Privacy Policy
1.1 We at CompuSystems are committed to protecting and respecting your privacy. This Privacy Notice sets out the basis on which CompuSystems will process any personal data (which in this Privacy Notice shall be understood as synonymous with “personal information”) we collect about you or that you provide to us. Please read this Privacy Notice carefully to understand how we handle personal data.
1.2 In this Privacy Notice, references to “you” mean the person about whom we collect, use, disclose or otherwise process personal data.
1.3 “Personal Data,” otherwise known as “Personal Information,” includes any data which either by itself or with other data held by us or available to us, can be used to identify you. For example, identifiers such as name, identification number, location data, online identifiers (for example, IP addresses) can all be examples of personal data.
1.4 What is not personal data is “aggregate information” or “deidentified information,” by which we mean information that does not allow us to identify or contact a specific individual. For example, the number of users of our website is aggregate information which does not reveal who the users are.
1.5 We will use personal data about you only for the purposes and in the manner set forth below, which describes the steps we take to ensure the processing of personal data is in compliance with applicable data protection law, including California’s Consumer Privacy Act, the European Union’s General Data Protection Regulation (“GDPR”), and Canada’s Personal Information Protection and Electronic Documents Act (collectively referred to as “Data Protection Legislation”).
2.1 The Data Controller, as that term is defined within the GDPR, is typically the exhibitor or event organizer (which are our Customers), and CompuSystems collects and processes event registration information and provides lead retrieval services on their behalf. As we mention in Section 3.1 below, when we collect and process personal data on behalf of an event organizer or exhibitor, their privacy policy apply to their collection, use, disclosure and processing of your personal data.
2.2 When CompuSystems collects personal data on its own behalf, principally through our website, we are the Controller. CompuSystems, Inc. is a U.S. company with its principal place of business at 2651 Warrenville Rd Suite 400, Downers Grove, IL 60515.
3.1 This Notice applies to personal data that we collect, use, disclose, or otherwise process about you on our own behalf, typically when you visit our website, submit a query, or become a customer.
3.2 When we collect and process personal data on behalf of event organizers and exhibitors, their respective privacy policies apply to their collection, use, disclosures and processing of your personal data.
4.1 The personal data we collect about you helps us manage our relationship with you, principally by responding to your queries, improving website performance and user experience, letting you know of our services and of materials for download, and providing you with the opportunity to complete surveys. The personal data we collect, the basis of processing and the purposes of processing are detailed below. Sometimes, these activities are carried out by third parties (see “Sharing of Personal Data” section below).
From Whom Do We Collect This Data
Personal Data
Basis and Purpose of Processing
Representatives of Prospective Customers
We will collect your name, email address, phone number, and message details.
It is in our legitimate interests to respond to your queries and to provide you with further information. Our interests are not overridden by your interests or fundamental rights and freedoms, especially since you requested that we respond.
Exhibitors and Organizers
We will collect your name, email address, phone number, and message details.
It is necessary to take steps at your request prior to entering into a contract (e.g. to respond to your queries and to provide you with further information).
Purchaser of a CompuLEAD rental or list services from our website
We will collect your name, email address, phone number, message details, and payment information.
It is necessary to take steps at your request prior to entering into a contract (e.g. to respond to your queries and to provide you with further information).
General Inquirers
We will collect your name, email address, phone number, and message details.
It is in our legitimate interests to respond to queries and to provide you with information relating to our services and products. Our interests are not overridden by the interests or fundamental rights and freedoms of the data subject.
Those interested in our mailing list
We will collect your name and email address.
It is based on your request to join the mailing list and is necessary to fulfill that request.
Location Data (collected via Google Analytics)
We may collect your location based on where you access our website.
It is in our legitimate interests to enhance account security, and to ensure appropriate privacy regulations are followed. Our interests are not overridden by the interests or fundamental rights and freedoms of the data subject.
Applicants
We will collect your name, address, telephone number, email address, educational history, work history and other resume/CV details.
We may also collect information necessary to organize and interview, and to make you aware of employee benefits you may elect to receive or to determine any accommodations you may require.
It is necessary to take steps to enter into a contract (i.e. the employment contract). It is also in our legitimate interests to recruit qualified and suitable employees. Our interests are not overridden by your interests or fundamental rights and freedoms.
4.2 Where does CompuSystems obtain my personal data from?
We obtain the data directly from you or from your browser, whether via our website, when you call us or email/mail us. We also may collect your information through third party service providers. These third-parties may include recruiting agencies and online recruiting platforms and referees. In addition we may obtain it from some public sources, such as publically available directories and online resources (for example, information which is publicly available on social media profiles or other external sources).
In some circumstances, we may request your explicit consent to process (specific types of) personal data. In these circumstances, you are able to withdraw your consent at any time by following the instructions provided when you gave consent or at the contact details below.
Please note that organizers may ask us to collect photographs on their behalf for purpose of identity verification. In those instances, we will retain a copy of any consent you provide for those purposes to accord with the Illinois Biometric Protection Act.
We collect personal data through cookies placed on our website. Cookies are small text files that your web browser leaves on your hard drive to recognize you as a repeat user of our Site and track your use of our Site. We use cookies for enabling your navigation within our website. This category of cookies is strictly functional and cannot be disabled.
At times, we might like to set Google Analytics cookies (_ga; _gali; _gat; _gid) to help us to improve our website by collecting and reporting information on how you use it. The cookies collect information in a way that does not directly identify anyone. Read Google’s overview of privacy and safeguarding data.
5.1 Service Providers
We use third party service providers who provide us with marketing automation, data entry, and program development services. In providing the services, your personal data will, where applicable, be processed by these service providers on our behalf.
In accordance with applicable law, we have binding arrangements in place with these service providers that restrict how they can use, disclose and otherwise process personal data.
5.2 Disclosures to Other Parties
In certain circumstances, we share and/or are obliged to share personal data about you with other parties in accordance with Data Protection Legislation.
These other parties include external professional advisors like law, accounting and cybersecurity firms. We generally have contracts or other service agreements in place with these other parties that restrict what can be done with personal information.
We may also share your personal data:
- to comply with applicable legal or regulatory obligations, including as part of a judicial proceeding; to respond to a subpoena, warrant, court order, or other legal process; or as part of an investigation or request, whether formal or informal, from law enforcement or a governmental authority.
- where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, or as evidence in litigation involving CompuSystems.
We do not disclose personal data about you to third parties for any other purpose, such as their direct marketing purposes.
We do not collect all of this data, and the data we do collect from within this category is processed in order to provide you with services, including to respond to your queries, take steps necessary to enter into a contract with you, or to sign you up to our mailing list.
If you are an applicant, this data is processed in connection with setting up an electronic job applicant HR file, managing your application, and organizing interviews.
The personal data (otherwise known as personal information) about you that we collect includes information within the below categories of data. These categories also represent the categories of personal data that we have collected over the past 12 months. Note that the categories listed below are defined by California state law. Inclusion of a category in the list below indicates only that we may collect or disclose some information within that category. It does not necessarily mean that we collect or disclose all information listed in a particular category.
Category
Source
Purpose of Processing
Disclosed for a Business Purpose in Last 12 Months?
Types of Third Parties Shared With
Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
This information is collected directly from you, our service providers, or through the use of cookies and similar technologies.
If you are a job applicant, we may obtain it from some public sources, such as publically available directories and online resources (for example, information which is publicly available on social media profiles or other external sources).
We do not collect all of this data, and the data we do collect from within this category is processed in order to provide you with services, including to respond to your queries, take steps necessary to enter into a contract with you, or to sign you up to our mailing list.
If you are an applicant, this data is processed in connection with setting up an electronic job applicant HR file, managing your application, and organizing interviews.
Yes
Service Providers
Information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, your name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
This information is collected directly from you, our service providers, or through the use of cookies and similar technologies.
If you are a job applicant, we may obtain it from some public sources, such as publically available directories and online resources (for example, information which is publicly available on social media profiles or other external sources).
We do not collect all of this data, and the data we do collect from within this category is processed in order to provide you with services, including to respond to your queries, take steps necessary to enter into a contract with you, or to sign you up to our mailing list.
If you are an applicant, this data is processed in connection with setting up an electronic job applicant HR file, managing your application, and organizing interviews.
Yes
Service Providers
Characteristics of classes protected under federal or California law, including: familial status, disability, sex, national origin, religion, color, race, sexual orientation, gender identity and gender expression, marital status, veteran status, medical condition, ancestry, source of income, age, or genetic information.
This information is collected directly from you or our service providers (e.g. recruitment agencies).
If you are a job applicant, we may obtain it from some public sources, such as publically available directories and online resources (for example, information which is publicly available on social media profiles or other external sources).
This information is collected and processed in connection with setting up an electronic job applicant HR file, managing your application, and organizing interviews, including to make you aware of employee benefits you may elect to receive or to determine any accommodations you may require.
Yes
Service Providers
Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
This information is collected directly from you.
We collect your history of purchases with us to provide you with better service in the future.
No
N/A
Biometric information, which includes physiological, biological or behavioral characteristics that can be used, singly or in combination with each other or with other identifying data, to establish individual identity.
We do not collect this information for our own purposes. Please note, however, that organizers may ask us to collect photographs on their behalf for purpose of automated identity verification. In those instances, we will retain a copy of any consent you provide for those purposes to accord with the Illinois Biometric Protection Act.
No
N/A
Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement.
This information is collected through the use of cookies and similar technologies.
This data is processed in order to compile reports and to help us improve the website. It may also be used to help us determine the applicable data privacy rules.
No
N/A
Geolocation data
This information is collected through the use of cookies and similar technologies
We collect this data to enhance account security, and to ensure appropriate privacy regulations are followed.
No
N/A
Professional or employment-related information
This information is collected directly from you or our service providers (including recruiting agencies).
If you are a job applicant, we may obtain it from some public sources, such as publically available directories and online resources (for example, information which is publicly available on social media profiles or other external sources).
This data is processed in connection with a number of our operational functions, including to provide you with services, or setting up an electronic job applicant HR file, managing your application, and organizing interviews.
Yes
Service Providers
7.1 Your Consent
In general, and in accordance with Canadian law only, by using our website and/or submitting information to us in connection with using our products and services, you are providing your consent to the collection, use and disclosure of personal data as set out in this Privacy Notice. In some cases, your consent may be “implied” i.e. your permission is assumed based on your action or inaction at the point of collection, use or sharing of your personal data.
Unless we determine that we require an additional consent for specific products, services or programs, you agree and consent that we may collect, use, share or otherwise process your personal data in accordance with this Privacy Notice.
Your consent can be withdrawn at any time, except in limited circumstances, including legal or regulatory requirements that we have or contractual obligations you have with us.
7.2 Disclosure of Your Personal Data
In addition to sharing your personal data in accordance with section 5 of this Privacy Notice, we may share it with third parties as per the below:
- Sale or Transfer of Business or Other Transaction
We may decide to sell or transfer all or part of our business to a related company or to a third party, to merge with another entity, to insure or securitize our assets, or to engage in another form of corporate or financing transaction (including the proceedings of insolvency or bankruptcy, corporate reorganization, stock sale, or other change in corporate control). If your personal data is required in connection with any such transactions, we will comply with the legal requirements for the disclosure of personal data during and after completion of the transaction. Any third party that we transfer or sell our assets or shares to will have the right to continue to use your personal data, provided that they comply with applicable privacy legislation in Canada.
- Other Permitted Reasons
Canadian law permits or requires the use, sharing, or disclosure of personal data without consent in specific circumstances (e.g., when investigating and preventing suspected or actual illegal activities, including fraud, or to assist government enforcement agencies). These circumstances include situations when permitted or required by law or when necessary to protect our company, our employees, our customers, or others. If this happens, we will not share more personal data than is reasonably required to fulfill that particular legal purpose.
- With Your Consent
Besides for the purposes listed above, we may, with your implied or express consent as applicable, share or disclose your personal data to third parties, in accordance with applicable law.
7.3 Transfers Outside of Canada
In general, we store, access and use your personal data in the United States. Some of our service providers may also access, process or store your personal data outside of Canada in the course of providing their services to us. When we engage a service provider which operates outside of Canada, personal data may be stored, processed, accessed or used in any country in which the service provider operates. Where personal data is stored or used outside of Canada, it is subject to the law of the jurisdiction in which it is used, including any law permitting or requiring disclosure of the information to the government, government agencies, courts and law enforcement in that jurisdiction. The countries where our service providers are currently located include the United States and India. We use all reasonable safeguards, including contractual requirements with our service providers, to protect your personal data wherever it is located.
8.1 Your personal data will be stored and processed in the United States, which is outside the European Economic Area (“EEA”). For any follow-on transfers of personal data about you outside of the EEA, we take additional steps in line with Data Protection Legislation. We have put in place adequate safeguards with respect to the protection of your privacy, fundamental rights and freedoms, and the exercise of your rights, e.g. we establish an adequate level of data protection through standard data protection clauses adopted or approved by the European Commission in accordance with Data Protection Legislation.
8.2 If you would like to see a copy of any relevant provisions, please contact us (see “Contact Us” section below).
9.1 CompuSystems maintains administrative, technical and physical security measures to protect your personal data.
9.2 We have, in particular, taken appropriate security measures to protect personal data about you from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access, in connection with the customer relationship. Access is only granted on a need-to-know basis to those people whose roles require them to process personal data about you. In addition, our service providers are selected carefully and are required to use appropriate protective measures.
10.1 We will keep personal data about you for as long as it is necessary to fulfil the purposes for which it was collected as described above and in accordance with our legal obligations. This may mean that some information is held for longer than other information. The criteria we use to determine data retention periods for personal data includes the following:
10.1.1 Retention in case of queries; we will retain it for a reasonable period after the relationship between us has ceased;
10.1.2 Retention in case of claims; we will retain it for the period in which it may be enforced (this means we will retain it for 10 years in some instances); and
10.1.3 Retention in accordance with legal and regulatory requirements; we will consider whether we need to retain it after the period described in 10.1.2 because of a legal or regulatory requirement.
10.1.4 While we do not collect biometric information for our own purposes, when we do collect biometric information on behalf of exhibitors and organizers for purposes of automated identity verification, we delete that data off our servers within 90 days of the end of the event.
11.1 You may have various rights under Data Protection Legislation in your country (where applicable).
11.2 Please note that under California law, we are only obligated to respond to personal information requests from the same consumer up to two times in a 12-month period. Under EU law, if an individual makes unfounded, repetitive, or excessive requests (as determined in our reasonable discretion) to access Personal Data, a controller may charge a fee subject to a maximum set by law.
11.3 Before providing information you request in accordance with these rights, we must be able to verify your identity. In order to verify your identity, you may need to confirm information about you we already have on file. If we are unable to verify your identity as part of your request, we will not be able to satisfy your request. We are not obligated to collect additional information in order to enable you to verify your identity. For deletion requests under CA law, you will be required to submit a verifiable request for deletion and then to confirm separately that you want personal information about you deleted.
11.4 If you would like to appoint an authorized agent to make a request on your behalf, you must provide the agent with written, signed permission to submit privacy right requests on your behalf, or provide a letter from your attorney. The agent or attorney must provide this authorization at the time of request.
11.5 If you chose to exercise any of these rights, to the extent that they apply, California law prohibits us from discriminating against you on the basis of choosing to exercise your privacy rights. We may, however, charge a different rate or provide a different level of service to the extent permitted by law.
11.6 To exercise your rights, please use our webform, or otherwise contact us at the below contact details.
11.7 Your rights may include (as relevant):
Your Right
What Does It Mean?
How Do I Execute This Right?
Conditions To Exercise?
Right of access
Subject to certain conditions, you are entitled to have access to your personal data which we hold (this is more commonly known as submitting a “data subject access request”).
Requests for such information should be made in writing to privacyofficer@csireg.com
If possible, you should specify the type of information you would like to see to ensure that our disclosure is meeting your expectations.
We must be able to verify your identity. Your request may not affect the rights and freedoms of others, e.g. privacy and confidentiality rights of other customers. Data solely retained for data backup purposes may be principally excluded.
Right of data portability
Subject to certain conditions, you are entitled to receive personal data we have about you in a commonly used, machine readable format.
Requests should be made in writing to privacyofficer@csireg.com. If possible, you should specify the type of information you would like to receive to ensure that our disclosure is meeting your expectations.
The GDPR does not establish a general right to data portability. This right only applies if the processing is based on your consent or on our contract with you and when the processing is carried out by automated means (e.g. not for paper records). It affects only personal data that was “provided” by you. Hence, it does, as a rule, not apply to personal data that was created by CompuSystems or obtained from other sources.
Under California law, an individual may request personal data (otherwise known as personal information) that the business collects. If provided electronically, the information will be in a portable and, to the extent technically feasible, in a readily usable format. We are not required to provide personal data to a consumer more than twice in a 12-month period.
Rights in relation to inaccurate personal or incomplete data
You may challenge the accuracy or completeness of personal data which we process about you. If it is found that personal data is inaccurate, you are entitled to have the inaccurate data removed, corrected, or completed, as appropriate.
We encourage you to notify us of any changes regarding personal data about you as soon as they occur, including changes to your contact details, telephone number, or identification documents.
Please always check first whether self-help tools are available.
If no such tools are available, requests should be made in writing to privacyofficer@csireg.com.
This right only applies to personal data about you. When exercising this right, please be as specific as possible.
Right to object to or restrict our data processing
Subject to certain conditions, you have the right to object to or ask us to restrict the processing of personal data about you.
Requests should be made in writing to privacyofficer@csireg.com.
This right applies only if the processing of personal data about you is explicitly based on our so-called “legitimate interests” (see “basis of processing” above). Objections must be based on grounds relating to your particular situation. They must not be generic so that we can demonstrate that there are still lawful grounds for us to process your personal data.
Right to have personal data erased
Subject to certain conditions, you are entitled, on certain grounds, to have your personal data erased (also known as the “right to be forgotten”), e.g. where you think that the information we are processing is inaccurate, or the processing is unlawful.
Requests should be made in writing to privacyofficer@csireg.com.
There are various lawful reasons why we may not be in a position to erase personal data about you. This may apply (i) where we have to comply with a legal obligation, (ii) in case of exercising or defending legal claims, or (iii) where retention periods apply by law or our statutes.
Right to withdrawal
You have the right to withdraw your consent to any processing for which you have previously given that consent.
Requests should be made in writing to privacyofficer@csireg.com or by clicking on the email preference link contained in the email you received from CompuSystems.
If you withdraw your consent, this will only take effect for the future.
12.1 Without prejudice to any other administrative or judicial remedy you might have, you may have the right under Data Protection Legislation in your country (where applicable) to lodge a complaint with the relevant data protection supervisory authority in your country if you believe that we have infringed applicable data protection legislation when processing personal data about you. This means the country where you are habitually resident, where you work, or where the alleged infringement took place.
12.2 California and Canadian users who wish to request further information in compliance with applicable privacy laws or have questions or concerns about our privacy practices and policies may contact us as specified in the “Contact Us” section below.
13.1 We reserve the right to change this Privacy Notice at any time in our sole discretion. If we make changes, we will provide notice via email, if you have provided us with an email address, and post the revised policy to our website compusystems.com so that you can see what information we gather, how we might use that information, and in what circumstances we may disclose it. By continuing to use our services after notice is provided, you accept and agree to this Privacy Notice as modified.
14.1 The services offered by us online are not directed to, and CompuSystems does not knowingly contact, or collect personal data from, individuals under the age of eighteen (18). If you are under the age of 18, these services are not intended for you, and you should not provide us with any personal data.
15.1 Some web browsers incorporate a “do not track” feature that, when enabled, signals to websites and online services that you do not wish to be tracked. Because there is not yet an accepted standard for how to respond to such a do-not-track signal, we do not recognize or respond to these signals.
For further information or if you have any questions or queries about this Privacy Notice, please contact us at privacyofficer@csireg.com or via mail at 2651 Warrenville Rd. Suite 400, Downers Grove, IL 60515 or via our toll-free phone number at 1-855-225-1426.