to a credit card processor such as MasterCard or Visa to complete each transaction. With the exception of the credit card number, Certain does not store any of that transaction’s Personal Data. The credit card number is stored on our secure servers for a maximum of ninety (90) days, primarily for the convenience of the customer who makes another transaction during that 90-day period.
What are your rights to access, rectify, or erase your Personal Data?
Individuals in certain jurisdictions, such as the European Union, have certain rights with respect to their Personal Data, such as rights to access it; correct inaccurate information; object to its collection or use for certain purposes; erase it; restrict its further processing; ask for a copy; withdraw your consent of processing; and file a complaint with the appropriate supervisory authority.
Certain respects your control over your information and, upon request, we will confirm whether we hold or are processing information that we have collected from you. You also have the right to amend or update inaccurate or incomplete personal information, request deletion of your personal information, or request that we no longer use it. Under certain circumstances we will not be able to fulfill your request, such as if it interferes with our regulatory obligations, affects legal matters, we cannot verify your identity, or it involves disproportionate cost or effort, but in any event we will respond to your request within a reasonable timeframe and provide you an explanation. In order to make such a request of us, please email us at firstname.lastname@example.org.
Certain processes Personal Data under the direction and instructions of our Customers and has no direct control or ownership of the Personal Data. Our Customers are responsible as data controllers for complying with any laws or regulations requiring notice, disclosure or obtaining consent prior to transferring Personal Data to Certain for processing. Any Customer Contact that wishes to exercise any of the rights mentioned above should directly contact our Customer. If our Customer instructs Certain to remove particular Personal Data in accordance with applicable law, Certain will process this instruction within thirty (30) days.
Technologies such as: cookies, beacons, tags and scripts are used by Certain and our partners, affiliates, analytics and related service providers in connection with Certain Websites and Certain-Powered Websites in providing the Certain Services and related customary business purposes. These technologies are used in analyzing trends, administering the site, tracking user movements around the site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.
Log Files – As is true of most websites, we gather certain information automatically and store it in log files. This information may include Internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. We do not link this automatically collected data to other information we collect about you.
We use Local Storage Objects (LSOs) such as HTML5 to store content information and preferences. Third parties with whom we partner to provide features on our site, or to display advertising based upon a user’s Web browsing activity, use LSOs such as HTML5 or Flash to collect and store information. Various browsers may offer their own management tools for removing HTML5 LSOs. To manage Flash LSOs please click here: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html
How does Certain handle Personal Data of Visitors?
A Visitor who is examining certain.com for informational purposes will have Personal Data, such as the Visitor’s IP address, collected as described above regarding cookies and similar technologies.
If a Visitor requests a demo of the Certain Services or decides to download a buyer’s guide, with the Visitor’s permission we will collect and/or process Personal Data such as the Visitor’s name, email address and phone number. We will use this information to fulfill the Visitor’s order, send the Visitor the requested product or service information or respond to customer service requests.
The Personal Data of Visitors has substantially the same rights as Personal Data of Customer Contacts.
How does Certain transfer Personal Data?
If you choose to provide us with your Personal Data, we may transfer that Personal Data within Certain, across borders and from your country to other countries around the world.
EU – U.S. and Swiss – U.S. Privacy Shield
The Department of Commerce, with the European Commission and the Swiss government, created the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks to provide companies with a mechanism to transfer personal data from the European Union to the United States in a manner that provides an adequate level of protection for the purpose of European data protection law.
Certain, Inc. has certified its compliance with the EU-U.S. and Swiss-U.S. Privacy Shield frameworks to the U.S. Department of Commerce and has been added to the Department of Commerce’s list of self-certified Privacy Shield participants. The certification in this program confirm that we comply with the Privacy Shield Principles for the transfer of the European, the United Kingdom and the Swiss personal data to the United States. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield list: https://www.privacyshield.gov
Certain is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Certain complies with the Privacy Shield Principles for all onward transfers of personal transfers from the EU, UK and Switzerland, including the onward transfer liability provisions.
With respect to Personal Data received or transferred pursuant to the Privacy Shield Framework, Certain is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Certain may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
The security of your Personal Data is important to us. When you enter information on our site we encrypt the transmission of that information using reasonably secure connectivity that leverages TLS (transport layer security).
We follow generally accepted standards to protect the Personal Data submitted to us, both during transmission and once we receive it. If you have any questions about security on our site, you can contact us at email@example.com.
You may choose whether or not to provide Personal Data to Certain. If you choose not to provide the Personal Data we request, you can still visit most of the Certain-Powered Websites, but you may be unable to access certain options, offers and services (such as Certain software) that involve our interaction with you.
When we collect your Personal Data, we will provide a means for you to opt-out of Certain sharing your Personal Data with our business partners. For example, should you elect to receive our Newsletter and/or promotional communications, you may opt-out of receiving further communications by following those instructions in the email and/or via the unsubscribe link contained in the email. Even if you opt-out of such uses, you understand and consent to Certain sharing your Personal Information with third party payment processors to help us deliver programs, products, information and services.
For attendees of our Customer’s event, if you decide to use Certain’s services we will only send email messages directly relating to registrations, including:
- Confirmation of completed registration
- Notice of incomplete registration
- Additional information about the event or your registration
- We do not allow users to elect not to receive these messages, because they are vital to completing the registration process.
Our Customer has the option of using your Personal Data, which we provide to them, in order to send you information. Certain is not responsible for the privacy practices of our Customers.
Links to Other Websites
Blog / Forum
Customer Testimonials & Reviews
We may post our clients’ comments, testimonials & reviews on our website which may contain Personal Data. We do obtain the customer’s consent via email prior to posting the testimonial to post their name along with their comments. If you wish to update or delete your testimonial, you can contact us at firstname.lastname@example.org.
Social Media Widgets
Service Provider Disclosure
The use of information collected through the Certain Services shall be limited to the purpose of providing the service for which the Customer has engaged Certain.
Certain processes information under the instructions of its Customer and has no direct relationship with the individuals whose Personal Data it processes. Certain acknowledges that you have the right to access your Personal Data. If you are a customer of one of our Customers and would no longer like to be contacted by one of our Customers that use our service, please contact the Customer that you interact with directly. We may transfer Personal Data to companies that help us provide our service. Transfers to subsequent third parties are covered by the service agreements with our Customer.
Certain, Inc. | 75 Hawthorne Street, Suite 550 | San Francisco, CA 94105