CantonFair
Get the app

Privacy Policy

隐私政策

This page is the bilingual English and Chinese privacy policy. It describes how personal data is handled when you use the platform and related services.

Privacy Policy 隐私政策 Bilingual version / 双语版本 Privacy Policy B2B App and Online Portal with CRM for Trade Fairs 适用于贸易展会的含 CRM 功能的 B2B 应用程序及在线门户隐私政策 Who we are 我们是谁 This Platform is operated by: Exhibition Services BV Populierlaan 2, 4621CL, Bergen op Zoom, the Netherlands Support: support@cognita-innovative.com Privacy: privacy@cognita-innovative.com 本平台由以下主体运营: Exhibition Services BV 荷兰 Bergen op Zoom,Populierlaan 2,4621CL 支持邮箱:support@cognita-innovative.com 隐私邮箱:privacy@cognita-innovative.com Scope and key principles 适用范围与基本原则 2.1 B2B-only design. The Platform is intended for business exhibitors and business visitors. It is not designed for consumers and we do not knowingly process consumer personal data. 2.1 仅限 B2B 的设计。平台面向企业参展商和企业访客。其并非为消费者设计,且我们不会在明知情况下 处理消费者个人数据。 2.2 Business Contact Personal Data. Even in a B2B context, we may process personal data/personal information of natural persons acting for Businesses (Business Contact Personal Data), such as a representative’s name, business email, business phone number, and job title. 2.2 企业联系人个人数据。即使在 B2B 场景下,我们仍可能处理代表企业行事的自然人的个人数据/个人信 息(企业联系人个人数据),例如代表人的姓名、企业邮箱、企业电话号码和职位。 2.3 No medical or sensitive personal information. Do not upload medical or health information. The Platform is not intended to process medical health status or other sensitive personal information. If such data is submitted, we will take steps to delete or restrict it where feasible and legally permitted. 2.3 不得上传医疗或敏感个人信息。请勿上传医疗或健康信息。平台无意处理医疗健康状况或其他敏感个 人信息。如提交了该等数据,我们将在可行且法律允许的范围内采取删除或限制措施。 2.4 Transparency and minimum necessary retention. We aim to process data for explicit purposes and retain it only as long as necessary for those purposes, or as required by law. 2.4 透明度与最小必要保存。我们旨在为明确目的处理数据,并仅在实现该等目的所必需的期间内保存数 据,或按法律要求保存。

Legal frameworks and applicability 法律框架与适用性 3.1 China (PIPL) scenarios. The PRC Personal Information Protection Law (PIPL) applies to processing of personal information of natural persons in China, and may also apply extraterritorially where processing is for providing products/services to persons in China or analyzing/evaluating their behaviors. If that extraterritorial scope applies to our processing, we may be required to appoint a representative or establish an agency in China (see Section 11). 3.1 中国《个人信息保护法》(PIPL)场景。中华人民共和国《个人信息保护法》适用于对中国境内自然 人个人信息的处理;当处理活动旨在向中国境内个人提供产品/服务,或分析、评估其行为时,该法也可能 具有域外适用效力。如该等域外适用范围适用于我们的处理活动,我们可能需要在中国指定代表或设立机 构(见第 11 节)。 3.2 China (DSL) data security overlay. Where we process “data” in China operational contexts, the PRC Data Security Law (DSL) may apply, including data security governance expectations and special regimes for “important data” and CIIO-related data. 3.2 中国《数据安全法》(DSL)的数据安全要求。在中国运营场景中,如我们处理“数据”,则中华人民共 和国《数据安全法》可能适用,包括数据安全治理要求,以及针对“重要数据”和关键信息基础设施运营者 相关数据的特别制度。 3.3 EU considerations. Because we are established in the Netherlands, EU GDPR principles can be relevant, including when processing is in the context of our EU establishment, regardless of where processing physically occurs. We therefore implement GDPR-grade consent quality and withdrawal controls as a practical global baseline. 3.3 欧盟层面的考量。由于我们设立于荷兰,欧盟《通用数据保护条例》(GDPR)的原则可能具有相关 性,包括在处理活动与我们欧盟设立机构有关时,无论实际处理发生在何处。因此,我们将符合 GDPR 水平的同意质量和撤回控制作为实践中的全球基线。 What data we collect and process 我们收集和处理哪些数据 We process the following categories (depending on how you use the Platform): 我们会处理以下类别的数据(取决于您如何使用平台): 4.1 Company and account data (Business data) Company name, address, country, VAT/tax identifiers (if provided), business registration details (if provided) Industry/sector, product categories, exhibitor/visitor role Company profile text, listings, brochures, catalogs, stand/hall info (if provided) 4.1 公司与账户数据(企业数据) 公司名称、地址、国家、增值税/税务标识(如有提供)、企业注册详情(如有提供) 行业/领域、产品类别、参展商/访客角色

公司简介文本、列表信息、宣传册、目录、展位/展馆信息(如有提供) 4.2 Business Contact Personal Data Name, job title, department Business email address, business phone number, business messaging handles (if provided) User login identifiers and role/permissions for the Account 4.2 企业联系人个人数据 姓名、职位、部门 企业邮箱地址、企业电话号码、企业消息账号/联系方式(如有提供) 用户登录标识以及账户角色/权限 4.3 CRM data Leads and contacts you create/import Business meeting notes, tags, relationship status, and follow-up tracking Messages exchanged through the Platform 4.3 CRM 数据 您创建/导入的潜在客户和联系人 商务会议备注、标签、关系状态及跟进追踪 通过平台交换的消息 4.4 Usage, device, and security data Log data (IP address, timestamps, device type, browser/app version) Security logs and audit trails (logins, authentication events, suspicious activity) Abuse prevention signals (rate-limiting triggers, spam indicators) 4.4 使用、设备与安全数据 日志数据(IP 地址、时间戳、设备类型、浏览器/应用版本) 安全日志与审计轨迹(登录、认证事件、可疑活动) 防滥用信号(限流触发、垃圾信息指标)

4.5 Consent and preference records Records of the consents you give (who, what, when, how) Marketing preferences (opt-in/opt-out), channel preferences 4.5 同意与偏好记录 您所作同意的记录(谁、什么内容、何时、如何) 营销偏好(加入/退出)及渠道偏好 4.6 Support, complaints, and IP notices Support tickets, correspondence, and troubleshooting logs IP infringement notices and related records (including evidence provided) 4.6 支持、投诉与知识产权通知 支持工单、往来通信及故障排查日志 知识产权侵权通知及相关记录(包括所提供的证据) Purposes and lawful bases 处理目的与合法依据 We process data for the purposes below. The lawful basis depends on which law applies to the processing (PIPL, GDPR, and/or other local laws). 我们基于以下目的处理数据。适用的合法依据取决于相应处理活动受何种法律约束(PIPL、GDPR 及/或 其他地方法律)。 5.1 Provide and operate the Platform (core service) Purpose: account creation, identity/authentication, profile hosting, CRM tools, user-to-user contact facilitation, service analytics, and customer support. Lawful basis: Contract necessity / service provision necessity (commonly used where the processing is needed to provide the Platform features). Where required, consent (especially for certain disclosures and marketing). Where applicable under local law, legitimate interests (e.g., platform security, fraud prevention), balanced against rights. 5.1 提供并运营平台(核心服务) 目的:账户创建、身份识别/认证、资料托管、CRM 工具、用户间联系促成、服务分析及客户支持。 合法依据: 合同必要性/提供服务所必需(通常适用于为提供平台功能而必需的处理活动)。 在需要时取得同意(尤其是某些披露及营销活动)。 在当地法律适用时,以合法利益为依据(例如平台安全、欺诈防范),并与相关权利进行平衡。

5.2 Facilitate business introductions and sharing with other Users Purpose: sharing business profile data and Business Contact Personal Data with the counterparty you contact, or who contacts you, to enable introductions. Lawful basis: Your instruction and Platform functionality (contract necessity), and/or Separate consent where required (notably for providing personal information to another personal information processor under PIPL). 5.2 促成商务对接并与其他用户共享 目的:将企业资料数据及企业联系人个人数据共享给您联系的一方,或联系您的一方,以便实现商务引荐 。 合法依据: 您的指示及平台功能实现(合同必要性),及/或 在需要时取得单独同意(尤其是在 PIPL 下向其他个人信息处理者提供个人信息的情形)。 5.3 Marketing by Exhibition Services BV Purpose: occasional promotional messages about Platform features and trade-fair-related updates. Lawful basis: Consent where required; we provide easy withdrawal/opt-out and record keeping. In some B2B contexts, local law may permit legitimate-interest-based marketing, subject to a right to object; we implement opt-out controls regardless. 5.3 Exhibition Services BV 的营销 目的:偶尔发送有关平台功能及展会相关更新的推广信息。 合法依据: 在需要时取得同意;我们提供便捷的撤回/退出机制并保存记录。 在某些 B2B 场景下,当地法律可能允许基于合法利益进行营销,但须给予反对权;无论如何,我们都会 提供退出控制。 5.4 Marketing and offers by Exclusive Partners Purpose: offers and messages from selected partners (hotels, flights, events, shipping/logistics, F&B, business services), including during/after Fairs. You can opt out of such partner communications at any time in the mobile app or in the web portal under Settings > Profile > Your Data. Lawful basis: Consent where required; and separate consent where required for sharing personal information with another processor and/or for cross-border transfer. 5.4 独家合作伙伴的营销与优惠 目的:接收精选合作伙伴(酒店、航班、活动、运输/物流、餐饮、商业服务)在展会期间及/或结束后发 送的优惠和信息。您可随时在移动应用程序中,或在网页门户的 Settings > Profile > Your Data(设置 > 个人资料 > 您的数据)中,选择退出此类合作伙伴通信。 合法依据: 在需要时取得同意;并在需要向另一处理者共享个人信息及/或进行跨境传输时取得单独同意。

5.5 Security, fraud prevention, and compliance Purpose: protect accounts, detect misuse, prevent scraping/spam, enforce Terms, and maintain audit trails. Lawful basis: Security obligations and legitimate interests; and/or Where applicable, legal obligations and PIPL/DSL security expectations for data handling. 5.5 安全、反欺诈与合规 目的:保护账户、检测滥用、防止抓取/垃圾信息、执行条款并维护审计轨迹。 合法依据: 安全义务和合法利益;及/或 在适用时,法律义务以及 PIPL/DSL 对数据处理的安全要求。 5.6 Legal claims, IP enforcement, and regulatory requests Purpose: handle disputes, respond to legal claims and regulatory requests, operate notice-and-action, and maintain records. Lawful basis: Legal obligation and/or legitimate interests (defending claims, enforcing rights). Under PIPL, certain impact assessments and records are required in specified scenarios. 5.6 法律主张、知识产权执行与监管请求 目的:处理争议、回应法律主张和监管请求、运行通知与处理机制,并保存记录。 合法依据: 法律义务及/或合法利益(抗辩索赔、执行权利)。 根据 PIPL,在特定情形下需要进行某些影响评估并保存相关记录。 Sharing and recipients 共享与接收方 We share data only as needed for the Platform and the purposes described above. 我们仅在平台运行及实现上述目的所必需的范围内共享数据。 6.1 Sharing with other Users (business introductions) When you contact another User or accept a contact request, we may share your business profile data and Business Contact Personal Data with the counterparty. Under PIPL, providing personal information to another processor requires informing individuals and obtaining separate consent; we implement this through explicit sharing controls and consent flows. 6.1 与其他用户共享(商务对接)当您联系另一用户或接受联系请求时,我们可能会与对方共享您的企业 资料数据及企业联系人个人数据。根据 PIPL,向另一处理者提供个人信息需要告知相关个人并取得单独 同意;我们通过明确的共享控制和同意流程来实现这一点。 6.2 Sharing with Exclusive Partners If you opt in (or if another lawful basis applies under applicable law), we may share limited business profile data and Business Contact Personal Data with a select number of Exclusive Partners for partner offers and/or partner marketing.

6.2 与独家合作伙伴共享 如您选择加入(或适用法律下存在其他合法依据),我们可向数量有限的独家合 作伙伴共享有限范围的企业资料数据及企业联系人个人数据,用于合作伙伴优惠及/或合作伙伴营销。 6.3 Service providers (processors) We use service providers for hosting, email delivery, messaging infrastructure, analytics, and customer support systems. They process data on our instructions, subject to contractual confidentiality, security controls, and access limitations. 6.3 服务提供商(处理者) 我们会使用服务提供商提供托管、邮件发送、消息基础设施、分析及客户支持 系统服务。他们将在我们的指示下处理数据,并受合同保密义务、安全控制及访问限制约束。 6.4 Rights holders (IP infringement workflow) If a rights holder submits a substantiated IP infringement request, we may disclose uploader identifying data if not already visible and to the extent legally permitted and proportionate, as described in the Terms of Service. 6.4 权利人(知识产权侵权流程) 如权利人提交了有依据的知识产权侵权请求,且上传者身份识别信息尚 未公开显示,则在法律允许且符合比例原则的范围内,我们可按服务条款所述披露该上传者的身份识别数 据。 6.5 Authorities We may disclose information where required by law, lawful process, or regulator request, or where necessary to protect rights, safety, and integrity of the Platform. 6.5 主管机关 在法律要求、合法程序或监管要求下,或为保护平台的权利、安全与完整性所必需时,我们 可能披露信息。 Cross-border transfers 跨境传输 7.1 Cross-border transfers under PIPL If personal information is provided to a recipient outside China, PIPL requires: the transfer to satisfy an approved compliance pathway (e.g., CAC security assessment, certification, CAC standard contract, or other lawful conditions); and additional notice to individuals and their separate consent for the cross-border transfer. 7.1 PIPL 下的跨境传输 如个人信息被提供给中国境外接收方,PIPL 要求: 该传输须满足经批准的合规路径(例如 CAC 安全评估、认证、CAC 标准合同或其他合法条件);且 须向个人作出额外告知,并取得其对跨境传输的单独同意。 7.2 Practical compliance routes (high-level) Depending on the scale and type of data transfers, China’s cross-border regime can involve: CAC security assessments (effective September 2022, per reputable summaries). CAC “standard contract” measures (effective June 1, 2023, per reputable summaries). Certification routes and related thresholds, per later guidance and updates. 2024 updates (Provisions on Promoting and Regulating Cross-Border Data Flows) supplementing earlier measures and clarifying certain exemptions and thresholds scenarios. We do not state in this Policy that any specific route applies to you until hosting locations, transfer volumes, and transfer patterns are finalized. We will document the applicable route(s) in internal compliance records and, where required, in user-facing transfer notices. 7.2 实务合规路径(高层概述) 根据数据传输的规模和类型,中国的跨境制度可能涉及: CAC 安全评估(根据可靠摘要,自 2022 年 9 月起生效)。 CAC“标准合同”措施(根据可靠摘要,自 2023 年 6 月 1 日起生效)。 根据后续指引和更新适用的认证路径及相关门槛。 2024 年更新的《促进和规范数据跨境流动规定》,对先前措施作出补充,并澄清了若干豁免和门槛情形

。 在托管地点、传输量及传输模式最终确定前,我们不会在本政策中声明某一具体路径一定适用于您。我们 将把适用的路径记录在内部合规记录中,并在需要时通过面向用户的传输通知予以说明。 7.3 Cross-border transfers under EU considerations Where GDPR applies and personal data is transferred to countries outside the EEA without an adequacy decision, controllers often rely on EU Standard Contractual Clauses (SCCs) adopted by the European Commission and supplementary measures where needed. 7.3 欧盟层面下的跨境传输 当 GDPR 适用且个人数据被传输至欧洲经济区(EEA)外且该国家/地区未获 充分性认定时,控制者通常依赖欧盟委员会通过的标准合同条款(SCCs),并在需要时采取补充措施。 Data retention 数据保存 We keep data for the minimum period necessary for the purposes described in this Policy, unless a longer retention period is required by law, needed for security, or needed to establish, exercise, or defend legal claims. Under PIPL, storage periods should be the minimum time necessary to achieve processing purposes, and impact assessment records must be retained for at least three years. Specific recommended retention periods are provided in Table A. 除非法律要求更长保存期限,或出于安全需要,或为建立、行使或抗辩法律主张所必需,否则我们仅在实 现本政策所述目的所必需的最短期间内保存数据。 根据 PIPL,保存期限应为实现处理目的所必需的最短时间,且影响评估记录必须至少保存三年。 具体建议保存期限见表 A。 Security measures 安全措施 We implement technical and organizational measures appropriate to the risk, such as: access controls and role-based permissions; logging and audit trails; encryption in transit and, where appropriate, at rest; security monitoring and incident response procedures; and contractual controls with service providers. PIPL provides an explicit list of expected measures (internal systems, classified management, technical measures like encryption/de-identification, training, emergency plans). The DSL similarly emphasizes full-process data security management systems, training, technical measures, and risk monitoring. 我们实施与风险相适应的技术和组织措施,例如: 访问控制和基于角色的权限; 日志与审计轨迹; 传输过程中的加密,以及在适当情况下的静态加密; 安全监测与事件响应程序;以及

与服务提供商之间的合同控制。 PIPL 明确列举了预期措施(内部制度、分级管理、加密/去标识化等技术措施、培训、应急预案)。DSL 同样强调全流程数据安全管理制度、培训、技术措施和风险监测。 Your rights and controls 您的权利与控制 10.1 PIPL rights (where applicable) PIPL provides rights such as: right to be informed and to make decisions regarding processing; right to access and copy personal information; right to correct; right to delete under specified circumstances; right to withdraw consent (with convenient withdrawal methods); right to request explanation of processing rules; and complaint handling mechanisms. 10.1 PIPL 权利(如适用) PIPL 赋予的权利包括: 知情权以及对处理作出决定的权利; 访问和复制个人信息的权利; 更正权; 在特定情形下的删除权; 撤回同意权(且应提供便捷的撤回方式); 要求解释处理规则的权利;以及 投诉处理机制。 10.2 Consent withdrawal effects Under PIPL, withdrawal of consent does not affect the validity of processing conducted before the withdrawal. Under GDPR-grade consent practice, withdrawal should be as easy as giving consent, and controllers must be able to demonstrate consent. 10.2 撤回同意的效力 根据 PIPL,撤回同意不影响撤回前已进行处理的有效性。按照符合 GDPR 水平的同 意实践,撤回应当与给予同意同样便捷,且控制者必须能够证明其已取得同意。 10.3 How to exercise rights To exercise rights or manage preferences, use Platform settings (where available) or contact privacy@cognita-innovative.com. We may need to verify identity/authority. 10.3 如何行使权利 如需行使权利或管理偏好,请使用平台设置(如可用)或联系 privacy@cognita- innovative.com。我们可能需要核验身份/授权。 PRC representative 中国境内代表 If PIPL applies extraterritorially to our processing, we will designate a PRC representative or establish a PRC agency and submit required details to the relevant authorities. 如 PIPL 对我们的处理活动具有域外适用效力,我们将指定中国境内代表或设立中国境内机构,并向相关 主管机关提交所需信息。 PRC representative contact (to be completed if required): Name: [PRC Representative Name] Organization: [Entity]

Address in China: [Address] Email/Phone: [Contact Details] 中国境内代表联系方式(如需要时填写): 姓名:[中国代表姓名] 机构:[实体名称] 中国境内地址:[地址] 电子邮箱/电话:[联系方式] Updates to this Privacy Policy 本隐私政策的更新 We may update this Policy to reflect changes in the Platform, hosting, partners, or legal requirements. We will publish updates in the Platform. 我们可能更新本政策,以反映平台、托管安排、合作伙伴或法律要求的变化。我们将在平台内发布更新。 Consent modules and checkbox wording 同意模块与复选框措辞 The wording below is designed to support PIPL “separate consent” needs for (i) providing personal information to another processor and (ii) cross-border transfers, and to meet GDPR-grade consent clarity and granularity. 以下措辞旨在支持 PIPL 对以下事项的“单独同意”要求:(i) 向另一处理者提供个人信息;以及 (ii) 跨境传输 ,同时满足符合 GDPR 水平的同意清晰度与颗粒度要求。 13.1 Age and business-use declaration (mandatory) Checkbox text: “I confirm that I am at least 18 years old and I am acting on behalf of a business (not as a consumer).” 13.1 年龄及商业用途声明(必选) 复选框文本:“我确认我已年满 18 周岁,且我系代表一家企业行事(并非作为消费者)。” 13.2 User-to-user sharing consent (separate consent where required) Checkbox text: “I agree that when I contact a company (or a company contacts me) through the Platform, Exhibition Services BV may share my business contact details (name, job title, business email, business phone) with that company for the purpose of business communication.” 13.2 用户与用户之间共享同意(需要时的单独同意) 复选框文本:“我同意,当我通过平台联系某公司(或某公司联系我)时,Exhibition Services BV 可将我 的商务联系方式(姓名、职位、企业邮箱、企业电话)共享给该公司,以便进行商务沟通。” 13.3 Partner marketing opt-in (separate and optional) Checkbox text: “I want to receive marketing offers from selected Exclusive Partners (e.g., hotels, flights, events, shipping/logistics, F&B, business services). I understand I can opt out at any time in the mobile app or in the web portal under Settings > Profile > Your Data.” 13.3 合作伙伴营销加入(单独且可选) 复选框文本:“我希望接收精选独家合作伙伴(例如酒店、航班、活动、运输/物流、餐饮、商业服务)的 营销优惠。我理解我可随时在移动应用程序中,或在网页门户的 Settings > Profile > Your Data(设置 > 个人资料 > 您的数据)中选择退出。”

13.4 Share data with Exclusive Partners (separate and optional) Checkbox text: “I agree that Exhibition Services BV may share my business profile and business contact details with selected Exclusive Partners for their own marketing and service offers. I can withdraw this consent at any time.” 13.4 与独家合作伙伴共享数据(单独且可选) 复选框文本:“我同意 Exhibition Services BV 可将我的企业资料和商务联系方式共享给精选独家合作伙伴 ,用于其自身的营销和服务优惠。我可随时撤回该同意。” 13.5 Cross-border transfer consent (China-specific separate consent) Checkbox text: “I understand that my business contact details may be transferred to recipients outside China. I consent to the cross-border transfer of my business contact details, and I understand the overseas recipient’s name/contact, purpose, and my rights will be provided to me (as required).” 13.5 跨境传输同意(中国场景下的单独同意) 复选框文本:“我理解,我的商务联系方式可能会被传输给中国境外的接收方。我同意对我的商务联系方式 进行跨境传输,并理解将向我提供境外接收方的名称/联系方式、处理目的以及我的相关权利(如法律要求 )。” Short companion notice text shown next to the checkbox: “Cross-border transfer notice: we may transfer business contact details to overseas recipients to provide the Platform and partner services. Where required, we use CAC-approved transfer mechanisms and record your separate consent.” 显示在复选框旁边的简短提示文本:“跨境传输通知:我们可能会将商务联系方式传输给境外接收方,以提 供平台及合作伙伴服务。在需要时,我们将使用经 CAC 批准的传输机制,并记录您的单独同意。”