Last Updated: September 2, 2021
BCD Travel Services B.V., acts as controller of your personal data when processed by BCD Meetings & Events entities and BCD Travel entities that provide meetings & events services (“BCD M&E”, “we”, “our”, or “us”), respects your privacy and is committed to complying with this Policy, which describes how we, as a meetings and events management and related services company, collect and use the personal data that you, the company which you are an employee of or are otherwise attending meetings and events on behalf of (“Company”), or third parties provide to us.
This Policy describes what personal data we collect about you, how we collect it, how we use it, with whom we may share it, and what choices you have regarding our use of your personal data. We also describe the measures we take to protect the security of your personal data and how to contact us.
This Policy applies to BCD M&E’s meetings and events and related services, e.g. incentive, leisure and sport services that may be provided to you, including related services on BCD M&E websites and applications that display or link to this Policy (hereinafter collectively, the “Services”). If you also receive our travel services provided by BCD Travel and/or our business travel consulting services provided by Advito LLC, you may review their policies on their websites, respectively (www.bcdtravel.com, https://www.advito.com).
We encourage you to read this Policy carefully and in its entirety as it relates to your rights regarding the processing of your personal data. As a user of our Services, you understand and agree that we collect, use, store, and disclose your personal data in accordance with this Policy.
Our privacy practices vary as they must amongst countries in which we operate to reflect local legal requirements. BCD M&E complies with applicable data protection laws in the jurisdictions in which it operates in its handling of personal data.
In the course of providing its Services, BCD M&E may collect, use, store, and disclose personal data. Personal data is any information that can be used to identify you or that we can link to you. You, as attendee or user of the Services, may be asked to provide certain personal data when you use our Services, such as:
If you submit any personal data relating to other people in connection with the Services (e.g. if you make a reservation for another individual, or provide an emergency contact), you represent that you have the authority to do so and that you have informed them we will collect, use, store and disclose such personal data in accordance with this Policy.
BCD M&E collects personal data:
BCD M&E collects and uses your personal data for specified, explicit, and legitimate purposes as described in this Policy and does not process your personal data further in a manner that is incompatible with those purposes.
BCD M&E uses personal data to:
A. Provide its Services and fulfill its obligations to your Company and attendees (e.g. meeting & event management, complete and administer meeting reservations, assist in managing the travel as well as the meeting, provide reporting and analytics based on the Services, provide notices about your account and the Services, inform you of updates to our websites and applications and other changes to our products or Services).
B. Communicate with you via various multi-media channels (for instance, by email, post, phone, or BCD M&E’s websites or applications) and to provide you with customer
C. Understand how our websites and applications are used and provide a customized experience as you use our Services, such as by providing interactive or personalized elements on our Services and providing you with content based on your interests (for more information, see the Section below titled “How does BCD M&E handle “do not track” requests and use “Cookies” and other similar technologies?”).
D. Fulfill a request made by you or your Company (e.g. meeting/travel based reporting, questions, booking requests, or other requests about your personal data). Automated decision-making may be used to process some requests to assist in delivering faster and more reliable Services to you and/or your Company (e.g. rerouting your request to the appropriate department, sending automatic replies). Important decisions will always be reviewed by a BCD M&E employee.
E. Send you newsletters, marketing emails, and other information or materials that may interest you or showing personalized advertisements. Where required, we will obtain your consent before sending such marketing messages or showing personalized advertisements.
F. Conduct surveys (e.g. attendee, client satisfaction) and review the quality and performance of our services for customer satisfaction
G. Carry out our obligations and enforce your, our, or other’s rights as we believe reasonably necessary (e.g. billing and collection, fraud prevention, comply with legal obligations, and respond to legal proceedings or requests from legal authorities and law enforcement or other third parties).
To process your personal data as described above, BCD M&E relies on the following legal bases. In view of purpose A, we process your personal data where necessary for the performance of the contract we have with your Company and/or you, which allows us to deliver our Services to you. In view of purpose B to F, we rely on our legitimate business interest to provide and improve our Services. For purpose G, BCD M&E relies where applicable on compliance with legal obligations. We rely on our legitimate business interest to prevent fraud and to protect our rights. When using personal data to serve BCD M&E’s or a third party’s legitimate interest, BCD M&E will always balance your rights and interests in the protection of your personal data against BCD M&E’s rights and interests or those of the third party.
Personal data may be collected and shared with or disclosed as required for the provision of Services to:
Data consolidation companies may also be used by BCD M&E or your Company for the purpose of creating reports and related statistics for benchmarking or other related purposes, including, without limitation, utilizing cumulative statistical data, which may incorporate data acquired from your Company for ordinary business purposes customary in our industry and the Services we provide, but without identifying, directly or indirectly, you or your Company.
BCD M&E may be acquired, merge with another business, sell, or liquidate its assets, acquire, or buy other businesses or assets. In such transactions, personal data is generally one of the transferred business assets. In the event of an acquisition, sale, liquidation, or merger, your personal data and non-personal identifying information may be automatically assigned by us in our sole discretion to a third party, in accordance with applicable laws.
BCD M&E is a global company that provides event management related services and therefore, transferring your personal data internationally is necessary for the provision of our Services. When sharing with or disclosing personal data to other parties, including to BCD M&E’s related companies, affiliates, subsidiaries, joint ventures, partners, subcontractors, and agents who provide Services and maintain facilities, your personal data may be transferred to countries with data protection laws providing a lower standard of protection for your personal data than your country.
We will transfer your personal data in compliance with applicable data protection laws, including having adequate mechanisms in place to protect your personal data when it is transferred internationally (e.g. Model Clauses, data protection agreements). If you have questions or wish to obtain more information about the international transfer of your personal data or the implemented safeguards, please contact us as provided in this Policy.
Typically, BCD M&E stores personal data on its servers managed internally (mainly in the European Economic Area and the United States) and with third party storage providers.
BCD M&E uses appropriate technical and organizational security measures to protect the personal data BCD M&E holds on its network and systems from unauthorized access, disclosure, destruction, and alteration. We conduct periodic reviews of our data collection, storage, processing, and security measures to verify we are only collecting, storing, and processing personal data that is required for our Services and to fulfill our contractual obligations. While we make every effort to protect the integrity and security of our network and systems, we cannot guarantee, ensure, or warrant that our security measures will prevent illegal or unauthorized activity related to your personal data. When using our Services, you should be aware that no data transmission over the Internet can be guaranteed as totally secure. Although we strive to protect your personal data, we do not warrant the security of any data and information that you transmit to us over the Internet, and you do so at your own risk.
In order to protect your personal data, we kindly ask you to not send credit card information or other similar sensitive personal data, including special categories of personal data, to us via email. We also encourage you to keep your password confidential and not disclose it to any other person. If you are
sharing a computer with anyone you should log out before leaving a website or service to protect access to your password and personal data from subsequent users. Please alert us immediately if you believe your password or any of your personal data has been misused while using BCD M&E Services and applications. Please note, we will never ask you to disclose your password or credit card information in an unsolicited phone call or email.
BCD M&E retains personal data for the period necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by applicable law. When determining how long to retain personal data, we take into account the necessity of the personal data for the provision of our Services, applicable laws and regulations, including data protection laws, and our legal obligations. We may retain records to investigate or defend against potential legal claims. When retention of the personal data is no longer necessary, the data will be deleted or aggregated for analytic purposes.
We do not currently commit to responding to browsers “do not track” signals with respect to BCD M&E websites and applications. We process your personal data through our websites and applications in accordance with this Policy, irrespective of your tracking settings.
BCD M&E does not knowingly collect personal data from children. Individuals under 18 years of age should not use our Services to submit any personal data about themselves.
You may choose what personal data (if any) you wish to provide to us. However, if you choose not to provide certain details, your experience with some or all of our Services may be affected.
To the extent required by applicable law, you have the ability to exercise various rights with regard to your personal data (i.e. access, correction, erasure, restriction, objection, portability, etc.). BCD M&E will handle such requests in accordance with applicable law, including in the time specified by applicable law and where permitted by applicable law, may charge a reasonable administrative fee to cover the costs of responding to any such request. Where processing is based on consent, you have the right to withdraw consent at any time if required by applicable law, without affecting the lawfulness of processing based on your consent before your withdrawal.
In some jurisdictions, in addition to you agreeing to this Policy, data privacy or protection laws may require us to obtain a separate express consent for processing of your personal data. Your consent may also be implied in some circumstances, as permitted by applicable law, such as when communications are required to fulfill your requests.
If you wish to exercise any of your rights as described in this Policy, you (or, in accordance with applicable law, someone on your behalf), can submit your request by clicking here.
If you have any questions about this Policy, you can contact BCD M&E’s Data Protection Officer as follows:
Attn: BCD Travel Services B.V.
Address: Europalaan 300
City/State/Zip: 3526 KS Utrecht, The Netherlands
Email: [email protected]
BCD M&E will respond to your request via the email address you use to exercise your request, the phone number that you have registered with us or we otherwise have on file for you, or any other suitable method. Depending on your request, we may review the request with you and/or your Company to assist in resolving and responding to the request.
We are committed to working with you to obtain a fair resolution of any complaint or concern you may have about our use of your personal data. If, however, you believe that we have not been able to assist with your complaint or concern, you may have the right to make a complaint to the data protection authority in your country (if one exists in your country).
BCD M&E reserves the right to revise, amend, or modify this Policy at any time and in any manner. When we post changes to this Policy, we will update the “last updated” date at the top of this Policy and we encourage you to regularly check this Policy for changes.