We are GDPR & ISO Compliant following EU standards.
1 WHO WE ARE
We at NetworkTables B.V. with its registered business in The Netherlands, Reg. No 64468062 (“Krowden,” “we,” “us,” “our”) know that our users (“you,” “your”) care about how your personal information is used and shared, and we take your privacy seriously. Through our platform, apps and services, designed by event managers, we help your attendees to meet the right people and make networking more efficient at your events all over the world.
Krowden’s representative for European data protection law purposes is Krowden B.V. with its principal place of business at Singel 542, 1017AZ, Amsterdam, The Netherlands.
If you have any questions or concerns at any time, please do not hesitate to contact us at firstname.lastname@example.org.
Through the Services, Krowden provides a simple and easy way for registered users who are event Organizers, planners and charitable organizations (“Organizers”) to create event session registration, attendee profile, speaker profile, Organizer profile, fundraising and other webpages related to their events, to promote those pages and events to visitors or browsers of the Services and to handle registrations related to those events to users who wish to make registrations from or to such events (“Attendees”). We refer to Organizers, Attendees and other visitors and browsers of the Services collectively as “Users” or “you.”
2.1 The EU General Data Protection Regulation (GDPR)
From 25th of May 2018, a new data privacy law known as the EU General Data Protection Regulation (or the “GDPR”) becomes effective. The GDPR requires Krowden and Organizers using the Service to provide Users with more information about the processing of their Personal Data.
Legal grounds for processing your Personal Data
The GDPR requires us to tell you about the legal ground we’re relying on to process any Personal Data about you. The legal grounds for us processing your Personal Data for the purposes set out in Section 4 above will typically be because: • you provided your consent; • it is necessary for our contractual relationship; • the processing is necessary for us to comply with our legal or regulatory obligations; and/or • the processing is in our legitimate interest as an event organizing and networking platform (for example, to protect the security and integrity of our systems and to provide you with customer service, etc.).
Transfers of Personal Data
As Krowden is a global company, we may need to transfer your Personal Data outside of the country from which it was originally provided. This may be intra-group or to third parties that we work with who may be located in jurisdictions outside the EEA, Switzerland and the UK. In case data is stored outside the EU, we always ensure the same Privacy & Security Standards apply as the country the data was collected (EU by ensuring at least one of the following safeguards is implemented:
We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. Where we use providers based in the US, we only transfer data to them under the scope of a Data Processing Agreement which incorporates Standard Contractual clauses or Binding Corporate rules which require them to provide similar protection to personal data shared between Europe and the US.
All third parties are GDPR compliant and we have signed DPA’s with third parties which are available on request, please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA: email@example.com.
Personal Data retention
We retain your personal information where we are providing ongoing service or have an ongoing business, legal need to do so, or for other important purposes such as complying with legal obligations, resolving disputes, and enforcing our agreements.
Our retention periods are depending on the type of data involved. Generally, we’ll refer to these criteria in order to determine the retention period:
Whether we have a legal or contractual need to retain the data.
Whether the data is necessary to provide our Service.
Whether you have the ability to access and delete the data within your account.
Whether you would reasonably expect that we would retain the data until you remove it or until the accounts are closed or terminated.
In the event you withdraw your consent or you object to our use of your personal data, and such objection is successful, we will remove your personal data from our databases. If you have an account with us, we will typically retain your Personal Data for a period of 90 days after you have requested that your account is closed.
Data protection law provides you with rights in respect of Personal Data that we hold about you, including the right to request a copy of the Personal Data, request that we rectify, restrict or delete your Personal Data, object to profiling and unsubscribe from marketing communications.
For the most part, you can you can exercise these rights by logging in and visiting the My Profile page or changing the “cookie settings” in your browser. If you can’t find what you’re looking for in the My Profile page, please contact us: firstname.lastname@example.org. Please note that requests to exercise data protection rights will be assessed by us on a case-by-case basis. There may be circumstances where we are not legally required to comply with your request because of the laws in your jurisdiction or because of exemptions provided for in data protection legislation.
If you have a complaint about how we handle your Personal Data, please get in touch with us. If you are not happy with how we have attempted to resolve your complaint, you may contact the relevant data protection authority.
Krowden as a data controller and a data processor
EU data protection law makes a distinction between organisations that process Personal Data for their own purposes (known as “data controllers”) and organisations that process personal data on behalf of other organisations (known as “data processors”). If you have a question or complaint about how your Personal Data is handled, these should always be directed to the relevant data controller since they are the ones with primary responsibility for your Personal Data.
Krowden may act as either a data controller or a data processor in respect of your Personal Data, depending on the circumstances. In most cases, we are the data processors, and the event organizer is the data controller.
For example, if you use your account with us to create events as an event organizers, Krowden will be a data controller in respect of the Personal Data that you provide as part of your account. We will also be a data controller of the Personal Data that we have obtained about the use of the Applications or Properties, which could relate to Organizers or Attendees. We use this to conduct research and analysis to help better understand and serve Users of the Services as well as to improve our platform and provide you with more targeted recommendations about features we think may be of interest to you.
However, if you are imported as an Attendee, we will process your Personal Data to help administer that event on behalf of the Organizer (for example, sending confirmation, promotional and feedback emails, processing payments, etc.) and to help the Organizer target, and understand the success of, their event and event planning (for example, providing event reports, using analytics to gain insights into the effectiveness, etc.). In these circumstances, we merely provides the “tools” for Organizers; we do not decide what Personal Data to request on questionnaire forms, nor is it responsible for the continued accuracy any Personal Data provided. Any questions that you may have relating to your Personal Data and your rights under data protection law should therefore be directed to the Organizer as the data controller, not to Krowden.
2.1.1 Our Commitment & Adoption
We’re committed to partnering with all Users using Krowden to help them understand and prepare for the GDPR. On this page, we’ll explain our approach to achieving GDPR-compliance, both for ourselves and for our Users.
Krowden way of Adoption
Krowden’s service offerings and contractual commitments are in line with GDPR requirements. Measures to have achieved this include:
Changes in our product itself. We are changing our user interfaces (userview and management panel) and service offerings in order to give all users (both Organizers and Attendees) more visibility, transparency and control over the data they submit to / via Krowden.
Behind the scenes. We continuously improve our infrastructure, to fulfil all the requirements and obligations connected to continuous security monitoring, data breaches and security incident management.
Any User willing to enter into a Data Processing Addendum (“DPA”) with Krowden is welcome to use our template. Please reach out to us to learn more about next steps: email@example.com.
Continue to monitor the guidance around GDPR compliance from privacy-related regulatory bodies, and will adjust our plans accordingly if it changes.
Fulfilling our privacy and data security commitments is important to us. So we’re happy to help you prepare for all the changes the GDPR brings. If you have any questions about how we can help you with compliance, reach out: firstname.lastname@example.org.
3 DATA WE COLLECT
In case you use or interact with us through our Services, we may gather various types of Personal Data. Sometimes its on behalf the Organiser using our Services and other times this will be on behalf of us. This distinction is important for the EU data protection law purposes and is further explained in Section 9 The EU General Data Protection Regulation (GDPR) below.
We differentiate 3 types: All Users, Organizers and Attendees.
3.1 All Users
3.1.1 Information you provide to us:
For all Users, we receive and store any Personal Data you voluntarily provide such information to the Services, such as when you register for access to the Services, contact us with inquiries or questions, respond to one of our surveys or browse or use certain parts of the Services. The Personal Data we may collect includes without limitation your name, address, email address and other information that enables Users to be personally identified.
3.1.2 Information we automatically collect:
When you register for the Services or otherwise submit Personal Data to us, we may associate other Non-Personal Data (including Non-Personal Data we collect from third parties) with your Personal Data. At such instance, we will treat any such combined data as your Personal Data until such time as it can no longer be associated with you or used to identify you.
As an Organizer we collect additional Personal Data from you.
3.2.1 Information you provide to us:
In some cases, we may collect your credit card information, some of which may constitute Personal Data, to secure certain payments. In addition, if you use our payment processing services, we will collect financial information from you as necessary to facilitate payments and information required for tax purposes (e.g., your taxpayer identification number).
3.2.2 Information we obtain from other sources:
We may collect or receive Personal Data from third party sources, such as third party websites, your bank, our payment processing partners and credit reporting agencies.
As an Attendee we collect additional Personal Data from you. Sometimes on behalf of the Organizer and other times for our own purposes: see 2.1 The EU General Data Protection Regulation (GDPR) for more information.
3.4 Information you provide via our Services:
When event organizers invite you to use our Services and pre-fill any data about you including your name, email, company and position., you will provide additional information (e.g., gender, location, about me, interests etc.) some of which may constitute Personal Data. In addition, Organizers can set up event questionnaire pages to collect virtually any information from Attendees in connection with an Organizer’s event listed on the Services. Krowden does not control an Organiser’s registration process nor the Personal Data that they collect.
In addition, Personal Data collected on behalf of Organisers is provided to the Organizer of the applicable event in accordance with “Disclose and Transfer of Data: Organizers” below.
3.5 Information we obtain from other sources:
We may collect or receive Personal Data from third party sources, such as Organizers, other Attendees, social media or other third party integrations, your credit card issuing bank, our payment processing partners or other third parties.
4 USE OF INFORMATION
4.1 All Users
4.1.1 Specific Reason
If you provide Personal Data for a certain purpose, we may use the Personal Data in connection with the purpose for which it was provided. For instance, if you contact us by e-mail, we will use the Personal Data you provide to answer your question or resolve your problem and will respond to the email address from which the contact came.
4.1.2 Internal Business Purposes
We may use your Personal Data for internal business purposes, including without limitation, to help us improve the content and functionality of the Services, to better understand our Users, to improve the Services, to protect against, identify or address wrongdoing, to enforce our agreements, to manage your account and provide you with customer service, and to generally manage the Services and our business.
4.1.3 Organizer Emails
We allow Organizers to use our email tool to contact Attendees for their current and past events, so you may receive emails from our system that originate with such Organizers. Organizers may import the email addresses they have from external sources and send communications through the Services to those email addresses and we will deliver those communications to those email addresses on the Organizer’s behalf. The Organiser (and not Krowden) is responsible for sending these emails. See “Opt Out from Electronic Communications” below on how to opt out of these Organizer initiated communications.
4.1.4 Other Purposes
4.1.5 Aggregated Personal Data
As an Organizer we collect additional Personal Data from you.
4.2.1 Krowden Marketing Communication
Where it is in accordance with your marketing preferences, we may use your Personal Data to contact you in the future for our marketing and advertising purposes, including without limitation, to inform you about services or events we believe might be of interest to you, to develop promotional or marketing materials and provide those materials to you, and to display content and advertising on or off the Services that we believe might be of interest to you. See “Opt Out from Electronic Communications” below on how to opt out of Krowden Marketing Communication.
5 DISCLOSURE AND TRANSFER OF DATA
5.1 Not selling
We consider this information to be a vital part of our relationship with you. Therefore, we will not sell your Personal Data to third parties, including third party advertisers. There are, however, certain circumstances in which we may disclose, transfer or share your Personal Data with certain third parties without further notice to you, as set forth below.
5.2 Business Transfers
5.3 Sharing Data
We may share your Personal Data with our contractors and service providers who process Personal Data on behalf of Krowden to perform certain business-related functions. These companies include our database providers, email service providers, backup and disaster recovery service providers and others as listed in Krowden Sub Processors. When we engage another company to perform such functions, we may provide them with information, including Personal Data, in connection with their performance of such functions.
We provide the Personal Data entered on the applicable event or related event page to the Organizers of such event or event page. We may provide your Personal Data to the Organizer of the event to which the event page is linked. In some instances, an Organizer may appoint a third party, which may or may not be affiliated with the Organizer, to create an event or event page on its behalf (we call these third parties “Third Party Organizers”). In that case we may provide your personal data to the Third Party Organizers on behalf of the Organizers. You agree that we are not responsible for the actions of these Organizers, or their Third Party Organizers, with respect to your Personal Data. It is important that you review the applicable policies of the Organizers, and if applicable and available, their appointed Third Party Organizers, of an event (and the related event page, if applicable) before providing Personal Data or other information in connection with that event or related event page.
5.5 Third Party Connections
5.6 Disclosing information
We may disclose your information to third parties if we determine that such disclosure is reasonably necessary to (a) comply with the law; (b) protect any person from death or serious bodily injury; (c) prevent fraud or abuse of our Services or our users; or (d) protect our property rights.
6 ACCESS, STORAGE & PROTECTION OF DATA
6.1 Access, updating, deleting your personal data
You can request access to some of your Personal Data being stored by us. You can ask us to correct, delete or update any inaccurate Personal Data that we process about you.
If you are a registered User, you can exercise these rights by logging in and visiting the Edit Profile page. Both registered and unregistered Users may also exercise these rights by contacting us directly by email: email@example.com.
If an Attendee initiates a data deletion request, Krowden is authorised to delete or anonymize Personal Data of the requesting Attendee from the Services even if that means removing its availability to the Organizer through the Services. However, if you are an Attendee, you understand that even if we delete or anonymize your Personal Data upon your request or pursuant to this Policy, your Personal Data may still be available in the Organiser’s own databases if transmitted to the Organiser prior to Krowden receiving or taking action on any deletion or anonymization activity. Krowden will inform the Organiser after your request.
6.2 Storage & Duration
We take what we believe to be reasonable steps to protect the Personal Data that is collected via the Services from loss, misuse, unauthorized use, access, inadvertent disclosure, alteration and destruction. We continue to develop features that allow us to keep your information safe and secure. However, no network, server, database or Internet or e-mail transmission is ever fully secure or error free and we cannot and do not promise, represent, warrant or guaranty that your information or any information about you will not accessed by third parties or misused by them in spite of our security efforts. That’s why you should take special care in deciding what information you send to us. Please keep this in mind when disclosing any Personal Data. We are not liable to you for any misuse or disclosure.
7.1 Opt Out from Electronic Communications.
7.1.1 Krowden Marketing Communications
If we ever send you (“Organizers”) information by e-mail concerning new products, services or information that you did not expressly request, we will provide you with an e-mail address by which you may request no further notices. We do not send emails to your event “Attendees” – if you are an event attendee, see 7.1.2 how event organizers communicate with you via our platform.
Where it is in accordance with your marketing preferences, Krowden may send you electronic communications marketing or advertising the Services themselves or events on the Services, to the extent you have registered for the Services. You can also “opt out” of receiving these electronic communications by clicking on the “Unsubscribe” link at the bottom of any such electronic communication or email us: firstname.lastname@example.org
7.1.2 Communications initiated by Organizer
Organizers use our email tools to send electronic communications to those on their event attendee or email subscription lists, including Attendees who have registered for their events in the past. Although these electronic communications are sent through our system, Krowden does not determine the content or the recipients of these electronic communications. Organizers are required to use our email tools only in accordance with all applicable laws. Krowden provides an “Unsubscribe” link on each of these emails, which allows recipients to “opt out” of electronic communications from the particular Organizer.
7.1.3 Transactional or Responsive Communications
Certain electronic communications from Krowden are responsive to your requests. For instance, if you are an Attendee, we must email you your loginlink or schedule on behalf of the Organizer. As for example, if you email our customer support department, we will return your email. Notwithstanding any unsubscribe election that you have made, you will still receive these transactional or responsive emails. You can stop receiving these types of emails only by contacting us: email@example.com. By electing to stop receiving all electronic communications from us or through our system you will no longer receive any updates on events you have created or on events you are registered to attend (including emails with your schedule). We do not recommend that you do this unless you plan to no longer use the Services, are not currently registered for an event, are not currently organising an event and will have no need to receive further communications from us or through our system.
Last Revised: 25th of January 2023, 17:33 pm CEST
Krowden Data & Security
Any questions or need to conduct a DPIA, reach out to our security team.