Your friendly and customisable event registration system

Talk to our team today

DelegateManager™ Privacy Policy

Version 1.10 - Last updated 30 May 2018

The privacy of our website users is important to us and we take care to safeguard it. This policy explains how we use such personal information we may hold about you.

Your Privacy – In short

DelegateManager can be used in two capacities:

  • As a delegate if you have registered for an event hosted on DelegateManager.
  • As an event organiser if you use DelegateManager to manage your event(s).

Information for Delegates

DelegateManager allows organisers to use tracking services such as Google Analytics and Google Tag Manager software in order for event organisers to track conversions when a registration is complete.

If tracking services, like the above are enabled on our system, delegates are implicitly made aware of the tracking in compliance with EU Privacy legislation.

DelegateManager uses 'session cookies' during the registration process to guarantee authentication. The cookies are not used to track any personal data, preferences or otherwise, and are only used to store logged in status.

When a delegate clicks the 'I'm finished' button at the end of registration, the session cookie is destroyed.

Registration information is passed along to the organisers of the event. We never share delegate information with any third parties*.

Information for Event Organisers

DelegateManager uses 'session cookies' to enable authenticated login to the event management 'Dashboard' software. The cookies are not used to track any personal data, preferences or otherwise, and are only used to store logged in status.

When an event organiser signs out, the session cookie is destroyed.

We never share event organiser information with any third party without consent.

DelegateManager employees and contractors have the ability to take control of any event organiser's account for support purposes, but passwords are stored using one way encryption, that cannot be retrieved.

Overall event numbers, and ticket numbers are aggregated across all events for our own internal statistical use.


Your Privacy – In detail

Important information

Queries

If you have any queries concerning your personal information or any questions on our use of your information, please contact compliance@delegatemanager.com.

Changes

Our privacy policy is regularly reviewed to make sure that we continue to serve your privacy interests. We reserve the right to modify or otherwise update this privacy policy and these changes will be posted on our website. We encourage you to visit this page from time to time to ensure that you are aware of any changes we may have made.

Who are we

Us

This Privacy Policy references to "we", "our" and "us" and "DelegateManager" are to DelegateManager and 20/20 Productions Europe Ltd, the organisation responsible for the DelegateManager website, 20/20 Productions Europe Ltd are a company registered in Scotland under company no SC12748 and having its registered office address at 181 Pleasance, Edinburgh, EH8 9RU. Our VAT number is 553604941.

For more information about 20/20 Productions Europe Ltd, please click here.

What information we collect and why

What are cookies?

Cookies are small text files, which often include a unique identifier that is sent by a web server to your computer, mobile phone or any other internet enabled device when you visit a website. Cookies are widely used in order to make websites work efficiently and help provide us with business and marketing information to enable us to make informed decisions on the development of our service. We may collect information about your computer, including your IP address, operating system and browser type. This is statistical data about our users' browsing actions and patterns, and does not identify any individual.

Essential cookies - These cookies make sure our website delivers information and services securely. Without them, you wouldn't be able to use our services. You can't opt out of using these cookies.

Non-essential cookies - These cookies help us deliver a better experience on our service, but you as the user have the right to opt out of these at any time. You can change your cookie settings for these cookies by modifying your browser preference below.

Session Cookies - A session cookie contains information that is stored in a temporary memory location and then subsequently deleted after the session is completed or the web browser is closed.

Persistent Cookies - A persistent cookie is a data file capable of providing websites with user preferences, settings and information for future visits.

Cookies used

We may use both session cookies and persistent cookies on this website. The following cookies may be sent to you (please note sizes may vary slightly):

Cookie Name Expiry Date Size Essential Purpose
1 YII_CSRF_TOKEN Session 54 B Yes Lets us provide secure access to our online services.
2 PHPSESSID Session 41 B Yes
3 userCookie 2 days
(destroyed after log in)
42 B Yes Lets us establish a unique user during secure login.
4 _ga 2 years from set/update 30 B No Google Analytics Tracking cookie.
- Used to distinguish users.
5 _gat 1 minutes 5 B No Google Analytics Tracking cookie.
- Used to throttle request rate.
6 _gid 24 hours 30 B No Google Analytics Tracking cookie.
- Used to distinguish users.
7 cookieconsent_status 1 year from set/update 24 B / 27 B Yes Records whether or not you have accepted the use of non-essential cookies on our site.
8 driftt_aid Session 46 B No Establishes Drift Chat feature
- Anonymous identifier token
9 driftt_sid Session 46 B No Establishes Drift Chat feature
- Identifier token for specific browser session

Cookies (1) & (2) are session cookies. These cookies should only load via HTTPS. Cookie (3) is used to uniquely identify a user attempting to access the system and is only used to help prevent suspected malicious activity. Cookies (4), (5) & (6) are tracking cookies installed by Google Analytics. These cookies are non-essential and you have the right to opt-out of these at any point in time. Cookie (7) is stored when the user implicitly agrees to have cookies stored on their machine, these are set in order to remember preference in regards to cookies being stored. Cookie (8) & (9) are used by our chat feature, powered by Drift. These cookies are non-essential, however as session cookies, are destroyed at the end of each browser session.

Our chat feature, powered by Drift, also installs a secondary set of cookies under the url 'https://js.driftt.com'. This is to establish a connection with the Drift chat platform. For more information about what these cookies do any why, please visit the Drift Help center for more information.

Event organisers have the ability to add Google Tag Manager scripts into their event registration system, allowing additional cookies to be set in your browser - used generally to track where traffic came from and too. By Opting out of non-essential cookies, these additional cookies will stop being enabled.

Change your cookie settings

You have the right to opt out of non-essential cookies at any point in type.

Information volunteered by you (the delegate)

The core functionality of this website gives you the option to submit some personal information to us. We may be provided with data which is or may be personal data in relation to event organisers and delegates or their individual representatives. Information we collect will include names & email addresses, which is necessary in the delivery of the DelegateManager service and in turn necessary for the performance of a contract and adherence to the terms and conditions of the service. Additional information may be captured from you, at the request of the event organiser. This additional information is pursuant to legitimate interests, ensuring the event organiser has the relevant information to produce the event as well as enhancing your delegate experience.

DelegateManager does not allow sensitive personal data, such as information about sexual orientation or religious views to be captured, however, information regarding a delegates health (like any accessibility requirements) may be captured during registration. This information not only enhances the delegate experience and is a legitimate business interest to the event organiser, but is also captured through explicit consent provided by the delegate - which can be withdrawn at any time. Information we collect will only be shared with the direct event organiser. No information will be shared with other third parties*.

Although DelegateManager is defined as the Data Controller – the event organiser (having access to the data at any point during and post-registration) also becomes a recognised Data Controller, during this period. Once data is fully passed to the event organiser post-event, any delegates would need to refer to the event organisers Privacy Policies and Terms and Conditions regarding how their data is used/processed thereafter.

It is important you are aware of browser tracking. Our Dot Com website uses tracking, supplied and developed by Google, and is by default active. These cookies help us pursue our legitimate interest in developing this service in order to enhance your experience. Our Dot Com website uses IP Anonymisation – meaning as soon as technically feasible, IP addresses are masked, so we, nor the service provider, can track you by IP address. This data is held for 14 months.

For you, a delegate registering onto an event, these services are disabled by default and if enabled, you will be implicitly made aware of the tracking. This information would be stored to enable the event organiser to track user journeys. These would be provided by service such as Google Analytics / Tag Manager. Where possible, we also request event organisers to use IP Anonymisation.

*Services such as Campaign Monitor for email campaigning, Clickatell for SMS campaigning, Crowd Comms for Event Apps, Google Analytics / Tag Manager for website tracking, Salesforce Customer Relationship Management services are utilised by DelegateManager. Data is securely stored by these parties and is not passed to any other parties.

IP addresses

The information we collect via this website may also include your IP address (this is your computer’s individual identification number that is assigned to your computer when connected to the Internet) which is automatically logged by our web-server. This information is collected by our website (hosted in the United Kingdom), and is processed to ensure our legitimate interests in maintaining a secure and reliable website. This information is never passed to any other individual, event organiser or third party provider.

What we do with your information

Compliance

Any personal information we collect from this website will be used in accordance with the General Data Protection Regulations (GDPR), the Data Protection Bill and other applicable laws.

Keeping you informed

The IP addresses logged by our website server may be used by us to perform technical diagnosis of our website’s performance on a statistical basis and to analyse traffic data (so as to gauge interest in our website).

Law enforcement

We reserve the right to co-operate with law enforcement officials in the investigation of alleged unlawful activities of our website users or relating to our website users. We will have no legal liability for such disclosures. Unless we suspect fraud, we do not use your IP address to identify you personally. We also reserve the right to disclose any personal data to third parties if we are under a duty to disclose or share personal data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions (as amended from time to time) or to protect the rights, property, or safety of 20/20 Productions Europe Ltd, our customers, or others. This includes exchanging information with other companies and organisations for the purpose of fraud protection and credit risk reduction.

Security

We will do our best to protect your personal data but we cannot guarantee the security of that data in transmission since the internet is not wholly secure. Once the information has been received by us, we will use strict procedures and security techniques to try to prevent unauthorised access.

SSL Security

We work to protect the security of your information during transmission by using Secure Sockets Layer (SSL) software, which encrypts information you input and the information we may send to the event organiser. It is important for you to protect against unauthorised access to your password and to your computer. Be sure to sign off/log off when finished using a shared computer.

Server Protection

DelegateManager servers are managed by UK based IAAS Catalyst2, with physical data centre based in TELEHOUSE, London, UK. For any other data not held in the UK, please refer to the footnote in the sub-section 'Information volunteered by you'. TELEHOUSE are ISO9001/27001 accredited. Our third party services provide excellence on physical security, industry standard security practices, disaster recovery, rolling 7-day back-up retention policies, data protection and data destruction.

Your data, your rights

We jointly process your personal information (as data controllers) with the event organiser. For information on how your event organiser uses your data, please view their privacy policy (there will be a link to this on your delegate landing page). The following information relates to information held on DelegateManager;

Updating your data

The GDPR and Data Protection Bill states that we must ensure that personal data held by us is accurate and up-to-date. Please help us to fulfil this obligation by informing us of any changes in your personal details. Depending on the registration process of your event, you may be able to update your own information. However, if this is not possible, you can contact your event organiser who can update any information you have submitted. Where a request to rectify your data is submitted, we will ensure changes are made within 1 month of receiving the request.

Removing your data

If you would like your personal information removed from our systems, please email compliance@delegatemanager.com. Our team will have 1 month, where applicable, to facilitate such a request.

Obtaining or Transferring your data

You also have the right to request a copy of any personal information we hold about you. To access your information, please email compliance@delegatemanager.com, or contact your event organiser. Our team will have 1 month to facilitate such a request.

Object to Data Processing

Where we process your data under legitimate interest, where applicable, you have the right to object to this processing. To submit this request, please email compliance@delegatemanager.com.

How long is your data held for

We may retain your personal data from when you register until one month after the event has occurred. Data is permanently removed after that date. Delegates that did not specifically sign-up to attend an event are marked as ‘incomplete bookings’ and this data will be removed if there have been two months of inactivity on your account.

Your data may persist on backup media after this duration has elapsed, however, this data is not accessible after seven days.

As part of our security monitoring activities we log activity at an IP Address level, which helps us identify unusual activity that may require investigation as part of bug fixing or suspected malicious activity. This information is required to help us fulfil our contractual obligations to you. Our Logs are securely maintained with limited, authorised access and are retained by our hosting service providers for up to 12 months after which they are permanently erased.

Tracking data on both Google Analytics and Google Firebase (for DelegateManager Check-In app) is held for 14 months.

More information

Detailed information about your rights under the GDPR and the Data Protection Bill and can be found on the website of the United Kingdom Information Commissioners Office, the address of which is ico.org.uk (as at the date of this Privacy Policy). The telephone number of the Information Commissioner’s Office is 0303 123 1113 (or +44 1625 545 745 if phoning from outside the United Kingdom).

Other websites

Hyper links

This Privacy Policy only covers personal data collected via this website. While we carefully select the websites to which we link, we are not responsible for the privacy practices or the content of these websites.

Any thoughts shared by another website belong to that person(s) and are not necessarily the views of 20/20 Productions.

DelegateManager Check-In App for iOS and Android platforms

Device Information

We use this information to help us provide and support our product to the best of our abilities. The information we gather from the DelegateManager Check-In app is used to help troubleshoot any issues that arise and provide support to users where possible.

Information we collect

Operating system and operating system version are recorded along with the devices unique identifier.

Our Check In apps also utilise Google Firebase, an analytics system specific for apps. We do not capture any specific information, however the analytics tool captures some data on the user and specific events automatically. Firebase is used to primarily diagnose if any apps crash during use.

How we use this information

We use the information to help us provide and support our product to the best of our abilities. The information we gather from the DelegateManager Check-In app is used to assist our legitimate interests, helping to secure and issue detect when problems arise. This information is retained for 14 months.

App Permissions

Our app requires permission to access your camera so we can scan QR-Codes for the automated check-in process. No images are stored in our app or in your devices memory, the camera is only ever used to scan the barcode which passes information to DelegateManager, completing the registration process.

Disclosure of Personal Data

We may share personal data with elected third parties in pursuit of our legitimate business interests including:

  • Event organisers in relation to an event on which a delegate is registered. Event organisers will be data controllers in common in relation to personal data of a delegate which is made available in an account controlled by the event organiser. The event organiser will be the sole data controller in relation to personal data of a delegate which is removed from our website by the event organiser. Our terms and conditions restrict the purposes for which personal data of a delegate can be used be an event organiser but DelegateManager is not responsible for processing by event organisers or their representatives of personal data originating from our website.
  • Our suppliers for the purpose of administering our business. Our suppliers will process personal data in accordance with our instructions from time to time as ‘data processors’ as defined in the GDPR and Data Protection Bill.
  • Analytics and search engine providers that assist us in the improvement and optimisation of our website as we have set out in this Privacy Policy.

We may also disclose personal data to third parties:

  • In the event that we sell or otherwise transfer our business or any part of it, in which case databases include personal data will be transferred to the buyer.
  • If we under a duty to disclose or share personal data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions (as amended from time to time) or to protect the rights, property, or safety of 20/20 productions Europe Ltd, our customers, or others. This includes exchanging information with other companies and organisations for the purpose of fraud protection and credit risk reduction.