mci group Privacy Policy

Last updated: 25 September 2023

For further information about cookie collection and processing, please consult our Cookie Policy 

MCI Group Holding SA, 9, Rue du Pré-Bouvier, 1242 Satigny, Geneva, Switzerland or relevant mci group entity (“mci group”) is a global agency network with operations and subsidiaries in many countries around the world which provides marketing and communication services, association, congress management, meetings and event services, digital and consulting to its clients (the “Client”).

MCI Benelux SA, Avenue des Arts 47, 1000 Brussels, Belgium, has been appointed as mci group main GDPR office within the European Union.

This Privacy Policy sets out how mci group processes and protects any information collected through this website (mci group acting as data controller) and during our Clients’ projects (mci group acting as data processor). 

It is mci group’s utmost concern to constantly improve its services in order to best meet the needs of its Clients. To this end, mci group may collect and store certain information, including personal data of people like you. mci group takes the protection of your personal data very seriously in all of its business processes. This Privacy Policy is meant to help you understand how data are collected, processed and stored to meet legal requirements and mci group’s data protection standards. 

By providing personal data to mci group, you agree to have read this privacy policy and agree to abide by any obligations contained therein, as it may be amended from time to time.


1. Scope of this Privacy Policy

This Privacy Policy applies to all services offered by mci group. 

This Privacy Policy does not apply to services offered by other companies or individuals. This Privacy Policy does not cover the information practices of other companies and organizations who advertise mci group services or any third party operating any website to which the mci group website or other digital asset may contain a link.


2. Data collected and method of collection

mci group collects general and personal data concerning you from:

  • you when you provide your details to mci group;
  • its Clients (in such cases, Client must ensure that it is entitled to disclose such data and that you are aware of the various matters detailed in this Privacy Policy);
  • participants at Client’s meetings and events organized by mci group;
  • users of mci group’s or Client’s websites; and third parties (such as online service provider or single sign on authority).

Following the reception of the data, an electronic profile is created in mci group tools for each person or entity (the “Contact Profile”). 

The Contact Profile may contain but is not limited to: 

  • name; 
  • gender; 
  • date of birth; 
  • address; 
  • phone numbers; 
  • email addresses; 
  • nationality
  • physical location data during an event
  • ADA (American Disability Act) information
  • food or allergies preferences
  • emergency contact information
  • organization or company of employment and/or job title;
  • field of activity and/or interest;
  • credit card references/numbers; 
  • travel destinations; 
  • travel schedules; 
  • travel preferences;
  • accommodation preferences; 
  • other communicated preferences;
  • passport; 
  • visa details and
  • additional information as requested by Clients on events. 

mci group may process sensitive personal data based on a specific and explicit additional consent of data subjects. 

By attending an event, individual authorizes, free of charge and without consideration of any kind whatsoever, that any image and sound recording made in connection with the event, by video and/or audio recording, and/or photograph on which it appears, may be used, reproduced, modified and broadcast on any medium known or unknown to date and in particular on social networks or its Sites, by Dorier or by any mci group company within the meaning of the regulations in force, or their partners, for the duration of exploitation of the video and/or audio recordings, and/or photographs. 


3. Purpose of data collection

mci group uses the data collected to provide, maintain, protect and improve the overall quality of its services. Data collection is also meant to protect mci group and its users. mci group does not collect more data than is necessary to fulfil such purposes.

In addition to creating Contact Profiles, mci group uses your data for the following purposes and for which you give your consent:

a) Bookings: The Contact Profiles are stored in a database as a reference document to be consulted each time a booking is to be made. When a booking is made, mci group creates a booking code that contains all of the personal data along with the booking information that is needed to fulfil your request and to fulfil regulatory requirements for certain destinations. To make bookings, mci group might need to transfer personal data to various third-party travel suppliers (such as airlines, hotels, car rental companies, online booking tool companies, safety and security tracking providers and computer booking systems) within your home country or in another country where you may be traveling and often also to government bodies for certain destinations. 
Legal basis: Contract;

b) Travel reports consolidation: At the request of a Client, mci group or a third party may prepare information reports that summarize and analyse the expenditures per destination, per travel supplier, etc. Such reports which may include certain personal data from your Contact Profile are then submitted to the requesting Client.
Legal basis: Contract;

c) Compliance with travel policy: At the request of a Client, mci group may report on your compliance with the event compliance policy, budget compliance policy or travel policy of such Client and identify any exceptions to the compliance.
Legal basis: Contract;

d) New products and services: With the goal of improving services and based on the data given to mci group, mci group may send you additional information related to your current or future event(s) and/or trip(s). An example might be a list of restaurants near a specific hotel in the destination city or parking facilities at the departure airport.
Legal basis: Legitimate interest;

e) Promotion and marketing: mci group may use your data to personalize your experience on the mci group website by presenting advertisements that are more relevant to you, to send you marketing communications that we believe may be of interest to you, including information about our services, case studies, thought leadership or whitepapers, blog updates, etc. For example, mci group uses third party service providers to present services and offers tailored to the preferences and interests demonstrated by your online activity over time. mci group may use your data for promotion and marketing purposes for mci group’s current or prospective Clients and/or third parties in mci group’s industry. mci group may use your data to personalize your experience on the event website by presenting advertisements that are more relevant to you, and to send you marketing communications as chosen by you in the registration process. mci group may use the data to analyse trends in order to propose other services to its Clients, such as new events or other services.

Legal basis: Consent;

f) Statistical analysis related to websites: mci group, or third parties instructed by mci group, evaluate this data purely for statistical purposes and only in an anonymised form, in order to optimize mci group’s website and increase user-friendliness, efficiency and safety. mci group may in particular use technical data to measure the success of mci group marketing campaigns, compile statistics about mci group website usage and response rates, and use aggregated personal data calculate the percentage of mci group users who have a particular telephone area code.
Legal basis: Consent;

g) Job opportunities management:

Legal basis: Pre-Contractual conditions

h) Creation of a resume library:

Legal basis: Legitimate interest – reinforce mci group recruiting process

i) OneSystem Plus – on data controller’s demand (mci group acting as data processor): 

mci group uses the data collected for event registration to provide, maintain, protect and improve the overall quality of its services. mci group does not collect more data than is necessary to fulfil such purposes. 

In addition to creating Attendee Profiles, mci group uses your data for Sponsors lead retrieval. On site, exhibitors or sponsors may scan your badge when you visit their booth. If you do not want your badge to be scanned please let the exhibitor know directly. Otherwise, your personal data will be released to them.

At the time of scan, attendee profile data will be shared with an exhibitor and the permission to scan that badge is considered an explicit opt-in to share that data. This data may be modified or completely redacted from our system and the lead devices should the attendee request the data to be removed or they change their behavioral/tracking data privacy settings via the Attendee Dashboard outlined below. If an attendee has opted to share behavioral/tracking data, that information will also be sent to the exhibitor’s device and lead web portal. If an attendee has not opted in, they will receive a one-time email or SMS giving them a link to access the Attendee Dashboard described below and manage their privacy settings. 

From the email or SMS link provide by the lead system, each attendee will be able to control the visibility of each data point shared as well as override each piece of profile data shared with exhibitors. In addition, the attendee will be able to view their behavioral and tracking data and opt-in to sharing this data with exhibitors. Each exhibitor that has captured that attendee’s badge will be listed with additional features for the attendee to interact with exhibitors such as requesting to be forgotten.  

Individuals’ data will only share with Sponsors with which individuals have scanned their badge. 

Verbiage onsite will outline the lead retrieval process and will inform attendees of the process and data shared.

Other than in this case, your Data will not be transferred or made available to any third party without your prior consent.

mci group may disclose your Data to third parties where such disclosure is permitted and required by law or court order, or where such disclosure is necessary for the protection and defense of its rights.

Legal basis: Consent


4. Duration of storage

General and personal data will be kept by mci group no longer than necessary for the execution of the purposes aforementioned.  mci group will retain general and personal data during a maximum period of five years if no specific legal requirement.

Applicants who have created a profile on https://careers.mci-group.com/ can link their application to a job offer. All applicant profiles that have been inactive for two years are automatically deleted after having informed applicants. 

You may cancel/delete your mci group account by sending an email to our Data Protection Officer: privacy@mci-group.com.


5. Location of storage and controller of data base

The Contact Profiles that mci group maintains are stored in cloud-based central databases at third-party providers’ location in Europe, United States and Asia. Third-party providers have signed our dedicated data protection clauses.

Any transfer of your Data outside the European Economic Area shall only take place with suitable safeguards in place, such as contractual terms in compliance with applicable data protection laws and regulations.

You may have further information on the above by sending an email to our Data Protection Officer: privacy@mci-group.com.


6. Your duties

You must ensure that the data you provide us with are: 

  • correct;
  • accurate;
  • current;
  • truthful; and
  • compliant with any applicable laws.

In particular, since mci group will mainly use email communications with you, you are required to notify us of any modification of your email address. Alternatively, you can directly update your Contact Profile.

mci group is committed to protecting the privacy needs of children and we encourage parents and guardians to take an active role in their children’s online activities. mci group does not target the digital asset to children less than fourteen (14) years of age or knowingly collect information from children for the purpose of selling products or services.


7. Transfer and communication of data

7.1  In general

mci group is a worldwide company with offices in over 30 countries across Europe, the Americas, Asia and the Middle East. Your personal data may therefore be transferred to and outside of Switzerland, including in countries whose data protection laws may be different from those in your country of residence. 

a) Transfers within the mci group: Transfers are made throughout mci group, its subsidiaries and its franchises to support its activities and/or services.

b) Transfer to third-parties: mci group works with certain third parties to obtain support services in connection with travels, meetings and events services and/or other mci group services to its Clients, such as emergency online booking services, hotel booking services, ground transportation requirements or airline ticket issuance, badge provider and, in some cases, personal data will be shared with these third parties in order to pursue mci group’s mission and goals. mci group may also transfer personal data to third parties at the request of its Clients. For example, to sponsors and exhibitors or to other third parties for data consolidation or tracking services to generate statistics. During events or congresses, sponsors or exhibitors may scan participants or delegates’ badges with the consent of the latter. If you do not wish your personal data to be passed on to them, please let them know by not scanning your badge. Therefore, collection and use of the personal data is governed by each sponsor or exhibitor’s privacy policy. mci group may transfer your data to third parties for promotion and marketing purposes as outlined under 3e) above. mci group may also transfer your data to a third-party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of mci group business, assets or stock (including in connection with any bankruptcy or similar proceedings). Prior to a transfer, third-parties (except for travel suppliers and authorized transfers such as within the EU) are required to sign a data processing agreement with mci group that requires them to follow the applicable data protection laws.

As part of its activities, mci group works with a certain number of recurring partners who process personal data on our behalf for specific purposes:

Badge provider

Benchmarking tool

Event management platforms 

Hospitality

Mobile event application

This list is not exhaustive and can be updated from time to time. We invite you to regularly consult this list to keep up to date with any changes.

mci group is using Microsoft Office 365, Cloud Azure with servers located in EU (Ireland and The Netherlands).

c) Regulatory transfers: mci group may be required by law to transfer data to governments and regulatory and/or supervisory authorities.

While attending an event organized by mci group on behalf of one of its Clients, your data will be collected on instructions of our Client, the data controller, and transferred to mci group acting as data processor for project management purposes. 


8. Security and organizational measures 

To ensure the safety of your data on mci group’s website and systems, mci group has implemented appropriate technical, contractual, administrative, physical and organizational measures to protect your personal data from loss, destruction, unauthorized access, accidental or unlawful disclosure and manipulation. These measures are subject to continuous development in accordance with technological progress and are periodically reviewed to comply with all applicable privacy laws. 

Only authorized mci group staff, third party companies’ (i.e. service providers) staff or our Clients’ authorized staff (who have contractually agreed to keep all information secure) have access to your personal data. All mci group staff who have access to your personal data are required to adhere to the staff confidentiality regulations and all third-party employees who have access to your personal data have signed non-disclosure agreements. In addition, data transfer agreements are in place with third-party companies that have access to your personal data to make sure these data remain secure.


9.Your rights

In accordance with applicable data protection laws and regulations, you have a right to request access to, rectification of your Data, or restriction of processing, and to object to said processing, as well as the right to data portability, unless mci group has to keep these data for legitimate business or legal purposes. For more information, you should contact the Data Protection Officer at the above-mentioned e-mail address. Moreover, you have a right to lodge a complaint with a supervisory authority.

To contact mci group with questions or issues about mci group’s data processing, you should contact the Data Protection Officer at the following e-mail address: privacy@mci-group.com.

By contacting the Data Protection Officer at the above-mentioned e-mail address, you may opt-out from receiving future electronic marketing messages from mci group and request that we not share your personal data with unaffiliated third parties for their marketing purposes. mci group will try to comply with your request(s) as soon as reasonably practicable. 

Please note that if you opt-out as described above, mci group will not be able to remove your personal data from the databases of unaffiliated third parties with which mci group has already shared your personal data (i.e., to which we have already provided your personal data as of the date that we implement your opt-out request). 

Please also note that if you do opt-out of receiving marketing-related messages from mci group, we may still send you important administrative messages, and you cannot opt-out from receiving administrative messages.


10. Changes

This Privacy Policy may be revised and updated by mci group from time to time to comply with statutory data protection and privacy laws. mci group will post any Policy changes on its website and, if the changes are significant, mci group will send a notice to the e-mail address provided in your Contact Profile. 


11. Contact

If you need further assistance, please contact our Data Protection Officer via:

E-mail address: privacy@mci-group.com

Address: MCI Group Holding SA, Data Protection Officer, rue du Pré-Bouvier 9, 1242 Satigny, Switzerland.

For US residents and requests under CCPA (California Consumer Privacy Act): +18337910490