COLLECTION AND USE OF PERSONAL INFORMATION
Personal information is information that can be used to directly or indirectly identify you. Personal information also includes anonymous information that is linked to information that can be used to directly or indirectly identify you. Personal information does not include information that has been irreversibly anonymised or aggregated so that it can no longer enable us, whether in combination with other information or otherwise, to identify you.
Here is a description of the types of personal information we may collect and how we may use it:
What Personal Information We Collect
Depending on the products and services you use, we collect different kinds of personal information from or about you.
Information you provide: We collect the personal information you provide—such as your name, age, phone number, gender and email address—when you:
Purchase any Q-Con pass or accommodation online or fill out a form at the door of the convention,
Visit the Q-Con website, or
Contact us via email or letter.
Information about payments: When you make a purchase, we collect personal information in connection with the purchase. This information includes payment information, such as the last four digits of your credit or debit card number; other account and authentication information; and billing and contact details.
Information about use of our services and products: When you visit our website, we may collect information about the type of device you use, your device’s unique identifier, the IP address of your device, your operating system, the type of Internet browser that you use, usage information, diagnostic information, browsing information, session summary information, file attributes (including attributes for photos, videos, music, and documents), and location information from or about the computers, phones, or other devices on which you install or access our products or services. We may gather some of this information automatically. Where available, our services may use your IP address and other technologies to determine a device’s approximate location to allow us to determine where attendees come from improve the services we offer.
Information from third parties: We may collect information from third parties, namely the payment-processing companies we engage with. This includes your contact information from service partners, your IP address or location information from service providers to offer certain products and services relevant to your location, and data from your social networks to authenticate your product use with us, or that you grant permission to our products or services to access.
How We Use Your Personal Information
Generally speaking, Q-Con uses your personal information to provide, improve, and develop our services, to communicate with you and to protect us, our volunteers, guests and attendees.
Q-Con collects, processes, and determines how to process your personal information as data controller for the following purposes:
Providing, improving, and developing our products and services: We use personal information to help us deliver, improve, and develop our event to best match the changing demographics which attend each year. This includes using personal information for purposes such as data analysis, research, and audits. This is carried out solely so that we can continue to monitor our demographics and cater events to be relevant to you.
Communicating with you: Subject to your prior express consent, we may use personal information to send you marketing communications in relation to Q-Con’s own services; communicate with you about your pass, transactions and inform you about our policies and terms. Q-Con may use third party companies to deliver emails to you about Q-Con related news and events, as well as joining instructions and information on the convention closer to the time. If you no longer wish to receive email communications for marketing purposes, please contact us to opt out. We may use your information to process and respond to your requests when you contact us.
For any of the uses of your data described above that require your prior express consent, note that you may withdraw your consent by contacting us.
Promoting safety and security: We use personal information to verify the identity of attendees checking into the convent, as well as to promote safety and security, such as by monitoring and investigating suspicious or potentially illegal activity or violations of our terms or policies. Such processing is based on our legitimate interest in helping ensure the safety of our volunteers, guests and attendees.
Collection of personal information
Q-Con uses two third party companies, Eventbrite Ltd. and iZettle Plc., to collect personal information and to process payments. We are not responsible for the privacy practices employed by those third parties, nor are we responsible for the information or content their products and services contain. This Privacy Statement applies solely to information collected by us. We encourage you to read the privacy policies of any third parties before proceeding to use their websites, products, or services.
DISCLOSURE OF PERSONAL INFORMATION
We make certain personal information available to strategic partners that work with us to provide our products and services or help us market to attendees. Personal information will only be shared by us with these companies in order to provide or improve our products, services, and advertising; it will not be shared with third parties for their own marketing purposes without your prior express consent.
We share personal information with companies that provide services on our behalf, such as email services; marketing; payment processing; fulfilling customer orders; data analytics; conducting customer research and other services that assist in selling and delivering the convention each year. Personal information may be aggregated and anonymised in order to generate demographic breakdowns to present to potential sponsorship partners. These companies are obligated to protect your information, have their own privacy policies and are subject to the same legislation as ourselves.
Legal Compliance and Security
It may be necessary—by law or as a result of legal process, litigation, or requests from public or governmental authorities within or outside your country of residence—for us to disclose personal information. We may also disclose personal information if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate.
We may also disclose personal information if we determine in good faith that disclosure is reasonably necessary to protect the rights of our customers and pursue available remedies, enforce our terms and conditions, investigate fraud and where necessary pass information onto the correct authorities.
We take reasonable steps to ensure that your personal information is accurate, complete, and up-to-date. Depending on where you live, you may have the rights described below, however it is assumed that almost all attendees reside within the European Union and so are protected by the General Data Protection Regulation (GDPR) (EU) 2016/679.
Q-Con, under Recital 171 of the above Regulation, recognises the right to continue to rely on established consent to hold personal information previously submitted under (EU) 95/46/EC. Should another person purchase a convention pass or accommodation on your belhalf, Q-Con shall assume that you have given that person the consent to submit personal information on your behalf.
You have the right to access, correct, or delete the personal information that we collect. You are also entitled to object to or restrict, at any time, the further processing of your personal information. You have the right to receive your personal information in a structured and standard format. You may lodge a complaint with the competent data protection authority regarding the processing of your personal information.
To protect the privacy and the security of your personal information, we may request information from you to enable us to confirm your identity and right to access such information, as well as to search for and provide you with the personal information we maintain. There are instances where applicable laws or regulatory requirements allow or require us to refuse to provide or delete some or all of the personal information that we maintain.
You may contact us to exercise your rights. We will respond to your request in a reasonable timeframe, and in any event in less than 30 days.
Please contact us to remove the personal information we hold on you in relation to the following uses:
providing, improving, and developing our products and services;
communicating with you;
sharing your personal information with third-party partners for marketing communications;
offering and measuring targeted advertisements and services; or
promoting safety and security for all volunteers, guests and attendees.
If you request that we remove any data we possess, we may delete any or all of your information without liability. We may retain, however, information related to you if we believe it may be necessary to prevent fraud or future abuse, if required by law, or for legitimate purposes, such as analysis of non-personal information, auditing our records, enforcing our rights and obligations under our agreements and to safeguard those using the services we offer.
THIRD-PARTY WEBSITES AND SERVICES
Our services, including our website and promotional materials, may contain links to or the ability for you to access third-party websites, products, and services. We are not responsible for the privacy practices employed by those third parties, nor are we responsible for the information or content their products and services contain. This Privacy Statement applies solely to information collected by us. We encourage you to read the privacy policies of any third parties before proceeding to use their websites, products, or services.
INFORMATION SECURITY, INTEGRITY, AND RETENTION
If you feel that the security of your personal information has been compromised, please immediately contact us. Please be aware that, despite our efforts, no security system is impenetrable. In the event of a security breach, we will promptly notify you and the proper authorities if required by law.
We will retain your personal information for as long as it is necessary to fulfil the purposes outlined in this Privacy Statement, unless a longer retention period is required or permitted by law.
CHANGES TO THIS PRIVACY STATEMENT
We may periodically change this Privacy Statement to keep pace with new technologies, industry practices, and regulatory requirements, among other reasons. We expect most such changes to be minor. Any non-material changes will take effect immediately upon posting of an updated Privacy Statement. There may, however, be cases where changes to the Privacy Statement may be more significant. In such cases, we will provide you either a prominent notice of such changes before they take effect or by directly sending you a notification.
Your continued use of our products and services after the effective date of the Privacy Statement means that you accept the revised Privacy Statement. If you do not agree to the revised Privacy Statement, please refrain from using our products or services and contact us to remove any applicable personal information belonging to you which may have been submitted to us.
If you have any questions regarding this Privacy Statement or its implementation, you may email us at firstname.lastname@example.org.
Last updated: 22/05/2018