Private policy

Protecting your personal data is a priority for KEY4EVENTS.

When you use the website at https://key4.events (hereinafter the « Site »), we may collect personal data about you.

The purpose of this policy is to inform you of how we process this data in accordance with Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the “GDPR”).

  1. Who is the data controller?

The data controller is KEY4EVENTS, a French simplified joint-stock company with a single partner, registered with the Nice Trade and Companies Register under number 451 863 898 and with its registered office at 18 rue Scaliéro 06300 NICE, France (hereinafter “We”).

  1. What data do we collect?

Personal data is data that identifies an individual directly or by cross-referencing with other data.

We collect data that falls into the following categories :

  • Identification data (in particular your first name, surname, title, email address and telephone number) ;
  • Data relating to your occupation (in particular the name of the company employing you) ;

Mandatory data is marked with an asterisk when you provide us with your data. It is necessary for us to provide you with our services.

 

  1. For what purposes and on what legal basis is your personal data collected, and how long is it kept?
Purposes Legal basis Retention periods
To provide the services available on our platform (turnkey solution for organising remote or face-to-face events) Execution of a contract you have entered into The data is kept for the duration of the commercial relationship
To carry out customer management operations relating to contracts, orders, invoices, and follow-up of the relationship with customers Execution of a contract you have entered into Personal data is kept for the duration of the contractual relationship.

Data relating to your bank card is kept by our payment service provider until the price is paid in full.

Data relating to the visual cryptogram or CVV2 on your bank card is not stored.

To compile a file of customers and leads  

Our legitimate interest in developing and promoting our business

 

For customers: data is kept for the duration of the commercial relationship and is deleted on expiry of a period of 3 years after the end of the commercial relationship.

For leads: data is kept for a period of 3 years from your last contact with us.

To send out newsletters, special offers and promotional messages Our legitimate interest in developing and promoting our business Data is kept for 3 years from your last contact with us.
To respond to your requests for information Our legitimate interest in responding to your requests The data is kept for as long as necessary to process your request for information and is deleted once the request for information has been processed.
To comply with the legal obligations applicable to our business To comply with our legal and regulatory obligations For invoices: invoices are archived for a period of 10 years.

Data relating to your transactions (with the exception of banking data) is kept for 5 years.

To manage requests to exercise rights To comply with our legal and regulatory obligations If we ask you for proof of identity, we keep it only for as long as needed to verify your identity. Once we have checked it, the supporting document is deleted.

If you exercise your right to object to prospecting, we keep this information for 3 years.

 

  1. Who receives your data?

The following will have access to your personal data:

  • Our company’s staff ;
  • Our subcontractors: newsletter sending provider and payment service provider
    1. Email delivery: Mailjet
    2. Payment platform: Mercanet
  • Where applicable: public and private sector organisations, for the sole purpose of meeting our legal obligations

 

  1. Is your data liable to be transferred outside the European Union ?

Your data is kept and stored for the duration of processing on the servers of OVH, Ikoula and Titan Datacenter, located in the European Union.

The tools we use (see the information on our subcontractors in the section entitled ‘Who receives your data?’) may involve the transfer of your data outside the European Union. Such transfers are made securely using the following means :

  • either this data is transferred to a country that has been deemed to offer an adequate level of protection by a decision of the European Commission ;
  • or we have entered into a specific contract with our subcontractors that governs the transfer of your data outside the European Union, on the basis of standard contractual clauses between a data controller and a subcontractor approved by the European Commission.
  • or we set up appropriate guarantees as listed in the GDPR.

 

  1. What rights do you have over your data?

You have the following rights with regard to your personal data :

  • Right to be informed: this is precisely why we have drafted this policy. This right is provided for in Articles 13 and 14 of the GDPR.
  • Right of access: you have the right to access all of your personal data at any time under Article 15 of the GDPR.
  • Right to rectification: you have the right to rectify inaccurate, incomplete or obsolete data about you at any time in accordance with Article 16 of the GDPR
  • Right to restriction of processing: you have the right to obtain the restriction of processing of your personal data in specific cases defined in Article 18 of the GDPR.
  • Right to erasure (‘right to be forgotten’): you have the right to demand that your personal data be erased, and to prohibit any future collection for the reasons set out in Article 17 of the GDPR
  • Right to lodge a complaint with a competent supervisory authority (in France, the CNIL), if you consider that the processing of your personal data infringes the applicable legislation. (Article 77 of the GDPR)
  • Right to specify instructions relating to the storage, erasure and disclosure of your personal data after your death, in accordance with Article 40-1 of the French Data Protection Law.
  • Right to withdraw your consent at any time: where processing is based on consent, Article 7 of the GDPR provides that you can withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
  • Right to data portability: under certain conditions specified in Article 20 of the GDPR, you have the right to receive the personal data that you have provided us in a standard machine-readable format and to require it to be transferred to the recipient of your choice.
  • Right to object: under Article 21 of the GDPR, you have the right to object to the processing of your personal data. Please note, however, that we may continue to process it despite this objection, for legitimate reasons or to defend legal proceedings.

You can exercise these rights by writing to us using the contact details below. We may then ask you to provide us with additional information or documents to prove your identity.

 

  1. Point of contact for personal data

Contact email : dpo@key4events.com

Contact address : KEY4EVENTS, 18 rue Scaliéro 06300 NICE

 

  1. Updates

This policy may be updated at any time, in particular to comply with any regulatory, case law, editorial or technical changes. Updates shall apply on the date that the updated version takes effect. Please therefore refer back regularly to the latest version of this policy. We will nonetheless keep you informed of any material changes to this Privacy Policy.

Entry into force : Décembre 2020