Company Data Protection Policy
This Data Protection Policy (hereinafter “the Policy”) accounts for the personal information collected, processed and used by “CWWPL” (hereinafter “the Company” or “We”) in compliance with the provisions of Regulation 2016/679 of the European Parliament and Council of the European Union (also known as the General Data Protection Regulation or GDPR, hereinafter “GDPR”).
[ For more information on our data protection policies and procedures, you can always directly contact us at- Email: firstname.lastname@example.org.]
1. Our Company as a Data Controller-
Our Company processes Personal Data (as defined in GDPR) as a data processor, as a supplier of services, for marketing related purposes and in the course of its operations, its standard business as a To Generate Business for Exhibiting Companies & Visiting Companies and managed by the Company. It also collects personal information when co-operating with third parties / partners and with respect to the visits of this website as well as in compliance with the Company’s legal obligations or for other legitimate reasons or for reasons of public interest.
2. How we collect Personal Data-
The Company collects personal information:
- directly from the data subject; or
- indirectly, either from internal sources, including the Departments of the Company; other entities affiliated with the Company, if any; or third parties, including but not limited to agents, intermediaries, suppliers, business partners etc.
3. What kind of data we process-
We process Personal Data that includes but is not limited to:
(a) information referring to a subject’s name, gender, identity card number, contact details (full address, email address, phone number, IP address, social media posts), date and place of birth, bank or payment details, marital status, and passport, visas, tax and social security numbers, job title and role/function or other Special Categories of data as defined in the GDPR.
4. Why we process Personal Data-
Personal Data is processed by the Company, as necessary, for the performance of a contract to which the data subject is a party (as is the case with our visitors, customer or client and third-party associates), as well as for the Company’s compliance with legal obligations. We also process Personal Data for the Company’s legitimate interests and for protecting the Company’s legal position in the event of legal proceedings and/ or insurance claims and/or for protecting the Personal Data of the subject and consequently his/her vital interests.
When we need to process Personal Data to pursue our legitimate business interests, for example to prevent fraud or potential crimes, for administrative purposes or to protect the Company’s and its affiliated entities’ assets and to improve our efficiency, we exercise best efforts to avoid processing a subject’s data where these interests are overridden by the subject’s own interests and we use only procedures and technologies which are necessary, proportionate and implemented in the least intrusive manner, by appropriate procedures that ensure a balance with the subject’s fundamental rights and freedoms.
5. How we Use and Protect Personal Data-
When processing Personal Data, we do not collect more information than needed, in order to fulfil the purposes for which we process Personal Data.
We hold accurate and up to date Personal Data in the appropriate manner reasonably ensuring suitable security thereof, protection against unauthorized and/or unlawful processing, accidental loss, destruction or damage.
We restrict physical access to authorized persons (cognizant of the Company’s strict policies and procedures), we further maintain and use appropriate technical and organizational procedures and specified technological solutions as well as suitable IT systems to protect the integrity, safety, security and availability of the Personal Data we process
6. E-mail Correspondence-
Any Personal Data (name, address, title/position, contact details or information of a sensitive nature) we send and/or receive in our e-mail systems or other electronic correspondence is duly processed in compliance with the GDPR and any other applicable law and/or regulation.
Our Company uses the Personal Data contained therein and any attachments thereto lawfully, duly and in a transparent manner; for specified, explicit and legitimate purposes at all times.
Our correspondence recipients are duly informed that they have all rights and freedoms provided for by any applicable legislation regarding their Personal Data.
7. Who has Access to Personal Data-
A subject’s information is disclosed, as the case may be, only to appropriate Company’s personnel, including, obviously, the Officers of the company managed by the Company.
We may also disclose Personal Data to port, State or other competent authorities if this disclosure is mandatory under applicable laws or regulations.
Disclosure to tax authorities and to internal and/or external auditors is included.
We also disclose Personal Data to service providers onboard as well as to our agents, external consultants, training providers, business partners and/or associates and professional advisors, including but not limited to lawyers, legal counsels, law firms, insurance institutions and accountants and to other third parties, if we are legally obliged to do so (flag requirements included) or where we need to comply with our contractual duties to the data subject, for instance where we may need to pass certain information on to our port agents responsible for the transportation.
In all such cases, we act in the most reasonable manner and only in accordance with local laws, regulations and requirements and we exercise best efforts in order to ensure at all times that such third parties have been invited to adopt appropriate data processing procedures thus preserving the security and confidentiality of the subject’s data.
Due to our international Virtual Exhibition activities and the nature of our business as a generating trade and investment, personal information may be transferred outside the E.E.A. when we need to comply with our legal and/or contractual requirements. We do so only where an adequate level of protection is ensured or where we have in place safeguards including the use of standard contractual terms, to preserve the security of a subject’s data in case of these transfers as far as it is practically possible.
We might also transfer a subject’s Personal Data to companies affiliated with the Company, if any, for purposes connected with the management of the Company’s business.
8. When we Assign Personal Data Processing-
Where the Company relies on a third-party Personal Data Processor, to execute processing on its behalf, the Company will choose one (to the extent practically possible under the prevailing circumstances on each separate occasion) who provides adequate security level and procedures as well one that undertakes reasonable steps to ensure compliance of the Personal Data processor with such procedures.
9. Duration of Retaining
The Personal Data are stored by the Company for no more than it is necessary, solely for processing purposes as per the applicable legislation.
For as long as the Personal Data are retained by the Company, we implement and have in force at all times appropriate technical and organizational procedures as required by the law or existing regulations, in order to safeguard the rights and freedoms of the data subjects.
When we process Personal Data based on the subject’s consent, this consent remains valid until such time it is withdrawn by the subject, as the case may be, subject to the Company’s right to maintain the Personal Data after the virtual exhibition for legitimate purposes. In such case, the Company shall notify the subject accordingly (as promptly as possible following the subject’s written request) and reasonably provide an estimate as to the time necessary for maintaining such Personal Data.
10. Future Use and Update
In the event that the Company will intend in the future to process Personal Data for a purpose other than the one this has been collected for, we shall make sure to provide the subject with relevant information thereto, as well as any other relevant information if such purpose is not consistent with the initial purpose.
11.The Subject’s Rights
If and to the extent that we process a subject’s Personal Data based on his/her consent, the subject may withdraw his/her consent and request the Company to stop using processing and/or disclosing such personal data for any or all of the purposes for which consent has been granted to the Company. This may be done by submitting a request in writing, via email, to our authorized person in charge (with copy to the DPO). The Personal Data Subject will have at any time access to the data, right to rectification or erasure or destruction (“right to be forgotten”), restriction of the processing, objection to the processing, objection to automated decision making and right to the data portability.
Upon receipt of such written request to the Company withdraw the consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with the subject) for the subject’s request to be processed and for us to notify him/her of the consequences of our acceding to the same, including any legal consequences which may affect his/her rights and liabilities to the Company. In general, we seek to process and respond to a subject’s respective request within 30 days of receiving it.
A subject is also entitled to request access to his/her Personal Data, as well as rectification, erasure, destruction or restriction of processing, as the case may be, to object to our processing, if and as the case may be, as well as to receive the Personal Data in machine-readable format.
12.Changes to this Policy
The Company reserves its rights to make changes to this Policy from time to time. Regularly reviewing our website ensures that a subject is always aware of the updated version.
If we make material changes to this Policy, we will promptly provide notification via prominent notice on the Company’s Website.
13.Contact in Case of Queries
For more information on our Personal Data policies and procedures and for guidance on privacy related issues, as well as for requests for access, rectification, erasure, etc. as above, you can contact our data protection organizer (Email: email@example.com), who can also answer all your queries on how the Company is processing personal data.