This article outlines common questions about data privacy in Eventscribe Lead Capture. It is provided for informational purposes only. Use of Lead Capture is governed by Cadmium's Terms and Conditions, Privacy Policy, and the customer contract.
Cadmium provides Eventscribe Lead Capture. Eventscribe Lead Capture is software that lets exhibitors collect attendee contact and interest information during an event by scanning a badge QR code, so the exhibitor can follow up after the event. In the events industry, this capability is commonly known as lead retrieval.
Cadmium software is used by the organization that runs the event (the "Event Organizer") and by exhibiting companies and their booth staff (the "Exhibitor").
An Attendee is an individual who registers for, is admitted to, or participates in an event, such as an in-person, virtual, or hybrid conference, meeting, expo, or session.
How is Attendee consent obtained?
By voluntarily allowing their badge to be scanned, the Attendee indicates their consent to share their information with the specific Exhibitor at the time of the scan, in the context in which the scan occurs.
- The badge scan represents a clear, affirmative action by the Attendee.
- This action constitutes the Attendee’s opt-in to share their information with that Exhibitor and is captured at the moment of the scan.
Why is a badge scan considered valid opt-in?
Under data protection laws such as the General Data Protection Regulation (GDPR) and other data protection frameworks, consent may be established through:
- A voluntary action
- A clear indication of intent
- A specific interaction with a known party
Allowing an Exhibitor to scan a badge meets these criteria because:
- The Attendee is physically present.
- The Exhibitor is identifiable at the time of the scan.
- The action is intentional and immediate.
- The data is shared only with the Exhibitor performing the scan.
What data is shared when a badge is scanned?
When an Attendee's badge is scanned, the Attendee profile information provided during registration is shared only with the Exhibitor that performed the scan. The specific fields available, and whether any fields are required, are determined by the Event Organizer and may vary by event.
What role does Cadmium, as the software provider, play with respect to personal data?
Cadmium acts as a data processor. A data processor is a service provider that handles personal data on behalf of a data controller. As a data processor, Cadmium:
- Processes personal data only to provide the contracted services to the Event Organizer and Exhibitors.
- Does not determine the purposes for which personal data is used by the Event Organizer and Exhibitors.
- Does not sell Attendee or Exhibitor data.
- Applies appropriate security and confidentiality controls. Information about Cadmium security is available on Cadmium’s Trust Center.
What is a data controller?
A data controller decides why personal data is collected and how it will be used. The controller determines the purpose of the processing (for example, event registration or lead follow-up), which data is collected, who it is shared with, and how long it is kept.
Who controls the data collected through the software?
The Event Organizer controls event registration and event operations data. The Exhibitor controls the lead data.
- Event data is controlled by the Event Organizer.
- Exhibitor lead data is controlled by the Exhibitor.
- Cadmium, the software provider, does not control event or Exhibitor data.
Which privacy policy applies to the data?
The applicable privacy policy depends on who controls the data and how it is used:
- The Event Organizer's privacy policy governs Attendee data collected for and on behalf of the event.
- The Exhibitor's privacy policy governs how Exhibitors use and communicate with leads they collect.
- The software provider's privacy policy governs how the software provider processes data to deliver its services.
These policies operate together and apply at different stages of the data lifecycle.
What are the Event Organizer's responsibilities?
The Event Organizer is responsible for:
- Determining what Attendee data is collected during registration.
- Providing appropriate privacy notices to Attendees.
- Ensuring compliance with applicable data protection laws.
- Ensuring Exhibitors are informed of their responsibilities.
What are the Exhibitor's responsibilities?
Exhibitors are responsible for:
- Collecting data through badge scanning only when the Attendee is present and the Attendee explicitly authorizes the scan by opting-in to share their information with the Exhibitor.
- Complying with applicable privacy laws.
- Applying their own privacy policy to lead data.
- Managing storage, use, and retention of lead data.
- Honoring opt-out, unsubscribe, and data rights requests.
Once lead data is delivered to the Exhibitor, its use is controlled solely by the Exhibitor.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article