The Infovaya® system of web/cloud platform and mobile apps aims to empower attendees of primarily academic conferences to make the most of their event via: (a) enhancing their interaction with the conference content, (b) facilitating their interactions with other attendees, (c) enabling interactions with conference partners and exhibitors.
This policy describes the collection, use, disclosure, retention, and protection of the personal data of the users of the Infovaya® system. The term “personal data” refers to any data that relates to identifiable individuals, including their names, physical and email addresses, online identifiers, payment details, etc.
This policy does not apply to third parties’ services or to the personal data that is provided to or is collected by third parties. Those parties must have their own Privacy Policies.
Delfys Systems Ltd. (“we”, “us”, “our”) are the owners and providers of the Infovaya® conference system. We are committed to protecting the privacy of your personal data.
Our users (“users”, “you”, “your”) include event organisers, event attendees, and event partners and exhibitors.
We are a registered company in England, United Kingdom, with our principal offices located at 2 Elmira Street, London, SE13 7FQ.
You can contact us at: [email protected]
We collect, retain, process, and share your data in accordance with the applicable personal data protection requirements, in particular, the European Union data protection laws, as specified in the EU Directive 95/46/EC, and the General Data Protection Regulation (GDPR), as specified in the EU General Data Protection Regulation 2016/679, including the standard contractual clauses to protect the transfer of personal data from the European Economic Area, Switzerland and the UK to the US and other third-party countries.
We collect, retain, process, and share your personal data on at least one of the following legal bases:
We collect and process information on the legal bases described in this policy. The minimum set of personal data that we collect consist of your:
We also collect and process your personal data that you submit directly to us when you: (a) contact us via email or our web contact form, and (b) populate your Infovaya® profile. This can include additional data to the minimum required set of personal data listed above. This additional data may include your:
We collect and process your personal data that is automatically logged by our servers when you use our web and mobile services. Such data may include browser or device generated information, e.g. your IP address, domain, browser type and version, operating system, referral source, length of visit, page views, and geolocation (the location of the internet connection or the WiFi access points within its range).
We collect and process demographic and user behaviour information that we collect via our servers and via Google Analytics. We ensure that such data is anonymised before being processed by Google. We group this data into an aggregate and anonymised form so that in no way can it personally identify the users of our web and mobile services. This information may be disclosed to our existing or potential business clients and partners.
We collect and process our minimum required set of your personal data, 1 – 6 listed above, that are sent to us via third parties, typically, the conference peer-review system, the conference registration system, the conference secretariat/professional conference organiser (PCO), the corresponding author of your presentations. The above parties are responsible for the secure transmission of your personal data to us. We are not liable for any data leaks that might occur during data transfer. We collect and process the received personal data as data processor on behalf of and as instructed by our clients. Our clients are the conference organisers, and they are your data controllers. The above parties must have their own privacy policies and bilateral data protection agreements with your data controllers. We recommend that you read those policies thoroughly before sharing any data with or through them.
We do not collect special category data such as your social security number, driving license number, credit card numbers, banking account information, medical records, race, political and religious interests, sexual orientations, etc. We explicitly ask you to not provide any such data. The presence of sensitive data on your profile constitutes violation of our Terms and Conditions. We will delete such data as soon as it is detected, and we may close your account.
Like virtually all web systems, we rely on technologies such as cookies, and process personal data such as IP addresses and cookie identifiers, to perform a range of functions with the sole goal of providing a better experience and a more personalised service to our users.
Cookies are small text files which are automatically transferred from our services and stored on your device. Some cookies are deleted when you end your session or close your browser, whereas others can remain on your device for a certain period of time.
Certain cookies are strictly necessary (e.g. to validate your access level status). Others can be essential for the smooth operation of our services to you (e.g. to remember choices that you make) and may collect anonymised information. We may also use performance cookies to understand how our users interact with our systems, so as to improve our services. All information that these cookies collect is aggregated and therefore anonymised.
You can configure your browser to restrict cookies or fully block cookies. However, such action will impact on your overall experience, and may prevent you from accessing certain parts of our systems and services.
Your name, surname, affiliation, and conference contributions may be publicly discoverable and visible if the organisers of your event ask us to publish the conference program in public view. Your full profile will be discoverable and visible by other InfoVaya users only.
We do not sell or lease your personal data under any circumstances.
We may share your data with our sub-processors, on the legal bases described in this policy. Prior to sharing any information with our sub-processors, we ensure that the recipients are committed to rigorous data security processes, and are GDPR compliant. Sharing of personal data is governed by formal bilateral Data Protection Agreements to enforce confidentiality and personal data protection. All data transfers follow industry-standard data security procedures.
Financial transactions occurring on our sites are exclusively handled by our payment services providers. Personal data shared with our payment services providers is limited to the minimum of data required for processing your payments.
We retain your personal data on the legal bases described in this policy. Such data is hosted in our live servers and in our layered backup storage system. Personal data can also be present in our development servers, where new features and functionalities are produced and tested before propagating to our live servers.
We are committed to protecting your personal data. We follow industry-standard and sector-leading data security practices across the board to keep your personal data secure against unauthorized access, unlawful processing, accidental corruption or loss. We encrypt all data during transmission and at storage. Our staff are trained to the secure and confidential handling of personal data.
Access to the Infovaya® system is via password, and it is only available to authenticated users. It is part of our Terms and Conditions that our users take reasonable precautions to prevent unauthorised access to their accounts (e.g. by keeping passwords safe, signing off when using a shared computer, etc.). You must contact us immediately on suspicion of any account been compromised.
All queries relating to your data rights must be addressed to your data controller. Your data controller should be able to inform you of possible limits that may apply.
Your requests will be processed at no cost, and as quickly as possible. You also can modify or delete certain personal data by yourself, via your Edit Profile functionality.
In cases where we have collected and process your data as a data processor on behalf of a data controller (e.g. the conference organisers), you must submit your request for deletion directly to them. This could apply to users who are authors of accepted papers.
In cases where we are the data controller of your personal data, when your requests could disrupt our contractual obligations to our clients, we may ask you to explain in writing to the conference organisers your reasons for such requests.
Your rights, subject to any exemptions imposed by applicable legal requirements include:
1. Your right to access, rectify, and transfer your data.
You can request a copy of your personal data kept by us. You can also ask for changes, corrections, and updates of this data. You have the right to ask for your data to be transferred to another processor. In such case, we will send you securely the data that we hold for you in a structured file allowing for easy transfer to another processor.
2. Your right to object or request the restricted processing of your data.
You have the right to object to the processing of your personal data or ask for a limited further use of your data.
Under such objection or requests, we can retain your data but we cannot further process it, unless the processing is based on your consent or is deemed necessary on the basis of legal claims that may relate to the protection of the rights of another user, or for reasons of public interest.
Please note that to stop processing your data, we will have to disable your account, which will remove your name from all presentations, sessions, discussions, comments, and other user’s contacts. You will not be able to log in to your account for as long as your objection is in effect.
3. Your right to erase your personal data.
You have the right to request the closure of your account and the deletion of your personal data.
Closing your account and deleting your personal data means that this data will be erased from our databases, servers and backup systems. This process cannot be instantaneous but we will strive to complete it as soon as possible, and you will be notified once complete. The deletion of your data will be permanent and cannot be undone.
Please note that once the deletion of your personal data and the closure of your account has been completed, your name will have been removed from all presentations, sessions, discussions, comments, and other user’s contacts.
4. Your right to be excluded from automated decision-making and profiling.
You have the right to be excluded from actions based on automated processing of your personal data. We design our services in general – and any automations in particular – with the aim of providing you with the best possible user experience. Where such actions may occur, we strive to put you in control, and you can review your choices and options at any time.
We may send you automated email notifications based on certain interactions that you have with conference content or other users. We require your consent via your account Settings for such emailing. You may also opt-out of receiving our emails by clicking on the relevant "unsubscribe" links within the footnote of our emails.
5. Your right to submit a complaint.
You have the right to submit a complaint if you believe that your personal data has been improperly processed. Please contact us at [email protected]. We will acknowledge your complaint within 5 working days and send you a full response within 20 working days. If we can’t respond fully in this time, we will write and let you know why and tell you when you should get a full response.
If you are dissatisfied with the way that we have handled your complaint or request, you may write to the relevant Data Protection Authority. In the United Kingdom, this authority is the Information Commissioner's Office (ICO).