Whova Privacy Policy

Updated on Oct 8th, 2024

Whova Inc provides Services through whova.com web pages and Whova Apps to you subject to this Privacy Policy, its Terms of Use, and its other policies. Whova may change this Privacy Policy at any time. By continuing to access or use Whova Services, you accept any changes or revisions to this Privacy Policy.

Whova, Inc complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Whova Inc has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Whova, Inc has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/

IF YOU DO NOT AGREE TO THIS POLICY, DO NOT USE WHOVA

1. Information Available in Whova Services

Whova aggregates publicly available information from company web pages, university web pages, news pages, public social network profiles, publication databases, patent databases, and other public sources (“Public Information”). This Public Information is available to the public directly from those sources (even without Whova). Whova does not verify and cannot guarantee the accuracy of this Public Information. For certain social network websites, Whova will only get and show information if users provided corresponding login credentials. It is a user’s responsibility to validate and revise his/her own profile information in Whova Apps (including Whova Android App, Whova IOS App and Whova Web App).

2. Opt in/out Policy for the Attendee List on the Whova Apps

Whova supports three different policies on whether an attendee is listed in the event attendee list on Whova Apps. Event organizers can decide which policy to apply to their events in Whova Apps and it is the event organizers’ responsibility to make their attendees (users) be aware of the policy.
Please note that regardless of opt in/out policy, attendees’ contact information (e.g. emails, phone numbers) is not disclosed to other attendees unless users explicitly exchange their contact information via Whova Apps.

  • Opt-out Policy (default). Under this policy, attendees (minus some VIPs selected by organizers) are listed in the attendee list on Whova Apps to help foster pre-event networking. If a user does not want his/her name and profile to be listed and viewed by other attendees, he/she needs to explicitly opt out by changing the visibility setting on the Setting menu to be “invisible”.
  • Opt-in once sign-in. Under this policy, once an attendee signs in to Whova Apps, his/her name will be listed in the attendee list of this event to facilitate networking. They can still become invisible by changing the visibility setting on the Setting menu. If an attendee never signs in to Whova Apps, his/her name is not listed.
  • Explicit Opt-in. Under this policy, once an attendee signs in to Whova Apps, he/she is explicitly asked whether he/she wants to be listed in the attendee list for other attendees to network with him/her. Based on the answer, his/her initial visibility status will be set to “visible” or “invisible”, and he/she can still switch between the two by changing it on the Settings menu. If an attendee never signs in to Whova Apps, his/her name is not listed.

3. Remove Your Information from Whova Services

As a Whova user, you have a choice to remove your information from Whova services by contacting us at support@whova.com. After verification (we will need you to verify that you are removing your own information instead of others), we remove your information from Whova Service. Note that since Whova collects information from the Internet, having information removed from Whova Service does not mean that it is removed from its original data sources. Attendees need to contact organizers to ensure removals from all original data sources.  In the Whova app, users can also validate and revise his/her own profile.

4. Personal Data Whova Collects

  • a) Whova Services collects information about platform usages. This may include information about any IP address used to access Whova Services and user activities on Whova Platforms. This is intended to help us improve Whova Platform and Services to give users a better experience.
  • b) Whova collects information that a user needs to provide in creating an account at Whova Services. This may include information such as your name, email address, social network sign- in. We do not provide your information to any third party (subject to Section 5 below).
  • c) Whova allows users to retain and access history and bookmark profiles on selected Whova Platforms and Services. Users may delete one or all at any time when Whova Services are available. Whova does not share user browsing history and bookmarks with any third party (subject to Section 5 below).
  • d) Certain functionalities of Whova Services require users to enter Personal Data to access their accounts with third-party websites, such as third-party social networks and websites. Users’ third-party login credentials will be stored for their convenience of continuously accessing the third party information upon their requests. We do not use this information for any other purpose. Your third-party login credentials are hashed and stored with the strictest security standards.

5. Use and Sharing of Personal Data

  • a) Whova may use Personal Data you provide to Whova Services to create and maintain your account, to personalize your experience, and to send email communications relating to Whova Services. Whova does not sell, exchange, transfer, or give this type of Personal Data to any other company without your consent.
  • b) Whova may use Personal Data about your use of Whova Services to improve our services. Whova may also use personal data with 3rd parties services and technologies as described below:
    • Monitoring services, such as Google Analytics, to assist Whova in improving our quality of service.
    • Cloud hosting providers, such as AWS, Vimeo, Kaltura, etc,  to ensure service availability and permanent storage
    • Cookies, Pixel Tags, Local Shared Objects, Web Storage and other similar technologies.

    As a result, information about how you use Whova Services may be available to other companies such as Google or Amazon AWS to the extent that their technology collects such information for Whova’s use. Whova actively protects your usage anonymity and does not distribute personally identifiable information about your use of Whova Services to any third parties other than explicitly in the Whova data subprocessor list.

  • c) Whova reserves the right to disclose Personal Data to third parties if required to do so by law, or if Whova has a good faith belief that disclosure is necessary to (1) comply with legal process served on us; (2) protect and defend our rights or property; (3) act in an emergency to protect someone’s safety.
  • d) Whova reserves the right to transfer Personal Data to any successor in interest to Whova’s business.
  • e) The Privacy Policy describes Whova’s handling of personally identifiable information as required by the California Online Privacy Protection Act.

6. Cookies, Pixels Tags, Local Shared Objects, Web Storage And Similar Technologies
Please refer to our Cookie Statement for more information about our use of cookies and other similar tracking technologies.

7. Children’s Privacy

  • a) Whova Services is directed to people who are at least 18 years old, and Whova does not knowingly collect Personal Data from anyone under the age of 18. If You are aware that Whova has collected Personal Data from someone under the age of 18, please alert Whova at support@whova.com and the information will be removed from our system as soon as is reasonably possible. This policy regarding collection of data from children exceeds the requirements of the Children’s Online Privacy Protection Act. This Privacy Policy does not apply to the practices of our Customers and other event participants, with which your child may interact. You should review the applicable terms and policies from Customers, specifically event organizers, and their partners including but not limited to speakers, exhibitors and sponsors, production vendors, to determine their data collection and use practices.
  • b) Whova does not knowingly aggregate or provide Public Information about people under the age of 18. Whova may return Public Information about children between the ages of 13 and 18 because this Public Information originates from third-party social networking sites and websites that permit children who are 13 years and older to create public profiles.

8. Security

We have tried our best in removing any possible security holes in our released browser extensions and apps, but since it is hard to 100% verify software, we cannot provide 100% guarantee that Whova Services has zero security vulnerability. Whova is not responsible for any security issues caused by Whova Services.

9. International Data Transfers and Certain User Rights

9.1 Location of Data
Whova is based in the United States. We provide services globally using computer systems, servers, and databases located in the U.S.. When you use our services from outside of the U.S., your information may be transferred to and processed in the U.S.. Please note that U.S. data and privacy laws may not be as comprehensive as those in your country. Residents of certain countries may be subject to additional protections as set forth in Sections 9.2, and 9.3 and 9.4 below.

9.2. EEA, SWITZERLAND AND UK ONLY

If you are attending or organizing an event in the EU, Switzerland and UK, you have to read the privacy policy specified in the following Sections. If you do not agree to this policy, do not use Whova.

9.2.1. The EU General Data Protection Regulation (GDPR)

In May 2018, a new data privacy law known as the EU General Data Protection Regulation (or the “GDPR”) becomes effective. The GDPR requires Whova and event organizers to provide the Whova users with more information about the processing of their Personal Data.

9.2.2. Legal grounds for processing your Personal Data

The GDPR requires us to tell you about the legal ground we’re relying on to process any Personal Data about you. The legal grounds for us processing your Personal Data include:

  •  you provided your consent;
  •  it is necessary for our contractual relationship;
  •  the processing is necessary for us to comply with our legal or regulatory obligations; and/or
  •  the processing is in our legitimate interest to fulfill our service as an event organizing, content providing, and ticketing platform (for example, to provide you with customer service, and to protect the security and integrity of our systems, etc.).

9.2.3. Whova as a data processor

EU data protection law makes a distinction between organizations that process Personal Data for their own purposes (known as “data controllers”) and organizations that process Personal Data on behalf of other organizations (known as “data processors”). If you have a question or complaint about how your Personal Data is handled, these should always be directed to the relevant data controller since they are the ones with primary responsibility for your Personal Data.

Where Whova processes attendees’ Personal Data on behalf of Organizer as part of the Services, Whova is a Data Processor in performing such Processing and Organizer is the Data Controller. This includes circumstances where Whova obtains Personal Data as a result of the provision of its core event management services (for example, where Whova authenticates attendees’ identity based on the attendee list that organizers uploaded to Whova, facilitates the transmission of emails to attendees at the request of Organizers, or provides event reports and tools to enable Organizers to gain insights into their attendees and the effectiveness of using the Whova products).

Whova merely provides an event engagement and management “tool” for Organizers; Whova does not decide what Personal Data to request on registration forms, nor is it responsible for the continued accuracy of any Personal Data provided. Any questions that you may have relating to your Personal Data and your rights under data protection law should therefore be directed to the event organizers as the data controller, not to Whova.

We offer the ability for event organizers to email attendees directly through our platform. This functionality was built to send service-related emails specific to an organizer’s event attended by the recipient of such email. If an organizer wants to use this function, the organizer needs to secure his/her own compliant opt-in consents for the sending of such emails. Whova does not do this on the organizer’s behalf. 

9.2.4. Whova as a data controller

In respect of some processing of Personal Data, Whova may act as a Data Controller, for example, where attendees have engaged with aspects of Whova’s application beyond those relating to organizers’ events, where event organizers and attendees directly provide the Personal Data about themselves as part of their account-creation process, or where Personal Data is processed by Whova to conduct research and analysis to enable Whova to improve its products and features (See Section 5(b) in the Whova Privacy Policy).

9.2.5. Data Access and Data Deletion

Data protection law provides you with rights in respect of Personal Data that we hold about you, including the right to request a copy of the Personal Data, request that we rectify, restrict or delete your Personal Data, and unsubscribe from marketing communications.

Whova app users can exercise these rights by editing their profiles on the Whova app, as well as deleting messages or photos posted by them. If you cannot find what you’re looking for, please contact us at support@whova.com. Also, should one of your attendees ask you to have Whova remove that attendee’s Personal Data from the Whova system, please forward the request to us at support@whova.com. Our support team may reach out to the user directly to confirm the request. Please note that requests to exercise data protection rights will be handled by us on a case-by-case basis. There may be circumstances where we are not legally required to comply with your request because of the laws in your jurisdiction or because of exemptions provided for in data protection legislation.

9.2.6. Transfers of Personal Data

We may need to transfer your Personal Data outside of the country from which it was originally provided. This may be Whova or third parties (e.g. Amazon Cloud) that we work with who may be located in jurisdictions outside the EEA, Switzerland and the UK which have no data protection laws or laws that are less strict compared with those in Europe.

Whenever we transfer Personal Data outside of the EEA, Switzerland or the UK, we take legally required steps to make sure that appropriate safeguards are in place to protect your Personal Data. Such transfers will be made pursuant to the standard data protection clauses adopted by the Commission (EU Standard Contractual Clauses (Processors)).

In the event that EU authorities or courts determine that the transfer mechanism above is no longer an appropriate basis for transfers, Whova and customer shall promptly take all steps reasonably necessary to demonstrate adequate protection for the Personal Data, using another approved mechanism.

9.2.7. Data Incident Notifications

In cases where we are a data controller over data accessed in an unauthorized manner, we will notify the affected users directly. When we are solely a processor of data, we will notify event organizers we determine to be most likely in contact with that individual around the time of a data incident involving the unauthorized access of that individual’s Personal Data.

9.3. California Users

Under California’s “Shine the Light” law, California residents have the right to opt out of disclosing information to third parties for the purpose of allowing such third parties to directly market their products and services. At this time, we do not engage in this type of disclosure. Under the California Consumer Privacy Act (“CCPA”), California consumers have the following rights, which can be exercised directly or in certain cases, through an authorized agent:

Right to Know. You have the right to request information about the categories and sources of personal information we collect, our purposes for collecting the information, and the types of third parties that receive that information. Details about our data collection, use and third-party disclosures can be found in section 4 and 5 above. In addition, you have the right to request a copy of your personal information. You may exercise this right once per 12 month period by sending your request to privacy@whova.com.

Right to Delete. You have the right to request that we delete some or all of the personal information that we have about you. Deleting all data will typically require the deletion of your account, along with all content. Notwithstanding the foregoing, we may retain information to provide services you have ordered, complete transactions, honor opt-outs, prevent fraud, spam, and other abuse, comply with our legal obligations, cooperate with law enforcement, and to exercise and defend our rights. You can exercise your right to delete by sending a request to support@whova.com.

Do Not Sell. You have the right to opt out of the sale of your personal information, and to request information about whether we have sold your personal information in the past 12 months. When you use our services, we may share your personal information with advertising partners in a way that may constitute a sale under the CCPA. You may opt out via the link provided on the relevant page or app. If we do not provide an opt-out mechanism, it is because we do not believe in good faith that your personal information is being sold.

Non-Discrimination. We won’t discriminate against you because you exercise any rights herein. To exercise your rights to know and delete, we must be able to verify your identity as the owner of the Whova account you are inquiring about. We may not be able to fulfill your request until we can do so. In general, we verify identity by confirming that you are the owner of the email address associated with the account. An authorized agent submitting a request on your behalf must also have access to the email address associated with the account, along with sufficient evidence that you have authorized that person to submit the request on your behalf. Although you need not have a Whova account to submit a request, we may not be able to locate certain information to process your request if you don’t have one.

9.4 Nevada Users
Nevada residents have the right to opt out of the sale of certain “covered information” collected by operators of websites or online services. We currently do not sell covered information, as “sale” is defined by such law, and we don’t have plans to sell this information. However, if you would like to be notified if we decide in the future to sell personal information covered by the Act, you can send your request to privacy@whova.com. You can provide us with your name and email address here. You are responsible for updating any change in your email address by the same method and we are not obligated to cross-reference other emails you may have otherwise provided us for other purposes. We will maintain this information and contact you if our plans change. At that time, we will create a process for verifying your identity and providing an opportunity to verified consumers to complete their opt-out. Please become familiar with our data practices as set forth in this Privacy Policy. We may share your data as explained in this Privacy Policy, such as to enhance your experiences and our services, and those activities will be unaffected by a Nevada do not sell request.

10. Data Protection Framework (DPF)

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Whova, Inc commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Whova, Inc at: privacy@whova.com.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Whova, Inc commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to the International Centre for Dispute Resolution American Arbitration Association (ICDR/AAA), an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://go.adr.org/dpf_irm.html for more information or to file a complaint. The services of ICDR/AAA are provided at no cost to you.

Contacting Whova

If you have any further questions regarding our privacy policy, please contact us to let us know at:
Whova, Inc
10182 Telesis CT STE 500,
San Diego, CA 92121
Email: support@whova.com
Phone:+1 855-978-6578

Pin It on Pinterest