2. Who We Are.
3. Who You Are: Client, Client Contact, or Visitor.
“You” are an individual who visits our Websites, uses our Platform, or otherwise interacts with Stova, as one of the following:
- A Client Contact – A Client Contact is an individual that interacts with our Client through the Platform. Client Contacts may include a Client’s customers and prospective customers, event attendees, sponsors, exhibitors, speakers, and other Client business partners or contacts. Client Contacts may include, for example, individuals who are invited to, register for, check into, or receive information regarding a Client event via the Platform, people who participate in a virtual, onsite or hybrid event organized by a Client, or those who download a mobile application in connection with a Client event.
- A Visitor – This category includes individuals who visit and interact with our Websites (for example, to find out more about Stova’s products and services, download a whitepaper, sign up for a Stova demo, or register for a Stova webinar), those who attend Stova’s marketing or networking events, and prospective clients that we meet at tradeshows or through a referral from third parties.
How your data is collected, used, stored, transferred, and otherwise processed will depend on whether you are a Client, Client Contact, or Visitor.
When we collect information from you as a Visitor, we are doing so on our own behalf (in which case Stova will be considered a “controller” of your data). When we are collecting information from you as a Client or as a Client Contact, we are doing so for the benefit or on behalf of an Stova Client who is using the Platform to organize an event and manage other event-related activities; in this case, the Client will be the “controller” and Stova will be considered a “processor” of your data.
4. Clients and Client Contact Data.
4.1 How our Clients Collect and Use Personal Data
- Types of Personal Data Collected by Our Clients. The Stova Platform allows our Clients to collect, store and process a variety of information from and about their event registrants, attendees, and other Client Contacts, including personal data such as name, organization, title, physical address, email address, telephone number, social media IDs, occupation, meal preferences, professional and personal interests and opinions, and payment information. Clients will also have access to information (including personal data and Platform usage data) related to how Client Contacts interact with the Platform, as well as information that Client Contacts may submit on event-related message boards, and chat room posts. Stova does not control the Client’s event management process, or the personal data that a Client requests from its Client Contacts or collects through our Platform. If a Client is submitting or collecting personal data of its Client personnel or any Client Contact through the Platform, Client must have obtained required consents prior to transferring this information to Stova for processing.If you are a Client Contact, please make sure to read the privacy policies of the Client who is organizing the event, in order to understand more about the types of data being collected by the Client, and how they will collect, use, share and otherwise process that data.
- How Our Clients Collect Personal Data from Client Contacts. Clients can use the Stova Platform to collect personal data from Client Contacts in a number of ways. For example:
- Client Contacts may voluntarily and directly enter their personal data into our Platform
- Client may enter Client Contact information into our Platform when permitted to do so (for example, by having been granted explicit consent from the Client Contact, or when the Client has a legitimate business interest).
- For instance, if a Client Contact downloads and uses a mobile app provided by Stova for a Client event, it may collect app usage data, including what type of mobile device they are using. If, where applicable, a Client Contact has requested or consented to location services in connection with their use of a Stova mobile app, tracking technology may automatically gather information about their location and use this data to provide location-based event information. (Most mobile devices enable you to shut off location-based services; please access your mobile device’s “Settings” for more information.)
- How our Clients Use Personal Data. If a Client chooses to use our Platform to interact or conduct business with a Client Contact, any personal data submitted by the Client Contact in connection with that interaction (for instance, in registering for an event, responding to an online survey, downloading a mobile application, or communicating with event exhibitors or speakers) will be transferred to the Client, who will be considered to be under the owner and controller of such data. The Client determines how it will use the Client Contact’s Personal Data.Stova only collects and processes a Client Contact’s personal data at the Client’s direction, in accordance with instructions provided by the Client, including applicable terms in any Client contract. With respect to the persona data of a Client Contact, Stova is a “data processor” and, for all purposes, the Client acts as the “data controller” under the data protection laws of the European Economic Area (the “EEA”), the United Kingdom (“UK”), and Switzerland. Therefore, Stova cannot and will not take responsibility for the privacy practices of any Client. The ways in which Clients will collect, use and process your personal data are governed by each Client’s own privacy policies and procedures. Please read the applicable privacy policies of the Client who is organizing the event before submitting personal data in connection with that event. Stova is not responsible for any decisions or actions taken by the Client with respect to your information (or by any third party with whom the Client may share your information).
- Will Stova Use or Sell Personal Data Collected by Our Clients? No, Stova will not sell or use personal data of Clients or Client Contacts. Stova’s use of Client Contact personal data collected through the Platform is limited to the purpose of providing services that our Client have ordered, to improve those services, or as required or permitted by law.
4.2 How Stova Collects and Processes Personal Data of Clients and Client Contacts
- How Stova Collects Personal Data from its Clients. Stova collects personal data from its Clients in order to facilitate service-related communications and the delivery of Stova services ordered by the Client. We may collect Client personal data in connection with, for example, a Client’s execution of a contract, creation of an account on one of our Sites, interaction with a chatbot or our customer support team, response to a customer satisfaction survey or service-related email, or participation in Stova training sessions. We may also collect personal data and payment information (for example, credit card number and billing address) as needed for Client billing and payment purposes.Stova may, on occasion, record calls or video conferences between Client and our customer support or training teams for legitimate business interests relating to the provision of Client support, training and quality assurance purposes, or compliance with applicable laws; in such cases, Stova will obtain Client consent before proceeding with the recording, when required by applicable law, and retain such recordings no longer than necessary to support the legitimate business interest.Stova also collects Client usage information regarding how a Client interacts with our Platform (for example, which Platform modules you visit, how long you spend on certain Sites, what language you prefer, etc.)
- How Stova Processes the Personal Data of Clients and Client Contacts. (i) If you are a Client Contact, Stova may process your personal data in following manner and for the following purposes, pursuant to a Client’s instructions and applicable law:
- To deliver those services that our Clients have ordered us to provide through our Platform. For example:
- If a Client Contact uses our Platform to register for an event, we will use their provided email address to send them information and announcements related to that event;
- If a Client Contact uses our Platform to pay for event registration fees, we will pass the credit card information to the payment card processor to complete the transaction;
- If a Client purchases lead retrieval services, and Client Contact consents to having an event exhibitor or sponsor scan their event badge to share contact information, or the Client Contact opts in, through the Platform, to receive exhibitor or sponsor information, we will disclose the Client Contact’s personal data to that event exhibitor or sponsor;
- As instructed by the Client, to connect Client Contacts with one another for optional business networking purposes;
- If a Client Contact submits meal or hotel room preferences through the Platform, we will share that information with the event organizer or venue.
- For other purposes when Client Contacts have provided express consent.
(ii) If you are a Client, Stova may process your personal data in the following manner and for the following purposes:
- To respond to your inquiries and fulfill your requests, and to provide you with customer support when you ask for it.
- To send you service updates, product specifications and other content that you have requested or subscribed to, as well as instructional materials regarding our Services.
- For any other purposes disclosed to you at the time of collection or pursuant to your consent.
(iii) If you are a Client or Client Contact, Stova may also process your personal data as follows:
- For our legitimate internal business purposes that include administering your access and use of our Platform, Platform-related data analysis, securely identifying users when they log onto the Platform, security monitoring, enhancing or updating our Platform features, and billing for services.
- To personalize your experience on the Platform by offering features tailored to your preferences.
- As we believe to be necessary: (i) under applicable law, including laws outside your country of residence; (ii) to protect against or identify fraudulent transactions; and (iii) to enforce our terms of service.
- If you are accessing any Site as a Client Contact or an authorized user of a Client (for example, as a Client employee with administrator account access to the Platform), Stova is permitted to provide the Client with your information, including but not limited to your personal data, access information and usage data.
- To deliver those services that our Clients have ordered us to provide through our Platform. For example:
- How long Stova Processes Personal Data of Clients and Client Contacts. Stova will collect personal data about Clients and Client Contacts, process that data on behalf of the Client, and retain any such information in accordance with the Client’s instructions (including the terms of any applicable Client contract) for as long as necessary to provide our services to the Client and comply with applicable laws and regulations. Unless otherwise instructed by a Client or agreed in our contract with a Client, Stova will process the data until 60 days after the termination of the contract, at which time we remove it from our production environment. In 12 months, the data is removed from our backup media.
5. How Stova Collects and Processes Visitor Data
- Types of Visitor Personal Data Collected by Stova.
Stova may collect, store and process a variety of information from Visitors, including personal data such as name, employer, title, email address, postal address, telephone number, IP address, social media ID, company information (including financial and billing information if Visitor is purchasing Stova products or services), IP address, computer or mobile device information (such as device type, browser, plug-ins, language, and time zone, actions taken on our Websites (for example, clicks, reference pages, and search terms that led a Visitor to our Website), the content of survey responses, chat messages and promotional inquiries.
- How We Collect Visitor Personal Data.
We collect Visitor Personal Data in a number of ways. For example, if you visit one of our Websites and fill out a form, submit a message to our chatbot, request a free demo, contact a Stova sales or customer support representative, download content (such as a white paper) from our Website, sign up for a Stova webinar, register for a Stova promotional event, or respond to a Stova survey or marketing outreach message, you may be asked to provide certain personal data, including your contact details. We use this personal data for purposes such as answering questions about our products and services, conducting market research, providing information you have requested, or following up after your visit.We may request and collect Visitor personal data offline as well - for example, when you attend a Stova marketing event or tradeshow, or if you call one of our sales representatives for information about our product offerings. We may also collect customer testimonials which contain personal data; we obtain each customer’s consent prior to publishing the customer’s name, image, and testimonial.We also collect personal data from third party sources, such as public databases, marketing partners, referral partners, and social media platforms. For example, if a Visitor comes to our Website through a link on a social media platform, certain personal data associated with their social media account profile may be shared with us. If you believe a third party has provided us with your personal information without your consent, please submit an inquiry to [email protected].
- How We Use Visitor Personal Data.Stova may use Visitor personal data in order to do one or more of the following:
- Analyze how our Websites are accessed and improve the user experience;
- Personalize your browsing experience and present you with marketing offers and additional products or features that may be of interest or more relevant to you;
- Identify Website technical issues;
- Discover, investigate and remediate fraudulent or illegal activity;
- Transmit notices related to product, service, or policy changes;
- Respond to your product and service inquiries;
- Send you information such as product announcements, newsletters, whitepapers, other relevant offers, and details of upcoming promotions or events (where required, dependent on jurisdiction, we will seek and obtain your explicit consent before sending marketing emails);
- Plan and host Stova marketing events, online webinars and social network activities in which Visitors may participate;
- Analyze and identify new business prospects;
- Create tailored advertising, sales and promotional campaigns;
- Send invoices for any products or services purchased by a Visitor;
- For other purposes when Visitors have provided express consent; and
- To comply with applicable laws and regulations
To remove yourself from Stova mailing lists and opt out of Stova marketing communications please click the “Unsubscribe” button on Stova email communications and/or contact us at [email protected].
- How Long We Process and Retain Visitor Personal Data.
Where we process Visitor personal data for our own marketing purposes or with Visitor consent, we process the data for so long as we have a legitimate business need to do so. After a reasonable amount of time, we will either delete or anonymize your information. We will delete personal data earlier, if a Visitor withdraws consent or otherwise requests us to stop. We will implement such request in a timely manner, within the period required by applicable law. In any event, Stova will not retain Visitor personal data longer than the statutory retention period permitted in the local jurisdictions where Stova services are marketed and provided. We also keep a record of when Visitors have asked us not to send direct marketing communications or to process Visitor data, so that we can honor the Visitor’s request in the future.
- How We Share Visitor Personal Data
Stova may share Visitor information with third party service providers contracted to provide services on our behalf as well as third parties who resell Stova services. Stova will share personal data of Visitors who attend a Stova marketing event with third parties if a) the Visitor explicitly consents, (b) the Visitor allows their badge to be scanned by or on behalf of the third party, or (c) it is permissible under applicable law.
6. Additional Ways Stova May Collect Your Data:
6.1 Cookies and Similar Technologies.
When you visit our Sites, Stova may automatically collect additional information from your computer or device through the use of tracking technologies such as “cookies,” which are small data files placed on your computer’s hard drive to assign an identification code to your computer. These technologies gather details of your visits to our Sites, such as:
- The date and duration of your visit;
- the pages, content and actions you view or take and links you click on while navigating within our Sites;
- your computer type (e.g., Mac or Windows), mobile device type and carrier, language, and internet browser
- any web pages that referred you to our Site,
- Your Internet Protocol (IP) address (a numerical address assigned to your computer or device by your Internet service provider so that other computers or devices connected to the Internet can communicate with your computer or device online) that can sometimes be used to derive your general geographic area;
- From Smart Badges: If you are using a Stova smart badge at a Client or Stova event, the badge will collect certain data regarding your attendance at that event; this may include information such as what time you check in and out, which sessions you attend, what exhibitors you visited, and with whom you exchanged contact information using the smart badge technology.
- From Email, Texts and Phone messages: If you contact a Stova representative using our customer support email, a Stova phone line, or any one of our informational email mailboxes (e.g., [email protected], [email protected]), we will store personal data such as the email address or phone number from which you sent the message, and use the information to reply to you.
7. How We Share the Personal Data We Collect
This section describes how Stova may share or transfer personal data it collects from Clients, Client Contacts, and Visitors.
- Subsidiaries and Affiliates. Stova may disclose personal data to its wholly-owned subsidiaries and affiliates for the purpose of providing services to our Clients and their Client Contracts, and for engaging in sales, marketing and customer support activities with Visitors. Stova Group, LLC is the entity responsible for the management and security of personal data shared among Stova subsidiaries and affiliates. Please see Annex III of our Data Processing Addendum for a list of Stova affiliates and their locations.
- Legal Compliance and Compelled Disclosure. Stova may disclose your information to government or law enforcement officials, regulatory agencies or other third parties (such as attorneys or regulatory service providers), as necessary to (i) comply with applicable laws or regulations, (ii) cooperate with governmental or law enforcement investigations, (iii) respond to legal claims or processes, (iv) protect the safety and legal rights of the public or any individual, (v) detect, prevent or remedy any suspected fraud, market manipulation or illegal, tortious or wrongful activity; or (vi) enforce applicable contracts to which you have agreed.
- Chat Rooms, Message Boards and Social Media Pages. Our Sites may offer the ability for you to engage with message boards, chat rooms, social media sites, and other forums in which you are able to post information and content. Please keep in mind that if you choose to disclose personal information during your participation in such forums, it may be viewed, collected or used by members of the public who access those forums. Please do not post any information that you do not want to be disclosed to the public.
8. How We Transfer Data We Collect Internationally
9. How to Access, Correct or Delete Your Personal Data
Depending on your user type and location, we provide you with various ways to access, correct and request deletion of your personal data.
- If you are a Client who is a registered user of the Stova Platform (for example, a Client employee who has been assigned an administrator account on the Platform), you can access, update, modify, correct or delete both personal data and non-personal information by logging onto your user account and visiting your account settings.
- A Client or Visitor may submit requests to access, update, correct or delete their personal data, to opt out of certain communications, or to withdraw its consent to the collection, processing, and/or transfer of personal data, by contacting Stova at [email protected] and/or at the mailing address provided in the “Contact Information” section of this Policy. We will process your request in a timely fashion, but in any event within the time required under applicable law or regulation. Once we have received notification that you withdraw your consent, we will no longer process your personal data for the purpose(s) to which you originally consented unless there are compelling legitimate grounds for further processing which override your interests or rights, or for the establishment, exercise or defense of legal claims.
- If you are a Client Contact, please note that Stova usually has no direct relationship with Client Contacts and, because Stova processes Client Contact data solely on behalf and at the direction of our Clients, we have no express control or ownership of your personal data that is processed on our Platform. If you are a Client Contact who interacts with our Platform and you would like to access, correct or delete your personal data, or would no longer like to be contacted by the Client controlling the information, please direct your request to the Client. If the Client requests that Stova turn over, correct or delete your personal data, we will respond to their request in a timely manner, but in any event within the time required by applicable regulation or law. Clients are responsible for complying with any regulations or laws requiring notice, disclosure or obtaining consent prior to transferring the data to Stova for processing.
- If a Client, Client Contact, or Visitor is a resident of the EEA, the UK, Switzerland, or various other countries, as well as certain U.S. states, it has the right to:
- access all of its personal that we possess, and request that copies of certain types of personal data to be delivered to them in an electronically portable and machine readable format;
- request that we modify or update any of their personal data;
- request that we delete any of their personal data; and
- where Stova processes their personal data on the basis of consent, fully or partially withdraw consent to the collection, processing, and/or transfer of their personal data.
- The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
- Stova will not accommodate a request to change or delete information if we believe the change or deletion would violate any law or regulatory requirement, or cause the information to be incorrect. In such instances, we will inform the Client about the legal obligations that prevent us from fulfilling the request.
- We will maintain an audit history of any requests to access, correct or delete personal data, as necessary to maintain a record of compliance with applicable laws and regulatory requirements.
10. Stova’s Legal Basis for Collecting and Processing Personal Data.
For individuals that are from the UK, the EEA, Switzerland, or other regions that require a lawful basis for processing personal information (such as under GDPR Article 6), Stova’s legal basis for collecting and processing personal data of Clients, Client Contact and Visitors will depend on the nature of the personal data, the context in which we are collecting it, and the circumstances of the processing activity. When we collect, use, process or disclose your personal data, we will rely on one or more of the following legal grounds:
- Performance of a contract (including any Client contract) – Where we need the personal data to perform our obligations under a Client master services agreement or other binding contract.
- Consent – Where we have received your consent to do so.
- Legal Requirement – If we are required to collect, use, process or disclose your personal data due to a legal or regulatory requirement, we may do so.
So, for example, where we are the processor for our Clients, our legal basis may be fulfilment of a contract or consent. Where we are the controller for Visitor personal data, our legal basis will be consent or legitimate interest.
11. Information for California Residents.
California residents can make certain requests regarding their personal information pursuant to the California Privacy Rights Act ("CPRA"), including the right to request that Stova disclose information to you about your personal data that Stova has collected, used and disclosed in the past 12 months; that Stova delete your personal data, subject to certain exceptions; and the right to opt out of the sale of your personal data. To make such a request, contact Stova at [email protected] or call +1-800-516-4265. Stova will fulfill these requests in accordance with California law. Please note these rights are not absolute, and there may be cases when a request is declined, as permitted by law.
Stova may have collected the following categories of personal data from California residents in the past twelve (12) months:
- Identifiers such as name, e-mail address, mailing address, or phone number.
- Categories of personal information described in subdivision (e) of California Civil Code Section 1798.80.
- Characteristics of protected classifications under California or federal law.
- Professional information, employment-related information, or education information
- Internet browser or device information, such as IP addresses, and other electronic network activity information.
- Geolocation data.
- Audio and visual information, such as customer service call recordings.
- Commercial information, including records of products or services purchased or considered.
- Payment data.
- The contents of voicemails, SMS/text messages, and chats, if you interact with us online via message boards, surveys or blogs, or by phone or email.
Stova will not discriminate against you if you choose to exercise one of your privacy rights. Please note however, if you request that your personal data be deleted, it may impact your experience with the Stova Sites and you may not be able to utilize certain features or services which require personal data to function.
12. Information about Children
13. How Stova Keeps Your Personal Data Secure
Stova makes it a priority to safeguard the security and privacy of your personal data. We follow generally accepted standards to protect the personal data submitted to us, both during transmission and after we receive it. Stova has implemented appropriate technical, organizational and administrative measures to protect your personal data from unauthorized access, disclosure, misuse, alteration or loss.
These measures include security controls to prevent unauthorized access to our facilities and systems, strong authentication procedures and strict password protection protocols, utilizing encryption software for all financial and other sensitive personal data transmitted on or through our Sites, and conducting regular penetration tests. In the event of any security breaches, we will make legally required disclosures to you.
While we take reasonable steps to protect your personal data, please be aware that no method of Internet transmission or electronic storage guarantees complete protection or is 100% secure, and there is always some risk when you share your personal data online. Stova therefore cannot guarantee the absolute security of your personal data.
If you have any questions about security on our Sites, or if you have reason to believe your interactions with us are no longer secure, please contact us at [email protected].
14. Other Important Privacy Information
- Profiling and Automated Decision Making. While information you provide to Stova may be analyzed or processed in a manner that helps us predict and determine your interests and preferences (for example, what products and services may be of interest to you, and when you might be ready to purchase a particular service) based on your behaviors on the Sites and interactions with Stova, this process is overseen by Stova staff. We do not process your personal data using automated decision-making technology for the purposes of profiling consumers in furtherance of decisions that produce legal or similarly significant effects. If we were to establish an automated system to make such decisions based directly on your personal data without human intervention, we would provide you with a right to opt out.
- Emails and other Communications – Unsubscribing and Opting Out:
- You may have consented to receive certain communications marketing or advertising Stova products and services. You can opt-out of receiving these marketing messages at any time by clicking on the “Unsubscribe” link at the bottom of any such message, or by contacting us at the email and/or mailing address provided in the “Contact Information” section of this Policy.
- Clients may use our Platform to send you emails and other electronic communications, if you are on their email subscription lists or have registered for one of their events. Although these messages are sent using our Platform, we don’t determine the content or recipients of these messages. You should contact the Client directly, or click any “Unsubscribe” link provided in the messages, if you no longer want to receive communications from that Client.
- Even if you have opted to “Unsubscribe” from certain types of messages, please be aware that emails and other communications that (a) are responding to your specific requests for information or customer support, or (b) are provided as an inherent feature of specific Stova services you are still receiving, will be sent to you. You should contact us directly at [email protected] if you no longer wish to receive responsive or service-related communications; but please be aware that if you “opt out” of these types of communications, you may no longer receive important messages regarding events that you are organizing or attending, or critical notifications regarding the availability, status and security of Stova services.
- Third-Party Websites and External Links. Our Sites may contain links to websites (including those of event venues, event sponsors, Stova business partners, and social media sites) owned and operated by third parties. When you click on such links, you may leave our Site and be directed to the third parties’ websites. These websites may themselves collect personal data about you. If you submit information to any of those sites, your information is governed by their privacy policies, which may differ from those of Stova. Stova is not, and will not be, responsible for the privacy practices or security of any such websites, and we urge you to read their privacy policies carefully.
Also, please be aware that we are not responsible for the collection, use and disclosure policies (including privacy practices) of other companies, such as Facebook, Google, Instagram, Twitter, LinkedIn, or other app providers, app stores, social media platforms, operating system providers, wireless service providers or device manufacturers, including any data that may be collected from you directly by such companies in connection with your access and use of Stova’s Sites.
- Sensitive Information. Where Stova is collecting, storing and processing personal data of Clients or Visitors on our own behalf, as a data controller, we will not request any sensitive personal data such as your health history, race, religion, or sexual orientation. We request that you do not send or provide us with such sensitive personal data on or through the Sites, by email, or through any other means.
15. Our Contact Information.
5303 Spectrum Drive, Suite DFrederick, Maryland 21703 USAAttention: Privacy Team
E-mail: [email protected]
LAST UPDATED: 21 February 2023