Fairvi GDPR Information


We are committed to honoring our users’ rights to data privacy and protection. Even if our users might not be based in the EU, their attendeess may be, so it is important that fairvi is GDPR compliant to ensure all our clients are covered.

We are committed to honoring our users’ rights to data privacy and protection. Even if our users might not be based in the EU, their attendeess may be, so it is important that fairvi is GDPR compliant to ensure all our clients are covered. Being GDPR-ready has been one of the highest priority this year (2021), and we have implemented technical and organizational measures to be fully compliant with GDPR.

If you are looking for specific questions under GDPR, read our GDPR FAQs document here.


Data Processing and Ownership

During the course of events, our clients need to collect PII (Personally Identifiable Information) from attendeess to build a profile and perform activity using our platform. Because we process attendeess on behalf of our customers, according to GDPR, we are considered a “Data Processor” and our customers are regarded as “Data Controllers”.

When a attendees makes a registration or is contacted by a fairvi client in course of Event management s Process, we store the following information of the attendees on behalf of our client:

  • Email address
  • First and last name
  • Phone number
  • Resume, and all the information contained in the Resume
  • Google MAPS data on attendees location
  • Educational Information
  • Professional Information

This data comes under the purview of GDPR. According to Article 5 and 6 of the regulation, personal data can be “collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘lawfulness, fairness and transparency’)”. Given that the processing should be fair, fairvi ensures that we either obtain consent from attendees or attendees has provided consent in past, when they are processed as attendees for a job with fairvi client. Our updated privacy policy clearly states how we process information in a fair and transparent manner. In the capacity of a Data Processor, all the attendees information we receive or collect is handled securely with adequate data protection. To the extent that we act as a data processor on your behalf in connection with the performance of our Services, we will enter into a separate ” Data Processing Addendum” with you. Our standard Data Processing Addendum (DPA) is available for your review. You can find out more information on this Data Processing Addendum by emailing us at support@fairvi.com. fairvi does not store any financial or biometric information on attendeess.

Data Subject Rights

Under GDPR, individuals have the right to ask the organizations they apply to for the right to portability, rectify and to be forgotten. fairvi collects attendeess’ data on behalf of our clients, any requests regarding accessing/ editing/ deleting of attendeess’ data will be forwarded to our clients. We give our clients the mechanisms to access their attendeess’ data and also comply with requests from their attendeess. This way, our customers are always in control of their attendees data.

While GDPR requires that a data subject can revoke their consent at any time, pursuant to the above stipulations in Article 6, it also allows this request to be declined if the processing of this information is required for legitimate interests pursued by the data controller. In other words, our client (the data controller) can determine if the attendees’s (data subject’s) request is valid and can be fulfilled. We will take action based on the direction provided by our client on how to proceed with any such request.

As a processor, fairvi gives flexibility to our clients to determine their data policies, which offer rights to their attendeess. This includes the ability to access / edit/ delete information regarding a attendees. We also give the ability to set a routine data deletion process at a cadence determined by the client.

Data Management

Data within fairvi is secured using industry-standard encryption. Under Article 46 of the regulation, data can be transferred outside EU borders if the processor has appropriate security measures in place and if our client (the data controller) and fairvi (data processor) have entered into a contract that includes contractual clauses specified by EU. fairvi has a standard EU-specific data transfer and processing agreement to ensure compliance with GDPR. Article 49 provides an additional basis for such a transfer. Transfer of data is allowed where “necessary for the performance of a contract between the data subject and the data controller”.

GDPR also stipulates that personally identifiable data should not be stored indefinitely. fairvi’s data retention policy provides flexibility to our client (the data controller) to define how long their attendeess’ PII should be stored and when it should be deleted. Data is stored for the duration of the contracted period with our client, and a grace period thereafter.

According to Article 30 of GDPR, our clients need to maintain a record of all activities pertaining to the personal information of a data subject. fairvi maintains a detailed audit log of all the activities. As part of compliance, fairvi will add any additional activities that our clients need to be recorded. These logs are viewable in our dashboard or can be requested for export/ deletion by contacting us at support@fairvi.com

Data Breach And Mitigration Process

Article 33 states that for any potential data breach, the supervisory authority (our client) must be notified within 72 hours of occurrence. We have sufficient data monitoring mechanisms in place to become aware of any such breach. In case a personal data breach occurs, we will send breach notifications in accordance with our internal incident response policy (within 72 hours of us discovering the breach). The communication will be sent as per the guideline mentioned in Article 33. This will give sufficient time for our clients to convey the breach to the respective authorities. Additionally, we will notify users through our blogs and social media for general incidents. We will notify the concerned party through email (using the primary email address) for incidents specific to an individual user or an organization.

Quick Summary

- fairvi tech deployment AWS (India). This is permitted under GDPR thanks to the AWS Data Processing Agreement

Any data requests from attendeess will be routed through our clients who need to process the data requests. fairvi provides functionality to comply with any such requests.

he duration of data storage would be customized on a client-to-client basis as per the contract. We will store the data for the stipulated time in the contract and a grace period thereafter.

Data backups are kept safe, and strongly encrypted. We have provisions to anonymize data, when requested.

We provide product features to anonymize/ delete data. We also delete data by request to support@fairvi.com

For any queries, please contact us at support@fairvi.com




GDPR FAQ


What data do we collect?
When a attendees makes a registration or is contacted by a fairvi client in course of Event management s Process, we store the following information of the attendees on behalf of our client:

- Email address
- First and last name
- Phone number
- Resume, documents and all the information contained in the Resume or documents
- Google MAPS data on attendees location

We also collect usage data, and geographic position through third-party tools like Google Analytics and Google MAPS. This data is may also be mapped to a specific individual but is analyzed only as a whole.
fairvi does not store any financial or biometric information on attendeess. However, fairvi don't access any financial or biometric information if any such information is contained in the resume or other documents uploaded by the attendees or where a attendees elects to save his / her financial data (credit /debit card number, CVV, etc.) on fairvi.

What is our privacy policy?
You can read more about our privacy policy here.

Who is responsible for attendees data?
Any fairvi client that undertakes the Event management process using fairvi, owns the data of all attendeess who respond to or have responded to Job marketing. The responsibility of updating and deleting all attendees data when requested by a attendees lies with the client. fairvi provides our clients with necessary support (customer support/ product features) to carry out any such requests however and whenever the client wants to.

For how long is the attendees data stored?
It depends on the contract with our client. By default, we store data until it's explicitly removed. But we provide provisions to set up a periodic data removal process for our clients on a contract-to-contract basis. However, we always support data deletion through requests sent to support@fairvi.co for all of our clients. We delete data at the specified/ requested time by our clients with an additional grace period.

Who has access to attendees data?
Clients that perform Event management process on fairvi.
- attendees through requests to Client.
- fairvi internal team only when a support request is raised by the Client and data access is necessary to support such request.

Which roles/ permissions are required for employees of the client to have access to attendees data?
All users of a client account with roles - Representatives, Exhibitors, Attendees and organiser have access to attendees reports as per role definition and permissions defined by Client Administrator.

How do clients request attendees data to be deleted?
For enterprise users with specific contracts, they can delete the attendees entry using 'delete' action in attendeess' view.

Furthermore, you can email us at support@fairvi.co with the list of attendeess' data to be deleted. You can also contact your fairvi Customer Success Manager for such requests.

How to access audit logs?
fairvi maintains logs of all actions that are state changing as well as un-permissioned actions for troubleshooting and security. Super Admins of a client account can view the audit logs from their dashboard. Any further processing requests of audit logs should be routed through support@fairvi.co or your fairvi Customer Success Manager.

Can the deleted data be reinstated?
No.

Can we edit a attendees's data?
Client users and admins with specific contracts, they can delete the attendees entry using 'delete' action in attendeess' view.
For any specific request, please contact us at support@fairvi.co with details about the request.
attendeess who took part in Event management process for a client

Can I delete/ edit/ view/ access my candidature or personal information?
fairvi is an Event Management Software as Service provider and your data provided to the client, is owned by our client who managed your attendees and representative. Please contact the client user who managed your attendeess, directly to request the deletion of your data.

If you require any help in making such requests, please feel free to contact us at support@fairvi.co with specifics of Client and attendeess to.
f