Skip to main content

Privacy Policy

Tim Minton avatar
Written by Tim Minton
Updated this week

Privacy Policy – Webinar Services Provided by Contrast

Effective Date: April 21st, 2025


1. Purpose and Scope of This Privacy Policy

This privacy policy (hereinafter referred to as the “Policy”) is issued by AirfairCTWW SAS, a French simplified joint stock company registered under number 889 006 706 with the Registry of Trade and Companies of Bobigny, whose registered office is located at 7 Place de l’Hôtel de Ville, 93600 Aulnay-sous-Bois, France (hereinafter referred to as “Contrast”, “we”, “us”, or “our”).

This Policy sets forth the terms and conditions under which we collect, process, use, retain, and protect your personal data in connection with the provision of webinar services via the online platform accessible at https://getcontrast.io (the “Platform”), operated exclusively for the benefit of webinar organizers and attendees (collectively referred to as “Users”).

The Policy is intended to be binding upon Contrast and the organizer of the webinar (the “Organizer”), who has entered into a commercial agreement with us for the provision of our webinar services. The Organizer, acting as a separate and independent data controller, is likewise responsible for fulfilling their obligations under applicable data protection laws.


2. Definition and Nature of Personal Data

For the purpose of this Policy, “personal data” refers to any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, by reference to one or more identifiers, including but not limited to:

  • First and last name;

  • Professional email address;

  • Company name and size;

  • Job title and department;

  • Country and time zone;

  • IP address and browser user agent;

  • Webinar content accessed, attendance and interaction data;

  • Communication records, such as customer service interactions or technical support inquiries.

Such data may be collected either directly from you when you register for or participate in a webinar, or indirectly via the Organizer, who provides such data for the purpose of enabling your participation in the webinar and the provision of related services.


3. Legal Basis for Data Processing

The processing of your personal data by Contrast is based on the following legal grounds:

  • Performance of a contract: when data processing is necessary to provide you with access to our webinar services as per the contractual agreement between you and the Organizer, or between you and Contrast directly;

  • Your consent: for communications such as newsletters or webinar reminders, which you may opt into at your discretion;

  • Compliance with legal obligations: when processing is required under applicable laws or regulations;

  • Our legitimate interests: where necessary to ensure the quality, security, and improvement of our services, provided such interests are not overridden by your fundamental rights and freedoms.


4. Purposes for Collecting and Processing Personal Data

We collect and process your personal data solely for the following specified and legitimate purposes:

Purpose

Personal Data Processed

Legal Basis

Retention Period

Access and use of the webinar Platform

Name, email, company, title, IP address, device/browser info

Performance of contract

One (1) year from last login

Customer support and service continuity

Call recordings, chat transcripts

Performance of contract

For the duration of the contract with the Organizer, plus applicable statute of limitation

Communication regarding webinars (e.g. reminders, updates)

Name, email, company

Consent

Until withdrawal of consent or one (1) year after last contact

Statistical analysis and service improvement

Session duration, content accessed, user interactions

Legitimate interest

Up to twelve (12) months from collection

Compliance with legal obligations

User consent logs, opt-out records, rights exercise requests

Legal obligation

Applicable statute of limitation

Where data is collected from the Organizer, such Organizer represents and warrants that they have obtained any necessary consents from data subjects or have a legal basis to transfer said data to Contrast.


5. Recipients of Personal Data

Your personal data may be disclosed to the following categories of recipients, solely for the purposes specified in this Policy:

  • Authorized personnel of Contrast involved in the performance and oversight of the webinar services;

  • Subcontractors and service providers engaged by Contrast, including but not limited to:

    • Hosting and infrastructure providers (e.g. Amazon Web Services)

    • Communication and support platforms;

    • Analytics service providers;

  • The Organizer of the webinar for which you have registered, to the extent necessary for enabling participation, managing engagement, and evaluating service performance;

  • Public authorities, regulators, courts, or law enforcement agencies, where such disclosure is required by applicable law or regulation.

Where personal data is collected or shared between Contrast and the Organizer, both parties acknowledge their respective obligations as independent data controllers under applicable data protection laws.

For requests to access, rectify, delete, or otherwise exercise rights regarding personal data, data subjects may contact either Contrast or the Organizer, depending on the source of the data.

  • If the data was provided directly to Contrast (e.g., through registration on the Platform), Contrast will be the primary point of contact and will respond to requests within 30 days in accordance with GDPR Article 12.

  • If the data was submitted via the Organizer, Contrast will promptly notify the Organizer of any rights request received and will reasonably assist the Organizer, as required, in responding to the request within the statutory timeframe.

All requests should be submitted in writing to dpo@getcontrast.io, and must include sufficient information to verify the identity of the requester and identify the relevant data.


6. Transfers of Personal Data

All personal data collected and processed under this Policy is stored and maintained on secure servers hosted by Amazon Web Services (AWS) located in Ireland, within the European Economic Area (EEA).

No personal data will be transferred outside the EEA, unless required by law or with your prior explicit consent and subject to appropriate safeguards.


7. Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including but not limited to:

  • Compliance with OWASP standards for web application security;

  • Real-time deployment of security patches and updates;

  • Use of strong encryption protocols and access controls;

  • Enforcement of complex password policies and breach monitoring;

  • Secure data hosting with AWS under EU-compliant frameworks;

  • Anonymization or pseudonymization of log files where feasible.

A list of subprocessors can be made available upon request. Or has been shared with you as part of a general security audit. These measures are reviewed and updated regularly to ensure the ongoing confidentiality, integrity, and availability of personal data.


8. Data Retention Periods

We retain your personal data only for the period strictly necessary to fulfill the purposes for which it was collected, and in accordance with applicable legal requirements:

  • Webinar platform usage data: one (1) year from the date of last login;

  • Customer support records (e.g. call recordings): up to six (6) months;

  • Communication preferences and opt-outs: one (1) year from date of request;

  • Consent logs and user rights requests: one (1) year from date of collection or request;

  • Legal documentation and contracts: for the duration required by the applicable statute of limitation.

At the end of the applicable retention period, your data will either be securely deleted or anonymized.


9. Use of Cookies and Analytics

We use only strictly necessary cookies and technologies that are essential to the operation, security, and performance of our Platform. These cookies enable core functionality such as user authentication, session maintenance, and secure transmission of data.

The types of cookies and tracking mechanisms we use are limited to:

  • Authentication cookies: These are used to verify your identity and keep you logged in during your session.

  • Session and messaging cookies: These help maintain your session state across pages, including chat and communication features.

  • Performance monitoring tools (e.g., Sentry.io): Used to detect errors, maintain system reliability, and ensure the quality of webinar service delivery. These tools do not collect data for profiling or advertising.

All essential cookies are deployed based on our legitimate interest in maintaining the functionality and integrity of the Platform. If these cookies are disabled or rejected through browser settings, the Platform may not function properly, and you may not be able to attend webinars or use related services.

Use of Cookies and Tracking Technologies

Our Platform uses cookies and similar technologies to support its secure operation, enhance user experience, and maintain reliable performance of webinar services. Cookies are small data files stored on your device that help us identify your session, keep you logged in, and troubleshoot technical issues.

We use the following categories of cookies:

  1. Strictly Necessary Cookies
    These cookies are essential for the core functionality of the Platform, such as authenticating users, maintaining secure sessions, and enabling webinar participation. They are required for the service to function properly and cannot be disabled.

  2. Performance Monitoring Tools
    We use technologies like Sentry.io to monitor platform stability, detect errors, and improve service quality. These tools collect only technical and operational data and do not track users for profiling, marketing, or advertising purposes.

We do not use advertising, targeting, or profiling cookies.

User Awareness and Consent

At the time of registration, users are presented with a link to this Privacy Policy and the applicable Terms & Conditions. By completing registration (e.g., clicking “Finish Registration” or similar action), users acknowledge and agree to the use of cookies and related technologies as described herein.

If users wish to manage or delete cookies after registration, this can typically be done through their browser settings. Disabling essential cookies may affect the ability to use key features of the Platform, including webinar access and session continuity.

For more information about cookie management, visit: https://www.allaboutcookies.org.


10. Your Rights

Pursuant to applicable data protection regulations, you have the following rights with respect to your personal data:

  • Right of access: to obtain confirmation as to whether or not personal data concerning you is being processed, and access to such data;

  • Right to rectification: to request the correction of inaccurate or incomplete data;

  • Right to erasure: to request the deletion of your personal data, subject to legal exceptions;

  • Right to restriction: to request the restriction of data processing under certain circumstances;

  • Right to object: to object to data processing based on legitimate interests;

  • Right to data portability: to receive your personal data in a structured, commonly used, machine-readable format;

  • Right to withdraw consent: where processing is based on consent, you may withdraw such consent at any time.

You may exercise any of the above rights by contacting us using the contact details provided in Section 13 of this Policy.


11. Complaints

You have the right to lodge a complaint with the competent data protection authority, such as the Commission Nationale de l'Informatique et des Libertés (CNIL) in France, if you believe that the processing of your personal data violates applicable laws or regulations.


12. Post-Mortem Data Rights

You may define general or specific guidelines relating to the retention, erasure, and disclosure of your personal data after your death. Such instructions may be registered with a trusted third party certified by the CNIL or communicated directly to Contrast via the contact details set forth herein.


13. Data Concerning Minors

Our webinar services are not intended for individuals under the age of 13. We do not knowingly collect or process personal data relating to minors without the verifiable consent of a parent or legal guardian. If such data has been inadvertently collected, please notify us immediately so that it may be deleted.


14. Contact Details for Data Protection Matters

For any questions regarding this Policy, or to exercise your data protection rights, you may contact us at the following addresses:

  • Postal Address: AirfairCTWW SAS, 7 Place de l’Hôtel de Ville, 93600 Aulnay-sous-Bois, France


15. Amendments to the Policy

We reserve the right to amend this Policy at any time, in whole or in part. Any changes shall be effective upon publication on the Platform. Continued use of the Platform following such publication shall constitute your acceptance of the amended Policy.


Did this answer your question?