Introduction and who we are
We take the privacy and protection of data and information seriously and are committed to handling the personal information of all those we engage with, whether customers, suppliers, colleagues or any other community, responsibly and in a way that meets the legal requirements of the countries in which we operate.
What we collect
This section explains the personal information that may be collected when using our products and services, and the other personal data we may receive from other sources.
- Contact details, such as your name, e-mail address, postal address and telephone number;
- Educational, nationality and professional background information;
- Usernames and passwords;
- Payment information, such as a credit or debit card number, bank details and billing address;
- Comments, feedback, posts and other content you submit;
- Identity verifying information such as passport details to comply with our legal obligations in certain countries and to provide Visa invitation letters where requested;
- Interests and communication preferences, including marketing permissions where appropriate;
- Photo images used in advertising and to complete online profiles;
- Location information (e.g. through mobile apps).
We collect and use your personal information in the following main categories:
- As customer data, related to transactions, prospective sales or analytics;
- As contact data, which includes corporate customer contact data such as details of an account manager/key contact at corporate customers, and subscriber/user data;
- In connection with digital products/publications, for instance as an application user, subscriber or as part of a circulation list;
- In connection to an event, for instance exhibition or conference visitors, delegates, exhibitors sponsors and speakers; and
- Product/intelligence data, collected through customer and market research surveys.
Sensitive personal data (also called “special categories of data”)
If collecting or storing sensitive personal data such as information relating to health, beliefs or political affiliation, we typically ask for your explicit consent. However, there are some situations where it will not be possible to request consent, such as if you have an accident at one of our events. If this does occur, we will ensure your privacy rights are protected and other legal bases could be applied (e.g. protection of the vital interests of the data subjects).
Children’s personal data
Our services and products are principally directed at business professionals. They are generally not intended for children under the age of eighteen or for underage people which cannot be bound by contract under applicable laws. We do not knowingly collect personal information from users in this age group and reserve the right to delete such information if we become aware of having collected it.
How & why personal information is used
This section explains in detail how and why we use personal information.
We collect and use personal information in providing and promoting our products and services. The lawful bases we use for this activity, as required under European data protection laws, are:
- Where it is necessary for entering into or performing a contract with you;
- Where we have a legitimate interest to do so, provided your rights do not override these interests;
- Where you have consented to the use of data;
- Where it is believed it is in your vital interests to share your personal details, for example with emergency services; and
- Where required to comply with our legal obligations.
a) Product enquires, sales and administration
As part of a purchase, product enquiry, request for information and for account administration, we collect information such as your name, country, job title, company information, postal address, e-mail address, telephone number as well as details about your company and business role (legal bases: performance of a contract or reply to data subjects’ requests; compliance with legal obligations vested upon the controller).
If you have made an enquiry about us or our products or services, either online, face to face or over the phone, we will use your personal information to respond to the enquiry or to take other steps at your request, before you enter into a contract. For example, we collect the e-mail addresses and additional contact details of those who send e-mails to request information. Where a sales representative speaks to you over the phone, the calls may be recorded for training and monitoring purposes only (legal basis: controller’s legitimate interest). In the latter case, specific technical measures will be applied to minimize the processing of your personal data (e.g. ID information will be deleted to the possible extent).
If you have registered for or purchased a product or service, including on a trial basis, your personal information will be used to provide that product or service, communicate about it and handle payments, as is necessary for the performance of the contract entered into (legal bases: performance of a contract or reply to data subjects’ requests; controller’s legitimate interest).
If your personal information is relevant to certain products and is freely available through public sources, such as on a website related to your work or profession, we may use this personal information to promote our products, as part of our legitimate interests as a commercial organisation and to the extent allowed by law.
b) Event and exhibition management
If you have agreed to participate in one of our events as a speaker, sponsor, exhibitor or visitor, personal information is used in connection with the organisation of the event, to handle payments or for other purposes, as is necessary for performing the contract entered into. We will also use your personal information to maintain our databases, assess your qualities as a speaker or sponsor/exhibitor, promote events and encourage further engagement at our events, as part of the legitimate interests we have as a commercial organisation (legal bases: performance of a contract or reply to data subjects’ requests; compliance with legal obligations vested upon the controller; controller’s legitimate interest).
In addition, we sometimes take photos and videos at our events, which may feature visitor, speakers, sponsors or exhibitors. Where photos and videos are taken that feature you as a visitor, speaker, sponsor or exhibitor, we may use those photos and videos for promotional purposes on our channels, such as our website or social accounts (legal bases: consent or controller’s legitimate interest, according to applicable laws).
We will use your personal information to send you newsletters, offers or other marketing e-mails to keep you up to date with our news, events and products and services that may be of interest. Depending on the nature of your interaction with us and the laws of the country where you live, you may have actively given your consent for this by opting in, or we may be entitled to rely on your implied consent or our legitimate interests.
The opportunity to opt out of future marketing e-mails will be provided on every marketing email and we will provide information on how to opt out when your personal information is collected. You have the right to amend your marketing preferences at any time.
To make a request to amend your details/preferences, please send an e-mail to: [email protected]
d) Customer and prospects management (including analytics and product management)
We may use your personal information, combined with publicly available data and your demographic data, to deliver products and services, to choose relevant offers that may be of interest to you, to improve our existing products and services, and to develop new products and services, as part of our legitimate interests as a commercial organisation or on the basis of your consent if applicable laws so require.
We may also use your data in advertising campaigns on Social Media platforms such as Linked In, Instagram and Facebook in order to provide information about upcoming events/new products and to ensure that you only receive relevant advertising about our products and services.
e) Analytics – websites, emails and database (including location data)
We may combine visitor session information, or other information collected through tracking technologies with personally identifiable information, to understand and measure your online experiences and determine what products, promotions and services are likely to be of interest (legal bases: controller’s legitimate interest; data subject’s consent).
Technical methods are also used in HTML e-mails, for purposes including: (i) to determine whether recipients have opened or forwarded e-mails and/or clicked on links in those e-mails, (ii) to customise the display of banner advertisements and other messages after closing an e-mail, and (iii) to determine whether a visitor has made an enquiry or a purchase in response to a particular e-mail.
f) Bulletin boards or chat areas
When you disclose personal information on any public bulletin board or chat areas of this website, or any other website used as a result of use of this website, such personal information can be collected and used by anyone who views that board or area. This may result in unsolicited messages from other participants or other parties, which we are not responsible for.
Where you engage on our customer enquiry chat areas, we will use any information provided to help recommend our products and services and/or assist with confirming any order you wish to place (legal basis: reply to data subjects’ requests).
g) Automated decision-making (including profiling)
We use algorithm-based technologies to personalise dynamic web content based on your stated and/or inferred interests. We carry out general profiling such as segmentation, non-automated and automated decision-making based on profiling for the purpose of providing you with a more relevant experience and for the purposes of our legitimate interests as a commercial organisation or on the basis of your consent if applicable laws so require. Solely automated decision making is never used in any way that produces a legal or similarly significant effect. This automated decision-making is never based on sensitive personal data and we make efforts to ensure any profiling is non-discriminatory.
Depending on the laws of the country where you live, you may have rights related to our decision. For example, if you live in the European Union, you may have the right not to be subject to automated decision-making unless specific exceptions apply, or you may have the right to insist on human intervention in the process, express your point of view or contest the decision. If you wish to exercise any such right, please contact us via one of the methods set out in the ‘Contacting us’ section below. In some cases, we may have the right to continue with our decision, in accordance with applicable laws. This will be explained if it is the case. Otherwise, we will respond to your request as promptly as reasonably possible.
h) Compliance with our legal obligations
To ensure compliance with international trade sanction laws and regulations, we screen customers, vendors and other business partners against US, OFAC, BIS, UN, EU, UK and other applicable sanctions lists. Should any screening checks flag an issue where we cannot continue in a contract or other interaction with a customer, vendor or other business partner, they will always be informed (legal bases: compliance with legal obligations vested upon the controller; controller’s legitimate interest).
Provision of data and consequences for its refusal
The provision of personal data for the purposes set out under letters a), b), f), h) is optional, but necessary to manage and process your requests, as well as to fulfil our legal and contractual obligations and pursue our legitimate interests. In all such cases, failure to provide the data will make it impossible to respond to your requests, establish contractual relations with you and carry out the activities indicated above.
The provision of the aforesaid data for the purposes set out under letters c), d), e), g) is voluntary; failure to provide such data / consent to the relevant data processing purpose will just prevent us to carry out the activities indicated above, and in no way will result in a change in prices and/or rates.
How we protect personal information
Any personal information given to us will be treated with the utmost care and security. This section sets out some of the security measures in place.
A variety of physical and technical measures are used to keep data safe and prevent unauthorised access to, or use or disclosure of personal information. Electronic data and databases are stored on secure computer systems and we control who has access to information, using both physical and electronic means. Our colleagues receive data protection training, and we have detailed security and data protection policies that colleagues are required to follow when handling personal data.
All reasonable steps are taken to ensure that your personal information is kept secure from unauthorised access, but we cannot guarantee it will be secure during the transmission process to this website because this transmission is not controlled by us. We make use of HTTPS (HTTP Secure) whereby the communication protocol is encrypted via Transport Layer Security for secure communication over a computer network. The website is loaded via HTTPS, represented by the lock icon in your web browser, which ensures the transmission is secure and is demonstrated by a certificate issued by an official security certificate authority.
International transfer of personal information
As an international business and because of the technologies we use, personal information may be accessed by our colleagues and third-party service providers from locations outside of the country in which it is collected, where data protection laws may not be as extensive as those in Europe.
If we transfer data outside of the country in which it is collected we will ensure the same level of protection is in place and we will use appropriate safeguards approved by the relevant privacy regulatory body.
If you are a European data subject, please also note that, in general, said transfer is necessary for the performance of the agreement between you and the Organisers or to take steps at your request prior to entering into such agreement, or to exercise or defend a legal claim; alternatively, it is carried out consistently with appropriate safeguards approved by the relevant privacy regulatory body (for example, in case an adequacy decision adopted by the European Commission or consistently with standard contractual clauses) or other appropriate safeguards. If none of these conditions apply, we will require your consent, after having been informed that the country in question does not provide an adequate level of protection.
In general, cookies may be disabled by the user controlling and/or amending the browser settings according to the instructions made available by the relevant suppliers at the links listed here below:
Who we share personal information with
To provide you with products and services we may share your information for specific reasons. This section explains how and why we share personal data between the companies responsible for Cosmoprof CBE ASEAN, suppliers and other third parties.
Sharing personal data between the Organisers
Your personal information may be shared between the Organisers to carry out the activities linked with the organisation of Cosmoprof CBE ASEAN, for the purposes indicated above. Such communication, for example, could be necessary or appropriate to assist in providing products and services to you, carry out internal analysis of the usage of products and services, or offer relevant products and services which may be of interest. Such communication between the entities involved in the Cosmoprof CBE ASEAN is based on the parties’ legitimate interest.
Sharing with service providers
We may share personal information with third parties to assist in providing products and services to you and/or to offer ancillary add-ons that are complementary to such products and services. These third-party data processors are bound to compliance with data protection legislation through contracts that protect the personal information shared with us. They may include: IT and marketing technology host suppliers, web and data hosting providers, mailing houses, ad servers, logistics and general service contractors, hotel/housing partners, freight forwarders, onsite health and safety partners, event registration partners, sales platform providers, communication tool providers, stand designers/builders/fitters, suppliers of sponsorship/marketing/PR collateral and other event collaboration partners.
We make use of web chat services. These web chat services allow us to connect with you and answer sales and customer services questions quickly and directly. We ensure that these service providers protect your data but you should not provide any sensitive information (e.g. bank or credit card details) in these chats, which are intended to provide you with quick answers to basic service questions only.
Sharing with other organisations
We may share your personal information with our trusted partner organisations for their marketing purposes in accordance with local data laws and where appropriate your permissions.
If you use one of our virtual products, e.g. Virtual Exhibitions, Directory Sites, Webinars etc., or choose to allow your badge to be scanned at an event, we may pass the information you provide to third parties. Generally, this will be via a process whereby you, as the user, visit or interact with a third party, e.g. visit a stand at an online exhibition, have your badge scanned or click on an asset branded and provided by a third party. In some instances, for example, a products listing site, you may reach out directly to a supplier or exhibitor, who may contact you in return. In other instances, our virtual products are sponsored and, in such cases, the data you provided to us will be given to the sponsor. Generally, we will let you know at the time of collection if a product is sponsored.
We may share your personal information with third parties outside the Organisers including the Securities Exchange in the event of a sale, merger, acquisition, partnership, joint venture, collaboration, or negotiations related to the same with respect to all or part of our business. Such communication is generally carried out to comply with a legal obligation vested upon the controller.
Sharing with government departments or agencies
In some circumstances, we may be legally required to disclose your personal information because a court, the police, another judicial or law enforcement body or government entity has asked us for it.
How long information is kept
We will only retain your personal information for as long as is necessary and as permitted by applicable laws.
We will retain your personal information while we are using it, as described in the section above, and may continue to retain it after these uses have ended where we have a legitimate business purpose. For example, if you have opted out of marketing communications from us, we will retain limited details about you to ensure the opt out request is honoured. We may also continue to retain your personal information to meet our legal requirements or to defend or exercise our legal rights. The length of time for which we will retain personal information will depend on the purposes for which it is retained. After we no longer need to retain your personal information, it will be deleted or securely destroyed.
Generally, personal data will be retained for a maximum period of time equal to the statute of limitation of the rights, according to the relevant jurisdiction, or until the data subject opts out, if applicable.
How to update your information and marketing preferences
We want to ensure you remain in control of your personal information. We try to ensure that the personal information held about you is accurate and up-to-date, and will always give the opportunity to opt out of future marketing communications.
Information on how to opt out will be given to you when we collect your personal information and specified on every marketing e-mail sent to you. If at any stage you would like to update or correct such personal information, or opt out of future marketing communications, please send an e-mail to [email protected]
We will always enable you to exercise the rights provided by data protection laws that apply to the Organisers and Cosmoprof CBE ASEAN international audience.
EU data protection laws give individuals a number of rights, where their data and information is collected and used by companies that are active and operating in Europe. Under the General Data Protection Regulation, these are:
- The right to confirmation of whether or not we have your personal data, obtain information on the data processing activities carried out and, if we do have your data, to obtain a copy of the personal information we hold. This is known as a subject access request;
- The right to have inaccurate data rectified;
- The right to have your data erased. This does not however apply for example, where it is necessary for us to continue to use the data for a lawful reason (e.g. processing is necessary for compliance with a legal obligation);
- The right to request the restriction of processing your personal data (such as, we will stop using the data but we may continue storing it);
- The right to obtain your personal data that you have provided to us, on the basis of consent or performance of a contract, and where technically feasible, transmitted in a common electronic format to you or directly to another company;
- The right to object to the use of your data. Specifically, you have the right to object to our use for marketing (including profiling to the extent that is related to such marketing) or for our legitimate interest;
- The right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
- The right to lodge a complaint with the competent supervisory authority.
There are exceptions to the rights above. Where you make a request to us as part of these rights, we will always try to respond to your satisfaction, although there may be situations where we are unable to do so.
There are exceptions to the rights above. Where you make a request to us as part of these rights, we will always try to respond to your satisfaction, although there may be situations where we are unable to do so.
Depending on the laws of the country where you live, you may have other rights in respect of your personal information. If you wish to exercise any legal right in respect of your personal information, please contact us via one of the methods set out in the ‘Contacting us’ section below.
In some cases, we may be entitled to decline a request you have made regarding your personal information, in accordance with applicable laws. We will explain if that is the case. Otherwise, we will meet your request as promptly as we reasonably can. If you have requested that we stop sending you marketing messages, please note that you may still receive them for a short period while the request is processed. For European data subjects, your request will be generally dealt with within one month from the receipt thereof.
We hope to resolve any privacy concerns you may have. If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you can complain to any competent supervisory authority or other public body with responsibility for enforcing privacy laws.
The data controllers are:
- UBM Asia (Thailand) Co Ltd – 428 Ari Hills Building 18th Floor, Phahonyothin Road Samsennai, Phayathai Bangkok 10400, Thailand.
- Fiere Internazionali di Bologna – BolognaFiere S.p.A., Bologna, Italy, Viale della Fiera No. 20. Email Contact: [email protected]
This page will be updated regularly as and when further modifications are made to the website.