Data subject - any living individual to whom the personal data relates. An identifiable individual is one who can be identified, directly or indirectly. Examples of data subjects are business contacts, job applicants and employees.
Data protection laws - any applicable laws, rules and regulations, relating to information security or the processing of personal data.
DPO - data protection officer.
Data processing - any use of personal data, including collection, sharing, or storage.
DPIA - data protection impact assessment.
Employee - director, manager, employee, contractor or worker of a Modern Expo entity.
Personal data - any information relating to the data subject. For example, contact details, correspondence, CV, work record, preferences, purchase history, financial data, password, e-mail addresses, IP addresses, photographs, online search history, geolocation information, etc.
The protection of personal data and compliance with data protection laws is important to our organisation and its affiliates and subsidiaries (“Modern Expo”, “we,” “us”). References to "Modern Expo" or "us" are to each relevant Modern Expo entity.
Each Modern Expo entity has adopted this Policy as its own privacy policy. This Policy applies in respect of certain Modern Expo entities with such variations (to reflect e.g. local laws) as may be specified in the relevant local annexes to this Policy (if any).
We do take privacy seriously and we aim to ensure the privacy rights of our employees, business contacts and customers when we handle information about them. This is fundamental to preserving employee, business partner and customer trust, and is crucial for the long-term success of the Modern Expo business.
This Policy:
This Policy does not provide an exhaustive list of permitted or prohibited conduct or set forth every rule. This Policy is not a substitute for the responsibility to exercise good business judgment and proper care. You should continue to seek proper advice through appropriate channels in relation to any specific concerns and issues that are not specifically addressed in this Policy.
This Policy applies to all Employees (including directors and contractors) with respect to all operations carried out by Modern Expo which involve the processing of personal data.
The highest management of each Modern Expo entity is ultimately responsible for ensuring adherence to this Policy.
It is the responsibility of every Employee to comply with this Policy. Acknowledgment and understanding of this Policy is required through contracts and mandatory training. Failure to comply with this Policy may be a breach of the terms of employment and may lead to disciplinary actions up to and including termination of employment or services contracts.
We take cases of non-compliance seriously. Non-compliance with privacy laws can cause damage to our brand and business reputation, as well as result in very substantial legal penalties or even criminal prosecution.
Modern Expo's business operations must at all times be consistent with the Data Protection Principles set out below. These principles are binding.
Modern Expo only uses personal data in a way that is lawful, fair and transparent.
We comply with all data protection laws that apply to us. Where required by the law, we are also committed to helping individuals understand what information we collect, how we use it and what choices they have. We explain this to employees and business contacts in a simple and clear way in our privacy notices. We review our privacy notices regularly to keep them up to date, and to ensure they match our internal practices.
We only collect personal data for specified, clear and legitimate purposes and we only collect as much personal data as we need to achieve those purposes. We only use data in ways which are necessary for clear goals and proportionate to them, taking into account the risks to the data subject.
We take steps to ensure that the personal data we hold is accurate, up-to-date and relevant to the purposes for which it is used.
We only keep personal data in an identifiable form for as long as is necessary. See section 9 for more details.
We are fully committed to the privacy rights of individuals whose data we process.
We use appropriate technical and organisational measures to keep personal data secure and ensure its integrity, confidentiality and availability.
We are also committed to ensuring that our vendors and suppliers that may process personal data on our behalf preserve the confidentiality, integrity and availability of such data.
Where we need to transfer information internationally, we ensure that there are adequate safeguards in place, as required by the applicable laws, to protect the personal data we transfer.
Protection of personal data should be integrated in the technologies, processes and products from the start, when they are created.
Each Modern Expo entity is a separate controller and/or processor of certain personal data, and has its own duties to comply with applicable data protection laws.
Neither the Modern Expo Group as a whole, nor any of the group-wide functional teams (such as, for example, the Group Legal Office, the Data Privacy Team, the IT and Information Security Office, or the ISO):
The highest management of each Modern Expo entity is ultimately responsible for ensuring adherence by that entity to this Policy and the data protection laws.
The Group Legal Office has been entrusted by each Modern Expo entity to help it promote and ensure privacy compliance, oversee the overall privacy management and compliance programme, respond to data subject queries and requests, respond to regulatory requests about data protection, and liaise with the IT and Information Security where required.
To carry out these functions, the Group Legal Office has established a Data Privacy Team that can be contacted directly on issues relating to personal data both from within and from outside the Modern Expo Group, including by data subjects and regulators. The direct email address of the Data Privacy Team is privacy@modern-expo.com.
The Data Privacy Team's contact details are to be made available to employees, job applicants, business contacts and other data subjects whose data is processed, as well as published on the Modern Expo website. You can also ask, and will be told on request, the identity of all the members of the Data Privacy Team from time to time.
The establishment of the Data Privacy Team does not in itself amount to a designation of a DPO by any Modern Expo entity. However, a member of the Data Privacy Team may, under agreement in writing, serve as the DPO for a certain Modern Expo entity, provided that such member meets the requirements set out by law.
The Group Legal Office will assess each Modern Expo entity's circumstances from time to time to help it determine whether it is required by applicable data protection laws to appoint a DPO, and, if so required, will recommend such appointment to the highest management of that entity.
The Group IT and Information Security Office has been entrusted by each Modern Expo entity to help it safeguard and monitor Modern Expo's internal networks and systems and ensure that personal data stored, transferred, accessed and used across these networks and systems is adequately protected from data breaches. The Office is also responsible for participating in DPIAs that concern technology.
It is the responsibility of each Employee engaged in a human resources function to:
It is the responsibility of each Employee engaged in managing or supervising other Employees to ensure that those other Employees comply with this Policy and the data protection laws.
It is the responsibility of each head of a business function to:
Our Group Legal Office supervises the Modern Expo Privacy Programme, which provides a comprehensive, coordinated approach to managing privacy risk while serving business needs and strategies. The Modern Expo Privacy Programme comprises, at a minimum, the following components:
Modern Expo operates at all times in compliance with this Policy and all internal policies, procedures and standards relating to privacy such as the Information Security and Data Breach Policy, and privacy notices to staff, online users and other individuals ("Policy Framework"). These may, from time to time, be updated or replaced and new policies may be added.
The Group Legal Office will at all times help Modern Expo understand and comply with legal requirements in data protection such as providing privacy notices to data subjects and ensuring data subjects' rights.
The Group Legal Office will, in collaboration with other business functions and the Modern Expo entities concerned, create and maintain records of data processing, the decisions and actions taken towards privacy risk management, and other records demonstrating Modern Expo's compliance with data protection laws.
Whenever the Group Legal Office is notified of a change in Modern Expo's processes (for example, a new product, technology or business operation) it will consider whether a DPIA is required. If so, the Group Legal Office will initiate, coordinate, and help document the DPIA. The DPIAs will require the input and involvement of the relevant business functions and Modern Expo entities.
Risk management for engaging third party vendors that process personal data on behalf of Modern Expo ("data processors") is crucial to ensure Modern Expo's data protection compliance. The Legal Office will provide guidelines for third party risk assessment, keeping it up-to-date as necessary to address emerging privacy risks. Risks associated with a third party must be escalated to the Legal Office.
Each business function that engages a third party vendor which might process personal data on behalf of Modern Expo must ensure that the Legal Office approves such engagement. Before approving, the Legal Office will ensure that:
Data protection training will be a part of the annual compliance training plan and mandatory for all employees upon joining the company and on a regular basis thereafter. The Legal Office will ensure that training content remains up to date and appropriate to our organisation’s business operations, and that it is refreshed on a regular basis. Training completion rates will be monitored and documented (e.g. in a training log).
All business functions are responsible for monitoring business operations for incidents concerning the security of personal data, capturing them on a timely and consistent basis, and executing appropriate risk mitigation strategies.
All employees and business functions are responsible for immediately escalating any actual or suspected data breaches according to our Information Security and Data Breach Policy. Any relevant office and/or business function is required to take part in breach management according to that policy.
The Legal Office jointly with the IT and Information Security Office will ensure that known incidents and risk events are identified, evaluated and remediated appropriately, and will evaluate trends so that root causes can be addressed. The Legal Office will also handle breach notifications to the competent regulator or data subjects as and when required by the applicable laws.
The Group Legal Office will provide guidelines and assistance to the HR staff and any other office to address any data subject right request (e.g. an individual's request to access personal data held by Modern Expo) in accordance with the applicable law.
For example:
Seek the advice of the Data Privacy Team established by the Group Legal Office (at privacy@modern-expo.com) whenever any systems, services, products or business practices are designed or changed.
Also seek advice if you are in doubt or concerned on any issue relating to personal data.
Immediately report any suspected data breaches (for example, unauthorised access to a system or to any premises, or loss of a flash drive) to databreach@modern-expo.com. See the Information Security and Data Breach Policy for details.
Undertake and complete all data protection training within the required deadlines.
Non-compliance with the terms of this Policy may result in disciplinary action up to and including termination of employment or business relationship, as well as legal action.
You must delete personal data immediately when it is no longer needed. But note the following:
Accordingly, see the Retention Schedules for the minimum retention periods for relevant countries (appended to this Policy). The Group Legal Office will regularly review and update the Retention Schedules. In case a document is not mentioned in the relevant Retention Schedule, seek advice.
Once the minimum retention period set out in the Retention Schedule has expired, you must immediately assess whether there is still a valid reason for keeping the document or information. If not, you must delete it. If you decide that you cannot yet delete it, you must record the reasons for your decision and the date for the next review (assessment).
When deleting electronic data, make sure it is irreversibly destroyed, and cannot be recovered. Tools for "securely deleting" files should be installed on your computer. Consult the IT staff if in doubt.
Hard copy documents containing personal data should be disposed of using our designated "confidential waste" bins (if available in your Modern Expo office) or shredders. Such documents must not be thrown away with regular rubbish.
IT equipment or storage drives (such as a USB stick) that is no longer needed and is to be thrown away, must be handed in to the Modern Expo IT staff for secure disposal. The IT staff must make sure that all personal data has been irretrievably deleted from such equipment or drive before disposal.
In the event that a claim, litigation, government or regulatory investigation, internal investigation, audit, subpoena or any legal action or request is anticipated, threatened or commenced, the deletion of all information that may be relevant to it must stop immediately. This is an exception from the obligation to delete.
Whenever a document or file that contains personal data is no longer needed for the day-to-day use, but it cannot yet be deleted, it must be archived, and access to it must be restricted. This means that an Employee can access archived information only when there is a legitimate business need, and only with the express permission of a member of the highest management.
For example, information relating to a terminated Employee should not have the same level of access as information about current Employees; until such information is deleted, it must be archived, and access to it must be restricted.
If it is practicable to pseudonymize personal data (whether or not archived), the data must be pseudonymized. (But remember that pseudonymized data is still personal data).
Whenever a document cannot yet be deleted, but personal data in it can be anonymized, it must be anonymized.
The Group Legal Office will review this policy no less than once every year and recommend any appropriate changes.
Any exception to this Policy must be approved in writing by the highest management of the relevant Modern Expo entity (who will ordinarily seek the advice of the Group Legal Office). All exceptions to this Policy must be approved before implementation.
Data Privacy Team: privacy@modern-expo.com
Report a suspected data breach: databreach@modern-expo.com
Information Security Officer: ISO@modern-expo.com
Each document specified in the table below must be retained at least for the retention period set out opposite it.
| Document category | Form | Retention Period |
| Corporate Records | ||
| Certificate of change of company name | Original | Permanently |
| Certificate of Incorporation | Original | Permanently |
| Articles of Association (Original and current) | Original | Permanently |
| Board Minutes | Original | 10 years |
| Company registers | Original | Permanently (can be held electronically - on computer) |
| Minutes of general meetings | Original | 10 years |
| Resolutions (both members' and board resolutions) | Original | 10 years |
| Annual confirmation statement | Copy | 3 years |
| Annual Report & Accounts | Signed copy | Permanently |
| Share applications/allotments | 6 years, or later, until shares are fully paid | |
| Share Transfer Forms | Original | Permanently |
| Dividend records (all) | 6 years from Audit | |
| Customs Records | ||
| Customs Returns | Original | 6 years |
| Shipping documents | Original | 6 years |
| Export records | Original | 6 years |
| Employment | ||
| Employee Records | ||
| Directors service contracts | Original | 7 years from termination |
| Employment Contract | Original | 7 years from termination |
| Unsuccessful job applications & notes of interview | 12 months after notifying/discounting candidate, save for where a dispute is ongoing. | |
| Payroll records | Original | 7 years after the end of the financial year in which the payments were made |
| Overtime records | Original | 7 years after the end of the financial year in which the payments were made |
| Benefits/Incentives (payments) | Original | 7 years after the end of the financial year in which the payments were made |
| P45, P60 etc. | Original | 7 years after the end of the financial year in which the payments were made |
| Income Tax Details | Original | 7 years after the end of the financial year in which the payments were made |
| National Insurance Details | Original | 7 years after the end of the financial year in which the payments were made |
| Expenses Records | Original | 7 years after the end of the financial year in which the payments were made |
| Statutory Sick Pay/Maternity Pay | 7 years after the end of the financial year in which the payments were made | |
| Employee Benefit and Pensions Records | ||
| Trust Deeds and rules and all amendments | Originals | Permanently |
| Pension scheme determinations (e.g. augmentation) | Originals | Permanently |
| Records of employee service and eligibility for pension | Originals | Permanently |
| Required personal information on employees and former employees (name, address, social security number, period of employment, pay type, either hourly or salary) | Originals | Permanently |
| Records of pension paid to employees or their beneficiaries | Originals | 12 years after final payment |
| Correspondence/filings with HMRC | 6 years after filing | |
| Trustees of a registered pension scheme: Documents relating to monies received by or owing to the scheme, investments or assets held by the scheme, payments made by the scheme, contracts to purchase a lifetime annuity in respect of a member of the scheme, and the administration of the scheme | Originals | 6 years from end of relevant scheme year (but we recommend permanently) |
| Trustees of an occupational pension scheme: Records of their meetings and books and records relating to any prescribed transaction | Originals | 6 years from end of relevant scheme year but we recommend permanently |
| Winding-up decisions | Originals | Permanently |
| Actuarial valuations | Originals | Permanently |
| Annual Accounts & Support documentation | Originals | Permanently |
| Contribution records | Originals | Permanently |
| Investment records & Policies | Originals | Permanently |
| Pensioners' records | Originals | 12 years after benefit ceases |
| Life Policies | Originals | Permanently |
| Financial | ||
| Banking Records | ||
| Remittance Advice | 6 years from the end of the financial year in which the transaction was made | |
| Promissory Notes or other Bills of Exchange | Original | No statutory requirement (recommended 6 years). |
| Bank Statements | 6 years from the end of the financial year in which the transaction was made | |
| Instructions to Banks | No statutory requirement (recommended 6 years after the instruction ceases to be effective) | |
| Accounting Records | ||
| Records to support annual accounts | 6 years | |
| Internal accounting reports | 6 years | |
| Budgets | No statutory requirement (recommended 5 years). | |
| Management Accounts | 6 years | |
| Records for Tax purposes | ||
| Tax returns/records | Original (where applicable) | 6 years after the end of the relevant accounting period (but see 'Time Limits for Assessment' at Section II paragraph 2.4 above). |
| VAT records | Original (where applicable) | 6 years. The point at which this record retention period starts depends on the nature of the document (but see 'Time Limits for Assessment' at Section II paragraph 2.4 above). |
| Other Financial Records | ||
| Disposal of assets | No statutory requirement (recommended 12 years) | |
| Sales Invoices | 6 years from the end of the financial year in which the transaction was made | |
| Credit notes /Debit Notes | 6 years from date which records were made (credit/debit notes are considered a record for VAT purposes) | |
| Manufacturing | ||
| Manufacturing-related documents such as records, manufacturing processes, quality control procedures, warnings/instructions provided with the product, product design and safety checks etc. | Copy | 10 years from last supply of the relevant product (recommended permanently) |
| Regulatory documents (e.g. Declaration of Conformity and Technical File) | Original (where applicable) | 10 years from last supply of the relevant product (recommended permanently) |
| Environmental / Health and Safety | ||
| Medical Surveillance and Examination Records | Originals | 40 years (recommended permanently) |
| Health and Safety Risk Assessments (e.g. noise, hazardous substances) | Originals | As long as remain relevant (recommended permanently) |
| Accident Book & Investigation Documents | Originals | 3 years from date of last entry (recommended permanently) |
| Waste disposal documentation | Originals (where applicable) | 2 years (3 years if they relate to hazardous waste) |
| All other health and safety related records | Originals | Recommended permanently |
| All other environmental records | Originals | Recommended permanently |
Each document specified in the table below must be retained at least for the retention period set out opposite it.
| Document Category | Form | Retention Period |
| Corporate Records | ||
| Certificate of Incorporation | Original | Permanently |
| Certificate of change of company name | Original | Permanently |
| Articles of Association (Original and current) | Original | Permanently |
| Board Minutes | Original | 7 years (minimum) |
| Company registers | Original | Permanently |
| Minutes of general meetings | Original | 7 years (minimum) |
| Resolutions (both members' and board resolutions) | Original | 7 years (minimum) |
| Annual confirmation statement | Copy | 7 years (minimum) |
| Annual Report & Accounts | Signed copy | 7 years (minimum) |
| Share applications/allotments | 7 years (minimum) (recommended permanently) | |
| Share Transfer Forms | Original | Permanently |
| Dividend records (all) | 7 years (minimum) | |
| Customs Records | ||
| Customs Returns | Original | 7 years (minimum) |
| Shipping documents | Original | 7 years (minimum) |
| Export records | Original | 7 years (minimum) |
| Employment | ||
| Employee Records | ||
| Directors service contracts | Original | 7 years (minimum) from termination |
| Employment Contract | Original | 7 years (minimum) from termination |
| Unsuccessful job applications & notes of interview | 4 weeks after notifying/discounting candidate, or 12 months with its permission save for where a dispute is ongoing. | |
| Payroll records | Original | 2 years from termination, or 7 years (minimum) after the end of the financial year in which the payments were made, whichever is longest. |
| Overtime records | Original | 2 years from termination, or 7 years (minimum) after the end of the financial year in which the payments were made, whichever is longest. |
| Benefits/Incentives (payments) | Original | 2 years from termination, or 7 years (minimum) after the end of the financial year in which the payments were made, whichever is longest. |
| P45, P60 etc. | Original | No statutory requirement (recommended 2 years from termination) |
| Income Tax Details | Original | 2 years from termination, or 7 years (minimum) after the end of the financial year in which the payments were made whichever is longest. |
| National Insurance Details | Original | 2 years from termination, or 7 years (minimum) after the end of the financial year in which the payments were made whichever is longest. |
| Expenses Records | Original | 2 years from termination, or 7 years (minimum) after the end of the financial year in which the payments were made whichever is longest. |
| Statutory Sick Pay/Maternity Pay | 2 years from termination, or 7 years (minimum) after the end of the financial year in which the payments were made whichever is longest. | |
| Employee Benefit and Pensions Records | ||
| Trust Deeds and rules and all amendments | Originals | 2 years from expiry of the employee's claim (recommended permanently) |
| Pension scheme determinations (e.g. augmentation) | Originals | 2 years from expiry of the employee's claim (recommended permanently) |
| Records of employee service and eligibility for pension | Originals | 2 years from expiry of the employee's claim (recommended permanently) |
| Required personal information on employees and former employees (name, address, social security number, period of employment, pay type, either hourly or salary) | Originals | 2 years from expiry of the employee's claim (recommended permanently) |
| Records of pension paid to employees or their beneficiaries | Originals | 2 years from expiry of the employee's claim |
| Correspondence/filings with the tax authority | Originals | No statutory requirement (recommended 7 years minimum) |
| Trustees of a registered pension scheme: Documents relating to monies received by or owing to the scheme, investments or assets held by the scheme, payments made by the scheme, contracts to purchase a lifetime annuity in respect of a member of the scheme, and the administration of the scheme | Originals | 2 years after the expiry of the employee's claim |
| Trustees of an occupational pension scheme: Records of their meetings and books and records relating to any prescribed transaction | Originals | 2 years after the expiry of the employee's claim |
| Winding-up decisions | Originals | 2 years after the expiry of the employee's claim (recommended permanently) |
| Actuarial valuations | Originals | 2 years after the expiry of the employee's claim (recommended permanently) |
| Annual Accounts & Support documentation | Originals | 2 years after the expiry of the employee's claim (recommended permanently) |
| Contribution records | Originals | 2 years after the expiry of the employee's claim (recommended permanently) |
| Investment records & Policies | Originals | 2 years after the expiry of the employee's claim (recommended permanently) |
| Pensioners' records | Originals | 2 years after the expiry of the employee's claim |
| Life Policies | Originals | 2 years after the expiry of the employee's claim (recommended permanently) |
| Financial | ||
| Banking Records | ||
| Remittance Advice | 7 years (minimum) | |
| Promissory Notes or other Bills of Exchange | Original | 7 years (minimum) |
| Bank Statements | 7 years (minimum) | |
| Instructions to Banks | 7 years (minimum) | |
| Accounting Records | ||
| Records to support annual accounts | 7 years (minimum) | |
| Internal accounting reports | 7 years (minimum) | |
| Budgets | 7 years (minimum) | |
| Management Accounts | 7 years (minimum) | |
| Records for Tax purposes | ||
| Tax returns/records | Original (where applicable) | 7 years (minimum) |
| VAT records | Original (where applicable) | 7 years (minimum) |
| Other Financial Records | ||
| Disposal of assets | 7 years (minimum) | |
| Sales Invoices | 7 years (minimum) | |
| Credit notes /Debit Notes | 7 years (minimum) | |
| Manufacturing | ||
| Manufacturing-related documents such as records, manufacturing processes, quality control procedures, warnings/instructions provided with the product, product design and safety checks etc. | Copy | 10 years from last supply of the relevant product (recommended permanently) |
| Regulatory documents (e.g. Declaration of Conformity and Technical File) | Original (where applicable) | 10 years from last supply of the relevant product (recommended permanently) |
| Environmental / Health and Safety | ||
| Medical Surveillance and Examination Records | Originals | 40 years (recommended permanently) |
| Health and Safety Risk Assessments (e.g. noise, hazardous substances) | Originals | 40 years (recommended permanently) |
| Accident Book & Investigation Documents | Original | No statutory requirement (recommended permanently) |
| Waste disposal documentation | Originals (where applicable) | 5 years after disposal |
| All other health and safety related records | Original | 7 years (minimum) (Recommended permanently) |
| All other environmental records | Original | 7 years (minimum) (Recommended permanently) |
Each document specified in the table below must be retained at least for the retention period set out opposite it.
| Document Category | Form | Retention Period |
| Corporate Records | ||
| Certificate of Incorporation | Original | 5 years from the removal of the company from the Trade and Companies Registrar (article 2224 of the French Civil Code). |
| Certificate of change of company name | Original | 5 years from the removal of the company from the Trade and Companies Registrar (article 2224 of the French Civil Code). |
| Articles of Association (Original and current) |
Original | 5 years from the removal of the company from the Trade and Companies Registrar (article 2224 of the French Civil Code). |
| Board Minutes | Original | 5 years from the removal of the company from the Trade and Companies Registrar (article 2224 of the French Civil Code). |
| Company registers | Original | 5 years from the removal of the company from the Trade and Companies Registrar (article 2224 of the French Civil Code). |
| Minutes of general meetings | Original | 5 years from the removal of the company from the Trade and Companies Registrar (article 2224 of the French Civil Code). |
| Resolutions (both members' and board resolutions) | Original | 5 years from the removal of the company from the Trade and Companies Registrar (article 2224 of the French Civil Code). |
| Annual Report & Accounts | Original | 10 years as it can be considered as accounting documents (Article L. 123-22 of the French Commercial Code) |
| Share applications/allotments | Original | 5 years from the removal of the company from the Trade and Companies Registrar (article 2224 of the French Civil Code). |
| Share Transfer Forms | Original | 5 years from the removal of the company from the Trade and Companies Registrar (article 2224 of the French Civil Code). |
| Dividend records (all) | Original | 5 years from the removal of the company from the Trade and Companies Registrar (article 2224 of the French Civil Code). |
| Customs Records | ||
| Customs Returns | Original | 3 years (Article 16 of Council Regulation 2913/92 of 12 October 1992) |
| Shipping documents | Original | 5 years (article 2224 of the French Civil Code) |
| Export records | Original | 5 years (article 2224 of the French Civil Code). |
| Employment | ||
| Employee Records | ||
| Directors service contracts | Copy | 5 years from departure of directors (article 2224 of the French Civil Code). |
| Employment Contract | Copy | 5 years as from departure of employee (article 2224 of the French Civil Code and CNIL simplified norm No 46). |
| Unsuccessful job applications & notes of interview | Copy | 2 years from the last contact with concerned applicant (CNIL recommendation No. 02-017 of 21 March 2002). |
| Payroll records | Copy | 5 years from the date of issuance of payslip (article L.3243-4 of the French Labor Code and article L243-12 of the French Social Security Code) |
| Overtime records | Copy | 5 years from departure of employee (Article 2224 of the French Civil Code) |
| Benefits/Incentives (payments) | Copy | 10 years (Article L. 123-22 of the French Commercial Code) |
| Income Tax Details | Copy | 6 years from as of the most recent entry in the documents or as of the date of the documents (applicable statute of limitations set out by Article L.102 B of the French Tax Procedure Handbook). |
| National Insurance Details | Copy | 5 years (article 2224 of the French Civil Code). |
| Expenses Records | Copy | 10 years (Article L. 123-22 of the French Commercial Code) |
| Statutory Sick Pay/Maternity Pay | Copy | 10 years (Article L. 123-22 of the French Commercial Code) |
| Employee Benefit and Pensions Records | ||
| Trust Deeds and rules and all amendments | Copy |
Unlimited (alignment on the retention period applicable to information necessary to establish the rights of employees, including pension rights provided in CNIL's exemption DI-002) |
| Pension scheme determinations (e.g. augmentation) | Copy |
Unlimited (alignment on the retention period applicable to information necessary to establish the rights of employees, including pension rights provided in CNIL's exemption DI-002) |
| Records of employee service and eligibility for pension | Copy |
Unlimited (alignment on the retention period applicable to information necessary to establish the rights of employees, including pension rights provided in CNIL's exemption DI-002) |
| Required personal information on employees and former employees (name, address, social security number, period of employment, pay type, either hourly or salary) | Copy | 5 years from the departure of the employee. |
| Records of pension paid to employees or their beneficiaries | Copy |
Unlimited (alignment with the retention period applicable to information necessary to establish the rights of employees, including pension rights provided in CNIL's exemption DI-002) |
| Correspondence/filings with French tax authorities | Copy | 6 years as from the taxation year (article L. 102 of the French Tax Procedure Handbook). |
| Trustees of a registered pension scheme: Documents relating to monies received by or owing to the scheme, investments or assets held by the scheme, payments made by the scheme, contracts to purchase a lifetime annuity in respect of a member of the scheme, and the administration of the scheme | Copy |
Unlimited (alignment with the retention period applicable to information necessary to establish the rights of employees, including pension rights provided in CNIL's exemption DI-002) |
| Trustees of an occupational pension scheme: Records of their meetings and books and records relating to any prescribed transaction | Copy |
Unlimited (alignment with the retention period applicable to information necessary to establish the rights of employees, including pension rights provided in CNIL's exemption DI-002) |
| Actuarial valuations | Copy |
Unlimited (alignment on the retention period applicable to information necessary to establish the rights of employees, including pension rights provided in CNIL's exemption DI-002) |
| Annual Accounts & Support documentation | Copy |
Unlimited (alignment on the retention period applicable to information necessary to establish the rights of employees, including pension rights provided in CNIL's exemption DI-002) |
| Contribution records | Copy |
Unlimited (alignment on the retention period applicable to information necessary to establish the rights of employees, including pension rights provided in CNIL's exemption DI-002) |
| Investment records & Policies | Copy |
Unlimited (alignment on the retention period applicable to information necessary to establish the rights of employees, including pension rights provided in CNIL's exemption DI-002) |
| Pensioners' records | Copy |
Unlimited (alignment on the retention period applicable to information necessary to establish the rights of employees, including pension rights provided in CNIL's exemption DI-002) |
| Life Policies | Written document | Permanently until the death of the insured and 30 years thereafter (article L. 114-1 of the French Insurance Code) |
| Financial | ||
| Banking Records | ||
| Remittance Advice | Original | 5 years (article 2224 of the French Civil Code and article L. 110-4 of the French Commercial Code). |
| Promissory Notes or other Bills of Exchange | Original | 5 years (article L. 110-4 of the French Commercial Code) |
| Bank Statements | Original | 5 years from the payment (article L. 110-4 of the French Commercial Code). |
| Instructions to Banks | Original | 5 years (article L. 110-4 of the French Commercial Code) |
| Accounting Records | ||
| Records to support annual accounts | Copy | 10 years from the end of the financial year (Article L. 123-22 of the French Commercial Code) |
| Internal accounting reports | Original | 10 years from the end of the financial year (Article L. 123-22 of the French Commercial Code) |
| Budgets | Copy | 10 years from the end of the financial year (Article L. 123-22 of the French Commercial Code) |
| Management Accounts | Original | 10 years from the end of the financial year (Article L. 123-22 of the French Commercial Code) |
| Records for Tax purposes | ||
| Tax returns/records | True, fair and sustainable copy | 6 years as from the taxation year (article L. 102 of the French Tax Procedure Handbook). |
| VAT records | Original | 6 years as from the taxation year (article L. 102 of the French Tax Procedure Handbook). |
| Other Financial Records | ||
| Disposal of assets | Copy | 10 years from the end of the financial year (Article L. 123-22 of the French Commercial Code) |
| Sales Invoices | Invoices supporting VAT deduction claim must be kept in their original paper form. | 10 years from the end of the financial year (Article L. 123-22 of the French Commercial Code) |
| Credit notes /Debit Notes | Copy | 10 years from the end of the financial year (Article L. 123-22 of the French Commercial Code) |
| Manufacturing | ||
| Manufacturing-related documents such as records, manufacturing processes, quality control procedures, warnings/instructions provided with the product, product design and safety checks etc. | Copy | 5 years (article L. 110-4 of the French Commercial Code) |
| Regulatory documents (e.g. Declaration of Conformity and Technical File) | Original (where applicable) | 5 years (article L. 110-4 of the French Commercial Code) |
| Environmental / Health and Safety | ||
| Medical Surveillance and Examination Records | Original | 5 years from departure of employee (CNIL simplified norm No 46) |
| Health and Safety Risk Assessments (e.g. noise, hazardous substances) | Original | 5 years (Article D. 4711-3 of the French Labour Code) |
| Accident Book & Investigation Documents | Original | 10 years as of the date of the initial physical damage or subsequent aggravation of the damage (Article D. 441-2 of the French Social Security Code, Article 2226 of the French Civil Code). |
| Waste disposal documentation | Copy | 3 years (Article R. 541-43 of the French Environment Code) or 5 years if they relate to hazardous waste (Article R. 541-45 of the French Environment Code) |
| All other health and safety related records | Original | 5 years (Article 2224 of the French Civil Code) |
| All other environmental records | Copy | Permanently (best practice) (Article L. 152-1 of the French Environment Code) |
Each document specified in the table below must be retained at least for the retention period set out opposite it.
| Document Description | Retention Period |
| Accounting | |
| General obligation for retention of company accounts, books of account and records |
Period: 5 years Start of the Period: From the beginning of the year following the financial year to which the documents relate to. However, fiscal laws impose stricter obligations. According to Tax Ordinance, company accounts, books of accounts and records should be kept until tax liability expires. Which means that start of the period of 5 years begins from the end of the calendar year in which the deadline for payment of tax expired. |
| Documentation of the accounting method adopted |
Period: For a period not shorter than 5 years. Start of the Period: From the date the documentation ceases to be valid. |
| Approved annual financial statements |
Period: permanently Start of the Period: From the date of preparation of financial statements. |
| Accounting evidence concerning proceeds |
Period: From the date of drawing up the financial statements for a given financial year, but not shorter than until the date of clearing the persons entrusted with the assets subject to retail sale. Start of the Period: From the beginning of the year following the financial year to which the documents relate to. |
| Accounting evidence concerning construction in progress, bank and non-bank loans and commercial contracts, claims pursued in civil proceedings or covered by criminal or tax proceedings |
Period: 5 years Start of the Period: Starting from the beginning of the year following the financial year in which the transactions and proceedings were finally terminated, paid off, settled or expired. |
| Stocktaking records |
Period: 5 years Start of the Period: From the beginning of the year following the financial year to which the documents relate to. |
| Other accounting evidence and reports that are required to be prepared under the Act |
Period: 5 years Start of the Period: From the beginning of the year following the financial year to which the documents relate to. |
| Tax | |
| General obligation of taxpayers to provide (upon request of the tax inspector) all information that may be relevant to their tax position, including all books, records and other data carriers |
Period: Until the expiry of the limitation period of the Company's liability as a remitter. As a general rule, liabilities become time-barred at the end of a 5-year period (except for the situations specified in Articles 70 and 70a of the Tax Code, when the limitation period does not start to run and the limitation period that has commenced is suspended). Start of the Period: The end of the calendar year in which the time limit to pay tax ended. |
| Payroll and salary records | |
| Employee paylists or their equivalents |
Period: minimum 5 years The period of required access to this information, resulting from old age or disability pension regulations or tax regulations, but not shorter however than 5 years, unless the documents are to be used as the basis for calculating the old age and disability pension, in which case the provisions of the following point shall apply. Start of the Period: From the beginning of the year following the financial year to which those records apply. |
| Tax payer shall be obliged to retain of payrolls, employee paylists or another evidences on the basis of which the calculation base of pension and disability pension is established (wage documentation). |
Period: 10 years Start of the Period: From the day of terminating the employment relationship with an employee. |
| The tax payer shall be obliged to retain the copies of an accounting declaration and personal monthly report and correcting documents. |
Period: 5 years Start of the Period: From the date of the transfer of documents to one of the organizational units of Social Insurance Fund in a written or electronic form. |
| A company needs to include information about employees in its administration, including name, date of birth, tax registration number and address. In addition, requests from employees to apply a wage withholding tax discount must be retained in the company’s administration |
Period: 5 years Start of the Period: The end of the calendar year in which the time limit to pay tax ended. |
| Payroll and salary documents also likely to be subject to a maximum retention period based on data protection rules: payroll records (wages, tax and social security records, payslips, overtime compensation, bonuses, expenses, benefits in kind), severance pay records (e.g. notification to the competent authorities regarding redundancy, decisions of the court regarding dismissal, correspondence with the competent authorities regarding dismissal, outplacement records, calculations of termination payments) |
Period: 10 years Start of the Period: From the day of terminating the employment relationship with an employee. |
| Benefits data (EnelMed, MultiSport, ZFŚS) |
Period: During employment and 5 years after employment termination. Start of the Period: The end of the calendar year in which the time limit to pay tax ended. |
| HR and employment records | |
| Employment contract |
Period: During employment and 10 years after employment termination. Start of the Period: From the day on which the employee ends the work for the employer. |
| HR and employment documents also likely to be subject to a maximum retention period based on data protection rules: Data of rejected job applicants (e.g. application letters, CVs, references, certificates of good conduct, job interview notes, assessment and psychological test results) |
Period: 6 years Start of the Period: From the beginning of the recruitment process and other process. |
|
Data concerning a temporary worker (other than tax related):
|
Period:
Start of the Period:
|
| Reports on employee performance review meetings and assessment interviews (competency database) |
Period: 6 years Start of the Period:The day of the report preparation. |
| Records of safety accidents at work |
Period: 10 year after employment accident (we suggest to apply 50 years period though). Start of the Period: Year of accident case is closed |
| Employees’ use of internet and e-mail |
Period: Start of the period: From the day on which the employee ends the work for the employer. |
| Candidates’ job application data (application for single job post) |
Period: 6 years Start of the Period: From the beginning of employment of the chosen candidate. |
| Candidates’ job application data (open job application) |
Period: 6 years Start of the Period: From the moment we receive the application. |
| Purchasing records | |
| An organization is obliged to record all delivery of goods or services, all intra-European Community acquisitions, all import and export, and all other information relevant for VAT purposes |
Period: 5 years The taxpayer is obliged to keep both issued and received invoices, but also other records and documents serving the settlement of tax on goods and services (VAT) until the expiry of the tax liability limitation period. Start of the Period: The period of 5 years elapses from the end of calendar year in which the tax was due. |
| General ledger, accounts receivable department, accounts payable department, (procurement and) sales administration, inventory records |
Period: 5 years Start of the Period: The period of 5 years elapses from the beginning of the year following the financial year to which the files relate to. |
| Anti-Money Laundering | |
| Documents and information concerning measures taken to conduct customer due diligence for anti-money laundering purposes |
Period: 5 years Start of the Period: The first day of the year following the year in which the transaction with the customer was conducted. |
| Registers of natural or legal persons to avoid participation in transactions that constitute money laundering or terrorist financing |
Period: 5 years Start of the Period: The first day of the year following the year in which the transaction with the customer was conducted. |
| Documentation regarding all circumstances which may indicate money laundering or terrorist financing and any actions and decisions taken in the examination of suspected money laundering or terrorist financing transactions |
Period: 5 years Start of the Period: The first day of the year following the year in which the transactions were registered. |
| Supplier data | |
| Suppliers staff data for purchasing and procurement - customer complaints |
Period: 3 or 10 years Start of the Period: From the day when the injured party learned about the damage and about the person liable to redress it or might have learned about it if he had exercised due diligence. However, such a time limit may not be longer than ten years from the day when the event causing the damage occurred. |
| Shareholders | |
|
Shareholders data
|
Period:
Start of the Period:
|
Each document specified in the table below must be retained at least for the retention period set out opposite it.
"End of the calendar year" means from the end of the calendar year to which the document relates.
| Document Category | Retention Period | Starting |
| Accounting Capital Assets | 10 years | End of the calendar year |
| Budgeting and Business Planning | 10 years | End of the calendar year |
| Corporate Financing | 10 years | End of the calendar year |
| Employee Compensation, Payroll, Time and Attendance | 10 years | End of the calendar year |
| Internal Financial and Management Reporting | 10 years | End of the calendar year |
| Taxation Reporting | 10 years | End of the calendar year |
| Bank Accounts - Account Set -Up and Management | 10 years | End of the calendar year |
| Accounting Books and Ledgers | 10 years | End of the calendar year |
| Accounting Transactions | 10 years | End of the calendar year |
| Financial Statements | 10 years | End of the calendar year |
| Contracts - General | 10 years in case taxation relevant or 6 years in case solely accounting relevant | End of the calendar year in which the contract ended |
| Intellectual Property | 10 years (to the extent to be taxation relevant) | End of the calendar year |
| Licenses, Permits and Certification | 10 years (to the extent to be taxation relevant) | End of the calendar year |
| Litigation | 10 years | End of the calendar year |
| Real Estate Ownership (in relation to inventory) | 10 years | End of the calendar year |
| General Regulatory Reporting | 10 years | End of the calendar year |
| Garnishment | 10 years | End of the calendar year |
| Government Investigations and Complaints | 10 years (to the extent taxation relevant) | End of the calendar year |
| Internal Audits | 10 years (to the extent taxation relevant) | End of the calendar year |
| Legal Projects | 10 years | End of the calendar year |
| Policies and Procedures | 10 years (to the extent to be taxation relevant) | End of the calendar year |
| Environmental Health and Safety Testing | 30 years | End of the calendar year |
| Employee Benefits Participation | 6 years | End of the calendar year |
| Employee Illnesses and Accidents |
3 years (Best practice) |
End of the calendar year |
| Employee Medical Records and Drug Testing | 3 years (Best practice) | After termination |
| Immigration and Naturalization | 3 years | After termination |
| Recruitment |
up to ~6 months (no obligation but best practice in the light of possible legal claims) |
Rejection of the applicant |
| Training and Development Programs | Business decision | |
| Training Attendance and Certification | 3 years for specific employment relevant trainings | After termination |
| Pension Plans |
Termination of plan, eligibility or entitlement + 10 years 30 years where a Social Security Authority audit has not occurred |
Termination of plan, eligibility or entitlement |
| Information Systems, Networking and Computers | 6 years (to the extent to be taxation relevant) | End of the calendar year |
| Procurement | 10 years (to the extent to be taxation relevant) | End of the calendar year |
| Security Incidents and Investigations | 6 years (to the extent to be taxation relevant) |
End of the calendar year |
| Project Administration | 6 years (to the extent to be taxation relevant) |
End of the calendar year |
| Facilities Management | 10 years (to the extent to be taxation relevant) |
End of the calendar year |
| Advertising and Marketing Materials | 6 years |
End of the calendar year |
| Customer Complaints and Disputes | 6 years | End of the calendar year |
| Marketing Research, Analyses and Plans | 6 years | End of the calendar year |
| Sales Proposals | 6 years | End of the calendar year |
| Customer Relations | 6 years (to the extent taxation relevant) | End of the calendar year |
| Public Relations | 6 years (to the extent taxation relevant) | End of the calendar year |
| Policies | 10 years (to the extent taxation relevant) | End of the calendar year |
| Claims | 10 years | End of the calendar year |
| Worker's Compensation | 10 years | End of the calendar year |
| Customs and Trade | 10 years | End of the calendar year |
| Shipping and Transportation | 6 years | End of the calendar year |
| Vehicle Maintenance and Driving Records | 6 years | End of the calendar year |
| Corporate Records | ||
|
10 years | End of the calendar year |
|
6 years | End of the calendar year |
| Employment Related Records | ||
| Personnel files (regardless of whether in a filing system or electronically stored) | After termination of the employment relationship no retention obligation, but recommended during the term of statutory or tariff preclusion periods and limitation periods. The regular statutory lapse period amounts to 3 years generally starting at the end of the year in which the claim arose. Under certain circumstance the limitation period may extend to up to 30 years. | After termination |
| Documents regarding overtime work | At least 2 years | After performance of the overtime work that exceeds the regular working time of 8 hours per day. |
| Pregnant and nursing employees: List of names, mode of employment and period of employment | At least 2 years | As from the last recording |
| Adolescent employees (aged between 15 and 18): List of names, date of birth, address and date of commencement of employment | At least 2 years | As from the last recording |
| Documents regarding salary and social security contribution calculations | Up to the expiration of the calendar year following the last audit by the social security authority | |
| Payroll accounts | 6 years | End of the calendar year |
| Finance and Accounting | ||
|
10 years | End of the calendar year |
| Safety | ||
|
6 years | End of the calendar year |
Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.
We use the following cookies:
You can find more information about the individual cookies we use and the purposes for which we use them in the list below:
We don’t use analytical, performance or targeting cookies, so such third parties like advertising networks and providers of external services like web traffic analysis services have not access to them too.
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.
Except for essential cookies, all cookies will expire after 30 days.
This privacy notice will inform you as to how we look after your personal data when you visit our website and tell you about your privacy rights and how the law protects you. It also applies to your consent to receiving marketing from us and information we collect when you meet our representatives at trade fairs, conferences and similar events.
This privacy notice is provided in a layered format so you can click through to the specific areas set out below. Please also use the Glossary to understand the meaning of some of the terms used in this privacy notice.
If you are a candidate applying for a job with us, please also refer to our privacy notice for job applicants.
This privacy notice aims to give you information on how Modern Expo processes your personal data collected through your use of this website, for example when you fill in a contact form or register for access to our online catalogue. It also applies to your consent to receiving marketing from us, and information we collect when you meet our representatives at trade fairs, conferences and similar events.
This website is not intended for children and we do not knowingly collect data relating to children.
It is important that you read this privacy notice together with any other privacy notice or notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements other notices and privacy policies and is not intended to override them.
Modern-Expo S.A. of Ludwika Spiessa 3, 20-270 Lublin, Poland is responsible for this website and is the controller of your personal data provided through this website (referred to as “Modern Expo”, “we”, “us” or “our” in this privacy notice).
We have appointed a data privacy manager to oversee questions in relation to this privacy notice (who is not, however, a "data protection officer" for the purposes of the GDPR or national privacy law). If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the data privacy manager using the details set out below.
If you have any questions about this privacy notice or our privacy practices, please contact our data privacy manager by writing to privacy@modern-expo.com.
Alternatively, you can reach us by post at:
Modern-Expo S.A.
Ludwika Spiessa 3, 20-270 Lublin, Poland
You have the right to make a complaint at any time to the supervisory authority for data protection issues in your country. We would, however, appreciate the chance to deal with your concerns before you approach the authority so please contact us in the first instance.
This privacy notice was last updated on 04.02.2020. Historic versions can be obtained by contacting us.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes.
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
We use different methods to collect data from and about you including through:
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
In the GLOSSARY you can find out more about the types of lawful basis that we will rely on to process your personal data.
We also rely on your express consent in order to send you direct marketing communications via email. You have the right to withdraw consent to marketing at any time by contacting us.
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
|
Purpose/Activity |
Type of data |
Lawful basis for processing including basis of legitimate interest |
|
To register you (or your company) as a new customer |
(a) Identity (b) Contact |
To take steps at your request prior to entering into a contract |
|
To promote our products and services |
(a) Identity (b) Contact (c) Transaction (d) Marketing and Communications |
Your consent |
|
To process and deliver your (or your company's) orders/offers and establish and enforce our legal rights, including: (a) Enter into and perform contracts (b) Manage payments, fees and charges (b) Collect and recover money owed to us |
(a) Identity (b) Contact (c) Profile (d) Financial (e) Transaction (f) Usage (g) Marketing and Communications |
(a) Performance of a contract with you (b) Necessary for our legitimate interests (to recover debts due to us) |
|
To manage our relationship with you (or your company) which will include: (a) Notifying you about changes to our terms or privacy notice (b) Asking you to leave a review (c) If you represent a company, carry out the business between our companies (including business correspondence) |
(a) Identity (b) Contact (c) Profile (d) Financial (e) Transaction (f) Usage (g) Marketing and Communications |
(a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services, and to manage business relationships with our customers and suppliers) |
|
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) |
(a) Identity (b) Contact (c) Profile (d) Technical |
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation |
|
To deliver relevant website content (or your company) and measure or understand the effectiveness of the advertising we serve |
(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Technical |
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy) |
|
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences |
(a) Technical (b) Usage |
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy) |
In addition, if you apply for a job using our website, we use your data for purposes related to the recruitment process. Please see our privacy notice for job applicants for details.
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
You can unsubscribe from marketing emails from us by clicking on the unsubscribe link in the bottom part of any of the marketing emails from us. You can also unsubscribe from marketing emails by sending an email to unsubscribe@modern-expo.com.
Where you opt out of receiving marketing messages, we may still send you messages of other types, for example, relating to the administration of your account.
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.
For more information about the cookies we use, please see our cookie policy.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
At this stage of our site, we do not share your personal data with any third parties. This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.
Also we may share your personal data with the parties set out below:
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We share your personal data within the Modern Expo Group. This will involve transferring your data outside the European Economic Area (EEA).
In addition, many of our external service providers are based outside the EEA so their processing of your personal data will involve a transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA, we ensure at least one of the following safeguards is implemented:
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
In some circumstances you can ask us to delete your data: see "your legal rights" below for further information.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Under certain circumstances, you have rights under data protection laws in relation to your personal data. Please click on the links below to find out more about these rights:
If you wish to exercise any of the rights set out above, please contact us at privacy@modern-expo.com.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Comply with a legal obligation means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.
INTERNAL THIRD PARTIES
Our affiliated company in Ukraine (a non-EEA country) - JE “Modern-Expo” LTD., registered address: 4, Rivnenska Str., Strumivka village, Lutsk district, Volyn region, 45603, Ukraine, provides a number of services to us which may from time to time include legal and compliance services, marketing, finance services, customer management, management consulting and human resources consulting.
For the purposes of provision of such services, it may act as a processor of your personal data, dealing with your personal data on our written instructions.
EXTERNAL THIRD PARTIES
Data processors who are our IT and system administration services providers (for example, US-based cloud IT infrastructure or productivity optimisation platforms), professional advisors (including lawyers, bankers, auditors and insurers), providers of marketing services (for example, a US-based email marketing automation platform).
You have the right to:
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Lodge a complaint with the supervisory authority if you believe that processing of your personal data violates your rights or is in any other way unlawful. In case of Poland it will be the President of the Office for Personal Data Protection. We would, however, appreciate the chance to deal with your concerns before you approach the authority so please contact us in the first instance.