Last Updated: 03/01/2020
RegFor.Events is a system that provides online registration for the events and has many additional features such as hotel reservation, booking of transfers, tours, and special activities.
If you do not agree with this policy, do not access or use our Services or interact with any other aspect of our business.
We are committed to safeguarding the privacy of our website visitors and our system users who register as users of our system.
This policy applies where we are acting as a data controller with respect to the personal data of our website visitors and system users; in other words, where we determine the purposes and means of the processing of that personal data.
In this policy, “we”, “us” and “our” refer to RegFor.Events (54 Ligovsky prospect, Saint Petersburg, 191040 Russia)
In this policy “clients” refer to “clients”, or anyone that makes a booking with a user of the system.
In this policy “system” refers to the online registration for the events solution supplied by BSC APEX Ltd.
How we use your personal data
In Section 2 we have set out:
1. (a) the general categories of personal data that we may process;
2. (b) in the case of personal data that we did not obtain directly from you, the source and specific categories of that data;
3. (c) the purposes for which we may process personal data; and
4. (d) the legal basis of the processing.
We may process data about your use of our website and system ("usage data"). The usage data may include your company information, your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency, and pattern of your system use. The source of the usage data is our analytics tracking system such as Google Analytics and similar. This usage data may be processed to understand better user’s behavior to help us make the system better and to communicate with our users with useful hints. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website, system, client service, and system services.
We collect information about you when you register for an account, create or modify your profile, set preferences, sign-up for or make bookings through the System. For example, you provide your contact information when you register for the System. We keep track of your preferences when you select settings. We may process your ("account data"). The account data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and used for communicating with you. The legal basis for this processing is to be able to provide you with our system services so that you can display your information and sell services and products.
We may process your information included in your company profile in our system. ("company info"). The profile data may include your name, address, telephone number, email address, profile pictures, and other details that you add to your profile. The profile data may be processed for the purposes of enabling your use of our website and services.
We may process the provider’s personal data that is provided in the course of the use of our services "service provider data". The provider data may include the provider’s name, address, telephone number, email address, profile pictures, and other details that is added to the provider’s profile. The source of the service provider’s data is you, your employer, or the user who sets up the system for his personal or company purposes. The service providers' data may be processed for the purposes of operating the system so that clients can effectively register for the events of providers and find and select the providers they need. This information is available on the user’s booking site, supplied by us. The legal basis for this processing is to enable proper operation of the system and services.
We may process information that you create for your register/bookable services, promotions, or company information ("publication data"). The publication data may be processed for the purposes of enabling your system to be processed for the purposes of operating the system so that clients can effectively register/book services online and read about your business and service offering. The legal basis for this processing is to enable proper operation of the system and services.
We may process information contained in any inquiry you submit to us through email or live support regarding the system and our services "inquiry data". The inquiry data may be processed for the purposes of analyzing our users' problems and to make our system better.
We may process information relating to transactions, including purchases of services, that you enter into with us and/or through our website "transaction data". The transaction data may include your contact details and the transaction details. The transaction data may be processed for the purpose of supplying the purchased goods and services and keeping proper records of those transactions. The legal basis for this processing is legal requirements for proper accounting practices.
We may process information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters "notification data". The notification data may be processed for the purposes of sending you the relevant notifications and/or newsletters. The legal basis for this processing is your given consent to receive this communication.
We may process information contained in or relating to any communication that you send to us "correspondence data". The correspondence data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and communications with users.
We may process any of your personal data identified in this policy where necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
We may process any of your personal data identified in this policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.
In addition to the specific purposes for which we may process your personal data set out in this Section 2, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
Do not supply any other person's personal data to us, unless with their proper consent.
Providing your personal data to others
We may disclose your personal data to any employee of our company, full-time work contractor staff, such as live help, insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.
We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
Financial transactions relating to our website and services are handled by our payment services providers, [Alfabank, Paykeeper, PayPal]. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.
In addition to the specific disclosures of personal data set out in this Section 3, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
International transfers of your personal data
In Section 4, we provide information about the circumstances in which your personal data may be transferred to countries outside Russia.
Remark that Google, Facebook, and Paypal may store data in USA. But under the privacy shield agreement. See more about that here: https://www.privacyshield.gov/welcome.
We and our fixed contractors have offices and facilities in Russia. The hosting facilities for our system are situated in Russia Timeweb. Our email servers are situated in Russia with Timeweb. Read more about Timeweb security standards here: https://timeweb.com/ru/services/dedicated-server/data-centers/
We do not use this software to get personal data or relate it directly to users of our system. This is only used to give us an overall overview of how visitors interact with our system so we can make it better.
To process credit card payments we use PayPal, Alfabank or Paykeeper online payment gates.
We do not have any access to your credit card numbers at any of these systems. Payment data generally falls under accounting and bank safeguarding regulations and is needed to be stored for 5-10 years at payment processors.
You acknowledge that personal data that you submit for publication through our system or services about you, your company, service providers, products, promotions, services or related things may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
The EU General Data Protection Regulation (GDPR)
In May 2018, a new data privacy law is known as the EU General Data Protection Regulation (or the "GDPR") becomes effective. The GDPR requires RegFor.Events and Service providers using the Service to provide Users with more information about the processing of their Personal Data.
Here is what you need to know:
Legal grounds for processing your Personal Data
The GDPR requires us to tell you about the legal ground we're relying on upon to process any Personal Data about you. The legal grounds for us processing your Personal Data for the purposes set out in Section 2 above will typically be because:
- you provided your consent;
- it is necessary for our contractual relationship;
- the processing is necessary for us to comply with our legal or regulatory obligations; and/or
- the processing is in our legitimate interest as an event organizing and hotel booking platform (for example, to protect the security and integrity of our systems and to provide you with customer service, etc.).
Transfers of Personal Data
As RegFor.Events has a worldwide data exchange, we may need to transfer your Personal Data outside of the country from which it was originally provided. This may be intra-group or to third parties that we work with who may be located in jurisdictions outside the EEA, Switzerland and the UK which have no data protection laws or laws that are less strict compared with those in Europe.
Whenever we transfer Personal Data outside of the EEA, Switzerland or the UK, we take legally required steps to make sure that appropriate safeguards are in place to protect your Personal Data. Feel free to contact us for more information about the safeguards we have put in place to protect your Personal Data and privacy rights in these circumstances.
Personal Data retention
We retain your Personal Data for as long as necessary to provide you with our Services, or for other important purposes such as complying with legal obligations, resolving disputes, and enforcing our agreements. If you have an account with us, we will typically retain your Personal Data for a period of 30 days after you have requested that your account is closed or if it's been inactive for 7 years.
Data protection law provides you with rights in respect of Personal Data that we hold about you, including the right to request a copy of the Personal Data, request that we rectify, restrict or delete your Personal Data, object to profiling and unsubscribe from marketing communications.
For the most part, you can exercise these rights by logging in and visiting the My Account page or changing the "cookie settings" in your browser (see our Cookie Statement for more information).
If you can't find what you're looking for on the My Account page, please contact us using the contact information. Please note that requests to exercise data protection rights will be assessed by us on a case-by-case basis. There may be circumstances where we are not legally required to comply with your request because of the laws in your jurisdiction or because of exemptions provided for in data protection legislation.
If you have a complaint about how we handle your Personal Data, please get in touch with us to explain. If you are not happy with how we have attempted to resolve your complaint, you may contact the relevant data protection authority.
RegFor.Events as a data controller and a data processor
EU data protection law makes a distinction between organizations that process Personal Data for their own purposes (known as "data controllers") and organizations that process personal data on behalf of other organizations (known as "data processors"). If you have a question or complaint about how your Personal Data is handled, these should always be directed to the relevant data controller since they are the ones with primary responsibility for your Personal Data.
RegFor.Events may act as either a data controller or a data processor in respect of your Personal Data, depending on the circumstances.
For example, if you create an account with us to organize your events, i.e you are a Service provider using our system for your purposes, RegFor.Events will be a data controller in respect of the Personal Data that you provide as part of your account. We use this to conduct research and analysis to help better understand and serve Users of the Services as well as to improve our system and provide you with more targeted recommendations about events we think may be of interest to you.
However, if you register for an event as a user, we will process your Personal Data to help administer that event/service on behalf of the Service provider (for example, sending confirmation, promotional and feedback emails, processing payments, etc.) and to help the Service provider target, and understand the success of, their event/services and event planning (for example, providing reports, using analytics to gain insights into the effectiveness of various sales channels, etc.). In these circumstances, RegFor.Events merely provides the "tools" for Service provider; RegFor.Events does not decide what Personal Data to request on registration forms, nor is it responsible for the continued accuracy any Personal Data provided. Any questions that you may have relating to your Personal Data and your rights under data protection law should, therefore, be directed to the Service provider as the data controller, not to RegFor.Events.
Retaining and deleting personal data
Section 5 sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
We will retain your personal data as follows:
Notwithstanding the other provisions of this Section 5, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject to such as accounting laws, or in order to protect your vital interests or the vital interests of another natural person.
We may update this policy from time to time by publishing a new version on our website.
You should check this page occasionally to ensure you are happy with any changes to this policy.
We may notify you of changes to this policy by email or through the private messaging system on our website.
In Section 7, we have summarized the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
Your principal rights under data protection law are:
1. the right to access;
2. the right to rectification;
3. the right to erasure;
4. the right to restrict processing;
5. the right to object to processing;
6. the right to data portability;
7. the right to complain to a supervisory authority; and
8. the right to withdraw consent.
In the RegFor.Events system there is 3 groups of personal data.
1. Company data, which under some circumstances can be personal data on the service provider if he is registered as the company.
2. Users, service providers data, which is data related to the people who provide services on behalf of the Company or Person registered as the company.
3. Clients, which are those who book services and buy items from the company and service providers.
Access to each of this information, and about each person related to each group is readily available inside the system for approved users. Data can be updated, deleted and exported in a constructed JSON format for data subjects who demand this.
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
Cookies that we use
Cookies used by our service providers
Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can, however, obtain up-to-date information about blocking and deleting cookies via these links:
1. (a) https://support.google.com/chrome/answer/95647?hl=en (Chrome);
2. (b) https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);
3. (c) http://www.opera.com/help/tutorials/security/cookies/ (Opera);
4. (d) https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
5. (e) https://support.apple.com/kb/PH21411 (Safari);
6. (f) https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).
Blocking all cookies will have a negative impact upon the usability of many websites.
If you block cookies, you will not be able to use all the features on our website.
BSC APEX Ltd. company was established in Saint-Petersburg (Russia) in 2010, with main activities as Professional Conference Organizers and DMC. In 2018 the RegFor.Events online booking platform was launched as a supporting tool for own needs. In a due course, it was developed as an independent project in order to conference/event organizers can easily and efficiently hold registration process and booking of all supporting services, as hotel accommodation, transfers, tours, and special activities. If you are interested to learn more about our system and get a quotation please contact us:
Address: 54 Ligovsky prospect, Saint-Petersburg, 191040 Russia