
Short answer: Yes, you may, and you should. Worried about GDPR? If you physically collect your visitors’ business cards, their consent is clear. But even more convenient is the data you receive when you scan the QR code on your visitors’ badges and tickets. Read here to learn how to safely use this data.
First, think about the origin of the data. Your visitors registered for the fair and provided their data themselves. Most likely, they also agreed to the privacy policy of the fair organizer. Typically, there is a section that explains how the data will be shared with exhibitors who scan the QR code at the fair. You can easily verify this by visiting the fair’s visitor registration site. This will most likely confirm that your visitors consent to the use of their data.
If you want to be absolutely sure, save the version of the privacy policy of the fair organizer that your visitors had to agree to during registration.
Now the data is stored in the lead management tool. Is this safe? Yes, your data is safe in good management tools. And if you use LeadSuccess as your lead management system, you will find links to the privacy policy both in the emails you received and in the LeadSuccess Portal. It specifies exactly where the data is stored (only on servers in the EU!) and when it is deleted.
When you export personal data to transfer it into your local system, you store it permanently. For this, you need to define a legitimate purpose. Purpose limitation is one of the key principles of the GDPR. In the case of a trade fair visit, this could include acquiring new customers, partners, or employees, or providing in-depth care for customer and partner relationships.
A thank-you email after a trade fair visit is therefore always justified. However, your visitors must still consent to receiving regular newsletters.
However, we recommend that you do not permanently store data of visitors with whom you do not wish to remain in contact.
Do you need a Data Processing Agreement (DPA)? Yes and no.
No, if you use a lead management tool for just one fair, provided by the fair organizer. Individual DPAs are typically not manageable in this case. Additionally, most trade fair organizers explicitly exclude individual DPAs in their general terms and conditions for booking a trade fair booth. You can easily verify this as well. Personal data is typically deleted a few weeks after the fair, usually within 4 weeks.
Yes, however, if you use a lead management tool continuously for all your fairs, no data will be automatically deleted. In this case, the provider of the tool will be happy to send you a DPA contract.
IIf you work in a very data-sensitive industry or have a strict privacy policy, a good lead management tool should include a feature that allows your visitors to additionally confirm that you may use their data and even sign their consent within the app.
Yes, the GDPR can be a bit complicated, we agree. But it is manageable. Data is the gold of the 21st century, and there’s not much you need to do to take good care of your visitors’ gold. With a good lead management system, this treasure is safe with you and generates good returns for everyone involved.