Privacy Notice
LAST UPDATED: July 31, 2024
In this Privacy Notice, we describe our collection, use, disclosure and processing of personal information that we collect online via our website located at https://www.cemevent.com, as well as related to our services. In this Notice, references to “Chicago Event Management,” “us”, “we”, “CEM” and “our” all refer to Chicago Event Management, Inc. a/k/a CEM.
1. Scope
This Privacy Notice describes, generally, how CEM, in our capacity as a “controller” or a “business” or a “responsible party” under applicable laws, handles and process Personal Information related to:
- the use of our corporate website, marketing communications and associated services that link to this Privacy Notice, including www.cemevent.com (the “Homepage”) and other websites controlled by CEM that hyperlink to this Notice (collectively, the “Websites”);
- our former, current and prospective race participants (“Participants”);
- individuals who communicate with us; and
- individuals who volunteer at our events.
Personal information. In this Privacy Notice, our use of the term “Personal Information” include other similar terms under applicable privacy laws, such as “personal data” and “personally identifiable information.” In general, Personal Information incudes any information that identifies, relates to, describes, or is reasonably capable of being associated, linked, or linkable with particular individual.
Not covered by this notice. This privacy notice does not apply to job applicants and candidates who apply for employment with us through our job application portal or to our employees and non-employee workers who personal information is subject to different privacy notices which are provided to such individuals in the context of their employment or working relationship with CEM.
Controller Responsibilities
When providing services, CEM may act as a “service provider” or “processor” “contractor”, or “operator” under applicable privacy and data protection laws. This means that we may receive or collect your personal information from third parties. In this scenario, we will only process personal information on behalf of and subject to the instructions of that party (who, from a privacy law perspective are “controllers’ or “businesses” or “responsible parties” where we are acting as a “service provider” or “processor” or “operator.”
Services and other activities. With respect to our services, other events and related business activities, in general, CEM with whom you engage is the controller for your Personal Information.
2. Personal Information Collected
We collect Personal information directly from individuals, automatically related to the use of the services and engagement with our marketing and Websites, and in some cases, from third parties (such as social networks, platform providers, payment processors, and operators of certain third-party services that we use). Sometimes we collect information about you in conjunction with other companies that we work with to provide you our services, or they provide us with your information consistent with your direction to do so. Generally, we collect your Personal information on a voluntary basis. However, if you decline to provide certain Personal Information that is marked mandatory, you may not be able to access certain services, or we may be unable to fully respond to your inquiry.
The personal information that we collect, and process will vary depending upon the circumstances. For example, the Personal Information we may collect through our Websites incudes:
- your name, postal address, email address, phone number, and other contact information
- information regarding your interactions with us and related to your use of Websites and services
- interests you have in relation to our services and/or our events
- information you may have voluntarily submitted to us by completing any form on our Website
- information about your usage of our Websites and services
We may also collect additional personal information in providing our Services, operating our business, and interacting with individuals in the course of our business. This may at times include “sensitive” information (otherwise known as “special categories of personal information” under under the California Consumer Privacy Act (“CCPA”)), such as health records like physical health or condition and related medical data. Where required by law, we will provide specific data information to you regarding how we may process that data and what rights you may have regarding such processing.
Categories of Sources of Personal Information. We may collect Personal Information directly from you, as well automatically related to your use of Services and engagement with our marketing and our Websites and other services, as well as from third parties. For example, we collect Personal Information:
- from you, either directly (i.e., through information you submit to us, including via forms that you may complete and submit through our Websites) or indirectly (i.e., by observing your actions on our Websites or whether you engage with email communications)
- from the content of surveys that you may complete
- from ‘cookies’ and other similar tools deployed on parts of our Websites (for further information regarding cookies used on our Websites, please see section 7 below) or within our emails and newsletters
- from our third parties in connection with us providing professional services to them or to the companies for which they work
- from data analytics providers
- from government entities
- from services providers (i.e., companies who are assisting us in fulfilling our contracts and carrying out our business, such as to perform mailings or to provide customer service)
- from other sources, such as public databases, joint marketing partners, social media platforms (including from people with whom you are friends or otherwise connected) and from other third parties
Categories of Personal Information we collect. While the Personal Information we collect varies, as explained above, depending upon the nature of the services provided or used and our interactions with individuals, we may collect the following categories of Personal Information (subject to applicable legal requirements and restrictions):
- Name, contact information and other identifiers: identifiers such as a real name, alias, address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers including, where applicable, company names and addresses, where this is Personal Information in your country.
- Protected classifications: characteristics of protected classifications under state or federal law such as race, color, sex, age, relation, national origin, disability, citizenship status, and genetic information.
- Commercial Information: including records of products or services purchased, obtained, or considered, or other purchasing or use histories or tendencies.
- Usage data: internet or other electronic network activity information including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement or email communication.
- Geolocation data: precise geographic location information about a particular individual or device.
- Audio, video and other electronic data: audio, electronic, visual, thermal, olfactory, or similar information such as, CCTV footage, photographs, and call recordings.
- Profiles and inferences: inferences drawn from any of the information identified above to create a profile reflecting a resident’s preferences, characteristics, predispositions, behavior, attitudes, abilities, or aptitudes.
- Other forms of Sensitive Personal Data: information concerning racial or ethnic origin and health.
3. Purposes for Processing Personal Information
While the purposes for which we may process Personal Information will vary depending upon the circumstances, in general we use Personal Information for the purposes set forth below.
- Providing support and services: including to provide our Services, operate our Websites, applications and online services; to communicate with you about your access to and use of our Services; to respond to your inquires; to provide troubleshooting, fulfil your orders and requests, process your payments and provide technical support; and for other customer service and support purposes.
- Analyzing and improving our business: including to better understand how users access and use our Services and Websites, to evaluate and improve our Websites, Services and business operations, and to develop new features, offerings and services; to conduct surveys and other evaluations (such as participant satisfaction surveys); and for other research and analytical purposes.
- Personalizing content and experiences: including to tailor content we send or display on our Websites and other Services; to offer location customization and personalized help and instructions; and to otherwise personalize your experiences.
- Advertising, marketing and promotional purposes: including to reach you with more relevant ads and to evaluate, measure and improve the effectiveness of our ad campaigns; to send you newsletters, offers or other information we think may interest; to contact you about our Services or information we think may interest you; and to administer promotions and contests.
- Securing and protecting our business: including to protect and secure our business operations, assets, Services, network and information and technology resources; to investigate, prevent, detect and take action regarding fraud, unauthorized access, situations involving potential threats to the rights or safety of any personal or third party, or other unauthorized activities or misconduct
- Defending our legal rights: including to manage and respond to actual and potential legal disputes and claims, and to otherwise establish, defend or protect our rights or interests, including in the context of anticipated or actual litigation with third parties.
- Auditing, reporting, corporate governance, and internal operations: including relating to financial, tax and accounting audits; audits and assessments of our operations, privacy, security and financial controls, risk, and assessment so four operations, privacy, security and financial controls, risk, and compliance with legal obligations; our general business, accounting, record keeping and legal functions; and related to any actual or contemplated merger, acquisition, asset sale or transfer, financing, bankruptcy or restructuring of all or part of our business.
- Complying with legal obligations: including to comply with law, our legal obligations and legal process, such warrants, subpoenas, court orders, and regulatory or law enforcement requests.
Aggregate and de-identified information. We may de-identify Personal Information and create anonymous and aggregated data sets and reports in order to assess, improve, and develop our business, products, and services, prepare benchmarking reports on our industry, and for other research, marketing and analytics purposes. When we de-identify personal information, we have implemented reasonable measures as required by law to ensure that the de-identified data cannot be associated with any individual or participant. We will only maintain and use such data in a de-identified manner and do not attempt to re-identify the data, except as permitted by law.
4. Disclosure of Personal Information
We disclose the personal information we process as set forth in this section.
A. Purposes for which we disclose Personal Information
We may disclose your personal information for the following reasons:
- to third party service providers such as entities providing customer services, email delivery, auditing, hosting our Websites and providing services
- to third parties involved with the event that you registered for, to facilitate your participation in those events, support feedback collection and evaluation for some events, to third parties who provide a central record keeping system for continuing professional development event attendance
- if we are obliged to disclose your personal information under applicable law or regulation
- in order to enforce or apply our Websites’ terms of use, or to protect the rights, privacy, safety or property of CEM, our participates, affiliates, vendors or other parties
- subject to applicable laws, to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities
- in connect with the planning, due diligence and implementation of commercial transactions, including a reorganization, merger, sale of all or a portion of assets, a joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings)-in such cases, your personal information will be transferred to the acquiring entity
- in accordance with the separate terms and conditions of use that may apply to you or with your explicit consent
- to third party insurers for purposes of obtaining coverage for you
We request those external service providers to implement and apply security safeguards to ensure the privacy and security of your personal information. These third parties have agreed to confidentiality restrictions and to use any personal information we share with them or which they collect on our behalf solely for the purpose of providing the contracted service to us.
B. Categories of Personal Information Disclosed
Certain privacy laws (such as the CCPA) require that we disclose the categories of Personal Information that we have disclosed for a business purpose as well as the categories that we have “sold or “shared” (as those terms are defined under the DDPA or other applicable laws). Please review the descriptions of the categories of personal information under the Personal Information Collected section above, for further descriptions of each category of personal information.
Categories of personal information disclosed for a business purpose. In general, we may disclose the following categories of personal information in support of our business purposes identified above:
- Name, company name, contact information and other identifiers
- Customer records
- Protected classifications
- Commercial Information
- Usage data
- Geolocation data
- Audio, video and other electronic data
- Profiles and inferences
We have disclosed the categories of Personal Information listed above to the following categories of third parties in the preceding twelve months: our clients, participants, advertising networks, data analytics, other service providers, and government entities.
Categories of Personal Information sold or shared. While we do not disclose Personal Information to third parties in exchange for monetary compensation from such third parties, we do disclose or make available Personal Information to third parties, in order to receive certain services or benefits from them, such as when we allow third party tags to collect information such as browsing history on our Websites, in order to improve and measure our ad campaigns. The CCPA defines a “sale” as disclosing or making available to a third party Personal Information in exchange for monetary or other valuable consideration, and it defines “share” in pertinent part as disclosing Personal Information to a third party for cross-context behavioral advertising. Pursuant to the CCPA, the categories of Personal Information that we may “sell” as defined under the CCPA includes:
- Identifiers
- Usage data
Electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interaction with our Websites Geolocation data
We have “sold” the categories of Personal Information listed above to data analytics providers in the preceding twelve months.
We do not “share” personal information for cross-context behavioral advertising.
5. Cookies and Tracking
Our Websites may use first party and third party cookies, pixel tags, plugins and other tools to gather device, usage and browsing information when users visit our Websites or use our online services. For instance, when you visit our Websites, our server may record your IP address (and associated location information) and other information such as the type of your internet browser, your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, and the pages you view and links you click on our Websites, as well as date and time stamps associated with your activities on our Websites.
We use the information for security purposes, to facilitate navigation, to personalize and improve your experience while using the Websites, to improve and measure our advertising campaigns and to better reach users with relevant advertising both on our Websites and on third party websites. We also gather statistical information about use of the Websites in order to continually improve their design and functionality, understand how they are used and assist us with resolving questions regarding them.
Cookies. Cookies are small text files that a website transfers to your computer or other device to store and sometimes collect information about your usage of websites, such as time spent on the websites, pages visited, language preferences, and other anonymous traffic data. You can control the way in which cookies are used by altering your browser settings. You may refuse to accept cookies by activating the setting on your browser that allows you to reject cookies. However, if you select such a setting, this may affect the functioning of our Websites. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you access or log on to our Websites.
Pixel tags and other similar technologies. Pixel tags (also known as web beacons and clear GIFs) may be used in connection with some Websites to, among other things, track the actions of users of the Websites (including email recipients), measure the success of our marketing campaigns and compile statistics about usage of the Websites and response rates. We and our service providers also use pixel tags in HTML emails to our Participants, to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
Log files. Most browsers collect certain information, such as your IP address, device type, screen resolution, operating system version and internet browser type and version. This information is gathered automatically and stored in log files.
Third Party Analytics Tools. Our Websites may use automated devices and applications operated by third parties (e.g., Google Analytics), which use cookies and similar technologies to collect and analyze information about use of the Websites and report on activities and trends.
Opt-Out Preference Signals and “Do-Not-Track” Signals. Please note, our Website does not recognize or respond to any signal which your browser might transmit through its so-called “Do Not Track” (DNT) feature. If you wish to disable cookies on our Websites, you should not rely on DNT browser settings.
6. Security
CEM has implemented organizational, technical, and administrative security measures with the goal of protecting Personal Information we process. Despite this, the security of the transmission of information via the internet cannot always be guaranteed and you acknowledge this in your access and use of our Websites and Services. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contacting Us” section below.
7. Retention Period
CEM stores Personal Information as needed to accomplish the purposes identified in this Notice and to meet legal requirements, including legal and compliance requirements regarding records retention, resolving disputes, and enforcing our agreements. This mean that CEM may be required to maintain your information, for example, to: (1) comply with our legal and regulatory compliance needs (e.g., maintaining records of transactions you have made with us); (2) to exercise, establish or defend legal claims; and/or (3) to protect against fraudulent or abusive activity on our services and systems. For these and possibly other reasons, we may be unable to delete personal information upon request of an individual in certain cases.
We may retain different categories of information for different periods of time for the instances stated above. However, it is our policy as an organization that when Personal Information is no longer needed or after legal authority to retain it has expired, Personal Information will be destroyed in accordance with applicable law and pursuant to procedures established in relation to the relevant CEM services, systems, or processes. Retention periods for records maintained by CEM, including those containing personal data are established based upon business need, statutory and regulatory record keeping requirements and legal obligations. If you have any further questions about our handling of personal information, please contact us in accordance with the “Contacting Us” section below.
8. Children and Minors
Our Websites and services are not solicited to individuals under the age of sixteen (16), and we do not knowingly collect Personal Information from minors under the age of 16. We require parental consent for the processing of personal data for minors under sixteen.
9. Individual Rights and Choices
Marketing.
We may seek your consent to send communications regarding our services. We will ask you to opt in to receiving these communications, which may be revoked by you at any time.
You may opt-out from:
- Receiving market-related communications from us on a going-forward basis by clicking the unsubscribe link located at the bottom of each email message
- Our sharing of your Personal Information with unaffiliated third parties, such as sponsors, for their direct marketing purposes by emailing us at privacy@cemevent.com or, in the case of text messages, texting “STOP”.
We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages, from which you cannot opt-out.
Access, amendment and deletion. You may request to review, make amendments, have deleted or otherwise exercise your rights under applicable privacy laws over your Personal Information that we hold, subject to certain limitations under applicable law. You may submit a request to us related to your Personal Information, except that requests under U.S. state privacy laws must be made in accordance with the information provided in the section below applicable to each particular state:
- By emailing us at privacy@cemevent.com
- By contacting us at 312.904.9800
We take steps in accordance with applicable legislation to keep your personal information accurate, complete and up-to-date. If you would like to review, correct, update, suppress, or restrict the processing of your Personal Information or request a copy of Personal Information about you, you may contact us:
- By sending us an email at privacy@cemevent.com
- By sending your request by postal mail to the address provided below in Section 11.
In your request, please make clear what Personal Information you would like to have changed, whether you would like to have the Personal Information suppressed from our database or otherwise let us know which of the above limitations you would like to put on our use of your Personal Information. For your protection, we may only implement requests with respect to the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.
Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion.
10. Updates to our Privacy Notice
From time to time, we may change our Privacy Notice. The “LAST UPDATED” legend at the top of the Privacy Notice indicates the last time this Privacy Notice was revised. Checking this effective date allows you to determine whether there have been changes since the last time you reviewed the notice. We will notify you of changes to this Privacy Notice by posting the revised Privacy Notice on our Websites.
11. Contact and Comments
If you have any questions or comments regarding this Privacy Notice or the Chicago Marathon, please contact at 110 N. Wacker, Floor 5 – Marathon Suite, Chicago, IL 60606 or at privacy@cemevent.com or 312.904.9800.
12. Additional Information for Residents in Certain Jurisdictions
Depending on where you live, you may have the right to request:
- Information about the Personal Information CEM has collected, used, and disclosed about you.
- Deletion of your Personal Information.
- Correction of your Personal Information.
- Transmission of your Personal Information to another controller.
- Withdrawal of your consent at any time or object to any use of your Personal Information.
To exercise these rights, send us an email at privacy@cemevent.com. We may not be able to accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect. If that happens, we’ll let you know. We may also need you to provide additional information for us to verify your identify before implementing or acting on a request.
To opt-out of targeting advertising, visit the privacy preference center.