Summary of Recent Changes:

What's New as of 5/23/2018:

We recently changed our Privacy Policy to, among other things, reflect compliance with our obligations under the European Union (EU) General Data Protection Regulation (GDPR).  The following is a summary of key changes:

  • Transparency: We’ve provided additional clarity regarding the information we collect from Customers, Visitors and Customer Business Contacts and how we process this information. We’ve also explained the choices and control individuals have over their information.
  • Data Control: We’ve described how individuals can (i) access, correct or delete their personal data from our systems; and (ii) provide or withdraw consent, as appropriate.
  • Readability: We’ve updated our Privacy Policy to make it easier to understand by re-organizing it and using plain English.

Last modified 05/23/2018

Introduction

Cvent, Inc., and its wholly-operating entities Cvent Europe Ltd., Cvent GmBH, Cvent Canada Inc., Cvent Australia PTY Limited, Cvent Singapore PTE Limited, Cvent India Private Limited, Lanyon Solutions, Inc., Passkey International, Inc. and StarCite, Inc. ("Cvent" or "We", "us"), respect your privacy and we are committed to protecting your privacy through our compliance with this policy. 

This policy describes our practices in connection with information that we collect through our Cvent Event Cloud and Hospitality Cloud software platforms and applications (collectively our “Applications”) as well as Cvent’s privacy practices in relation to the use of Cvent’s websites (such as www.cvent.com, www.lanyon.com and other Cvent websites that link to this policy) and external marketing activities.

This policy also describes your data protection rights, including a right to object to some of Cvent’s processing. The Policy does not apply to information collected by any third party, including through any third-party application or content (including advertising) that links to or is accessible from our Applications or websites.

Table of Contents

Are you a Customer, Customer Business Contact or Visitor?
What types of personal data do our Customers collect?
How do our Customers collect personal data?
How do our Customers use personal data?
Does Cvent use personal data collected by our Customers?
What is the legal basis for Cvent to process personal data from the EEA?
How long does Cvent store personal data collected by our Customers?
How do you access, correct or delete your information?
How does Cvent use cookies and similar technologies?
How does Cvent process data from Visitors?
Does Cvent process information of children under the age of 13?
Where does Cvent transfer the data it processes?
How does Cvent secure the data it processes?
What are the Cvent Products?
How do you contact Cvent or Cvent's Data Protection Officer?
How does Cvent publicize changes to it’s Privacy Policy?

Are you a Customer, Customer Business Contact or Visitor?

This policy applies to the following classification of individuals that interact with Cvent:

  • CUSTOMERS: Customers are individuals that are employees or associates of Cvent’s direct customers (for example, event planners, travel buyers and meeting space providers), including customer personnel that are assigned a login id and are authorized to access and use our Applications pursuant to an active Cvent agreement, under a temporary evaluation license, if available. Additionally, Customers include individuals who self-register for access to our Applications.
  • CUSTOMERS BUSINESS CONTACTS: Customers’ business contacts are individuals that interact with our Customers through our Applications. These include our clients’ current and prospective customers, members, attendees, sponsors, exhibitors, marketing partners, hotel guests or other business contacts. For example, Customers Business Contacts include individuals that register for an event organized by a Customer, download an event-related mobile app, complete an online survey, or make a hotel reservation.  
  • VISITORS: Individuals that interact with our Websites (for instance, to read about Cvent products and services, download a white paper, or sign up for an online demo), as well as those who attend Cvent marketing events (for instance, Cvent CONNECT, Cvent Lunch and Learns and Cvent webinars) and whom we meet at a tradeshow or learn about through referral, from third parties or other external sources. 

What types of personal data do our Customers collect?

Our Applications are flexible and allow our Customers to collect personal data from and about their Customer Business Contacts, including name, organization, title, postal address, e-mail address, telephone number, fax number, social media account ID, credit or debit card number and other information including but not limited to dietary preferences, interests, opinions, activities, age, gender, education and occupation.

For a more detailed list of our Applications, please refer to the “What are Cvent's Products” section at the end of this this Privacy Policy. Cvent's use of personal information collected through our Applications shall be limited to the purpose of providing the service for which our Customers have engaged Cvent.

If you do not agree with our policies and practices, you may choose not to use our Applications.

How do our Customers collect personal data?

  • When Customer Business Contacts enter personal data into our Applications.
  • When our Customers enter Customer Business Contacts into our Applications, when permitted, including by having a legitimate business interest or obtaining explicit consent from a Customer Business Contact.
  • Automatically, as Customer Business Contacts interact with our Applications, using commonly used information gathering technologies such as cookies. For additional information about these technologies, see the section below titled “How does Cvent use cookies and similar technologies?“.

How do our Customers use personal data?

If a Customer Business Contact chooses to use our Applications to conduct business with a Customer (for example: register for or check into an event, respond to an online survey, download a mobile application, or send or respond to a Request for Proposal (“RFP”)), any information provided in connection with that interaction will be transferred to, and under the control of, the Customer.

Customers will also have access to information (including personal data and Application usage data) related to how Customer Business Contact interact with the Applications they use. In such instance, the Customers act as data controllers towards the Customer Business Contact, under the European Economic Area (“EEA”) data protection laws.  Therefore, Cvent cannot and does not take responsibility for the privacy practices of Customers.

The information practices of our Customers are governed by their privacy policies. We encourage Customer Business Contacts to review the Customers’ privacy policies to understand their practices and procedures.

Does Cvent use personal data collected by our Customers?

Cvent does not use personal data of our Customer Business Contacts for any purpose other than to provide services that our Customers have contracted us to provide through our Applications, as noted below, or as required by law.

We process personal data in the following manner:

  • To disclose to our subsidiaries and affiliates for the purpose of providing services to our Customers and their Customer Business Contacts.
  • To disclose to contractors, service providers, and other third parties as reasonably necessary or prudent to provide, maintain and support our Applications, such as, for example, payment processors and data center or Web hosting providers. Cvent does not share, sell or trade any information with such third parties for promotional purposes.
  • To deliver the Applications that our Customer has contracted us to provide. Some examples include:
    • If a Customer Business Contact uses one of our Applications to register for an event, we will use their provided e-mail address to send them information and announcements relating to that event.
    • If a Customer Business Contact uses one of our Applications to pay for event registration fees or other products and services using their credit cards, we will pass the credit card information to payment card processors to validate the payment information and complete the transactions.
    • When a Customer submits a RFP to a meeting space provider listed on the Cvent Supplier Network, or to a Customers Business Contact as directed by the Customer, Cvent will contact that venue, management company or Customer Business Contact and disclose information necessary for it to respond to the RFP, which will contains personal data.
    • When a Customer or Customer Business Contact uses their social media credentials to share information on their social media platform or to log into one of our Applications, we will share information with their social media account provider. The information we share will be governed by the social media site’s privacy policy. 
  • To deliver to a third party in the event of a merger, divestiture, restructuring, recapitalization, reorganization, dissolution or other sale or transfer of some or all Cvent’s assets, whether as a continuing operating business or as part of bankruptcy, liquidation or similar proceeding, in which personal data held by Cvent about our Customers and Customer Business Contacts is among the assets transferred.
  • As we believe to be necessary or appropriate:  (a) under applicable law, including laws outside your country of residence; (b) to respond to requests from public and government authorities including public and government authorities outside your country of residence; and (c) to protect against or identify fraudulent transactions.
  • For other purposes when Customer Business Contacts provide explicit consent.

We aggregate and anonymize information about (i) Customers and Customer Business Contacts, and (ii) the use of our Applications in order to improve our Applications and to create benchmark and other business intelligence products. None of the aggregated and anonymized information contain personal data (i.e., does not identify any individual).

What is the legal basis for Cvent to process personal data from the EEA?

For individuals that are from the European Economic Area (EEA), our legal basis for collecting and using their personal information will be our legitimate interest where the processing is in our, or a third party's, legitimate interests and not overridden by the individual’s data protection interests, or fundamental rights and freedoms. These interests are to provide individuals with access to the Applications and features of the Applications; to send them information they have requested; to ensure the security of our Applications by trying to prevent unauthorised or malicious activities; or, to enforce compliance with our terms of use, contracts and other policies. In some EEA countries, we are relying on consent as a legal basis for using data for marketing purposes.

How long does Cvent store personal data collected by our Customers?

Where we process personal data for legitimate business interests described in the section “Does Cvent use personal data collected by our Customers”, unless otherwise provided in our contract with our Customer, we process the data until 90 days after the termination of the contract , at which time we remove it from our production environment. Within 13 months, we remove the data from our backup media.

How do you access, correct or delete your information?

In various countries, including countries in the EEA, upon their request, Customer Business Contacts have the right to access their personal data and, if necessary, have it amended, deleted or restricted. Customer Business Contacts can also ask for some types of personal data to be delivered to them, or another organization they nominate, in a structured and machine-readable format. 

Where we process your personal data on the basis of your consent, you have the right to withdraw your consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Customer Business Contacts also have the right to complain to a supervisory authority for data protection in the country where they live, or where they work – although we hope that we can assist with any queries or concerns you have about our use of your personal data.

Cvent processes Customer Business Contacts data under the direction of our Customers and has no direct control or ownership of the personal data we process. Customers are responsible for complying with any regulations or laws requiring notice, disclosure or obtaining consent prior to transferring the data to Cvent for processing purposes. Any Customer Business Contact that seeks to access, correct or delete data, should direct their query to the Customer. If the Customer requests Cvent to remove the personal data of a Customer Business Contact to comply with data protection regulations, Cvent will process this request within 30 days.

We will not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect. In such instances, we will inform the Customer about the legal obligations that prevent us from fulfilling the request. 

How does Cvent use cookies and similar technologies?

Cookies and Web Beacons

We use cookies or similar automatic data collection technologies as individuals interact with our Applications to collect certain information about their equipment, browsing actions and patterns, including:

  • Details of your visits to our Applications, such as the date and time you access our Applications, length of time you spend on our Applications, websites you visited before or after our Applications, the resources and content that you access and use on the Applications.
  • Information about your computer and internet connection, such as your IP Address, computer type, screen resolution, language, Internet browser type and version. 

Below are the technologies we use for automatic data collection. We do not use any of these technologies to collect information from Customer Business Contacts for marketing or advertising purposes.

  • Browser Cookies.  A cookie is a small file placed on a computer hard drive.  Web browsers can be configured to restrict or entirely block cookies, to configure cookie notification settings and/or to delete cookies already present on the browser or device.  Information on how to do this is provided by the web browser’s help/reference section. Limiting or restricting certain types of cookies may prevent a Customer or Customer Business Contact from using certain portions of our Applications, depending on how the browser settings are configured.  For example, event registration cannot be completed successfully if cookies are disabled in the web browser. Unless the browser setting has been adjusted so that it will refuse cookies, our system will issue cookies when the browser interacts with our Applications.  For more information about cookies and how to disable them, see www.allaboutcookies.org.
  • Session Cookies and Persistent Cookies.  A "session" cookie lasts for a single browser session only and is deleted when the user closes the web browser. Session cookies allow website operators to link the actions of a user during a browser session.  A "persistent" cookie remains on the user’s device (even while powered off) until it expires or is deleted.  A persistent cookie will be reactivated when a user returns to the website which posted the cookie. We use persistent cookies to help customize your web experience when you return to a web page or our website.

    Neither of these cookies can read or access other cookies or any data from a user’s hard drive.  Further, neither of these cookies alone will personally identify a user; however, a cookie will recognize a user’s individual web browser or device through an IP Address, browser version, operating system and other information, and individuals who log in to their Cvent accounts will be individually identifiable to particular Applications using session cookies.
  • Web Beacons.  Pages in our Applications and our e-mails will contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags and single-pixel gifs).  Web beacons differ from cookies in that the information is not stored on your hard drive, but invisibly embedded on web pages or in email.  Web beacons permit us to track online movements of web users, for example: to count users who have visited those pages or opened an e-mail and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).  This enables Cvent to provide a website experience more tailored to our users’ preferences and interests.
  • Flash Cookies.  Certain features of our services will use local storage, such as "Flash cookies" to collect and store information about your preferences and navigation to, from and on our Websites.  Flash cookies are not managed by the same browser settings as are used for browser cookies. If you do not want Flash cookies stored on your computer, you can adjust the settings of your Flash player to block Flash cookie storage using the tools contained in the Website Storage Settings Panel available  at the following link

At this time, we do not respond to browser ‘do not track’ signals, as we await for a uniform standard put forth by regulators or the privacy industry.  Cvent earnestly considers an individual’s independent right to determine how their personal data is processed and continues to monitor developments in this area.You can learn about how you can adjust your browser’s settings to limit or disable cookies and other tracking technologies by visiting the section below titled "Third Party Analytics Providers."

Advertising

We use information collected from our venue sourcing Customers to enable us to display advertisements from our Hospitality Cloud Customers to their target audience of users.  As one example, meeting space providers purchase advertisements that are presented selectively through the Cvent Supplier Network to meeting planners who have previously awarded a minimum volume of meetings business to that provider or to competing venues in the target metropolitan area.  Even though we do not disclose personal data for these purposes, if the venue sourcing user clicks on or otherwise interacts with an advertisement, the advertising Hospitality Cloud Customer assumes that the venue sourcing user meets its target criteria. While we leverage this technology to advertise to Customers, we never advertise to Customer Business Contacts.

We also use third parties (such LinkedIn, Google AdRoll, YouTube) to serve advertisements that may be of interest to you on other websites. For more information and the ability to control your preferences, please visit:

http://preferences-mgr.truste.com,
http://www.networkadvertising.org/managing/opt_out.asp and
http://www.aboutads.info/
https://policies.google.com/privacy/partners

If you are located in Switzerland or the European Union, please click here

Third Party Analytics Providers

We use third party analytics providers, including Google, Adobe, Mixpanel, Mouseflow and others, to collect information about the usage of our Applications and enable us to improve how these Applications work.  The information allows us to see the overall patterns of usage on the Applications, helps us record any difficulties you have with the Applications, shows us whether our advertising is effective or not, and allows us to use responses to advertisements to optimize ad performance.  Google Analytics, Adobe and Mixpanel use cookies and other similar technologies to collect information about the usage of our Applications and to report website trends to us, without storing any personal data on external third party analytics provider platforms.  See below for more information, or to opt out of these practices:

  • You may opt-out of Google Analytics by clicking here
  • You may opt-out of Adobe’s data aggregation and analysis about your use of the Applications by clicking on this link
  • You may opt-out of Mixpanel’s practices by visiting https://mixpanel.com/optout/
  • Mouseflow collects information related to mouse clicks, mouse movements, scroll behaviour, and/or keystroke activity, but it does not collect personally identifiable information on our behalf or track users’ browsing habits across other websites that do not use Mouseflow.  You can learn more about Mouseflow’s practices by visiting http://mouseflow.com/privacy

How does Cvent process data from Visitors?

Cvent processes Visitor data separately and distinctly from the way we process Customer and Customer Business Contact data. By visiting our websites, attending Cvent marketing events or providing us with your personal information, Visitors consent to the collection, processing and storage of their personal information as described in this section.

Visitor Personal Data Collected

Cvent collects personal data including name, title, postal address, e-mail address, telephone number, social media account ID, company information (including financial and billing information when purchasing Cvent services), survey responses, message board posts, chat messages, contest entries and promotional enquiries. We use this information to provide you with additional details about our services, conduct research, provide whitepapers or to contact you after your visit.

We also collect personal data from third party sources, such as public databases, joint marketing partners, and social media platforms.  For example, if a Visitor elects to connect her social media account to her account for our websites, certain personal data from the social media account will be shared with us, which may include personal data that is part of the Visitor’s profile or her friends’ profiles.

Additionally, we collect personal data from cookies and similar technologies to collect information about the pages Visitors view, links Visitors click on, Visitors’ web browser information, Visitors’ IP address and other actions Visitors may take when accessing our websites. For additional information about our use of these technologies and how to control them, see “Cookies and similar technologies“ section below.

Cvent’s Use of Visitor Personal Data Collected

Cvent processes Visitor personal data to:

  • Analyse how our websites are accessed;
  • Personalize your browsing experience and present products or features that may be more applicable to you;
  • Identify website technical problems;
  • Discover, investigate and remediate fraudulent or illegal activity;
  • Transmit notices related to product, service, or policy changes;
  • Respond to your product and service inquiries;
  • Send you information such as product announcements, newsletters, whitepapers, other relevant offers, and upcoming promotions or events (where required, dependent on jurisdiction, we will seek and obtain your explicit consent before sending marketing emails)
  • Plan and host Cvent corporate events, host online forums and social networks in which Visitors may participate;
  • Analyze, score and identify new prospects;
  • Create tailored advertising, sales and promotional programs; and
  • Bill customers for our services and assess the financial capability of prospective customers to afford Cvent’s solutions.

Storing of Visitor Personal Data

Where we process Visitor personal data for marketing purposes or with Visitor consent, we process the data until the Visitor asks us to stop. It typically takes up to 30 days to implement your request. Cvent will not retain Visitor personal data longer than the statutory retention period permitted in the local jurisdictions where Cvent services are marketed and provided. We also keep a record of when Visitors have asked us not to send direct marketing or to process Visitor data indefinitely so that we can respect the Visitor’s request in the future.

Sharing of Visitor Data

Cvent may share information with third party service providers contracted to provide services on our behalf as well as third parties who resell Cvent services.

Cvent may also engage with business partners to jointly offer products, services or other programs such as webinars or whitepapers and from time to time, we may share personal data if you purchase or show interest in any jointly-offered products or services.

Cvent will only share personal data of Visitors who attend a Cvent marketing event with third parties if a) the Visitor explicitly consents, b) the Visitor permits their badge to be scanned, or c) it is permissible under applicable law.

Access, correct or delete Visitor data

Visitors have the same rights to access, correct or delete their personal data as do our Customer Business Contacts, as outlined in section “How do you access, correct or delete your information”.

Any Visitor that seeks to access, correct or delete data, can do so by submitting a request on our website at http://www.cvent.com/gdpr. Cvent will process this request within 30 days.

We will not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect. In such instances, we will inform the Visitor about the legal obligations that prevent us from fulfilling the request. 

We will maintain an audit history of any requests to access, correct or delete personal information to maintain a record of compliance with regulatory requirements

Cookies and similar technologies

All practices related to cookies and their usage described in section “How does Cvent use cookies and similar technologiesalso applies to Visitors when they interact with our websites.

Does Cvent process information of children under the age of 13?

Our Applications are not intended for children under 13 years of age. We do not directly solicit or collect personal data from children under 13.  If you are under 13, do not (i) use or provide any information on these Applications or on or through any of its features, (ii) register to use any of our Applications, (iii) make any purchases through our Applications, (iv) use any of the interactive or public comment features of our Applications or provide any information about yourself to us, including your name, address, telephone number, e-mail address or any screen name or user name you will use.  

Where does Cvent transfer the data it processes?

EU-U.S. and Swiss-U.S. Privacy Shield

Cvent participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield.  Cvent is committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on the Privacy Shield Frameworks, to the Framework’s applicable Principles.  To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List.

Cvent is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf.  Cvent complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Cvent is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.  In certain situations, Cvent may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you will be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.  

Cross-Border Transfers other than to the E.U. or Switzerland 

Personal data may be accessed by Cvent personnel providing services in any country where we have facilities or in which we engage IT service providers, including India, Australia and Singapore. This means that we will transfer personal data outside the European Economic Area or US. In such instances, we use Standard Contract Clauses approved by the European Commission to protect personal data. If you would like a copy or have other queries, please contact us using the contact information set forth below.

How does Cvent secure the data it processes?

We use a variety of organizational, technical and administrative measures to protect personal data within our organization.  Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure.  If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us in accordance with the "Contact Information" section below.

What are Cvent's Products?

Event Cloud

Cvent Meetings & Events

  • Cvent Event Management
  • RegOnline by Cvent
  • Inquisium by Cvent
  • Cvent Conference
  • Lanyon Meetings

Cvent Onsite Solutions

  • OnArrival
  • OnArrival 360
  • SocialWall
  • LeadCapture
  • CrowdCompass by Cvent
  • QuickMobile by Cvent

 

Hospitality Cloud

  • Cvent Supplier Network
  • SpeedRFP.com
  • EliteMeetings.com
  • Cvent Business Intelligence
  • Cvent Lead Scoring
  • Cvent Passkey
  • Cvent Business Transient

How do you contact Cvent of Cvent's Data Protection Officer?

Cvent has appointed a Data Protection Officer (“DPO”) to oversee the application of Cvent’s Privacy Policy. For more details about the DPO’s role or any privacy questions related to Cvent’s Privacy Policy, please contact the DPO at [email protected].  You should also feel free to contact Cvent regarding details of our implementation of our privacy program at:

Cvent Representative
1765 Greensboro Station Place, 7th Floor
Tysons Corner, Virginia 22102
[email protected]

How does Cvent publicize changes to its Privacy Policy?

We will update this Privacy Policy to reflect changes to our information practices. If we make any material changes we will notify you by means of a notice on this website thirty (30) days prior to the changes becoming effective, or by email (sent to the e-mail address specified in your account) seven (7) days prior to the changes becoming effective. However, any changes to the Privacy Policy are effective immediately upon publication for new Visitors, Customers and Customer Business Contacts. We encourage you to periodically review this page for the latest information on our privacy practices.