INTRODUCTION AND WHO WE ARE

Cosmoprof CBE Asean Bangkok is organised by CCA Limited. This Privacy Policy is issued on behalf of CCA Limited, and where “Cosmoprof CBE”, “we”, “us” or “our” appears, it refers to CCA Limited.

We take the privacy and protection of data and information seriously and are committed to handling the personal information of all those we engage with, whether customers, suppliers, colleagues or any other community, responsibly and in a way that meets the legal requirements of the countries in which we operate. As part of using Cosmoprof CBE’s products and services, browsing our websites and contacting the business, data and information is collected. This Privacy Policy sets out Cosmoprof CBE’s approach to safeguarding and maintaining the privacy of that personal information, and explains what data is collected, how it is used, the legal basis for its use, and the rights individuals have over that data.

WHAT WE COLLECT

This section explains the personal information that may be collected when interacting with our events or using our products and services, and the other personal data we may receive from other sources.

In this Privacy Policy, the term “personal information” refers to the types of information we may collect and use, which includes:

• Contact details, such as your name, e-mail address, postal address and telephone number;
• Educational, nationality and professional background information;
• Usernames and passwords;
• Personal picture;
• Payment information, such as a credit or debit card number, bank details and billing address;
• Comments, feedback, posts and other content you submit;
• Identity verifying information such as passport details to comply with our legal obligations in certain countries and to provide Visa invitation letters where requested;
• Interests and communication preferences, including marketing permissions where appropriate; and
• Location information (e.g. through mobile apps).

We collect and use your personal information in the following main categories:

1. As customer data, related to transactions, prospective sales or analytics;
2. As contact data, which includes corporate customer contact data such as details of an account manager/key contact at corporate customers, and subscriber/user data;
3. In connection with digital products/publications, for instance as an application user, subscriber or as part of a circulation list;
4. In connection to an event, for instance exhibition or conference visitors, delegates, exhibitors, buyers, sponsors and speakers; and
5. Product/intelligence data, collected through customer and market research surveys.

Sensitive personal data (also called “special categories of data”)

If collecting or storing sensitive personal data such as information relating to health, religious beliefs or political affiliation, we typically ask for your explicit consent. However, there are some situations where it will not be possible to request consent, such as if you have an accident at one of our events. If this does occur, we will ensure your privacy rights are protected and other legal bases could be applied (e.g. protection of the vital interests of the data subjects).

CHILDREN’S PERSONAL DATA

Our services and products are principally directed at business professionals. They are generally not intended for children under the age of eighteen or for underage people which cannot be bound by contract under applicable laws.  We do not knowingly collect personal information from users in this age group and reserve the right to delete such information if we become aware of having collected it.

HOW & WHY PERSONAL INFORMATION IS USED

This section explains in detail how and why we use personal information.

Lawful processing

Cosmoprof CBE will only collect and use personal information where we have a lawful basis to do so.
In providing and promoting our events, products and services,
our lawful bases will be one of the following:

a. Where it is necessary for entering into or performing a contract with you;
b. Where we have a legitimate interest to do so, provided your rights do not override these interests;
c. Where you have consented to the use of data;
d. to prevent or suppress a danger to a Person’s life, body or health, for example to contact emergency services; and
e. Where required to comply with our legal obligations.

In many circumstances our lawful basis will be that we have collected your valid consent. However, where consent does not apply, we set out below our lawful bases for each of the following purposes for processing.

a) Product enquires, sales and administration

As part of a purchase, product enquiry, request for information and for account administration, we collect information such as your name, country, job title, company information, postal address, e-mail address, telephone number as well as details about your company and business role (legal bases: entrance into or performance of a contract or reply to data subjects’ requests; compliance with legal obligations vested upon the controller).

If you have made an enquiry about us or our products or services, either online, face to face or over the phone, we will use your personal information to respond to the enquiry or to take other steps at your request, before you enter into a contract. For example, we collect the e-mail addresses and additional contact details of those who send e-mails to request information. Where a sales representative speaks to you over the phone, the calls may be recorded for training and monitoring purposes only (legal basis: controller’s legitimate interest). In the latter case, you will be informed and specific technical measures will be applied to minimize the processing of your personal data (e.g. ID information will be deleted to the possible extent).

If you have registered for or purchased a product or service, including on a trial basis, your personal information will be used to provide that product or service, communicate about it and handle payments, as is necessary for the performance of the contract entered into (legal bases: performance of a contract or reply to data subjects’ requests; controller’s legitimate interest).

For purchases, payment information including credit/debit card number/bank details and billing addresses are also collected. Where payment card processors are used to facilitate payment card transactions on our website, your data will be collected and used according to that data controllers’ privacy policy. We take steps to ensure that any payment services provider we use will provide a high standard of privacy and security controls (legal bases: performance of a contract or reply to data subjects’ requests; controller’s legitimate interest).

If your personal information is relevant to certain products and is freely available through public sources, such as on a website related to your work or profession, we may use this personal information to promote our products, as part of our legitimate interests as a commercial organisation and to the extent allowed by law.

b) Event and exhibition management

If you have agreed to participate in one of our events as a speaker, sponsor, exhibitor, buyer or visitor, personal information is used in connection with the organisation of the event, to handle payments or for other purposes, as is necessary for performing the contract entered into. We will also use your personal information to maintain our databases, assess your qualities as a speaker or sponsor/exhibitor/buyer, promote events and encourage further engagement at our events, as part of the legitimate interests we have as a commercial organisation (legal bases: performance of a contract or reply to data subjects’ requests; compliance with legal obligations vested upon the controller; controller’s legitimate interest).

In order to access the event’s matchmaking platform, a personal picture is required to complete the exhibitor/buyer profile.

In addition, we sometimes take photos and videos at our events, which may feature visitors, speakers, sponsors or exhibitors. Where photos and videos are taken that feature you as a visitor, speaker, sponsor or exhibitor, we may use those photos and videos for promotional purposes on our channels, such as our website or social accounts (legal bases: consent or controller’s legitimate interest, according to applicable laws).

c) Marketing

We will use your personal information to send you newsletters, offers or other marketing e-mails to keep you up to date with our news, events and products and services that may be of interest. Depending on the nature of your interaction with us and the laws of the country where you live, you may have actively given your consent for this by opting in, or we may be entitled to rely on your implied consent or our legitimate interests.

The opportunity to opt out of future marketing e-mails will be provided on every marketing email and we will provide information on how to opt out when your personal information is collected. You have the right to amend your marketing preferences at any time.

To make a request to amend your details/preferences, please send an e-mail to or write to us at: [email protected]

d) Customer and prospects management (including analytics and product management)

We may use your personal information, combined with publicly available data and your demographic data, to deliver products and services, to choose relevant offers that may be of interest to you, to improve our existing products and services, and to develop new products and services, as part of our legitimate interests as a commercial organisation or on the basis of your consent if applicable laws so require.

We may also use your data in advertising campaigns on Social Media platforms such as Linked In, Instagram and Facebook in order to provide information about upcoming events/new products and to ensure that you only receive relevant advertising about our products and services.

e) Analytics – websites, emails and database (including location data)

We may combine visitor session information, or other information collected through tracking technologies with personally identifiable information, to understand and measure your online experiences and determine what products, promotions and services are likely to be of interest (legal bases: controller’s legitimate interest; data subject’s consent).

Technical methods are also used in HTML e-mails, for purposes including: (i) to determine whether recipients have opened or forwarded e-mails and/or clicked on links in those e-mails, (ii) to customise the display of banner advertisements and other messages after closing an e-mail, and (iii) to determine whether a visitor has made an enquiry or a purchase in response to a particular e-mail.

f) Bulletin boards or chat areas

When you disclose personal information on any public bulletin board or chat areas of this website, or any other website used as a result of use of this website, such personal information can be collected and used by anyone who views that board or area. This may result in unsolicited messages from other participants or other parties, which we are not responsible for.

Where you engage on our customer enquiry chat areas, we will use any information provided to help recommend our products and services and/or assist with confirming any order you wish to place (legal basis: reply to data subjects’ requests).

g) Automated decision-making (including profiling)

We use algorithm-based technologies to personalise dynamic web content based on your stated and/or inferred interests. We carry out general profiling such as segmentation, non-automated and automated decision-making based on profiling for the purpose of providing you with a more relevant experience and for the purposes of our legitimate interests as a commercial organisation or on the basis of your consent if applicable laws so require. Solely automated decision making is never used in any way that produces a legal or similarly significant effect. This automated decision-making is never based on sensitive personal data and we make efforts to ensure any profiling is non-discriminatory.

Depending on the laws of the country where you live, you may have rights related to our decision. For example, if you live in the European Union, you may have the right not to be subject to automated decision-making unless specific exceptions apply, or you may have the right to insist on human intervention in the process, express your point of view or contest the decision. If you wish to exercise any such right, please contact us via one of the methods set out in the ‘Contacting us’ section below. In some cases, we may have the right to continue with our decision, in accordance with applicable laws. This will be explained if it is the case. Otherwise, we will respond to your request as promptly as reasonably possible.

h) Compliance with our legal obligations

To ensure compliance with international trade sanction laws and regulations, we screen customers, vendors and other business partners against US, OFAC, BIS, UN, EU, UK and other applicable sanctions lists. Should any screening checks flag an issue where we cannot continue in a contract or other interaction with a customer, vendor or other business partner, they will always be informed (legal bases: compliance with legal obligations vested upon the controller; controller’s legitimate interest).

Provision of data and consequences for its refusal

The provision of personal data for the purposes set out under letters a), b), f), h) is optional, but necessary to manage and process your requests, as well as to fulfil our legal and contractual obligations and pursue our legitimate interests. In all such cases, failure to provide the data will make it impossible to respond to your requests, establish contractual relations with you and carry out the activities indicated above.

The provision of the aforesaid data for the purposes set out under letters c), d), e), g) is voluntary; failure to provide such data / consent to the relevant data processing purpose will just prevent us to carry out the activities indicated above, and in no way will result in a modification of the contractual relationship or a change in prices and/or rates.

HOW WE PROTECT PERSONAL INFORMATION

Any personal information given to us will be treated with the utmost care and security. This section sets out some of the security measures in place.

A variety of physical and technical measures are used to keep data safe and prevent unauthorised access to, or use or disclosure of personal information. Electronic data and databases are stored on secure computer systems and we control who has access to information, using both physical and electronic means. Our colleagues receive data protection training, and we have detailed security and data protection policies that colleagues are required to follow when handling personal data.

All reasonable steps are taken to ensure that your personal information is kept secure from unauthorised access, but we cannot guarantee it will be secure during the transmission process to this website because this transmission is not controlled by us. We make use of HTTPS (HTTP Secure) whereby the communication protocol is encrypted via Transport Layer Security for secure communication over a computer network. The website is loaded via HTTPS, represented by the lock icon in your web browser, which ensures the transmission is secure and is demonstrated by a certificate issued by an official security certificate authority to Cosmoprof CBE.

INTERNATIONAL TRANSFER OF PERSONAL INFORMATION

As an international business and because of the technologies we use, personal information may be accessed by our colleagues and third-party service providers, both acting as external data processors, from locations outside of the country in which it is collected, where data protection laws may not be as extensive.

If we transfer data outside of the country in which it is collected we will ensure the same level of protection is in place and we will use appropriate safeguards approved by the relevant privacy regulatory body, such as  Standard Contractual Clauses. We will request consent for such a transfer where necessary.

THIRD-PARTY LINKS

This website contains links to websites of other businesses, including, potentially, websites of other businesses within Cosmoprof CBE. These businesses will have their own privacy policies, tailored to their particular business practices and the sectors in which they operate, and if following those links, we recommend reviewing the privacy policy of each website to understand how personal data is used in that instance. The inclusion of links to these websites does not imply an endorsement or validation of their content, and we are not responsible for their privacy practices, nor do we accept any liability in connection with the content on such websites.

WHO WE SHARE PERSONAL INFORMATION WITH

To provide you with products and services we may share your information for specific reasons. This section explains how and why we share personal data between the companies responsible for Cosmoprof CBE, suppliers and other third parties.

Sharing within Cosmoprof CBE company ownership

We may share your personal information with certain other companies within the ownership structure of Cosmoprof CBE, which act as external data processors.  These companies may assist us in providing products and services to you, carry out internal analysis of the usage of products and services, or offer Cosmoprof CBE’s relevant products and services which may be of interest. These data processors are bound to compliance with data protection legislation through contracts that protect the personal information shared with us. Such communication between the entities involved in the Cosmoprof CBE is based on the parties’ legitimate interest or on the execution of a contract.

Sharing with service providers

We may share personal information with third parties to assist in providing products and services to you and/or to offer ancillary add-ons that are complementary to such products and services offered by Cosmoprof CBE. These third-party, when acting as data processors, are bound to compliance with data protection legislation through contracts that protect the personal information shared with us. They may include: IT and marketing technology host suppliers, web and data hosting providers, mailing houses, ad servers, logistics and general service contractors, agents, hotel/housing partners, freight forwarders, onsite health and safety partners, event registration partners, sales platform providers, communication tool providers, stand designers/builders/fitters, suppliers of sponsorship/marketing/PR collateral and other event collaboration partners.

We make use of web chat services. These web chat services allow us to connect with you and answer sales and customer services questions quickly and directly. We ensure that these service providers protect your data but you should not provide any sensitive information (e.g. bank or credit card details) in these chats, which are intended to provide you with quick answers to basic service questions only.

Sharing with sponsors and other partner organisations

We may share your personal information with our trusted sponsors or partner organisations for their marketing purposes in accordance with local data laws and where appropriate your permissions. Generally, we will let you know at the time of collection if we will share your personal information with our trusted sponsors or partner organizations.

If you use one of our virtual products, e.g. Virtual Exhibitions, Directory Sites, Webinars etc., or choose to allow your badge to be scanned at an event, we may pass the information you provide to third parties. Generally, this will be via a process whereby you, as the user, visit or interact with a third party, e.g. visit a stand at an online exhibition, have your badge scanned or click on an asset branded and provided by a third party. In some instances, for example, a products listing site, you may reach out directly to a supplier or exhibitor, who may contact you in return. In other instances, our virtual products are sponsored and, in such cases, the data you provided to us will be given to the sponsor. Generally, we will let you know at the time of collection if a product is sponsored.

We may share your personal information with third parties outside Cosmoprof CBE including the Securities Exchange in the event of a sale, merger, acquisition, partnership, joint venture, collaboration, or negotiations related to the same with respect to all or part of our business. Such communication is generally carried out to comply with a legal obligation vested upon the controller.

Sharing with government departments or agencies

In some circumstances, we may be legally required to disclose your personal information because a court, the police, another judicial or law enforcement body or government entity has asked us for it.

HOW LONG INFORMATION IS KEPT

We will only retain your personal information for as long as is necessary and as permitted by applicable laws.

We will retain your personal information while we are using it, as described in the section above, and may continue to retain it after these uses have ended where we have a legitimate business purpose. For example, if you have opted out of marketing communications from us, we will retain limited details about you to ensure the opt out request is honoured. We may also continue to retain your personal information to meet our legal requirements or to defend or exercise our legal rights. The length of time for which we will retain personal information will depend on the purposes for which it is retained. After we no longer need to retain your personal information, it will be deleted or securely destroyed.

Generally, personal data will be retained for a maximum period of time equal to the statute of limitation of the rights, according to the relevant jurisdiction, or until the data subject opts out, if applicable.

HOW TO UPDATE YOUR INFORMATION AND MARKETING PREFERENCES

We want to ensure you remain in control of your personal information. We try to ensure that the personal information held about you is accurate and up-to-date, and will always give you the opportunity to opt out of future marketing communications.

Information on how to opt-out will be given to you when we collect your personal information and specified on every marketing e-mail sent to you. If at any stage you would like to update or correct such personal information, or opt out of future marketing communications, please send an e-mail to or write to us at: [email protected].

YOUR RIGHTS

We will always enable you to exercise the rights provided by data protection laws that apply to Cosmoprof CBE and its international audience.

Under data protection laws, you may have a number of rights, including:

• The right to confirmation of whether or not we have your personal data, obtain information on the data processing activities carried out and, if we do have your data, to obtain a copy of the personal information we hold. This is known as a subject access request;

The right to have inaccurate data rectified;

• The right to have your data erased. This does not however apply for example, where it is necessary for us to continue to use the data for a lawful reason (e.g. processing is necessary for compliance with a legal obligation);
• The right to request the restriction of processing your personal data (such as, we will stop using the data but we may continue storing it);
• The right to obtain your personal data that you have provided to us, on the basis of consent or performance of a contract, and where technically feasible, transmitted in a common electronic format to you or directly to another company;
• The right to object to the use of your data. Specifically, you have the right to object to our use for marketing (including profiling to the extent that is related to such marketing) or for our legitimate interest;
• The right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
• The right to lodge a complaint with the competent supervisory authority.

There are exceptions to the rights above. Where you make a request to us as part of these rights, we will always try to respond to your satisfaction, although there may be situations where we are unable to do so.

Depending on the laws of the country where you live, you may have other rights in respect of your personal information. If you wish to exercise any legal right in respect of your personal information, please contact us via one of the methods set out in the ‘Contacting us’ section below.

In some cases, we may be entitled to decline a request you have made regarding your personal information, in accordance with applicable laws. We will explain if that is the case. Otherwise, we will meet your request as promptly as we reasonably can. If you have requested that we stop sending you marketing messages, please note that you may still receive them for a short period while the request is processed. For European data subjects, your request will be generally dealt with within one month from the receipt thereof.

CONTACTING US

If you have any questions about this Privacy Policy or our use of your information, e-mail: or write to us at: [email protected].

We hope to resolve any privacy concerns you may have. If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you can complain to any competent supervisory authority or other public body with responsibility for enforcing privacy laws. The supervisory authority in Thailand is the Personal Data Protection Commission (PDPC) whose contact details can be found at: https://www.mdes.go.th/contact  

CHANGES TO THIS PRIVACY POLICY

To keep up with changing legislation, best practice and changes in how we process personal data, this Privacy Policy may be revised at any time without notice by posting an updated version on this website. Checking back periodically will mean you are aware of any changes. This Privacy Policy should be read in conjunction with, and is also subject to, the website’s Terms of Use.

DATA CONTROLLER

The data controller is CCA Limited with registered office in 17/F, China Resources Building, 26 Harbour Road, Wanchai, Hong Kong or write to us at email id – [email protected]  

This page will be updated regularly as and when further modifications are made to the website.