We Value Your Privacy
We at Hamilton are committed to protecting any personal information that you may provide to us. We believe it is important for you to know how we treat information about you that we may receive from this website and from our applications, including Hamilton inSIGHT™.
Information Collection and Use
At times, while visiting this website we may need to collect personal information from you for a specific purpose, such as to provide you with certain information you request. The information collected from you may include your name, address, telephone, fax number, or email address.
Any information we collect from you is used solely by us to return requested information. However, if you provide us with your e-mail or postal mailing address on-line, you may receive periodic mailings from us with information on new products and services or upcoming events. If you do not wish to receive such mailings, please let us know by contacting us at the number or e-mail address below, or by using the unsubscribe link found in every email that we send.
We hate it when our personal information is sold, distributed, shared, or whatever without our explicit permission so the information you provide us on this website is for our use only. We will not sell, share, or rent this information to anyone.
What type of information do we collect?
Personal information is requested when you order a product or service. For example, this information may include your company name, contact name, title, address, telephone number, e-mail address, credit card or other payment information and product details.
When you visit our website, we may automatically collect statistics about your visit. This information does not identify you personally, but rather about your visit to our website. We may monitor statistics such as how many people visit our site, which pages people visit, from which domains our visitors come and which browsers people use. We use these statistics about your visit for aggregation purposes only. These statistics are used to help us improve the performance of our website.
Do we share any information with outside parties?
We will never give, share, or sell personal information to any outside company for any use. We will maintain the confidentiality of your personal information. It will be used only to support our customer relationship with your company.
From time to time, we may use customer information for new, unanticipated uses not previously disclose in our privacy notice. If our information practices change at some time in the future, we will post the policy changes to our website to notify you of these changes and provide you with the ability to opt out of these new uses.
This site conforms with current legislation and gives users the option to remove their information from our database. To opt-out, please call 317-898-9300 or email email@example.com. Please provide us with your name and address and we will make sure your information is removed from our list.
If you have any questions about this privacy statement, the practices of Hamilton, or your dealings with this website, you can contact: firstname.lastname@example.org or call 317-898-9300.
PII and GDPR Policy
Related to Hamilton inSIGHT™ lead capture technology
In a Nutshell
Using GDPR definitions, Hamilton acts as a Data Processor for our Clients (the client is the Data Controller). Hamilton must abide by the same rules that our Clients do regarding data privacy and GDPR regulations.
For the purposes of Hamilton’s PII and GDPR Policy, PII is defined as any information relating to an identified or identifiable natural person (data subject) which includes, but is not limited to, names and surnames, physical addresses, email addresses, photos and images, and phone numbers. All of these must be gathered, stored and handled with extreme sensitivity to ensure compliance with GDPR.
Hamilton receives data from trade show registration and lead retrieval companies primarily through its app, Hamilton inSIGHT™. These companies are classified as Data Processors and must also abide by such regulations. Hamilton generally keeps Client data for no more than 90 days. Clients can request the deletion of this data at an earlier date via an email message to email@example.com. Hamilton does not market to or sell any of our client’s data. Ever. Hamilton is willing to review and sign a client Data Processing Agreement as a requirement of doing business together.
The Much More Complex and Detailed Story
GDPR is the EU General Data Protection Regulation which took effect May 26, 2018. It applies to all companies processing the personal data of data subjects residing in the European Union, regardless of the company’s location. GDPR makes its applicability very clear – it will apply to the processing of personal data by controllers and processors in the EU, regardless of whether the processing takes place in the EU or not. The GDPR will also apply to the processing of personal data of data subjects in the EU by a controller or processor not established in the EU, where the activities relate to: offering goods or services to EU citizens (irrespective of whether payment is required) and the monitoring of behavior that takes place within the EU. Non-EU businesses processing the data of EU citizens will also have to appoint a representative in the EU.
The Data Controller – The data controller determines the purposes for which and the means by which personal data is processed. So, if your company/organization decides ‘why’ and ‘how’ the personal data should be processed, it is the data controller.
The Data Processor – The data processor processes personal data only on behalf of the controller. The data processor is usually a third party external to the company.
As part of Hamilton’s overall business methodology, we do not store (at rest or in transit) any personal data as defined by GDPR (name, address, phone number, email address, etc.) for more than is necessary for legitimate business purposes (e.g. additional analysis and client access), generally 90 days. The GDPR only applies to data relating to individuals, not data in the aggregate. As such, data deletion is limited to PII. Non-identifiable data, which are outside of the GDPR ruling, and are clearly related to a business (such as business name or business domain), as well as client survey data, is retained for rollup and year-to-year analysis purposes.
In acting as a processing agent (the Data Processor) for Hamilton clients, Hamilton is responsible for safeguarding personal information. All data gathered by Hamilton and processed on behalf of our clients belongs to Hamilton clients, not Hamilton. Hamilton does not sell any personally identifiable data. Hamilton does not market to any personally identifiable individuals from our client’s data. Hamilton is simply a processor of client data and information; however, we understand our responsibilities as such a data processor. Hamilton does not maintain or keep any personally identifiable attendee information. Once processed, Hamilton data is delivered to its clients (generally an Excel or CSV file encrypted via https protocol). All PII data is deleted from Hamilton systems after a period of time (generally 90 days) necessary for legitimate business purposes (e.g. additional analysis and client access). Hamilton does maintain anonymous, aggregate company and event data and information to use for future analysis and year-to-year comparisons.
While GDPR applies to EU citizens and residents, Hamilton has applied this policy to all data captured and stored on behalf of clients regardless of the citizenship or residency of the individual whose records contains PII.
What Does This Mean for Hamilton Clients at Trade Shows?
It all revolves around this question: What constitutes consent?
According to the GDPR, consent is “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”. In short, this means proof of legitimate use of data (storing customer consent along with their contact details and personal information); this must be documented and available at all times.
What is lawful collection of data and how do you ensure compliance
When collecting personal data, you need to ensure that the person has given you explicit consent to process their data for one or more specific purposes. In simpler words, you always need to ask permission! For instance, if you scan an attendee’s show badge at your booth/stand without getting explicit contact permission, you will need to get in touch with them to ask for consent for a particular range of products or services before you begin marketing.
Below are some opt-in examples that purportedly address GDPR requirements (full disclosure: We are not GDPR experts. Consult your Legal or Data Privacy organization before using any of these examples):