GDPR Policy


Convention Data Services Data Protection Policy

for Residents of the European Union

Convention Data Services recognizes principles and requirements of the General Data Protection Regulation (GDPR) adopted by the European Union. Convention Data Services will, so far as is reasonably practical, comply with the Data Protection Principles contained in the Data Protection Act to ensure all data is:

  • Fairly and lawfully processed
  • Obtained and used for specific and clearly stated purposes
  • Adequate, relevant, and not excessive
  • Accurate and up-to-date
  • Not kept for longer than necessary
  • Processed in accordance with your rights
  • Secure
  • Not transferred to other countries without adequate protection

What is “Personal Information”

The GDPR aims to protect the “personal data” or personal information of individuals within the EU and covers many processing activities, including collection, storage, consultation, transfer, and destruction, of this data. “Personal data” means any and all information relating to an identified or identifiable natural person. You can be identified from information such as your name, email address, phone number, home address, driver’s license number, and passport number. You may also be identifiable from information such as an online identifier, IP address, unique device ID or cookie.

Data Collected by Convention Data Services

Generally, those who wish to attend conventions, conferences, trade shows, or similar events will register for those events online or over the telephone. During the process of that registration, you share with us personal information about yourself which generally includes contact information, demographics pertaining to your trade or profession, and payment information. Alternatively we may collect association membership data directly from the organization to which you belong.

How Convention Data Services Uses Your Event Registration Data

  • Email advance notice of and/or invitation to events
  • Send email to confirm your registration
  • Look up and print your physical badge for an event
  • Generate certificates of attendance, credentials, etc. as may be applicable for your event
  • Potentially track attendance to event courses or sessions

How Convention Data Services May Share Your Data

  • Share with event organizer (trade association, etc.).
  • Share with third parties involved in the event process (e.g., hotel booking companies).
  • Potentially share with exhibitors and sponsors at the event through badge scanning onsite at the event. You would physically present your badge for scanning.
  • CDS Attendee List (AL) and Exhibitor Email (EE) applications allow event exhibitors to send you email/direct mail. These applications generally do not allow exhibitors direct access to your contact information.
  • The Registration Resource Center allows other attendees to contact you within the application itself. Limited information such as name and company are shown.
  • Some applications (Registration Resource Center, Geo Map, etc.) may provide limited information to other attendees, including name, title, company, and city.

Once your data has been shared with a third party, CDS no longer has direct control over that information, but we require our partners to agree to follow GDPR.

Your Rights

We recognize that all personal information you submit to Convention Data Services belongs to the you, and that we use your data only with your permission. You have the following specific rights:

  • Informed: We will tell you exactly how we use your data in clear, plain language.
  • Consent: Convention Data Services will not store or use your data without your consent. If we get your data from a membership organization or another source, we will ensure through a contract that they are also compliant with GDPR consent regulations.
  • Access and Portability: View and download all personal data Convention Data Services may store.
  • Modification: Request changes or updates to any personal data Convention Data Services stores.
  • Erasure: Request that Convention Data Services purge all personal identifying information at any time.

Data Security

The Convention Data Services Data Security Policy is a compilation of related policies that, when taken together, reflect a comprehensive approach to data security that complies with PCI requirements, SSAE 18 requirements, GDPR regulations, and generally accepted best business practices.

Specific data security measures include:

  • No sensitive personal information (SPI) such as credit card numbers, bank account numbers, passport, and social security numbers, is stored on Convention Data Services’ servers.
  • Convention Data Services follows generally accepted best practices for secure software development.
  • All data is stored on physically secure hardware.
  • Personal data is secured behind network firewalls and access requires login credentials.
  • All data processed through websites is encrypted in transit.
  • In the unlikely event of a data breach, Convention Data Services has policies in place to notify affected parties.
  • Data security is regularly audited by third parties.

Right of Access

Should you wish to view, modify, or erase your data, you can make that request by sending an email to