Updated on March 24th, 2020
IF YOU DO NOT AGREE TO THIS POLICY, DO NOT USE WHOVA
1. Information Available in Whova Services
Whova aggregates publicly available information from company web pages, university web pages, news pages, public social network profiles, publication databases, patent databases, and other public sources (“Public Information”). This Public Information is available to public directly from those sources (even without Whova). Whova does not verify and cannot guarantee the accuracy of this Public Information. For certain social network websites, Whova will only get and show information if users provided corresponding login credentials. It is a user’s responsibility to validate and revise his own profile information in Whova Apps (including Whova Android App, Whova IOS App and Whova Web App).
2. Opt in/out Policy for the Attendee List on the Whova Apps
Whova supports three different policies on whether an attendee is listed in the event attendee list on Whova Apps. Event organizers can decide which policy to apply to their events in Whova Apps and it is the event organizers’ responsibility to make their attendees (users) be aware of the policy.
Please note that regardless of opt in/out policy, attendees’ contact information (e.g. emails, phone numbers) is not disclosed to other attendees unless users explicitly exchange their contact information via Whova Apps.
- a) Under this policy, attendees (minus some VIPs selected by organizers) are listed in the attendee list on Whova Apps to help foster pre-event networking. If a user does not want his/her name and profile to be listed and viewed by other attendees, he/she needs to explicitly opt themselves out by changing the visibility setting on the Setting menu to be “invisible”.
- b) Policy 2: Opt-in once sign-in. Under this policy, once an attendee signs in to Whova Apps, his/her name will be listed in the attendee list of this event to facilitate networking. They can still become invisible by changing the visibility setting on the Setting menu. If an attendee never signs in to Whova Apps, his/her name is not listed.
- c) Policy 3: Explicit Opt-in. Under this policy, once an attendee signs in to Whova Apps, he/she is explicitly asked whether he/she wants to be listed in the attendee list for other attendees to network with him/her. Based on the answer, his/her initial visibility status will be set to “visible” or “invisible”, and he/she can still switch between the two by changing it on the Setting menu. If an attendee never signs in to Whova Apps, his/her name is not listed.
3. Remove Your Information from Whova Services
You have a choice to remove your information from Whova services by contacting us at firstname.lastname@example.org. After verification (we will need you to verify that you are removing your own information instead of others), we remove your information from Whova Service. Note that since Whova collects information from Internet, having information removed from Whova Service does not mean that it is removed from its original data sources. In the Whova app, user can also validate and revise his own profile.
4. Personal Data Whova Collects
- a) Whova Services collects information about your usages. This may include information about any IP address used to access Whova Services and your activities on Whova Services. This is intended to help us improving Whova Services to give users better experience.
- b) Whova collects information that you provide in creating an account at Whova Services. This may include information such as your name, email address, social network sign- in. We do not provide your information to any third party (subject to Section 5 below).
- c) Whova allows you to retain and access Your search history and bookmark profiles on selected Whova Services. You may delete one or all at any time when Whova Services are available. Whova does not share your history and bookmarks with any third party (subject to Section 5 below).
- d) Certain functionalities of Whova Services require you to enter Personal Data to access your accounts with third-party websites, such as third-party social networks and websites. Your third-party login credentials will be stored for your convenience of continuously accessing the third party information upon your requests. We do not use this information for any other purpose. Your third-party login credentials are hashed and stored with the strictest security standards.
5. Use and Sharing of Personal Data
- a) Whova may use Personal Data you provide to Whova Services to create and maintain your account, to personalize your experience, and to send email communications relating to Whova Services. Whova does not sell, exchange, transfer, or give this type of Personal Data to any other company without your consent.
- b) Whova may use Personal Data about your use of Whova Services to improve our services. Whova may also use personal data with 3rd parties services and technologies as described below:
- Monitoring services, such as Google Analytics, to assist Whova in improving our quality of service.
- Cloud hosting providers, such as AWS, to ensure service availability and permanent storage
As a result, information about how you use Whova Services may be available to these other companies such as Google to the extent that their technology collects such information for Whova’s use. Whova actively protects your usage anonymity and does not distribute personally identifiable information about your use of Whova Services to any third parties other than as described above.
- c) Whova reserves the right to disclose Personal Data to third parties if required to do so by law, or if Whova has a good faith belief that disclosure is necessary to (1) comply with legal process served on us; (2) protect and defend our rights or property; (3) act in an emergency to protect someone’s safety.
- d) Whova reserves the right to transfer Personal Data to any successor in interest to the Whova’s business.
6. Children’s Privacy
- a) Whova Services is directed to people who are at least 18 years old, and Whova does not knowingly collect Personal Data from anyone under the age of 18. If You are aware that Whova has collected Personal Data from someone under the age of 18, please alert Whova at email@example.com and the information will be removed from our system as soon as is reasonably possible. This policy regarding collection of data from children exceeds the requirements of the Children’s Online Privacy Protection Act.
- b) Whova does not knowingly aggregate or provide Public Information about people under the age of 18. Whova’s email search may return Public Information about children between the ages of 13 and 18 because this Public Information originates from third-party social networking sites and websites that permit children who are 13 years and older to create public profiles.
We have tried our best in removing any possible security holes in our released browser extensions and apps, but since it is hard to 100% verify software, we cannot provide 100% guarantee that Whova Services has zero security vulnerability. Whova is not responsible for any security issues caused by Whova Services.
8. EEA, SWITZERLAND AND UK ONLY
8.1. The EU General Data Protection Regulation (GDPR)
In May 2018, a new data privacy law known as the EU General Data Protection Regulation (or the “GDPR”) becomes effective. The GDPR requires Whova and event organizers to provide the Whova users with more information about the processing of their Personal Data.
8.2. Legal grounds for processing your Personal Data
The GDPR requires us to tell you about the legal ground we’re relying on to process any Personal Data about you. The legal grounds for us processing your Personal Data include:
- you provided your consent;
- it is necessary for our contractual relationship;
- the processing is necessary for us to comply with our legal or regulatory obligations; and/or
- the processing is in our legitimate interest to fulfill our service as an event organizing, content providing, and ticketing platform (for example, to provide you with customer service, and to protect the security and integrity of our systems, etc.).
8.3. Whova as a data processor
EU data protection law makes a distinction between organizations that process Personal Data for their own purposes (known as “data controllers”) and organizations that process Personal Data on behalf of other organizations (known as “data processors”). If you have a question or complaint about how your Personal Data is handled, these should always be directed to the relevant data controller since they are the ones with primary responsibility for your Personal Data.
Where Whova processes attendees’ Personal Data on behalf of Organizer as part of the Services, Whova is a Data Processor in performing such Processing and Organizer is the Data Controller. This includes circumstances where Whova obtains Personal Data as a result of the provision of its core event management services (for example, where Whova authenticates attendees’ identity based on the attendee list that organizers uploaded to Whova, facilitates the transmission of emails to attendees at the request of Organizers, or provides event reports and tools to enable Organizers to gain insights into their attendees and the effectiveness of using the Whova products).
Whova merely provides an event engagement and management “tool” for Organizers; Whova does not decide what Personal Data to request on registration forms, nor is it responsible for the continued accuracy of any Personal Data provided. Any questions that you may have relating to your Personal Data and your rights under data protection law should therefore be directed to the event organizers as the data controller, not to Whova.
We offer the ability for event organizers to email attendees directly through our platform. This functionality was built to send service-related emails specific to an organizer’s event attended by the recipient of such email. If an organizer wants to use this function, the organizer needs to secure his/her own compliant opt-in consents for the sending of such emails. Whova does not do this on the organizer’s behalf.
8.4. Whova as a data controller
8.5. Data Access and Data Deletion
Data protection law provides you with rights in respect of Personal Data that we hold about you, including the right to request a copy of the Personal Data, request that we rectify, restrict or delete your Personal Data, and unsubscribe from marketing communications.
Whova app users can exercise these rights by editing their profiles on the Whova app, as well as deleting messages or photos posted by them. If you cannot find what you’re looking for, please contact us at firstname.lastname@example.org. Also, should one of your attendees ask you to have Whova remove that attendee’s Personal Data from the Whova system, please forward the request to us at email@example.com. Our support team may reach out to the user directly to confirm the request. Please note that requests to exercise data protection rights will be handled by us on a case-by-case basis. There may be circumstances where we are not legally required to comply with your request because of the laws in your jurisdiction or because of exemptions provided for in data protection legislation.
8.6. Transfers of Personal Data
We may need to transfer your Personal Data outside of the country from which it was originally provided. This may be Whova or third parties (e.g. Amazon Cloud) that we work with who may be located in jurisdictions outside the EEA, Switzerland and the UK which have no data protection laws or laws that are less strict compared with those in Europe.
Whenever we transfer Personal Data outside of the EEA, Switzerland or the UK, we take legally required steps to make sure that appropriate safeguards are in place to protect your Personal Data. Such transfers will be made pursuant to the standard data protection clauses adopted by the Commission (EU Standard Contractual Clauses (Processors)).
In the event that EU authorities or courts determine that the transfer mechanism above is no longer an appropriate basis for transfers, Whova and customer shall promptly take all steps reasonably necessary to demonstrate adequate protection for the Personal Data, using another approved mechanism.
8.7. Data Incident Notifications
In cases where we are a data controller over data accessed in an unauthorized manner, we will notify the affected users directly. When we are solely a processor of data, we will notify event organizers we determine to be most likely in contact with that individual around the time of a data incident involving the unauthorized access of that individual’s Personal Data.
9. Privacy Shield
We comply with the EU-US Privacy Shield regarding the collection, use and retention of personal information transferred from the EU and Switzerland.
If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.
As participating in the Privacy Shield, we are subject to the jurisdiction and enforcement powers of the US Federal Trade Commission. We may be liable for the onward transfer of personal data to a third-party agent, as described in the Privacy Shield Principles. Under certain circumstances, we may be required to disclose personal information to public authorities, for law enforcement purposes. To learn more about the Privacy Shield framework please visit: https://www.privacyshield.gov/
As a part of our participation in the Privacy Shield framework, we provide an alternative dispute resolver, JAMS (https://www.jamsadr.com/eu-us-privacy-shield), in case we have not completely addressed your complaints. This service is free of charge. Under certain circumstances, you may have the right to invoke binding arbitration, as described in the Annex I of the Privacy Shield: https://www.privacyshield.gov/article?id=ANNEX-I-introduction
7310 Miramar Road, Suite 200,
San Diego, CA 92126