MINExpo INTERNATIONAL® Privacy Notice
Contents
- INTRODUCTION
- IDENTITY OF THE CONTROLLER OF PERSONAL INFORMATION
- WHEN DOES THIS PRIVACY NOTICE APPLY
- PROCESSING OF YOUR PERSONAL DATA
- SHARING OF PERSONAL DATA
- TRANSFERS OUTSIDE THE EUROPEAN ECONOMIC AREA
- HOW IS MY PERSONAL DATA SECURED
- STORAGE OF PERSONAL DATA
- YOUR RIGHTS
- SUBMITTING PRIVACY REQUESTS
- CHILDREN AND MINORS
- DO NOT TRACK
- YOUR RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
- CHANGES TO THIS INFORMATION
- CONTACT US
- PRIVACY POLICY REQUESTS
1. INTRODUCTION
1.1 This Privacy Notice provides guidance and information to our valued MINExpo INTERNATIONAL (owned and produced by the National Mining Association) exhibitors and attendees/registrants regarding our processing of personal data.
1.2 We are committed to protecting and respecting your privacy. This Privacy Notice sets out the basis on which we will process any personal data we collect from you, or that you provide to us, either directly or through our trusted partners. Please read this Privacy Notice carefully to understand our treatment and use of personal data.
1.3 In this Privacy Notice, references to “you” means the person about whom we collect, use and process personal information.
1.4 We will use personal data about you only for the purposes and in the manner set forth below, which describes the steps we take to ensure the processing of personal data is in compliance with U.S. laws and regulations, including the Colorado Privacy Act of 2021, Colo. Rev. Stat. §§ 6-1-1301 et seq. (“CPA”), the Delaware Personal Privacy Act of 2023, and the Oregon Privacy Law of 2023, as well as the EU General Data Protection Regulation 2016/679 (“EU GDPR”), the retained EU law version of EU Regulation 2016/679 as enacted into UK law (“UK GDPR”) and the Data Protection Act 2018 (together the “UK Data Protection Laws”),
1.5 We seek to maintain the privacy, accuracy, and confidentiality of data (including personal data about you) that we collect and use concerning our customers.
2. IDENTITY OF THE CONTROLLER OF PERSONAL INFORMATION
2.1 For the purposes of Data Protection Legislation, the Data Controller is the MINExpo INTERNATIONAL – Show Management, via the National Mining Association, a U.S. organization with its principal place of business at 101 Constitution Avenue, N.W., Suite 500 East, Washington, D.C. 20001.
3. WHEN DOES THIS PRIVACY NOTICE APPLY
3.1 This Notice applies to personal information that we collect, use and otherwise process about you in connection with MINExpo and your relationship with us as exhibitors or attendees/registrants.
4. PROCESSING OF YOUR PERSONAL DATA
4.1 The personal data we collect from you or through our systems helps us manage our relationship with you by allowing us to provide the best show experience for exhibitors and attendees/registrants. We also collect the data that is necessary for the conduct of our business. The categories of personal data we collect, the basis of processing and the purposes of processing are detailed below. Sometimes, these activities are carried out by third-parties (see “Sharing of Personal Data” section below).
| Category of Personal data | Basis of processing | Purpose of processing |
|---|---|---|
| Personal data including (your full name, address, telephone number, fax number, and email address). Also, as part of the registration we will ask you to answer a few general questions, not all of which may be considered personal data, but may include: your company/organization’s role and primary business in the mining industry, your primary job functions and buying influence within the company/organization, whether you have attended any industry conference, including the previous MINExpo events, in recent years, and what products you are interested in seeing at the MINExpo. | It is necessary for the performance of our contract with you, i.e. to register you for the conference; or to take steps necessary to enter into a contract. | This is required to enable us to administer the contractual relationship, i.e. to register for the conference. We may also pass on your contact information to exhibitors if you scan your badge at their booths. |
| Financial information. To the extent your registration is subject to any of our fees (including the general registration fee and/or any special event fee) which you wish to pay by credit card, you will need to provide your name and credit card information. | It is necessary for the performance of our contract with you, i.e. to register for and attend the conference. | This is required to enable us to administer the contractual relationship, i.e. to register you for the conference. |
| IP addresses | It is necessary for the purposes of our legitimate interests to maintain the integrity of our server and to administer our website quality. | This is required to help diagnose problems with our server and to administer our website quality. Also, we may use a log file of IP addresses to gauge overall usage, traffic, and performance of our website. We do not use IP addresses to personally identify users or to track the usage patterns of individual users |
4.2 Where does MINExpo obtain my personal data from?
Most of the personal data we process is obtained from you during the registration or application process, but we may also collect personal information in the course of the performance of your contract with us, including if you call in, email us, or complete the online form.
In some circumstances, we may request your explicit consent to process specific types of personal data. For example, we will request your consent to use non-persistent “cookies,” which expire when you log out of our website or close your web browser.
These “cookies” enable us to administer and protect the security and confidentiality of your online account.
We will also request your consent to use persistent “cookies,” which remain on your hard drive after you close your browser. They allow our server to recall information from your previous visits to our website. Persistent cookies also allow us deliver content specific to your interests and preferences.
You can change your preferences at any time by going to our Cookie Consent Manager.
You can learn more about how we use cookies here.
5. SHARING OF PERSONAL DATA
5.1 Service Providers: We use third-party service providers who provide certain services, including event registration services and lodging registration services.
CompuSystems: All online registrations and badging for MINExpo 2024 and associated credit card payments are processed through a trusted registration service provider, who accordingly will have access to the personal data and credit card information we collect.
Connections Housing: For event lodging services, we use Connections Housing, a leading accommodation services company for the event industry, who will have access to the personal data and credit card information we collect. For more information about Connections Housing, please visit https://www.connectionshousing.com/.
Hall-Erickson: For exhibit sales and services, we use Hall-Erickson, a leading exposition management company, who will have access to the personal data and credit card information we collect. For more information about Hall-Erickson, please visit https://www.heiexpo.com/.
We contractually require all third-parties we use to adequately protect personal data and keep it confidential.
You can find a complete list of our vendors at https://www.minexpo.com/vendors
We also share your data with exhibitors who scan your badge at their booths. These exhibitors may provide you directly with information concerning their products and offerings prior to and/or after the show, via e-mail or direct mail, depending upon the consent preference you checked for receiving information from exhibitors at the time of registration, if at all, or when you scanned your badge.
We also may share information with:
- Event hotels to confirm registrant lists;
- External professional advisors, including law and accounting firms; and
- Others, where it is permitted by law, or where we have your consent.
6. TRANSFERS OUTSIDE THE EUROPEAN ECONOMIC AREA AND THE UK
6.1 Your personal information, if going from one company to us, may be transferred, stored and processed in the United States, which is a country outside the European Economic Area (“EEA”) and the UK. For such transfers, we have put in place adequate safeguards with respect to the protection of your privacy, fundamental rights and freedoms, and the exercise of your rights, e.g. we establish an adequate level of data protection through EU and/or UK Standard Contractual Clauses
There may also be some instances in which we rely upon one or more permitted exceptions under the relevant data protection law for cross border transfers. For example, where we have asked for your explicit consent to do, or to perform a contract with you, or take steps prior to doing so, to conclude or perform a contract with another party concluded in your interest, for important reasons of public interest, or where it is done in the context of legal claims.
6.2 If you would like to see a copy of any relevant provisions, please contact us (see “Contact Us” section below).
7. HOW IS MY PERSONAL DATA SECURED
7.1 MINExpo operates and uses appropriate technical and physical security measures to protect your personal data.
7.2 We have in particular taken appropriate security measures to protect personal data about you from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access, in connection with the customer relationship. Access is only granted on a need-to-know basis to those employees and other people whose roles require them to process personal data about you. In addition, as discussed above, our third-party service providers are also selected carefully and required to use appropriate protective measures.
8. STORAGE OF PERSONAL DATA
8.1 We will keep personal data about you for as long as it is necessary to fulfill the purposes for which it was collected as described above. This may mean that some information is held for longer than other information. The criteria we use to determine data retention periods for personal data includes the following:
8.1.1 Retention in case of queries; we will retain it for a reasonable period after the relationship between us has ceased;
8.1.2 Retention in case of claims; we will retain it for the period in which it may be enforced (this means we will retain it for 10 years in some instances); and
8.1.3 Retention in accordance with legal and regulatory requirements; we will consider whether we need to retain it after the period described in 8.1.2 because of a legal or regulatory requirement.
8.2 If you would like further information about our data retention practices, please contact privacy@nma.org.
9. YOUR RIGHTS
9.1 Based on your jurisdiction, you may have various rights under data protection legislation in your country (where applicable).
These may include (as relevant):
| Your right | What does it mean? |
|---|---|
| Right of access | Subject to certain conditions, you are entitled to have access to your personal data which we hold, including the categories of personal information, the categories of sources from which we collected the information, the business or commercial purposes of collecting the information, the categories of third parties with whom we have shared the information, and the categories of personal information that we have shared with third parties for a business purpose (this is more commonly known as submitting a “data subject access request”). To the extent Oregon law applies, we may, in our discretion, provide a list of specific third parties, other than natural persons to which your personal data has been disclosed, at your request. |
| Right of data portability | Subject to certain conditions, you may be entitled to receive the data which you have provided to us, and which is processed by us by automated means, in a commonly-used machine readable format that allows you to transmit the data to another entity without hindrance. |
| Right to correct | You may challenge the accuracy or completeness of personal data which we process about you. If it is found that personal data is inaccurate, you are entitled to have the inaccurate data removed, corrected or completed, as appropriate. Please note that we may not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect. We may delete the contested personal information as an alternative to correcting the information if the deletion of the personal information does not negatively impact you, or you consent to the deletion. |
| Right to object to or restrict our data processing | Subject to certain conditions, you have the right to object to or ask us to restrict the processing of personal data about you when our processing is based on legitimate interest. To the extent Colorado law applies, you may also have the right to limit the use and disclosure of sensitive personal information. Because we do not use or disclosure your sensitive personal information, we do not offer this option. To the extent Delaware and Oregon law applies, you may also have the right to not have your sensitive personal information, or the sensitive personal information of a known child, processed unless you have provided consent. Because we do not collect your sensitive personal information, we do not offer this right. |
| Right to have personal data erased | Subject to certain conditions, you are entitled, on certain grounds, to have your personal data erased (also known as the “right to be forgotten” or the “right to deletion”), e.g. where you think that the information we are processing is inaccurate, or the processing is unlawful. We will not delete personal information about you when the information is required to fulfill a legal obligation, is necessary to exercise or defend legal claims, or where we are required or permitted to retain the information by law. For example, we cannot delete information about you if your personal information is on the contract between us for our services or products. |
| Right to withdrawal | You have the right to withdraw your consent to any processing for which you have previously given that consent. |
Data solely retained for data backup or archive purposes is principally excluded from these rights until it is restored to an active system or next accessed or used for a sale, disclosure, or commercial purpose.
We do not discriminate against you if you choose to exercise any of these rights.
You may also be entitled to request in writing a list of the types of personal information that we have disclosed to a third party for their direct marketing purposes during the preceding year and to whom that information was disclosed.
In addition, you may have the right to opt-out of the sale or sharing of personal information, targeted advertising, and profiling in furtherance of solely automated decisions that produce legal effects – We currently do not sell personal information to third parties and we do not share your information for purposes of targeted advertising or engage in profiling without your opt-in consent, therefore we do not offer this option. Should you wish to change your preferences, please visit our Cookie Consent Manager.
You may also have the right to limit use and disclosure of sensitive personal data or consent to processing of your sensitive data before said processing takes place; but because we do not collect any sensitive personal data we do not offer this option.
These rights do not apply to pseudonymous data if the information necessary to identify the consumer is kept separately and is subject to controls that prevent access to the information. Pseudonymous data is personal data that can no longer be attributed to a specific individual without the use of additional information, if the additional information is kept separately and is subject measures to ensure that personal data is not attributed to the specific individual.
Please note that depending on your jurisdiction, we are only obligated to respond, free of cost, to personal information requests from the same consumer up to two times in a 12-month period. Depending on your jurisdiction, after you have exceeded the applicable number of requests, we have the right to charge a reasonable fee for fulfilling the request. In addition, to the extent the applicable state privacy laws apply, and for the protection of your personal information, we may be limited in what personal information we can disclose.
We will maintain all of your Consumer Data Rights requests for at least 2 years. This information will not be used for any other purpose except to review compliance processes; it will not be shared except as necessary to comply with a legal obligation.
10. SUBMITTING PRIVACY REQUESTS
You can exercise your privacy rights either by submitting requests to us via email at privacy@nma.org or via our webform.
We must verify your identity before fulfilling your personal information request. To verify your identity, we will collect information from you, including, your name and contact information to match this information against information we have previously collected about you. Information collected for purposes of verifying your request will only be used for verification and to respond to your personal information request.
If you maintain an account with us, we may require you to log in to that account as part of submitting your request. If we are unable to verify your identity as part of your request, we will not be able to satisfy your request. We are not obligated to collect additional information in order to enable you to verify your identity. For deletion requests, you will be required to submit a verifiable request for deletion and then confirm separately that you want personal information about you deleted.
If you would like to appoint an authorized agent to make a request on your behalf, we require you to verify your identity with us directly before we provide any requested information to your approved agent. Alternatively, your authorized agent may provide evidence of having power of attorney or acting as a conservator for you. Note that we may require you to verify your identity with us directly before we provide any requested information to your authorized agent unless your authorized agent has power of attorney or acts as a conservator, in which case we will not contact you directly. We may also request that any authorized agents verify their identity and may reach out to you directly to confirm that you have provided the agent with your permission to submit the request on your behalf. There may be circumstances where we will not be able to honor your request. For example, if you request deletion, we may need to retain certain personal information to comply with our legal obligations or other permitted purposes. We will notify you if we are unable to honor your request. You have the right to appeal our decision with regard to your request. If the Colorado or Oregon privacy law applies, and you are a resident of one of those states, you have the right to contact your state Attorney General to submit a complaint if you have concerns about the result of the appeal.
11. CHILDREN AND MINORS
11.1 No person under 17 years of age will be permitted to attend the MINExpo, regardless of affiliation or circumstances (school-sponsored groups that have the prior consent of MINExpo INTERNATIONAL Show Management and/or the NMA are excluded). Accordingly, our website is intended only for persons who are 17 years of age and older, and we do not allow persons under the age of 17 to register on our website. We do not knowingly collect personal information from persons under the age of 17. If we become aware or suspect that you are under the age of 17, any information you submit will not be used or retained by us. No information should be submitted or posted on our website by underage persons. We urge parents and legal guardians to spend time online with their children and to participate in and monitor the online activities of their children.
12. DO NOT TRACK
12.1 Various third parties are developing ways for consumers to express their choice about the collection of the individual consumer’s online activities over time and across third-party websites or online services. While we collect cookies with your consent, and you can manage your preferences at any time [LINK], we have tools in place to better detect and honor requests made using the Global Privacy Control (“GPC”) signal as requests to opt out of the sharing of Personal Information to the extent required by applicable law. We endeavor to honor these requests with respect to any Personal Information connected to the GPC opt out request based on the information made available by GPC. Note that we may not be able to tie a GPC request to all Personal Information we have about you.
13. YOUR RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
13.1 Without prejudice to any other administrative or judicial remedy you might have, you may have the right under data protection legislation in your country (where applicable) to lodge a complaint with the relevant data protection supervisory authority in your country if you consider that we have infringed applicable data protection legislation when processing personal data about you. This means the country where you are habitually resident, where you work or where the alleged infringement took place.
14. CHANGES TO THIS INFORMATION
14.1 We reserve the right to change this Privacy Notice at any time in our sole discretion. If we make changes, we will post the revised policy to our website www.minexpo.com/privacy/ so that you can see what information we gather, how we might use that information and in what circumstances we may disclose it. By continuing to use our services after notice is provided, you accept and agree to this Privacy Notice as modified.
15. CONTACT US
15.1 For further information or if you have any questions or queries about this Privacy Notice, please contact MINExpo INTERNATIONAL – Show Management, via the National Mining Association, 101 Constitution Avenue, N.W., Suite 500 East, Washington, DC 20001. Email: privacy@nma.org.
16. Privacy policy requests
By using this form, you may elect to exercise privacy rights. You may also submit a request to exercise these rights by emailing us at privacy@nma.org. For more information, please see our privacy policy.
Instructions: Please complete the required fields below. In the event of multiple accounts, please provide all numbers to which your request relates. We will use and retain the information collected on this form only to process your request.