Privacy Policy
1. Definitions

Data subject - any living individual to whom the personal data relates. An identifiable individual is one who can be identified, directly or indirectly. Examples of data subjects are business contacts, job applicants and employees.

Data protection laws - any applicable laws, rules and regulations, relating to information security or the processing of personal data.

DPO - data protection officer.

Data processing - any use of personal data, including collection, sharing, or storage.

DPIA - data protection impact assessment.

Employee - director, manager, employee, contractor or worker of a Modern Expo entity.

Personal data - any information relating to the data subject. For example, contact details, correspondence, CV, work record, preferences, purchase history, financial data, password, e-mail addresses, IP addresses, photographs, online search history, geolocation information, etc.

2. Overview and Objectives

The protection of personal data and compliance with data protection laws is important to our organisation and its affiliates and subsidiaries (“Modern Expo”, “we,” “us”). References to "Modern Expo" or "us" are to each relevant Modern Expo entity.

Each Modern Expo entity has adopted this Policy as its own privacy policy. This Policy applies in respect of certain Modern Expo entities with such variations (to reflect e.g. local laws) as may be specified in the relevant local annexes to this Policy (if any).

We do take privacy seriously and we aim to ensure the privacy rights of our employees, business contacts and customers when we handle information about them. This is fundamental to preserving employee, business partner and customer trust, and is crucial for the long-term success of the Modern Expo business.

This Policy:

  • sets out our data protection principles;
  • identifies the data protection roles and responsibilities;
  • establishes the Privacy Programme;
  • identifies the internal policies, procedures and standards which support this Policy and, together with this Policy, constitute our organisation's privacy framework; and
  • sets out a (non-exhaustive) list of the requirements that Employees must comply with in order to preserve the confidentiality and security of the personal data they handle.

This Policy does not provide an exhaustive list of permitted or prohibited conduct or set forth every rule. This Policy is not a substitute for the responsibility to exercise good business judgment and proper care. You should continue to seek proper advice through appropriate channels in relation to any specific concerns and issues that are not specifically addressed in this Policy.

3. Scope

This Policy applies to all Employees (including directors and contractors) with respect to all operations carried out by Modern Expo which involve the processing of personal data.

The highest management of each Modern Expo entity is ultimately responsible for ensuring adherence to this Policy.

4. Enforcement

It is the responsibility of every Employee to comply with this Policy. Acknowledgment and understanding of this Policy is required through contracts and mandatory training. Failure to comply with this Policy may be a breach of the terms of employment and may lead to disciplinary actions up to and including termination of employment or services contracts.

We take cases of non-compliance seriously. Non-compliance with privacy laws can cause damage to our brand and business reputation, as well as result in very substantial legal penalties or even criminal prosecution.

5. Data Protection Principles

Modern Expo's business operations must at all times be consistent with the Data Protection Principles set out below. These principles are binding.

  • 5.1 Lawful, fair and transparent processing

    Modern Expo only uses personal data in a way that is lawful, fair and transparent.

    We comply with all data protection laws that apply to us. Where required by the law, we are also committed to helping individuals understand what information we collect, how we use it and what choices they have. We explain this to employees and business contacts in a simple and clear way in our privacy notices. We review our privacy notices regularly to keep them up to date, and to ensure they match our internal practices.

  • 5.2 Purpose limitation. Privacy by default

    We only collect personal data for specified, clear and legitimate purposes and we only collect as much personal data as we need to achieve those purposes. We only use data in ways which are necessary for clear goals and proportionate to them, taking into account the risks to the data subject.

  • 5.3 Data accuracy

    We take steps to ensure that the personal data we hold is accurate, up-to-date and relevant to the purposes for which it is used.

  • 5.4 Data retention

    We only keep personal data in an identifiable form for as long as is necessary. See section 9 for more details.

  • 5.5 Rights of the individuals

    We are fully committed to the privacy rights of individuals whose data we process.

  • 5.6 Information security

    We use appropriate technical and organisational measures to keep personal data secure and ensure its integrity, confidentiality and availability.

    We are also committed to ensuring that our vendors and suppliers that may process personal data on our behalf preserve the confidentiality, integrity and availability of such data.

  • 5.7 International transfers of personal data

    Where we need to transfer information internationally, we ensure that there are adequate safeguards in place, as required by the applicable laws, to protect the personal data we transfer.

  • 5.8 Privacy by design

    Protection of personal data should be integrated in the technologies, processes and products from the start, when they are created.

6. Roles and Responsibilities
  • 6.1 Modern Expo entities' separate status

    Each Modern Expo entity is a separate controller and/or processor of certain personal data, and has its own duties to comply with applicable data protection laws.

    Neither the Modern Expo Group as a whole, nor any of the group-wide functional teams (such as, for example, the Group Legal Office, the Data Privacy Team, the IT and Information Security Office, or the ISO):

    1. acts as a separate controller or processor of personal data; or
    2. is authorised by any Modern Expo entity to take any decisions about the purposes or means of processing of personal data on its behalf (unless such authority is given in writing on a case-by-case basis by the highest management of that Modern Expo entity).

    The highest management of each Modern Expo entity is ultimately responsible for ensuring adherence by that entity to this Policy and the data protection laws.

  • 6.2 The Group Legal Office. The Data Privacy Team

    The Group Legal Office has been entrusted by each Modern Expo entity to help it promote and ensure privacy compliance, oversee the overall privacy management and compliance programme, respond to data subject queries and requests, respond to regulatory requests about data protection, and liaise with the IT and Information Security where required.

    To carry out these functions, the Group Legal Office has established a Data Privacy Team that can be contacted directly on issues relating to personal data both from within and from outside the Modern Expo Group, including by data subjects and regulators. The direct email address of the Data Privacy Team is privacy@modern-expo.com.

    The Data Privacy Team's contact details are to be made available to employees, job applicants, business contacts and other data subjects whose data is processed, as well as published on the Modern Expo website. You can also ask, and will be told on request, the identity of all the members of the Data Privacy Team from time to time.

    The establishment of the Data Privacy Team does not in itself amount to a designation of a DPO by any Modern Expo entity. However, a member of the Data Privacy Team may, under agreement in writing, serve as the DPO for a certain Modern Expo entity, provided that such member meets the requirements set out by law.

  • 6.3 DPOs

    The Group Legal Office will assess each Modern Expo entity's circumstances from time to time to help it determine whether it is required by applicable data protection laws to appoint a DPO, and, if so required, will recommend such appointment to the highest management of that entity.

  • 6.4 The Group IT and Information Security Office

    The Group IT and Information Security Office has been entrusted by each Modern Expo entity to help it safeguard and monitor Modern Expo's internal networks and systems and ensure that personal data stored, transferred, accessed and used across these networks and systems is adequately protected from data breaches. The Office is also responsible for participating in DPIAs that concern technology.

  • 6.5 HR function

    It is the responsibility of each Employee engaged in a human resources function to:

    • handle employees' and job applicants' personal data in compliance with this Policy and data protection laws;
    • address employee and job applicant requests for the exercise of their data protection rights;
    • seek the advice of the Data Protection Team whenever in doubt;
    • take part in DPIAs and response efforts in respect of data breaches that involve employees' and job applicants' personal data; and
    • make sure privacy notices for employees and job applicants are reviewed and updated.
  • 6.6 Managers

    It is the responsibility of each Employee engaged in managing or supervising other Employees to ensure that those other Employees comply with this Policy and the data protection laws.

    It is the responsibility of each head of a business function to:

    • ensure that all processing of personal data within that function is in accordance with this Policy and the data protection laws;
    • periodically (but not less than once per year) review all documents and other data for compliance with this Policy (for example, review whether all data has been deleted or archived as required by section 9);
    • seek data privacy advice before any change or novelty in the function's processes;
    • clearly allocate responsibility for compliance with tasks necessary to implement the Policy Framework among the supervised Employees; consider documenting this by drawing up your department's own written procedures, processes and guidance; and
    • handle and escalate any privacy incidents as appropriate.
7. Privacy Programme

Our Group Legal Office supervises the Modern Expo Privacy Programme, which provides a comprehensive, coordinated approach to managing privacy risk while serving business needs and strategies. The Modern Expo Privacy Programme comprises, at a minimum, the following components:

  • Policy framework 
  • Legal compliance
  • Records
  • Data protection impact assessments
  • Vendor privacy risk management
  • Data protection training
  • Data breach management
  • Data subject rights
  • 7.1 Policy Framework

    Modern Expo operates at all times in compliance with this Policy and all internal policies, procedures and standards relating to privacy such as the Information Security and Data Breach Policy, and privacy notices to staff, online users and other individuals ("Policy Framework"). These may, from time to time, be updated or replaced and new policies may be added.

  • 7.2 Legal compliance

    The Group Legal Office will at all times help Modern Expo understand and comply with legal requirements in data protection such as providing privacy notices to data subjects and ensuring data subjects' rights.

  • 7.3 Records

    The Group Legal Office will, in collaboration with other business functions and the Modern Expo entities concerned, create and maintain records of data processing, the decisions and actions taken towards privacy risk management, and other records demonstrating Modern Expo's compliance with data protection laws.

  • 7.4 DPIAs

    Whenever the Group Legal Office is notified of a change in Modern Expo's processes (for example, a new product, technology or business operation) it will consider whether a DPIA is required. If so, the Group Legal Office will initiate, coordinate, and help document the DPIA. The DPIAs will require the input and involvement of the relevant business functions and Modern Expo entities.

  • 7.5 Vendor privacy risk management

    Risk management for engaging third party vendors that process personal data on behalf of Modern Expo ("data processors") is crucial to ensure Modern Expo's data protection compliance. The Legal Office will provide guidelines for third party risk assessment, keeping it up-to-date as necessary to address emerging privacy risks. Risks associated with a third party must be escalated to the Legal Office.

    Each business function that engages a third party vendor which might process personal data on behalf of Modern Expo must ensure that the Legal Office approves such engagement. Before approving, the Legal Office will ensure that:

    • the IT and Information Security Office has carried out due diligence on the data processor's information security measures;
    • an appropriate processing agreement is in place with any data processor which imposes data protection obligations on the data processor (see Article 28(3) GDPR); and
    • data processors' compliance with the processing agreement and the applicable law is monitored from time to time.
  • 7.6 Data protection training

    Data protection training will be a part of the annual compliance training plan and mandatory for all employees upon joining the company and on a regular basis thereafter. The Legal Office will ensure that training content remains up to date and appropriate to our organisation’s business operations, and that it is refreshed on a regular basis. Training completion rates will be monitored and documented (e.g. in a training log).

  • 7.7 Data breach management

    All business functions are responsible for monitoring business operations for incidents concerning the security of personal data, capturing them on a timely and consistent basis, and executing appropriate risk mitigation strategies.

    All employees and business functions are responsible for immediately escalating any actual or suspected data breaches according to our Information Security and Data Breach Policy. Any relevant office and/or business function is required to take part in breach management according to that policy.

    The Legal Office jointly with the IT and Information Security Office will ensure that known incidents and risk events are identified, evaluated and remediated appropriately, and will evaluate trends so that root causes can be addressed. The Legal Office will also handle breach notifications to the competent regulator or data subjects as and when required by the applicable laws.

  • 7.8 Data subject rights

    The Group Legal Office will provide guidelines and assistance to the HR staff and any other office to address any data subject right request (e.g. an individual's request to access personal data held by Modern Expo) in accordance with the applicable law.

8. What Employees Must Do
  • 8.1 Apply the Data Protection Principles to the collection and use of personal data and follow the policies, procedures and standards regarding privacy in your day-to-day work:

    For example:

    • Learn how to recognise personal data.
    • Only collect personal data that is directly relevant and necessary to accomplish the specified purpose(s) and only retain personal data for as long as is necessary to fulfil the specified purpose(s).
    • Use personal data solely for the purpose(s) for which it was collected.
    • Ensure that personal data is accurate, up-to-date and relevant to the purpose(s) for which it is collected.
    • Avoid accessing, collecting or storing personal data that is not necessary for your current job responsibilities.
    • Delete or archive data as required by section 9.
    • Secure personal data (paper and electronic) through appropriate security safeguards against risks such as loss, unauthorized access or use, destruction, modification, or unintended or inappropriate disclosure (e.g. avoid leaving papers, documents or files containing personal data in plain view when you are away from your work area).
    • Keep information confidential. Personal data may not be copied, transferred or otherwise removed or disclosed without Modern Expo's permission.
  • 8.2 Seek advice when in doubt

    Seek the advice of the Data Privacy Team established by the Group Legal Office (at privacy@modern-expo.com) whenever any systems, services, products or business practices are designed or changed.

    Also seek advice if you are in doubt or concerned on any issue relating to personal data.

  • 8.3 Use Modern Expo data and equipment appropriately
    • Use Modern Expo data and equipment for legitimate business purposes only and in accordance with applicable policies, guidelines and instructions. 
    • Do not install or use any other software on their computer without approval of the supervisor or the IT / IS Office.
    • Manage business applications on Modern Expo computers and telecommunications devices in accordance with the Information Security and Data Breach policy.
  • 8.4 Report data breaches

    Immediately report any suspected data breaches (for example, unauthorised access to a system or to any premises, or loss of a flash drive) to databreach@modern-expo.com. See the Information Security and Data Breach Policy for details.

  • 8.5 Complete required training

    Undertake and complete all data protection training within the required deadlines.

  • 8.6 Consequences of non-compliance

    Non-compliance with the terms of this Policy may result in disciplinary action up to and including termination of employment or business relationship, as well as legal action.

9. Delete or Archive Data
  • 9.1 Obligation to delete

    You must delete personal data immediately when it is no longer needed. But note the following:

    1. we need to keep certain types of documents for certain periods when this is required by applicable law;
    2. in some cases we have a legitimate need to keep documents that can be used as evidence in a legal dispute at least for the limitation period set out by law (that is, for the period during which such dispute can be initiated without being time-barred). See also section 9.2 (Litigation hold) below.

    Accordingly, see the Retention Schedules for the minimum retention periods for relevant countries (appended to this Policy). The Group Legal Office will regularly review and update the Retention Schedules. In case a document is not mentioned in the relevant Retention Schedule, seek advice.

    Once the minimum retention period set out in the Retention Schedule has expired, you must immediately assess whether there is still a valid reason for keeping the document or information. If not, you must delete it. If you decide that you cannot yet delete it, you must record the reasons for your decision and the date for the next review (assessment).

  • 9.2 How to delete?

    When deleting electronic data, make sure it is irreversibly destroyed, and cannot be recovered. Tools for "securely deleting" files should be installed on your computer. Consult the IT staff if in doubt.

    Hard copy documents containing personal data should be disposed of using our designated "confidential waste" bins (if available in your Modern Expo office) or shredders. Such documents must not be thrown away with regular rubbish.

    IT equipment or storage drives (such as a USB stick) that is no longer needed and is to be thrown away, must be handed in to the Modern Expo IT staff for secure disposal. The IT staff must make sure that all personal data has been irretrievably deleted from such equipment or drive before disposal.

  • 9.3 Litigation hold

    In the event that a claim, litigation, government or regulatory investigation, internal investigation, audit, subpoena or any legal action or request is anticipated, threatened or commenced, the deletion of all information that may be relevant to it must stop immediately. This is an exception from the obligation to delete.

  • 9.4 Obligation to archive

    Whenever a document or file that contains personal data is no longer needed for the day-to-day use, but it cannot yet be deleted, it must be archived, and access to it must be restricted. This means that an Employee can access archived information only when there is a legitimate business need, and only with the express permission of a member of the highest management.

    For example, information relating to a terminated Employee should not have the same level of access as information about current Employees; until such information is deleted, it must be archived, and access to it must be restricted.

    If it is practicable to pseudonymize personal data (whether or not archived), the data must be pseudonymized. (But remember that pseudonymized data is still personal data).

  • 9.5 Obligation to anonymize

    Whenever a document cannot yet be deleted, but personal data in it can be anonymized, it must be anonymized.

10. Amendments to this Policy

The Group Legal Office will review this policy no less than once every year and recommend any appropriate changes.

11. Exceptions

Any exception to this Policy must be approved in writing by the highest management of the relevant Modern Expo entity (who will ordinarily seek the advice of the Group Legal Office). All exceptions to this Policy must be approved before implementation.

12. Useful Contacts

Data Privacy Team: privacy@modern-expo.com

Report a suspected data breach: databreach@modern-expo.com

Information Security Officer: ISO@modern-expo.com

Appendix A. Retention Schedule: United Kingdom

Each document specified in the table below must be retained at least for the retention period set out opposite it.

Document category Form Retention Period
Corporate Records
Certificate of change of company name Original Permanently
Certificate of Incorporation Original Permanently
Articles of Association (Original and current) Original Permanently
Board Minutes Original 10 years
Company registers Original Permanently (can be held electronically - on computer)
Minutes of general meetings Original 10 years
Resolutions (both members' and board resolutions) Original 10 years
Annual confirmation statement Copy 3 years
Annual Report & Accounts Signed copy Permanently
Share applications/allotments   6 years, or later, until shares are fully paid
Share Transfer Forms Original Permanently
Dividend records (all)   6 years from Audit
Customs Records
Customs Returns Original 6 years
Shipping documents Original 6 years
Export records Original 6 years
Employment
Employee Records
Directors service contracts Original 7 years from termination
Employment Contract Original 7 years from termination
Unsuccessful job applications & notes of interview   12 months after notifying/discounting candidate, save for where a dispute is ongoing.
Payroll records Original 7 years after the end of the financial year in which the payments were made
Overtime records Original 7 years after the end of the financial year in which the payments were made
Benefits/Incentives (payments) Original 7 years after the end of the financial year in which the payments were made
P45, P60 etc. Original 7 years after the end of the financial year in which the payments were made
Income Tax Details Original 7 years after the end of the financial year in which the payments were made
National Insurance Details Original 7 years after the end of the financial year in which the payments were made
Expenses Records Original 7 years after the end of the financial year in which the payments were made
Statutory Sick Pay/Maternity Pay   7 years after the end of the financial year in which the payments were made
Employee Benefit and Pensions Records
Trust Deeds and rules and all amendments Originals Permanently
Pension scheme determinations (e.g. augmentation) Originals Permanently
Records of employee service and eligibility for pension Originals Permanently
Required personal information on employees and former employees (name, address, social security number, period of employment, pay type, either hourly or salary) Originals Permanently
Records of pension paid to employees or their beneficiaries Originals 12 years after final payment
Correspondence/filings with HMRC   6 years after filing
Trustees of a registered pension scheme: Documents relating to monies received by or owing to the scheme, investments or assets held by the scheme, payments made by the scheme, contracts to purchase a lifetime annuity in respect of a member of the scheme, and the administration of the scheme Originals 6 years from end of relevant scheme year (but we recommend permanently)
Trustees of an occupational pension scheme: Records of their meetings and books and records relating to any prescribed transaction Originals 6 years from end of relevant scheme year but we recommend permanently
Winding-up decisions Originals Permanently
Actuarial valuations Originals Permanently
Annual Accounts & Support documentation Originals Permanently
Contribution records Originals Permanently
Investment records & Policies Originals Permanently
Pensioners' records Originals 12 years after benefit ceases
Life Policies Originals Permanently
Financial
Banking Records
Remittance Advice   6 years from the end of the financial year in which the transaction was made
Promissory Notes or other Bills of Exchange Original No statutory requirement (recommended 6 years).
Bank Statements   6 years from the end of the financial year in which the transaction was made
Instructions to Banks   No statutory requirement (recommended 6 years after the instruction ceases to be effective)
Accounting Records
Records to support annual accounts   6 years
Internal accounting reports   6 years
Budgets   No statutory requirement (recommended 5 years).
Management Accounts   6 years
Records for Tax purposes
Tax returns/records Original (where applicable) 6 years after the end of the relevant accounting period (but see 'Time Limits for Assessment' at Section II paragraph 2.4 above).
VAT records Original (where applicable) 6 years. The point at which this record retention period starts depends on the nature of the document (but see 'Time Limits for Assessment' at Section II paragraph 2.4 above).
Other Financial Records
Disposal of assets   No statutory requirement (recommended 12 years)
Sales Invoices   6 years from the end of the financial year in which the transaction was made
Credit notes /Debit Notes   6 years from date which records were made (credit/debit notes are considered a record for VAT purposes)
Manufacturing
Manufacturing-related documents such as records, manufacturing processes, quality control procedures, warnings/instructions provided with the product, product design and safety checks etc. Copy 10 years from last supply of the relevant product (recommended permanently)
Regulatory documents (e.g. Declaration of Conformity and Technical File) Original (where applicable) 10 years from last supply of the relevant product (recommended permanently)
Environmental / Health and Safety
Medical Surveillance and Examination Records Originals 40 years (recommended permanently)
Health and Safety Risk Assessments (e.g. noise, hazardous substances) Originals As long as remain relevant (recommended permanently)
Accident Book & Investigation Documents Originals 3 years from date of last entry (recommended permanently)
Waste disposal documentation Originals (where applicable) 2 years (3 years if they relate to hazardous waste)
All other health and safety related records Originals Recommended permanently
All other environmental records Originals Recommended permanently
Appendix B. Retention Schedule: Netherlands

Each document specified in the table below must be retained at least for the retention period set out opposite it.

Document Category Form Retention Period
Corporate Records
Certificate of Incorporation Original Permanently
Certificate of change of company name Original Permanently
Articles of Association (Original and current) Original Permanently
Board Minutes Original 7 years (minimum)
Company registers Original Permanently
Minutes of general meetings Original 7 years (minimum)
Resolutions (both members' and board resolutions) Original 7 years (minimum)
Annual confirmation statement Copy 7 years (minimum)
Annual Report & Accounts Signed copy 7 years (minimum)
Share applications/allotments   7 years (minimum) (recommended permanently)
Share Transfer Forms Original Permanently
Dividend records (all)   7 years (minimum)
Customs Records
Customs Returns Original 7 years (minimum)
Shipping documents Original 7 years (minimum)
Export records Original 7 years (minimum)
Employment
Employee Records
Directors service contracts Original 7 years (minimum) from termination
Employment Contract Original 7 years (minimum) from termination
Unsuccessful job applications & notes of interview   4 weeks after notifying/discounting candidate, or 12 months with its permission save for where a dispute is ongoing.
Payroll records Original 2 years from termination, or 7 years (minimum) after the end of the financial year in which the payments were made, whichever is longest.
Overtime records Original 2 years from termination, or 7 years (minimum) after the end of the financial year in which the payments were made, whichever is longest.
Benefits/Incentives (payments) Original 2 years from termination, or 7 years (minimum)  after the end of the financial year in which the payments were made, whichever is longest.
P45, P60 etc. Original No statutory requirement (recommended 2 years from termination)
Income Tax Details Original 2 years from termination, or 7 years (minimum)  after the end of the financial year in which the payments were made whichever is longest.
National Insurance Details Original 2 years from termination, or 7 years (minimum) after the end of the financial year in which the payments were made whichever is longest.
Expenses Records Original 2 years from termination, or 7 years (minimum)  after the end of the financial year in which the payments were made whichever is longest.
Statutory Sick Pay/Maternity Pay   2 years from termination, or 7 years (minimum)  after the end of the financial year in which the payments were made whichever is longest.
Employee Benefit and Pensions Records
Trust Deeds and rules and all amendments Originals 2 years from expiry of the employee's claim (recommended permanently)
Pension scheme determinations (e.g. augmentation) Originals 2 years from expiry of the employee's claim (recommended permanently)
Records of employee service and eligibility for pension Originals 2 years from expiry of the employee's claim (recommended permanently)
Required personal information on employees and former employees (name, address, social security number, period of employment, pay type, either hourly or salary) Originals 2 years from expiry of the employee's claim (recommended permanently)
Records of pension paid to employees or their beneficiaries Originals 2 years from expiry of the employee's claim
Correspondence/filings with the tax authority Originals No statutory requirement (recommended 7 years minimum)
Trustees of a registered pension scheme: Documents relating to monies received by or owing to the scheme, investments or assets held by the scheme, payments made by the scheme, contracts to purchase a lifetime annuity in respect of a member of the scheme, and the administration of the scheme Originals 2 years after the expiry of the employee's claim
Trustees of an occupational pension scheme: Records of their meetings and books and records relating to any prescribed transaction Originals 2 years after the expiry of the employee's claim
Winding-up decisions Originals 2 years after the expiry of the employee's claim (recommended permanently)
Actuarial valuations Originals 2 years after the expiry of the employee's claim (recommended permanently)
Annual Accounts & Support documentation Originals 2 years after the expiry of the employee's claim (recommended permanently)
Contribution records Originals 2 years after the expiry of the employee's claim (recommended permanently)
Investment records & Policies Originals 2 years after the expiry of the employee's claim (recommended permanently)
Pensioners' records Originals 2 years after the expiry of the employee's claim
Life Policies Originals 2 years after the expiry of the employee's claim (recommended permanently)
Financial
Banking Records
Remittance Advice   7 years (minimum)
Promissory Notes or other Bills of Exchange Original 7 years (minimum)
Bank Statements   7 years (minimum)
Instructions to Banks   7 years (minimum)
Accounting Records
Records to support annual accounts   7 years (minimum)
Internal accounting reports   7 years (minimum)
Budgets   7 years (minimum)
Management Accounts   7 years (minimum)
Records for Tax purposes
Tax returns/records Original (where applicable) 7 years (minimum)
VAT records Original (where applicable) 7 years (minimum)
Other Financial Records
Disposal of assets   7 years (minimum)
Sales Invoices   7 years (minimum)
Credit notes /Debit Notes   7 years (minimum)
Manufacturing
Manufacturing-related documents such as records, manufacturing processes, quality control procedures, warnings/instructions provided with the product, product design and safety checks etc. Copy 10 years from last supply of the relevant product (recommended permanently)
Regulatory documents (e.g. Declaration of Conformity and Technical File) Original (where applicable) 10 years from last supply of the relevant product (recommended permanently)
Environmental / Health and Safety
Medical Surveillance and Examination Records Originals 40 years (recommended permanently)
Health and Safety Risk Assessments (e.g. noise, hazardous substances) Originals 40 years (recommended permanently)
Accident Book & Investigation Documents Original No statutory requirement (recommended permanently)
Waste disposal documentation Originals (where applicable) 5 years after disposal
All other health and safety related records Original 7 years (minimum) (Recommended permanently)
All other environmental records Original 7 years (minimum) (Recommended permanently)
Appendix C. Retention Schedule: France

Each document specified in the table below must be retained at least for the retention period set out opposite it.

Document Category Form Retention Period
Corporate Records
Certificate of Incorporation Original 5 years from the removal of the company from the Trade and Companies Registrar (article 2224 of the French Civil Code).
Certificate of change of company name Original 5 years from the removal of the company from the Trade and Companies Registrar (article 2224 of the French Civil Code).
Articles of Association
(Original and current)
Original 5 years from the removal of the company from the Trade and Companies Registrar (article 2224 of the French Civil Code).
Board Minutes Original 5 years from the removal of the company from the Trade and Companies Registrar (article 2224 of the French Civil Code).
Company registers Original 5 years from the removal of the company from the Trade and Companies Registrar (article 2224 of the French Civil Code).
Minutes of general meetings Original 5 years from the removal of the company from the Trade and Companies Registrar (article 2224 of the French Civil Code).
Resolutions (both members' and board resolutions) Original 5 years from the removal of the company from the Trade and Companies Registrar (article 2224 of the French Civil Code).
Annual Report & Accounts Original 10 years as it can be considered as accounting documents (Article L. 123-22 of the French Commercial Code)
Share applications/allotments Original 5 years from the removal of the company from the Trade and Companies Registrar (article 2224 of the French Civil Code).
Share Transfer Forms Original 5 years from the removal of the company from the Trade and Companies Registrar (article 2224 of the French Civil Code).
Dividend records (all) Original 5 years from the removal of the company from the Trade and Companies Registrar (article 2224 of the French Civil Code).
Customs Records
Customs Returns Original 3 years (Article 16 of Council Regulation 2913/92 of 12 October 1992)
Shipping documents Original 5 years (article 2224 of the French Civil Code)
Export records Original 5 years (article 2224 of the French Civil Code).
Employment
Employee Records
Directors service contracts Copy 5 years from departure of directors (article 2224 of the French Civil Code).
Employment Contract Copy 5 years as from departure of employee (article 2224 of the French Civil Code and CNIL simplified norm No 46).
Unsuccessful job applications & notes of interview Copy 2 years from the last contact with concerned applicant (CNIL recommendation No. 02-017 of 21 March 2002).
Payroll records Copy 5 years from the date of issuance of payslip (article L.3243-4 of the French Labor Code and article L243-12 of the French Social Security Code)
Overtime records Copy 5 years from departure of employee (Article 2224 of the French Civil Code)
Benefits/Incentives (payments) Copy 10 years (Article L. 123-22 of the French Commercial Code)
Income Tax Details Copy 6 years from as of the most recent entry in the documents or as of the date of the documents (applicable statute of limitations set out by Article L.102 B of the French Tax Procedure Handbook).
National Insurance Details Copy 5 years (article 2224 of the French Civil Code).
Expenses Records Copy 10 years  (Article L. 123-22 of the French Commercial Code)
Statutory Sick Pay/Maternity Pay Copy 10 years  (Article L. 123-22 of the French Commercial Code)
Employee Benefit and Pensions Records
Trust Deeds and rules and all amendments Copy

Unlimited (alignment on the retention period applicable to information necessary to establish the rights of employees, including pension rights provided in CNIL's exemption DI-002)

Pension scheme determinations (e.g. augmentation) Copy

Unlimited

(alignment on the retention period applicable to information necessary to establish the rights of employees, including pension rights provided in CNIL's exemption DI-002)
Records of employee service and eligibility for pension Copy

Unlimited

(alignment on the retention period applicable to information necessary to establish the rights of employees, including pension rights provided in CNIL's exemption DI-002)
Required personal information on employees and former employees (name, address, social security number, period of employment, pay type, either hourly or salary) Copy 5 years from the departure of the employee.
Records of pension paid to employees or their beneficiaries Copy

Unlimited

(alignment with the retention period applicable to information necessary to establish the rights of employees, including pension rights provided in CNIL's exemption DI-002)
Correspondence/filings with French tax authorities Copy 6 years as from the taxation year (article L. 102 of the French Tax Procedure Handbook).
Trustees of a registered pension scheme: Documents relating to monies received by or owing to the scheme, investments or assets held by the scheme, payments made by the scheme, contracts to purchase a lifetime annuity in respect of a member of the scheme, and the administration of the scheme Copy

Unlimited

(alignment with the retention period applicable to information necessary to establish the rights of employees, including pension rights provided in CNIL's exemption DI-002)
Trustees of an occupational pension scheme: Records of their meetings and books and records relating to any prescribed transaction Copy

Unlimited

(alignment with the retention period applicable to information necessary to establish the rights of employees, including pension rights provided in CNIL's exemption DI-002)
Actuarial valuations Copy

Unlimited

(alignment on the retention period applicable to information necessary to establish the rights of employees, including pension rights provided in CNIL's exemption DI-002)
Annual Accounts & Support documentation Copy

Unlimited

(alignment on the retention period applicable to information necessary to establish the rights of employees, including pension rights provided in CNIL's exemption DI-002)
Contribution records Copy

Unlimited

(alignment on the retention period applicable to information necessary to establish the rights of employees, including pension rights provided in CNIL's exemption DI-002)
Investment records & Policies Copy

Unlimited

(alignment on the retention period applicable to information necessary to establish the rights of employees, including pension rights provided in CNIL's exemption DI-002)
Pensioners' records Copy

Unlimited

(alignment on the retention period applicable to information necessary to establish the rights of employees, including pension rights provided in CNIL's exemption DI-002)
Life Policies Written document Permanently until the death of the insured and 30 years thereafter (article L. 114-1 of the French Insurance Code)
Financial
Banking Records
Remittance Advice Original 5 years (article 2224 of the French Civil Code and article L. 110-4 of the French Commercial Code).
Promissory Notes or other Bills of Exchange Original 5 years (article L. 110-4 of the French Commercial Code)
Bank Statements Original 5 years from the payment (article L. 110-4 of the French Commercial Code).
Instructions to Banks Original 5 years (article L. 110-4 of the French Commercial Code)
Accounting Records
Records to support annual accounts Copy 10 years from the end of the financial year (Article L. 123-22 of the French Commercial Code)
Internal accounting reports Original 10 years from the end of the financial year (Article L. 123-22 of the French Commercial Code)
Budgets Copy 10 years from the end of the financial year (Article L. 123-22 of the French Commercial Code)
Management Accounts Original 10 years from the end of the financial year (Article L. 123-22 of the French Commercial Code)
Records for Tax purposes
Tax returns/records True, fair and sustainable copy 6 years as from the taxation year (article L. 102 of the French Tax Procedure Handbook).
VAT records Original 6 years as from the taxation year (article L. 102 of the French Tax Procedure Handbook).
Other Financial Records
Disposal of assets Copy 10 years from the end of the financial year (Article L. 123-22 of the French Commercial Code)
Sales Invoices Invoices supporting VAT deduction claim must be kept in their original paper form. 10 years from the end of the financial year (Article L. 123-22 of the French Commercial Code)
Credit notes /Debit Notes Copy 10 years from the end of the financial year (Article L. 123-22 of the French Commercial Code)
Manufacturing
Manufacturing-related documents such as records, manufacturing processes, quality control procedures, warnings/instructions provided with the product, product design and safety checks etc. Copy 5 years (article L. 110-4 of the French Commercial Code)
Regulatory documents (e.g. Declaration of Conformity and Technical File) Original (where applicable) 5 years (article L. 110-4 of the French Commercial Code)
Environmental / Health and Safety
Medical Surveillance and Examination Records Original 5 years from departure of employee (CNIL simplified norm No 46)
Health and Safety Risk Assessments (e.g. noise, hazardous substances) Original 5 years (Article D. 4711-3 of the French Labour Code)
Accident Book & Investigation Documents Original 10 years as of the date of the initial physical damage or subsequent aggravation of the damage (Article D. 441-2 of the French Social Security Code, Article 2226 of the French Civil Code).
Waste disposal documentation Copy 3 years (Article R. 541-43 of the French Environment Code) or 5 years if they relate to hazardous waste (Article R. 541-45 of the French Environment Code)
All other health and safety related records Original 5 years (Article 2224 of the French Civil Code)
All other environmental records Copy Permanently (best practice) (Article L. 152-1 of the French Environment Code)
Appendix D. Retention Schedule: Poland

Each document specified in the table below must be retained at least for the retention period set out opposite it.

Document Description Retention Period
Accounting
General obligation for retention of company accounts, books of account and records

Period:

5 years

Start of the Period:

From the beginning of the year following the financial year to which the documents relate to.

However, fiscal laws impose stricter obligations. According to Tax Ordinance, company accounts, books of accounts and records should be kept until tax liability expires. Which means that start of the period of 5 years begins from the end of the calendar year in which the deadline for payment of tax expired.
Documentation of the accounting method adopted

Period:

For a period not shorter than 5 years.

Start of the Period:

From the date the documentation ceases to be valid.
Approved annual financial statements

Period:

permanently

Start of the Period:

From the date of preparation of financial statements.
Accounting evidence concerning proceeds

Period:

From the date of drawing up the financial statements for a given financial year, but not shorter than until the date of clearing the persons entrusted with the assets subject to retail sale.

Start of the Period:

From the beginning of the year following the financial year to which the documents relate to.
Accounting evidence concerning construction in progress, bank and non-bank loans and commercial contracts, claims pursued in civil proceedings or covered by criminal or tax proceedings

Period:

5 years

Start of the Period:

Starting from the beginning of the year following the financial year in which the transactions and proceedings were finally terminated, paid off, settled or expired.
Stocktaking records

Period:

5 years

Start of the Period:

From the beginning of the year following the financial year to which the documents relate to.
Other accounting evidence and reports that are required to be prepared under the Act

Period:

5 years

Start of the Period:

From the beginning of the year following the financial year to which the documents relate to.

Tax
General obligation of taxpayers to provide (upon request of the tax inspector) all information that may be relevant to their tax position, including all books, records and other data carriers

Period:

Until the expiry of the limitation period of the Company's liability as a remitter. As a general rule, liabilities become time-barred at the end of a 5-year period (except for the situations specified in Articles 70 and 70a of the Tax Code, when the limitation period does not start to run and the limitation period that has commenced is suspended).

Start of the Period:

The end of the calendar year in which the time limit to pay tax ended.
Payroll and salary records
Employee paylists or their equivalents

Period:

minimum 5 years

The period of required access to this information, resulting from old age or disability pension regulations or tax regulations, but not shorter however than 5 years, unless the documents are to be used as the basis for calculating the old age and disability pension, in which case the provisions of the following point shall apply.

Start of the Period:

From the beginning of the year following the financial year to which those records apply.
Tax payer shall be obliged to retain of payrolls, employee paylists or another evidences on the basis of which the calculation base of pension and disability pension is established (wage documentation).

Period:

10 years

Start of the Period:

From the day of terminating the employment relationship with an employee.
The tax payer shall be obliged to retain the copies of an accounting declaration and personal monthly report and correcting documents.

Period:

5 years

Start of the Period:

From the date of the transfer of documents to one of the organizational units of Social Insurance Fund in a written or electronic form.
A company needs to include information about employees in its administration, including name, date of birth, tax registration number and address. In addition, requests from employees to apply a wage withholding tax discount must be retained in the company’s administration

Period:

5 years

Start of the Period:

The end of the calendar year in which the time limit to pay tax ended.
Payroll and salary documents also likely to be subject to a maximum retention period based on data protection rules: payroll records (wages, tax and social security records, payslips, overtime compensation, bonuses, expenses, benefits in kind), severance pay records (e.g. notification to the competent authorities regarding redundancy, decisions of the court regarding dismissal, correspondence with the competent authorities regarding dismissal, outplacement records, calculations of termination payments)

Period:

10 years

Start of the Period:

From the day of terminating the employment relationship with an employee.
Benefits data (EnelMed, MultiSport, ZFŚS)

Period:

During employment and 5 years after employment termination.

Start of the Period:

The end of the calendar year in which the time limit to pay tax ended.
HR and employment records
Employment contract

Period:

During employment and 10 years after employment termination.

Start of the Period:

From the day on which the employee ends the work for the employer.
HR and employment documents also likely to be subject to a maximum retention period based on data protection rules: Data of rejected job applicants (e.g. application letters, CVs, references, certificates of good conduct, job interview notes, assessment and psychological test results)

Period:

6 years

Start of the Period:

From the beginning of the recruitment process and other process.

Data concerning a temporary worker (other than tax related):

  1. based on the contract for services
  2. based on the employment contract for specified period of time
  3. based on the contract for  performance of specific tasks

Period:

  1. 10 years
  2. 10 years
  3. 2 years

Start of the Period:

  1. from the day the insured ends work for the payer;
  2. from the day the insured ends work for the payer;
  3. from the end of the contract.
In case of the tax related data (wage etc) - the tax rules on the retention period apply.
Reports on employee performance review meetings and assessment interviews (competency database)

Period:

6 years

Start of the Period:
The day of the report preparation.
Records of safety accidents at work

Period:

10 year after employment accident (we suggest to apply 50 years period though).

Start of the Period:

Year of accident case is closed
Employees’ use of internet and e-mail

Period:
6 years

Start of the period:

From the day on which the employee ends the work for the employer.
Candidates’ job application data (application for single job post)

Period:

6 years

Start of the Period:

From the beginning of employment of the chosen candidate.
Candidates’ job application data (open job application)

Period:

6 years

Start of the Period:

From the moment we receive the application.
Purchasing records
An organization is obliged to record all delivery of goods or services, all intra-European Community acquisitions, all import and export, and all other information relevant for VAT purposes

Period:

5 years

The taxpayer is obliged to keep both issued and received invoices, but also other records and documents serving the settlement of tax on goods and services (VAT) until the expiry of the tax liability limitation period.

Start of the Period:

The period of 5 years elapses from the end of calendar year in which the tax was due.
General ledger, accounts receivable department, accounts payable department, (procurement and) sales administration, inventory records

Period:

5 years

Start of the Period:

The period of 5 years elapses from the beginning of the year following the financial year to which the files relate to.
Anti-Money Laundering
Documents and information concerning measures taken to conduct customer due diligence for anti-money laundering purposes

Period:

5 years

Start of the Period:

The first day of the year following the year in which the transaction with the customer was conducted.
Registers of natural or legal persons to avoid participation in transactions that constitute money laundering or terrorist financing

Period:

5 years

Start of the Period:

The first day of the year following the year in which the transaction with the customer was conducted.
Documentation regarding all circumstances which may indicate money laundering or terrorist financing and any actions and decisions taken in the examination of suspected money laundering or terrorist financing transactions

Period:

5 years

Start of the Period:

The first day of the year following the year in which the transactions were registered.
Supplier data
Suppliers staff data for purchasing and procurement - customer complaints

Period:

3 or 10 years

Start of the Period:

From the day when the injured party learned about the damage and about the person liable to redress it or might have learned about it if he had exercised due diligence.

However, such a time limit may not be longer than ten years from the day when the event causing the damage occurred.
Shareholders

Shareholders data

  1. as employee
  2. corporate documents
  3. claim for redressing damage

Period:

  1. 10 years
  2. Throughout the whole existence of the company and after its dissolution (depending on the documents).
  3. 3 years/10 years

Start of the Period:

  1. From the day of termination the employment relationship with an employee.
  2. From the beginning of the company.
Three years from the date on which the company became aware of the damage and of the person liable for its redressing. Notwithstanding the foregoing, the claim shall, in any event, be barred by the statute of limitations upon the lapse of ten years from the occurrence of the event causing the damage.
Appendix E. Retention Schedule: Germany

Each document specified in the table below must be retained at least for the retention period set out opposite it.

"End of the calendar year" means from the end of the calendar year to which the document relates.

Document Category Retention Period Starting
Accounting Capital Assets 10 years End of the calendar year
Budgeting and Business Planning 10 years End of the calendar year
Corporate Financing 10 years End of the calendar year
Employee Compensation, Payroll, Time and Attendance 10 years End of the calendar year
Internal Financial and  Management Reporting 10 years End of the calendar year
Taxation Reporting 10 years End of the calendar year
Bank Accounts - Account Set -Up and Management 10 years End of the calendar year
Accounting Books and Ledgers 10 years End of the calendar year
Accounting Transactions 10 years End of the calendar year
Financial Statements 10 years End of the calendar year
Contracts - General 10 years in case taxation relevant or 6 years in case solely accounting relevant End of the calendar year in which the contract ended
Intellectual Property 10 years (to the extent to be taxation relevant) End of the calendar year
Licenses, Permits and Certification 10 years (to the extent to be taxation relevant) End of the calendar year
Litigation 10 years End of the calendar year
Real Estate Ownership (in relation to inventory) 10 years End of the calendar year
General Regulatory Reporting 10 years End of the calendar year
Garnishment 10 years End of the calendar year
Government Investigations and Complaints 10 years (to the extent taxation relevant) End of the calendar year
Internal Audits 10 years (to the extent taxation relevant) End of the calendar year
Legal Projects 10 years End of the calendar year
Policies and Procedures 10 years (to the extent to be taxation relevant) End of the calendar year
Environmental Health and Safety Testing 30 years End of the calendar year
Employee Benefits Participation 6 years End of the calendar year
Employee Illnesses and Accidents

3 years (Best practice)

End of the calendar year
Employee Medical Records and Drug Testing 3 years (Best practice) After termination
Immigration and Naturalization 3 years After termination
Recruitment

up to ~6 months

(no obligation but best practice in the light of possible legal claims)
Rejection of the applicant
Training and Development Programs Business decision  
Training Attendance and Certification 3 years for specific employment relevant trainings After termination
Pension Plans

Termination of plan, eligibility or entitlement + 10 years

30 years where a Social Security Authority audit has not occurred 
Termination of plan, eligibility or entitlement
Information Systems, Networking and Computers 6 years (to the extent to be taxation relevant) End of the calendar year
Procurement 10 years (to the extent to be taxation relevant) End of the calendar year
Security Incidents and Investigations 6 years (to the extent to be taxation relevant)

End of the calendar year

Project Administration 6 years (to the extent to be taxation relevant)

End of the calendar year

Facilities Management 10 years (to the extent to be taxation relevant)

End of the calendar year

Advertising and Marketing Materials 6 years

End of the calendar year

Customer Complaints and Disputes 6 years End of the calendar year
Marketing Research, Analyses and Plans 6 years End of the calendar year
Sales Proposals 6 years End of the calendar year
Customer Relations 6 years (to the extent taxation relevant) End of the calendar year
Public Relations 6 years (to the extent taxation relevant) End of the calendar year
Policies 10 years (to the extent taxation relevant) End of the calendar year
Claims 10 years End of the calendar year
Worker's Compensation 10 years End of the calendar year
Customs and Trade 10 years End of the calendar year
Shipping and  Transportation 6 years End of the calendar year
Vehicle Maintenance and Driving Records 6 years End of the calendar year
Corporate Records
  • Incorporation documents
  • Board minutes
  • Minutes of general meetings
  • Resolutions
  • Other organizational notices
10 years End of the calendar year
  • Incoming business correspondence and copies of mailed business correspondence, including emails
  • Other documents that are relevant for taxation (unless these documents qualify as accounting records; see below Finance and Accounting)
6 years End of the calendar year
Employment Related Records
Personnel files (regardless of whether in a filing system or electronically stored) After termination of the employment relationship no retention obligation, but recommended during the term of statutory or tariff preclusion periods and limitation periods. The regular statutory lapse period amounts to 3 years generally starting at the end of the year in which the claim arose. Under certain circumstance the limitation period may extend to up to 30 years. After termination
Documents regarding overtime work At least 2 years After performance of the overtime work that exceeds the regular working time of 8 hours per day.
Pregnant and nursing employees: List of names, mode of employment and period of employment At least 2 years As from the last recording
Adolescent employees (aged between 15 and 18): List of names, date of birth, address and date of commencement of employment At least 2 years As from the last recording
Documents regarding salary and social security contribution calculations Up to the expiration of the calendar year following the last audit by the social security authority  
Payroll accounts 6 years End of the calendar year
Finance and Accounting
  • Business reports
  • Annual financial statements and consolidated financial statements
  • Accounting records
  • Opening balance sheet
  • Operating instructions and other organizational documents necessary for their comprehension
  • Books
  • Records, including tax records, banking records, other financial records and accounting records
  • Inventory listings
  • Incoming business correspondence and copies of mailed business correspondence (including emails) that qualify as accounting records
  • Customs records, including documents required for declaration of goods
10 years End of the calendar year
Safety
  • Accident documentation
  • Other related documents
6 years End of the calendar year
Cookie Policy

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.

 A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.

We use the following cookies:

  • Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you and remember your preferences (for example, your choice of language).

You can find more information about the individual cookies we use and the purposes for which we use them in the list below:

  • _csrf - Provides encryption protection of your answers that you have filled out our request forms.
  • language - Allow us to remember your choice of language and show it to you next time, when you visit our site.
  • cookieconsent - Asks for consent from you before setting any cookies.
  • PHPSESSID - It's just the default identifier that PHP uses for cookies which are generated.

We don’t use analytical, performance or targeting cookies, so such third parties like advertising networks and providers of external services like web traffic analysis services have not access to them too.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.

Except for essential cookies, all cookies will expire after 30 days.

INTRODUCTION

This privacy notice will inform you as to how we look after your personal data when you visit our website and tell you about your privacy rights and how the law protects you. It also applies to your consent to receiving marketing from us and information we collect when you meet our representatives at trade fairs, conferences and similar events.

This privacy notice is provided in a layered format so you can click through to the specific areas set out below. Please also use the Glossary to understand the meaning of some of the terms used in this privacy notice.

If you are a candidate applying for a job with us, please also refer to our privacy notice for job applicants.

1. IMPORTANT INFORMATION AND WHO WE ARE
  • PURPOSE OF THIS PRIVACY NOTICE

    This privacy notice aims to give you information on how Modern Expo processes your personal data collected through your use of this website, for example when you fill in a contact form or register for access to our online catalogue. It also applies to your consent to receiving marketing from us, and information we collect when you meet our representatives at trade fairs, conferences and similar events.

    This website is not intended for children and we do not knowingly collect data relating to children.

    It is important that you read this privacy notice together with any other privacy notice or notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements other notices and privacy policies and is not intended to override them.

  • CONTROLLER

    Modern-Expo S.A. of Ludwika Spiessa 3, 20-270 Lublin, Poland is responsible for this website and is the controller of your personal data provided through this website (referred to as “Modern Expo”, “we”, “us” or “our” in this privacy notice).

    We have appointed a data privacy manager to oversee questions in relation to this privacy notice (who is not, however, a "data protection officer" for the purposes of the GDPR or national privacy law). If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the data privacy manager using the details set out below.

  • CONTACT DETAILS

    If you have any questions about this privacy notice or our privacy practices, please contact our data privacy manager by writing to privacy@modern-expo.com.

    Alternatively, you can reach us by post at:

    Modern-Expo S.A.
    Ludwika Spiessa 3, 20-270 Lublin, Poland

    You have the right to make a complaint at any time to the supervisory authority for data protection issues in your country. We would, however, appreciate the chance to deal with your concerns before you approach the authority so please contact us in the first instance.

  • CHANGES TO THE PRIVACY NOTICE AND YOUR DUTY TO INFORM US OF CHANGES

    This privacy notice was last updated on 04.02.2020. Historic versions can be obtained by contacting us.

    It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes.

  • THIRD-PARTY LINKS

    This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

2. THE DATA WE COLLECT ABOUT YOU

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
  • Contact Data includes billing address, delivery address, email address and telephone numbers.
  • Financial Data includes bank account and payment card details.
  • Transaction Data includes details about payments to and from you (or your company) and other details of products and services you (or your company) have purchased from us.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
  • Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and responses.
  • Usage Data includes information about how you use our website, products and services.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and third parties and your communication preferences.
  • Job Applicant Data, as to which please see our privacy notice for job applicants.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

  • IF YOU FAIL TO PROVIDE PERSONAL DATA  

    Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

3. HOW IS YOUR PERSONAL DATA COLLECTED?

We use different methods to collect data from and about you including through:

  • Direct interactions. You might choose to give us your Identity, Contact, Financial Data, Marketing and Communications Data and/or Profile Data by filling in forms, by corresponding with us by post, phone, email, meeting our representatives, or otherwise. This includes personal data you provide when you:
  1. fill in any forms on our website, for example, when you fill out the request form;
  2. fill in any forms or give us your business card when you meet our representatives at trade fairs, conferences and similar events;
  3. send any documents (such as your CV) as attachments to forms on our website;
  4. subscribe to our service or publications;
  5. request marketing to be sent to you; or
  6. give us feedback or contact us.
  • Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. Please see our cookie policy for further details.
4. HOW WE USE YOUR PERSONAL DATA

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal obligation.

In the GLOSSARY you can find out more about the types of lawful basis that we will rely on to process your personal data.

We also rely on your express consent in order to send you direct marketing communications via email. You have the right to withdraw consent to marketing at any time by contacting us.

  • PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA

    We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

    Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

    Purpose/Activity

    Type of data

    Lawful basis for processing including basis of legitimate interest

    To register you (or your company) as a new customer

    (a) Identity

    (b) Contact

    To take steps at your request prior to entering into a contract

    To promote our products and services

    (a) Identity

    (b) Contact

    (c) Transaction

    (d) Marketing and Communications
    Your consent

    To process and deliver your (or your company's) orders/offers and establish and enforce our legal rights, including:

    (a) Enter into and perform contracts

    (b) Manage payments, fees and charges

    (b) Collect and recover money owed to us

    (a) Identity

    (b) Contact

    (c) Profile

    (d) Financial

    (e) Transaction

    (f) Usage

    (g) Marketing and Communications

    (a) Performance of a contract with you

    (b) Necessary for our legitimate interests (to recover debts due to us)

    To manage our relationship with you (or your company) which will include:

    (a) Notifying you about changes to our terms or privacy notice

    (b) Asking you to leave a review

    (c) If you represent a company, carry out the business between our companies (including business correspondence)

    (a) Identity

    (b) Contact

    (c) Profile

    (d) Financial

    (e) Transaction

    (f) Usage

    (g) Marketing and Communications

    (a) Performance of a contract with you

    (b) Necessary to comply with a legal obligation

    (c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services, and to manage business relationships with our customers and suppliers)

    To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

    (a) Identity

    (b) Contact

    (c) Profile

    (d) Technical

    (a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

    (b) Necessary to comply with a legal obligation

    To deliver relevant website content (or your company) and measure or understand the effectiveness of the advertising we serve

    (a) Identity

    (b) Contact

    (c) Profile

    (d) Usage

    (e) Marketing and Communications

    (f) Technical

    Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)

    To use data analytics to improve our website, products/services, marketing, customer relationships and experiences

    (a) Technical

    (b) Usage

    Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)

    In addition, if you apply for a job using our website, we use your data for purposes related to the recruitment process. Please see our privacy notice for job applicants for details.

  • PROMOTIONAL OFFERS FROM US

    We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).

  • OPTING OUT

    You can unsubscribe from marketing emails from us by clicking on the unsubscribe link in the bottom part of any of the marketing emails from us. You can also unsubscribe from marketing emails by sending an email to unsubscribe@modern-expo.com.

    Where you opt out of receiving marketing messages, we may still send you messages of other types, for example, relating to the administration of your account.

  • COOKIES

    You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

    For more information about the cookies we use, please see our cookie policy.

  • CHANGE OF PURPOSE

    We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

    If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

    Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

5. DISCLOSURES OF YOUR PERSONAL DATA

At this stage of our site, we do not share your personal data with any third parties. This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.

Also we may share your personal data with the parties set out below:

  • Internal Third Parties as set out in the Glossary.
  • External Third Parties as set out in the Glossary.
  • Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

6. INTERNATIONAL TRANSFERS

We share your personal data within the Modern Expo Group. This will involve transferring your data outside the European Economic Area (EEA).

In addition, many of our external service providers are based outside the EEA so their processing of your personal data will involve a transfer of data outside the EEA.

Whenever we transfer your personal data out of the EEA, we ensure at least one of the following safeguards is implemented:

  • the country to which your data is transferred has been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries;
  • we enter into a specific contract with the service provider that includes standard terms approved by the European Commission. For further details, see European Commission: Standard contractual clauses for data transfers between EU and non-EU countries; or
  • in the case of providers based in the US, the Privacy Shield which requires them to protect personal data. For further details, see European Commission: EU-US Privacy Shield.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

7. DATA SECURITY

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

8. DATA RETENTION
  • HOW LONG WILL YOU USE MY PERSONAL DATA FOR?

    We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

    To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

    In some circumstances you can ask us to delete your data: see "your legal rights" below for further information.

    In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

9. YOUR LEGAL RIGHTS

Under certain circumstances, you have rights under data protection laws in relation to your personal data. Please click on the links below to find out more about these rights:

  • Request access to your personal data.
  • Request correction of your personal data.
  • Request erasure of your personal data.
  • Object to processing of your personal data.
  • Request restriction of processing your personal data.
  • Request transfer of your personal data.
  • Right to withdraw consent.
  • Right to lodge a complaint with a supervisory authority

If you wish to exercise any of the rights set out above, please contact us at privacy@modern-expo.com.

  • NO FEE USUALLY REQUIRED

    You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

  • WHAT WE MAY NEED FROM YOU

    We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

  • TIME LIMIT TO RESPOND

    We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

10. GLOSSARY
  • LAWFUL BASIS

    Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.

    Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

    Comply with a legal obligation means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.

  • THIRD PARTIES

    INTERNAL THIRD PARTIES  

    Our affiliated company in Ukraine (a non-EEA country) - JE “Modern-Expo” LTD., registered address: 4, Rivnenska Str., Strumivka village, Lutsk district, Volyn region, 45603, Ukraine, provides a number of services to us which may from time to time include legal and compliance services, marketing, finance services, customer management, management consulting and human resources consulting.

    For the purposes of provision of such services, it may act as a processor of your personal data, dealing with your personal data on our written instructions.

    EXTERNAL THIRD PARTIES  

    Data processors who are our IT and system administration services providers (for example, US-based cloud IT infrastructure or productivity optimisation platforms), professional advisors (including lawyers, bankers, auditors and insurers), providers of marketing services (for example, a US-based email marketing automation platform).

  • YOUR LEGAL RIGHTS

    You have the right to:

        Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

        Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

        Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

        Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

        Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:

    • If you want us to establish the data’s accuracy.
    • Where our use of the data is unlawful but you do not want us to erase it.
    • Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
    • You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

        Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

        Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

    Lodge a complaint with the supervisory authority if you believe that processing of your personal data violates your rights or is in any other way unlawful. In case of Poland it will be the President of the Office for Personal Data Protection. We would, however, appreciate the chance to deal with your concerns before you approach the authority so please contact us in the first instance.