Business Post Privacy Policy

This Privacy Policy explains the use and processing of personal data by Business Post (IQ), a company incorporated in Ireland with registered number 599981 whose business address is at 59 Merrion Square Dublin 2 Ireland (“IQ”, “we”, “us”, “our”), when you access and browse our website, contact us through our website and when you attend our events.

Please read this Privacy Policy carefully before accessing or using our services. If you do not accept that we process your personal data in the manner detailed in this Privacy Policy, please do not submit any personal data to us, browse our website or request any of our services.

1.Age restriction

All services provided by IQ on all websites and web applications which link to this Privacy Policy are only open to persons over 18 years of age. Please do not submit any data or request any services which require the submission of personal data if you are under 18 years of age.

2. The controller of your personal data

IQ is considered a data controller in the Republic of Ireland for the purposes of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (“GDPR”). IQ will deal with the Irish Data Protection Commission as the Lead Supervisory Authority for regulating all data protection matters regarding this Privacy Policy. 

3.Personal data we collect

The type of personal data collected and used by us varies depending upon whether you browse our website; book tickets for an event; request to receive marketing communications, or attend an event. Typically we collect and process the following kinds of personal data

  • Identity Data: first name; last name; company name (not compulsory); job title/position.

  • Contact Data: billing address; delivery address; eircode (not compulsory); email address and telephone numbers.

  • Transaction Data: details about payments from you and other details of products and services you have purchased from us; purchase order number (not compulsory).

  • Technical Data: Internet Protocol (IP) address you use to access our website.

  • Marketing and Communications Data: your preferences in receiving marketing from us and from third parties; your communication preferences; marketing insights such as where you heard about a particular event we are promoting.

  • Image Data: consisting of your personal image contained in photographs and videos taken by our representatives at events you attend.

We also collect, use and share aggregated data such as statistical or demographic data for various purposes. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. Where we need to collect personal data by law, or under the terms of a contract we have with you, and you do not provide that personal data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may not be able to provide all or part of the relevant service.

4.How we collect your personal data

  • Direct Interactions: You may provide us with your personal data when contacting us through our website features; when you purchase or request any of our services, and when you attend any of our events. You may also provide us with your personal data when corresponding with us by post, phone, email or otherwise.

  • Automated technologies or interactions: As you interact with our website, we collect Technical Data and Usage Data. We collect this personal data by using cookies. Please see our cookie policy or further details.

We will inform you at the time of collecting personal data from you whether you must provide the personal data to use the website or any of our services, and whether the provision of personal data requested by us is optional. We will inform you at the time of collection whether your personal data will be accessible to third parties, so that you can decide whether to provide it. Please note we will receive Technical Data and Usage Data when you browse the website. This is further explained below.

5.How do we use your personal data

We will only use your personal data when the law allows us to. We have set out below a description of the ways we will use your personal data, and the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Purpose / activity

Type of personal data

Lawful basis for processing personal data

To allow you to request tickets for an event.

  • Identity Data

  • Contact Data

  • Necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract.

To process and manage your order including: (i) to manage payments and charges; and (ii) to collect money owed to us.

  • Identity Data

  • Contact Data

  • Transaction Data

  • Necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract.

  • Necessary for our legitimate interests (to collect money owed to us).

To manage our relationship with you including: (i) arranging your attendance at our events; (ii) providing information regarding our events; (iii) notifying you of changes to our services; (iv) dealing with customer service queries; (v) notifying you about changes to our terms and/or our privacy policy.

  • Identity data

  • Contact data

  • Technical Data
  • Transaction Data
  • Necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract.

  • Necessary to comply with a legal obligation.

To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

  • Identity Data

  • Contact Data

  • Technical Data

  • Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud)

  • Necessary to comply with a legal obligation

To use data analytics to improve our website, our services, marketing strategy and output, customer interactions, relationships and experiences.

  • Technical Data

  • Usage Data

  • Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy).

To make suggestions and recommendations to you about goods or services that may be of interest to you.

  • Identity Data

  • Contact Data

  • Technical Data

  • Usage Data

  • Marketing and Communications Data

  • Necessary for our legitimate interests (to develop our products/services, direct market and grow our business).

To film events by audio, visual, audio-visual or electronic means; to take photographs at events, in each case which may include the capture of images of one or more attendees; to include such images on our website, social media and other publicity media.

  • Image Data

  • Necessary for our legitimate interests (to develop our products/services and grow our business).

To share details of event delegates with other delegates and with the sponsor(s) of an event.

  • Identity Data

  • Contact Data

  • Necessary for our legitimate interests or that of a third party (i.e. a sponsor) (to offer delegates meaningful networking opportunities, to attract sponsorship which in turn allows us to develop our products/services and grow our business).

Marketing: We endeavour to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We have established the following personal data control mechanisms:

  • Promotional offers from us: We may use your Identity, Contact, Technical and Usage Data to form a view on what we think may be of interest to you. This is how we decide which products, services and offers may be relevant for you for marketing. You will receive marketing communications from us if you have requested information from us.

  • Third-party marketing: We will obtain your express opt-in before we share your personal data with any third party for marketing purposes. In this regard, you may be asked when purchasing one or more of our services (e.g. making an online purchase of tickets for one of our events) whether you would like to receive the latest news, offers and upcoming events from the sponsor(s) of the event you intend to attend. This is completely optional. If you agree to receive this third-party marketing you can opt-out at any time. The sponsor’s processing of your personal data, and its direct marketing practices, will be in accordance with the sponsor’s own privacy notice, which it must make available to you.

  • Opting out: You can ask us or third parties to stop sending you marketing messages at any time. Where you opt out of receiving these marketing messages, this will not apply to informational communications we send to you regarding your attendance at a specific event.

6.Disclosure of your personal data

Except as set out in this Privacy Policy, we do not disclose personal data that we collect about you, or which you provide to us, to any third party. However, for the purposes set out in the table in section 5 above, we may be required to share your personal data with the parties set out below:

  • Internal third parties: Companies (i.e. a parent company, a subsidiary company and/or a parent of another subsidiary company) for (i) the provision of and administration of the website, and (ii) the provision of services in respect of the arrangement, promotion and running of our events.

  • External service providers: Companies that provide products and services to us such as professional advisors, IT systems suppliers and support, data storage solutions, IT developers, insurance providers, analytics companies, website hosting providers and other service providers, including:

    • Mailchimp (newsletter and sign up)

    • Amazon S3 (media storage and email delivery)

  • External event sponsors: We disclose to the sponsors of the event you attend your name, job title and the organisation you work with. If you agree, we will also share your email address with the sponsor of the event you are attending so that the sponsor may send you marketing communications regarding its own goods and/or services.

  • Other attendees: The names, job titles and organisations (without contact details) of all registered delegates will be placed on the delegate list for the event. This list will be provided to all delegates via an online attendee directory and at the event. You can opt out of your information being included in the published delegate list by contacting us prior to the event taking place using the following email address [email protected].

  • Public and Government Authorities: Entities that regulate or have jurisdiction over us. We will be required to disclose your personal data in order to comply with any legal obligation if we are ordered to do so by a court of competent jurisdiction, law enforcement body, regulatory authority or administrative authority, or in order to enforce or apply our terms of use and other agreements, or to protect the rights, property, or safety of IQ, our customers, website users or others.

  • Prospective Buyers/Sellers: Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy.

Each third party service provider will only have access to such personal data as is necessary to perform their services to IQ. Please note that some of the above categories of third party recipients may not be applicable for the service(s) that you purchase or request from us.

7.Sharing your personal data in other countries

Your personal data may be transferred, stored and accessed within the European Economic Area (“EEA”) or transferred to, stored in, and accessed from countries outside the EEA in order to fulfil the purposes described in this Privacy Policy. For transfers to countries outside the EEA, the data protection regime may be different than in the country in which you are located and will therefore be based on a legally adequate transfer method. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is given to it by ensuring at least one of the following safeguards is implemented.

  • Where the country has been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.

  • We may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.

  • Where service providers are based in the US, we may transfer data to them if they are part of the EU-U.S. Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield. In this regard, we use the services of Mailchimp, located in the United States, which is currently certified under the EU-U.S. and Swiss-U.S. Privacy Shield Framework.

8.The length of time we retain your personal data

We retain your personal data for as long as is required to provide the services requested by you and any subsequent legal or accounting requirements. If you cease receiving a service we will retain your personal data for a total of 12 months for legal and accounting reasons. After this period we will either automatically delete the personal data completely or anonymise your personal data so it no longer personally identifies you.

It is sometimes necessary for us to keep your personal data for longer periods of time, for example:

  • If there is a statutory requirement to retain it.

  • If we require the information for legal reasons or there is a legitimate business need for us to retain it.

  • To ensure we do not contact you if you have asked us not to.

9. Data security

We are committed to maintaining the security of your personal data which we process. We maintain appropriate physical, procedural, organisational and technical security measures intended to prevent loss, misuse, unauthorised access, disclosure, or modification of personal data under our control. However, you recognise that no entity can keep personal data 100% secure. If you have reason to believe that any of your personal data is no longer secure, please notify us immediately using the contact information supplied below.

10. Third party websites

This Privacy Policy does not address, and we are not responsible for the terms of use, privacy, content or other practices of any third-party website, including any third party website to which a link is provided on our website. The inclusion of such a link on our website does not imply any endorsement of the linked website by us.

11. Your legal rights

Under certain circumstances, by law you may have the right to:

  • Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate personal data we hold about you corrected.

  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below), where we may have processed your personal data unlawfully or where we are required to erase your personal data to comply with local law. We may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your personal data which override your rights and freedoms.

  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the personal data is unlawful but you do not want us to erase it; (c) where you need us to hold the personal data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your personal data but we need to verify whether we have overriding legitimate grounds to use it.

  • Request the transfer of your personal data to you or to a third party. This enables you to ask us to provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the personal data to perform a contract with you.

  • Right to withdraw consent: In the limited circumstances where you may have provided your consent to the processing of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us in writing using the details set out in the Contact Us section 15 below. Once we have received notification that you have withdrawn your consent, we will no longer process your personal data for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

12. Exercising your rights

To exercise one or more of your rights in respect of your personal data, please contact us in writing using the contact details below. You will not have to pay a fee to access your personal data (or to exercise any of the other personal data legal rights). However, we may charge a reasonable fee if your request is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

13. Contacting the data protection supervisory authority

You have the right to make a complaint at any time to the relevant data protection supervisory authority. We would, however, appreciate the chance to deal with your concerns before you contact the relevant supervisory authority so please contact us in the first instance.

14. Changes to this Privacy Policy

Where a change is made to this Privacy Policy it will be set out on our website(s) which link to this policy to ensure that you are aware of what personal data we collect and how we will use it. If we plan to use your personal data in a way that is inconsistent from that stated in this Privacy Policy we will inform you by email in advance, and it will be your decision as to whether or not you are happy that we continue store and process your personal data. This version of the Privacy Policy was last updated on 5th April 2019.

15. Contact us

If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact:

iQuest Limited

Address:
59 Merrion Square Dublin 2 Ireland

Phone number:
+353 (1) 241 1520

Email: [email protected]