Privacy Policy

Effective Date: March 16, 2021

This privacy policy applies to certain.com, owned and operated by Certain, Inc. (“Certain”), and any Certain Website or Certain-Powered Websites through which Certain provides services to its Customers (the “Certain Services”). A “Certain-Powered Website” shall mean a domain not owned by Certain but which has a license from Certain to utilize specific Certain technologies. Certain is committed to respecting your online privacy and recognizes your need for appropriate protection and management of any Personal Data you share with us. For purposes of this privacy policy, “Personal Data” means any information that can be used to individually identify a person, and may include, but is not limited to, name, email address, postal or other physical address, IP address, credit or debit card number, and title. Certain has established this privacy policy so that you can understand how we use and protect your Personal Data. Certain provides our customers enhanced peace of mind for many different privacy and security protection laws and frameworks including PCI DSS, HIPAA, SOX, SSAE16, Cloud Security Alliance, and OWASP.

This privacy policy applies to these kinds of parties that interact with Certain:

Customers: Our Customers are typically large corporations and organizations that contract with Certain to provide one or more Certain Services for managing their conferences and other events. The Customer’s employees, independent contractors, and other associates interact with the Certain Services on behalf of the Customer.

Customer Contacts: These are individuals and businesses who interact with our Customers through one or more Certain Services in connection with our Customer’s event. They include attendees who register for the event using Certain Services; exhibitors; suppliers of services to our Customer for the event (such as hotels, convention and visitor bureaus, and destination management companies); and buyers of services on behalf of our Customer to manage the event.

Visitors: These are individuals who interact with certain.com in order to learn more about Certain and our services, to request a demo, to download information, or similar purposes.

What kinds of Personal Data do our Customers collect?

Our Certain Services allow our Customers to collect a variety of Personal Data from and about their Customer Contacts such as name, organization, title, mailing address, e-mail address, telephone number, social media account ID, credit or debit card number, and content that the Customer Contact chooses to upload.

How do our Customers collect Personal Data?

One way our Customers collect Personal Data is that our Customer’s event attendees view a Certain-Powered Website that contains questions created by our Customer. By responding to these questions, the attendee gives our Customer information about the attendee’s plans for attending that specific meeting. The same process is used by our Customer to register attendees. Other similar methods are made available to Customer Contacts to voluntarily provide information to our Customer.

Also, our Customers collect Personal Data by entering information regarding Customer Contacts into a Certain-Powered Website, when permitted by applicable law, including by having a legitimate business interest or obtaining explicit consent from a Customer Contact.

Personal Data may be collected by our Customer automatically, as Customer Contacts interact with our Certain Services, using customary information-gathering technologies such as cookies.

How do our Customers use Personal Data?

Our Customers use Personal Data in planning and managing their events and related activities. For example, if a Customer Contact chooses to use the Certain Services to conduct business with our Customer (such as registering for an event, or providing input related to the event), any Personal Data or other information provided by the Customer Contact will be transferred to, and under the control of, our Customer.

Our Customers will also have access to information (including Personal Data) related to how the Customer Contact interacts with the Certain Services they choose to use.

In collecting and using Personal Data, our Customers act as data controllers with regard to the Customer Contact, under the European Union General Data Protection Regulation (“GDPR”). Certain cannot, and does not, take responsibility for the privacy practices of our Customers or their meeting planners, event organizers, or other suppliers. Certain encourages Customer Contacts to review the particular Customer’s privacy policies to understand its privacy practices and procedures.

How does Certain process Personal Data collected by our Customers?

Certain processes Personal Data of Customer Contacts that has been collected by our Customers solely to provide the Certain Services that our Customers have contracted us to provide, as described below, or as required by law. In using and processing Personal Data, Certain acts under the GDPR solely (a) as the data processor with regard to the Customer Contact and (b) as instructed by our Customer as the data controller.

Specifically:

  • To provide the contracted Certain Services to our Customers and their Customer Contacts.
  • To disclose in interactions with suppliers, service providers, and other third parties as reasonably necessary to provide, maintain and support the Certain Services, such as payment processors, web hosting services, or data centers. These companies are authorized to use Personal Data only as necessary to provide these services to Certain. They are obligated to protect Personal Data on Certain’s behalf and to comply with this privacy policy.
  • To prevent or address service or technical problems and responding to support issues.
  • Responding to our Customer’s instructions or as may be required by law, in accordance with the relevant agreement between our Customer and Certain.
  • In certain situations, Certain may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
  • As required by law, such as to comply with a subpoena, or similar legal process.
  • When we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
  • If Certain is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Website of any change in ownership or uses of your Personal Data, as well as any choices you may have regarding your Personal Data.
  • To establish and utilize, in conjunction with the information technology infrastructure, including data mining and other advanced analytical tools, in order to access, receive, and analyze data and information in furtherance of Certain’s business and market intelligence capabilities.
  • To any other third party with your prior consent to do so.

We do not sell Personal Data to third parties. We will share Personal Data with third parties only in the ways that are described in this privacy policy.

We will use Personal Data only in accordance with this privacy policy. If you do not wish us to continue using your Personal Data in this manner, you can request that your account be deactivated by contacting us as specified in the “Contact Us” section below.

We agree to promptly notify our Customer, and in any event within twenty-four (24) hours of becoming aware, in writing of (a) any use or disclosure of that Customer’s Personal Data or other confidential information that is materially contrary to the authorizations or obligations in this privacy policy or in that Customer’s agreement to receive Certain Services, or (b) any unlawful or unauthorized access, use, alteration, loss, destruction, disclosure or acquisition of such Personal Data or confidential information (collectively a “Security Breach”). We will also take appropriate and timely action to address the Security Breach, by making the appropriate remedial changes to its systems, policies, practices, programs and controls to mitigate the effects of the Security Breach and to prevent a recurrence.

On what legal basis does Certain process Personal Data collected by our Customers?

We will only process Personal Data if we have a legal basis for doing so. Lawful bases for processing include your consent, processing that is necessary for the performance of a contract with our Customer, and our “legitimate interests” or the legitimate interest of others (e.g. our Customers) such as:

  • Personalizing, improving or operating our services and business.
  • Better understanding the needs and interests of our Customers and Customer Contacts.
  • Fulfilling requests related to the Certain Services.
  • Complying with our legal and contract obligations, resolving disputes with users, and enforcing our agreements.
  • Protecting, investigating and deterring fraudulent, harmful, unauthorized or illegal acts.

How long does Certain store Personal Data?

We will retain Personal Data for as long as your account is active or as needed to provide you services. We will retain and use Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Unless otherwise provided in our contract with our Customer, when the contract terminates we generally process Personal Data for no more than ninety (90) days after termination and then remove it from our system.

When the Personal Data is credit card information, we store it for a shorter period. Certain collects credit card data and names in order to process credit card transactions, and the data is passed on to a credit card processor such as MasterCard or Visa to complete each transaction. With the exception of the credit card number, Certain does not store any of that transaction’s Personal Data. The credit card number is stored on our secure servers for a maximum of ninety (90) days, primarily for the convenience of the customer who makes another transaction during that 90-day period.

What are your rights to access, rectify, or erase your Personal Data?

Individuals in certain jurisdictions, such as the European Union, have certain rights with respect to their Personal Data, such as rights to access it; correct inaccurate information; object to its collection or use for certain purposes; erase it; restrict its further processing; ask for a copy; withdraw your consent of processing; and file a complaint with the appropriate supervisory authority.

Certain respects your control over your information and, upon request, we will confirm whether we hold or are processing information that we have collected from you. You also have the right to amend or update inaccurate or incomplete personal information, request deletion of your personal information, or request that we no longer use it. Under certain circumstances we will not be able to fulfill your request, such as if it interferes with our regulatory obligations, affects legal matters, we cannot verify your identity, or it involves disproportionate cost or effort, but in any event we will respond to your request within a reasonable timeframe and provide you an explanation. In order to make such a request of us, please email us at privacy@certain.com.

Certain processes Personal Data under the direction and instructions of our Customers and has no direct control or ownership of the Personal Data. Our Customers are responsible as data controllers for complying with any laws or regulations requiring notice, disclosure or obtaining consent prior to transferring Personal Data to Certain for processing. Any Customer Contact that wishes to exercise any of the rights mentioned above should directly contact our Customer. If our Customer instructs Certain to remove particular Personal Data in accordance with applicable law, Certain will process this instruction within thirty (30) days.

How does Certain use cookies and similar technologies?

Technologies such as: cookies, beacons, tags and scripts are used by Certain and our partners, affiliates, analytics and related service providers in connection with Certain Websites and Certain-Powered Websites in providing the Certain Services and related customary business purposes. These technologies are used in analyzing trends, administering the site, tracking user movements around the site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.

We use cookies to remember users’ settings. Users can control the use of cookies at the individual browser level. If a user chooses to reject cookies, the user may still use the site, but the ability to use some features or areas of the site may be limited.

Log Files – As is true of most websites, we gather certain information automatically and store it in log files. This information may include Internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. We do not link this automatically collected data to other information we collect about you.

We use Local Storage Objects (LSOs) such as HTML5 to store content information and preferences. Third parties with whom we partner to provide features on our site, or to display advertising based upon a user’s Web browsing activity, use LSOs such as HTML5 or Flash to collect and store information. Various browsers may offer their own management tools for removing HTML5 LSOs. To manage Flash LSOs please click here: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html

We partner with a third party ad network to either display advertising on our Website or to manage our advertising on other sites. Our ad network partner uses cookies and Web beacons to collect non-personally identifiable information about your activities on this and other websites to provide you targeted advertising based upon your interests. If you wish to not have this information used for the purpose of serving you targeted ads, you may opt-out here, or if located in the European Union, click here. Please note this does not opt you out of being served advertising. You will continue to receive generic ads.

How does Certain handle Personal Data of Visitors?

A Visitor who is examining certain.com for informational purposes will have Personal Data, such as the Visitor’s IP address, collected as described above regarding cookies and similar technologies.

If a Visitor requests a demo of the Certain Services or decides to download a buyer’s guide, with the Visitor’s permission we will collect and/or process Personal Data such as the Visitor’s name, email address and phone number. We will use this information to fulfill the Visitor’s order, send the Visitor the requested product or service information or respond to customer service requests.

The Personal Data of Visitors has substantially the same rights as Personal Data of Customer Contacts.

How does Certain transfer Personal Data?

If you choose to provide us with your Personal Data, we may transfer that Personal Data within Certain, across borders and from your country to other countries around the world.

EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework

Certain complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  Certain has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF.  Certain has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Certain is responsible for the processing of personal data it receives, under the EU-U.S. DPF and Swiss-U.S. DPF, and subsequently transfers to a third party acting as an agent on its behalf.  Certain complies with the EU-U.S. DPF and Swiss-U.S. DPF Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

The Federal Trade Commission [OR U.S. Department of Transportation] has jurisdiction over Certain’s compliance with the EU-U.S. DPF and Swiss-U.S. DPF.  In certain situations, Certain may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the EU-U.S. DPF and the Swiss-U.S. DPF, Certain commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the Swiss-U.S. DPF to TRUSTe, an alternative dispute resolution provider based in the United States.  If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint.  These dispute resolution services are provided at no cost to you.

For complaints regarding EU-U.S. DPF and Swiss-U.S. DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.

Data Retention Policy

All elements of the Certain Information Technology Operations and Security Program are structured to minimize or prevent damage that could result from accidental or intentional events. This includes actions that might lead to breach of confidentiality, result in fraud or abuse, or delay the execution of operations. To learn more about our data retention policy in its suite of applications, please click HERE.

Security

The security of your Personal Data is important to us. When you enter information on our site we encrypt the transmission of that information using reasonably secure connectivity that leverages TLS (transport layer security).

We follow generally accepted standards to protect the Personal Data submitted to us, both during transmission and once we receive it. If you have any questions about security on our site, you can contact us at privacy@certain.com.

Choice

You may choose whether or not to provide Personal Data to Certain. If you choose not to provide the Personal Data we request, you can still visit most of the Certain-Powered Websites, but you may be unable to access certain options, offers and services (such as Certain software) that involve our interaction with you.

When we collect your Personal Data, we will provide a means for you to opt-out of Certain sharing your Personal Data with our business partners. For example, should you elect to receive our Newsletter and/or promotional communications, you may opt-out of receiving further communications by following those instructions in the email and/or via the unsubscribe link contained in the email. Even if you opt-out of such uses, you understand and consent to Certain sharing your Personal Information with third party payment processors to help us deliver programs, products, information and services.

For attendees of our Customer’s event, if you decide to use Certain’s services we will only send email messages directly relating to registrations, including:

  • Confirmation of completed registration
  • Notice of incomplete registration
  • Additional information about the event or your registration
  • We do not allow users to elect not to receive these messages, because they are vital to completing the registration process.

Our Customer has the option of using your Personal Data, which we provide to them, in order to send you information. Certain is not responsible for the privacy practices of our Customers.

Links to Other Websites

Our site includes links to other websites, such as our blogs & forums, which may be facilitated by a third party. Such sites’ privacy practices may differ from those of Certain. If you submit Personal Data to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any website you visit.

Blog / Forum

Our website offers publicly accessible blogs or community forums. Our blog is managed by a third party application that may require you to register to post a comment. We do not have access or control of the information posted to the blog. You will need to contact or login into the third party application if you want the Personal Data that was posted to the comments section removed. To learn how the third party application uses your information, please review their privacy policy.

Customer Testimonials & Reviews

We may post our clients’ comments, testimonials & reviews on our website which may contain Personal Data. We do obtain the customer’s consent via email prior to posting the testimonial to post their name along with their comments. If you wish to update or delete your testimonial, you can contact us at privacy@certain.com.

Social Media Widgets

Our Website includes Social Media Features, such as the Facebook Like button and Widgets, such as the Share this button or interactive mini-programs that run on our Website. These Features may collect your IP address, which page you are visiting on our Website, and may set a cookie to enable the Feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our Website. Your interactions with these Features are governed by the privacy policy of the company providing it.

Service Provider Disclosure

The use of information collected through the Certain Services shall be limited to the purpose of providing the service for which the Customer has engaged Certain.

Certain processes information under the instructions of its Customer and has no direct relationship with the individuals whose Personal Data it processes. Certain acknowledges that you have the right to access your Personal Data. If you are a customer of one of our Customers and would no longer like to be contacted by one of our Customers that use our service, please contact the Customer that you interact with directly. We may transfer Personal Data to companies that help us provide our service. Transfers to subsequent third parties are covered by the service agreements with our Customer.

Your Consent

By using this website, any other Certain Website or Certain-Powered Websites, you consent to the terms of our privacy policy and to Certain’s processing of Personal Data as described herein.

Changes

We may update this privacy policy to reflect changes to our information practices. If we make any material changes we will notify you by email (sent to the email address specified in your account) or by means of a notice on this site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

Contact Us

If you have any comments or questions about this privacy policy, the practices of the Certain Website or Certain-Powered Websites, or your dealings with those websites, please email us at privacy@certain.com or contact us via post mail:

Certain, Inc. | 1 Montgomery Street, Suite 3440 | San Francisco, CA 94104

TRUSTe

Get Started with Certain Now