Information we collect
We collect information to provide better services to you. We do not collect sensitive personal data such as ethnicity, political views, religious beliefs, genetics, biometrics, health, or sexual orientation.
We collect the following information:
Information you give us
Many of our services require you to sign up for an account. When you do, we may ask for personal information such as your name, email address, company name, address, phone, VAT, and credit card details. You may also provide us with additional information when you email or call us or through feedback and other forms on the website.
Information we get from your use of our services
We may collect information about the services that you use and how you use them. This information includes:
Device information — such as your hardware model, operating system version, unique device identifiers, .NET versions installed
Log information — When you use our services, we may automatically collect and store certain information in server logs. This may include: details of how you used our service, your IP address, device event information such as crashes, system activity, hardware settings, browser type, browser language, the date and time of your request and referral URL and cookies that may uniquely identify your browser or your account.
Location information including TimeZone.
Unique application numbers — Certain services include a unique application number or a key. This number and information about your installation may be sent to Pranas.NET when you install or uninstall that service or when that service periodically contacts our servers, such as for automatic updates.
Local storage — We may collect and store information locally on your device. This includes but is not limited to cookies.
We can limit the information we collect based on user preferences and regulatory requirements. Users have the option to control certain types of data collection through their app settings, and we comply with all applicable data protection laws, including GDPR and CCPA, to ensure user privacy and data security.
Information collected on specific services
Our different services may also collect information specific to a particular service.
SQLBackupAndFTP, SqlBak may additionally collect and store: database names, email addresses to send notifications, server/SQL Server/MySQL server/FTP/Cloud versions, service authentication or access keys/tokens (encrypted), passwords (encrypted) for encrypted backups, job schedule settings and logs for backup, restore and connection. These services may also collect various database server and Windows server monitoring parameters — depending on what you have requested to monitor.
How we use the information we collect
We use the information we collect to provide you with the services; maintain, protect and improve them; develop new ones and protect ourselves and our users.
We do not sell, rent, trade or give away your personal information to any other organization. We share your information only as described below.
What data the cookies collect and how we use this data
For all apps located at "http(s)://*.expofp.com/," if the user rejects the cookie consent request, he/she will receive a single cookie with the name "cookie_consent=false," which will expire in one month. If accepted: then he or she will get Google Analytics cookies, DoubleClick cookies and a cookie with the name "cookie_consent=true" which will expire in 1 month.
If our floor plan is used in your mobile event app, it is the same case. The user will receive the same cookies, since the mobile app internally uses the same code.
We store only cookies with the name cookie_consent and the value true or false to determine whether we can enable Google Analytics or not. We don't control cookies created by GA and don't use them. We control and manage only cookies with the name "cookie_consent" as required.
This data is never passed to any third parties.
Where does that cookie consent request occur?
App integration does not have a cookie consent request if the provided parameter "allowConsent=true|false" via SDK. The request should occur if "allowConsent=undefined." We rely on the allowConsent value provided.
Information we share
With service providers
We employ other companies to process credit cards, provide hosting, storage, virtual infrastructure, traffic analysis and send email and other services on our behalf based on our instructions and in compliance with our Privacy Policy and other appropriate confidentiality and security measures. We share the minimum amount of information needed to provide the service, and the providers do not have the right to use that information beyond what is necessary to provide the service.
For legal reasons
We may disclose your personal information when we believe it is appropriate to comply with laws; to enforce or apply our Terms of Service, including investigation of potential violations; or to protect the rights, property or safety of Pranas.NET, our users or the public.
Email communications
When you use our services, we send you emails. Some of them are a part of the service — such as confirmations of password change; notifications of service failure; notifications of a service change or availability of a new product version or to reply to, or inform you of a support issue. You can not opt out of receiving these messages as they are part of the service. To stop receiving these messages you must discontinue using the service.
Other emails are optional, such as our new features, blog posts or promotions (never third party). You may opt out of receiving such emails using the unsubscribe link provided in every such email or via the “Email preferences” link in “My Account” section of the service you are using. ExpoFP can contact exhibitors on behalf of expo organizers (our clients) to review and update their data. Exhibitors have agreed to this type of communication when they have agreed to participate in the expo.
Information security
We take all the measures required to protect our services and our users from unauthorized access or unauthorized alteration, disclosure or destruction of information we hold. We have put in place industry-standard physical and electronic enforcement mechanisms. All sensitive information transmission and storage are encrypted. Our websites are developed and regularly tested to withstand hacking attempts. Access to sensitive data is restricted on a need-to-know basis. Your data is stored in a secure location with access controls for authorized employees only.
While it has never happened to our services, if we become aware of any security breach that has the potential of disclosing your personal information, we will notify you within 48 hours and will share all incident-related information.
We currently do not store payment details or any sensitive data on our side. All other information, such as exhibitor names, addresses, and emails, we collect is intended to be shared on the floor plan. As this is marketing materials needed to promote exhibitors, there is no point in encrypting.
By "sensitive data" we mean the information visible in the live view that is available to the public. However, other personal information provided by the exhibitors during reservation, such as the name, email, and phone number of the company contact, is considered sensitive. We do not encrypt this kind of data but we are using standard database mechanisms for data protection. The cloud provider that we use encrypts the database volumes for us for added security.
You can find more information on this through this link: https://devcenter.heroku.com/articles/heroku-postgres-production-tier-technical-characterization#data-encryption
The Colocator application is hosted within the Amazon Web Services (AWS) infrastructure. It leverages several AWS services, including Amazon Elastic Compute Cloud (EC2) for scalable computing power, Amazon Simple Storage Service (S3) for secure data storage, Amazon DynamoDB for fast and flexible NoSQL database services, and Amazon Kinesis for real-time data processing. AWS is known for its high availability and reliability, making it a trusted platform for numerous organizations worldwide.
Data hosting location and reliability of our servers
Your floor plan and data are hosted on Amazon AWS (in the US) with the CloudFront content delivery network. This is physically separate from the ExpoFP.com website. Currently, we can not host the data in other places, but all event-related data doesn't have sensitive information. It's publicly available exhibitor information — no Cybersecurity Authority regulation should be a problem.
CloudFront guarantees a 99.99% floor plan uptime. If you make a mistake, no problem. We save all of the previous floor plan versions and can roll them back to the working version for you.
What cyber security documentation do we have?
We do have a Security Incident Handling Policy document and can also sign an SLA. Additionally, since we store information on an Amazon AWS server, AWS has all the needed Data security certificates.
We can also sign an NDA, Privacy Policy agreement, Security Assessment, etc.
Accessing, updating and deleting your personal information
You can update or remove your data in the "My Account" section of the service you are using or by contacting support. When you cancel your account, we delete all of the information related to your account. Note that while the information in our live system is deleted right away, for a limited time some of your data may remain in our backups.
We keep data only as long as it is necessary to provide our services. Where possible, we employ mechanisms that allow us to automatically remove data after it is no longer needed to offer our services.
Compliance
We regularly review our compliance with our Privacy Policy. Here is our PCI compliance. We are committed to full GDPR compliance.
Frequently asked questions
Do we collect the information listed under "information we get from your use of our services" from all users of the event app? If so, do we have a full list of the information we collect?
We may collect information about the services that you use and how you use them. This information includes:
Device information — such as your hardware model, operating system version, unique device identifiers, .NET versions installed
Log information — When you use our services, we may automatically collect and store certain information in server logs. This may include details of how you used our service, your IP address, device event information such as crashes, system activity, hardware settings, browser type, browser language, the date and time of your request and referral URL and cookies that may uniquely identify your browser or your account.
Location information including time zone
Unique application numbers — Certain services include a unique application number or a key. This number and information about your installation may be sent to Pranas.NET when you install or uninstall that service or when that service periodically contacts our servers, such as for automatic updates.
Local storage — We may collect and store information locally on your device. This includes but is not limited to cookies.
Are you able to limit the information you collect?
Yes, we can limit the information we collect based on user preferences and regulatory requirements. Users have the option to control certain types of data collection through their app settings, and we comply with all applicable data protection laws, including GDPR and CCPA, to ensure user privacy and data security.
Do you place cookies on the app users' devices? If so, can you please provide technical details about the cookie, including what information it stores and sends back to you and whether it's classified as a "necessary" cookie? What is the list of cookies (classified as strictly necessary, names, etc.) and applicable expiry dates that you are collecting? What data exactly do these cookies collect and how are you using the data?
For all apps located at "http(s)://*.expofp.com/," if the user rejects the cookie consent request, he/she will receive a single cookie with the name "cookie_consent=false," which will expire in one month. If accepted: then he or she will get Google Analytics cookies, DoubleClick cookies and a cookie with the name "cookie_consent=true" which will expire in 1 month.
If our floor plan is used in your mobile event app, it is the same case. The user will receive the same cookies, since the mobile app internally uses the same code.
Where does that cookie consent request occur?
App integration does not have a cookie consent request if the provided parameter "allowConsent=true|false" via SDK. The request should occur if "allowConsent=undefined." So we are relying on the allowConsent value provided.
What data exactly do these cookies collect and how are we using the data?
We store only cookies with the name "cookie_consent" and the value true or false to determine whether we can enable Google Analytics or not. We don't control cookies created by GA and don't use them.
Do we pass this data on to any third parties?
No.
Can we proceed without these cookies?
We control and manage only cookies with the name "cookie_consent." It's required for now.
Is the exhibitor data (names, emails, addresses, payment details, etc.) encrypted? Also, is the data at rest encrypted? How protected is my data?
We currently do not store payment details or any sensitive data on our side. All the other information, such as exhibitor names, addresses, and emails, we collect is intended to be shared on the floor plan. So, this could be considered marketing materials needed to promote exhibitors. There is no point in encrypting.
What do we mean by "sensitive data?" The information visible in the live view is available to the public. However, other personal information provided by the exhibitors during reservation, such as the name, email, and phone number of the company contact, is considered sensitive. We do not encrypt this kind of data but we are using standard database mechanisms for data protection. The cloud provider that we use encrypts the database volumes for us for added security.
You can find more information on this through this link: https://devcenter.heroku.com/articles/heroku-postgres-production-tier-technical-characterization#data-encryption
Other details on security issue can be found in our privacy policy.
How reliable are your servers and where is the data hosted?
Your floor plan and data will be hosted on Amazon AWS (in the US) with the CloudFront content delivery network. This is physically separate from the ExpoFP.com website. Currently, we cannot host the data in other places, but all event-related data doesn't have sensitive information. It's just publicly available exhibitor information — no Cybersecurity Authority regulation should be a problem.
CloudFront guarantees a 99.99% floor plan uptime. If you make a mistake, no problem. We save all of the previous floor plan versions and roll them back to the working version for you.
How secure is the data?
The Colocator application is hosted within the Amazon Web Services (AWS) infrastructure. It leverages several AWS services, including Amazon Elastic Compute Cloud (EC2) for scalable computing power, Amazon Simple Storage Service (S3) for secure data storage, Amazon DynamoDB for fast and flexible NoSQL database services, and Amazon Kinesis for real-time data processing. AWS is known for its high availability and reliability, making it a trusted platform for numerous organizations worldwide.
What information are you collecting?
Here is our privacy policy. We don’t share our clients’ information with anybody. We are also PCI compliant, we don’t store credit card information.
Do you have a SOC2 report/certification?
At the moment, we don't have it, but we do have AoC documentation and PCI compliance.
What cyber security documentation do you have?
We do have a Security Incident Handling Policy document and can also sign an SLA. Additionally, since we store information on an Amazon AWS server, AWS has all the needed Data security certificates.
Can you sign our NDA, Privacy Policy agreement, Security Assessment etc.?
Yes, we can.