I. Who are we?
Digitevent develops a “Service” that, on behalf of “Organizers”, allows non-exclusive event planning websites, “Participant” (or “Guest”) database management, ticketing, and access control of Participants at events. The Service is edited by Digitevent, 11 rue des Petites Ecuries 75010, Paris, France (see Legal Notice).
II. Importance of data confidentiality
Aware of the critical importance of data confidentiality, Digit Event is strongly committed to protecting personal data in compliance with the current regulations (especially Directive 95/46/CE regarding data protection (as transposed in the national legislation of Member States) and the General Data Protection Regulation (GDPR).
- You gave consent;
- It is required by our contractual relationship;
- The processing is necessary to allow us to fulfill our legal or regulatory obligations; and/or
- The processing is in our legitimate interest as an event planning and ticketing platform (e.g. To protect our systems’ safety and integrity and offer you client services etc.).
IV. Collected Personal Data
1. Regarding the “Organizers”
We collect the data supplied when you register with the Service or when we correspond within the scope of business/support related/questionnaire related matters. Some data may also be obtained from third parties. This personal information contains and is not limited to your name, first name, email address, invoicing information.
2. Regarding the “Participants” (or “Guests”)
Organizers may set up registration pages aimed at collecting all the information required on Participants within the scope of the registration to the Organizer’s vent. Digitevent does not control the Organizer’s registration process or the Personal Data he collects.
3. For all Organizers and Participants
We may also collect some technical data automatically sent by computers using the Service (for example, and not limited to information regarding your access device, your browser, or IP).
- We do not deliberately collect Personal Data from children under thirteen (13) years. Should you be less than thirteen (13) years old, please do not submit any Personal Data through the Service.
5. Data storage
a. Technical protective measures
- All communication regarding the service is effected through HTTPS / SSL.
- Organizers and Digitevent team’s passwords must follow a specific format (minimum 8 characters with numbers and capital). They are also encrypted as a database therefore not searchable by the Digitevent team members.
- An advanced server logging system has been implemented. This system records: the time of the inquiries, the sender’s IP, the user-agent, the resource, and type of inquiry. This data is stored for 7 days by default.
b. Physical and internal protective measures
- The Digitevent offices are physically protected by an armored door and an alarm system.
- Each employee personally commits to a confidentiality and data protection chart.
- The various accesses supplied to the Digitevent team will be adapted to the business needs and periodically reassessed, including when some team members leave the team or when the team welcomes new members.
- The Digitevent team members’ personal computers are protected by unique passwords. The use of a password management system to encrypt all employees’ passwords and impose the use of a unique password for each of the services used is compulsory.
- Storage or exchange of Personal Data by employees is prohibited.
c. Retention period
- If you are an Organizer
We may store your Personal Data as long as you are registered to use the Service. You can close your account by contacting us. We can however not store Personal Data for a period longer than the duration authorized or required by the current legislation.
- If you are a Participant
Your personal data will be automatically destroyed 1 year after the completion of the event you were linked to. This period is increased to 3 years should there be payment and invoicing information, in order to comply with regulations. Please note that the Organizer may bring this storage period forward by default by choosing to extend the Data storage or delete them at the moment of his choosing.
Should we delete your Personal Data, this data may, for legal reasons or for legitimate and commercial and legal reasons, remain on saving or storage devices for an additional period of 60 days.
V. Notifications regarding data incidents
Whether we act as a data controller or processor, we will notify the affected Organizer directly, as he will be the entity in the best position to contact the individual quickly following an incident involving non-authorized access to the said individual’s Personal Data. This notification will be sent within 72 hours of such incident being brought to our attention.
VI. Use and disclosure of Personal Data
The EU regulations on the protection of data distinguish between organizations that process Personal Data for their own needs (called “Data Controller”) and organizations that process Personal Data for other organizations’ account (called “Data Processors”). Should you have a question or complaint regarding the manner in which your Personal Data is managed, always address them to the relevant Data Controller as he is the main party responsible for your Personal Data.
According to the circumstances, Digitevent may act either as Data Controller or as Data Processor towards your Personal Data:
1. Use of Data by Digitevent
When you open an Organizer account, Digitevent becomes a Data Controller of the Personal Data you supply under your account. We will also control the Personal Data we obtained through the use of the Service.
The Personal Data will be used to allow access and usage of the Service, for example, to help Organizers to connect to the service, communicate with the Organizers, improve the Service, for in-house business purposes, take action against wrongful acts, enforce our Conditions of Use, manage your account and offer a service to Organizers, etc.
When compliant with your personal preferences, we may use your Personal Data to contact you for our marketing and advertising needs, including and without limitation to inform you about the Service. You may unsubscribe from these communications by clicking on the “Unsubscribe” button at the bottom of the emails or by sending a message to email@example.com.
We are not in the business of selling Personal Data. We consider this information to be a crucial part of our relationship with you. We will therefore not sell Participants’ Personal Data to third parties (advertisers…). Some Organizers’ Personal Data might sometimes be part of a very focused business operation, for example within a strategic partnership.
We may share some Personal Data with sub-processors and subcontractors that may have to, from time to time, process some Personal Data on behalf of Digitevent. These companies include database service providers, saving and recovery service providers, email, and other service providers. When we contract another company to perform such duties, we are extremely cautious as to their compliance with GDPR, international data transfer regulations, and generally their policy on Personal Data management. Our data sub processing providers: Amazon Web Service (Europe), Pipedrive, Sendgrid, Gatewayapi, Google analytics, Mangopay.
2. Use of data by Organizers
When you use the Service as a Participant or Guest to an event, we process your Personal Data to help the Organizer manage the event. As Data Processor, we supply them with the Data collected. Digitevent supplies the Organizer with “tools” and does not make any decision as to the Personal Data to request and is not responsible for the continuous accuracy of the Personal Data supplied. Any questions you may have regarding your Personal Data and your rights must thus be addressed to the Organizer as Data Controller and not to Digitevent. An Organizer may, in some cases, designate a third party – associated to the Organizer or not – to create an event or fundraising page for his account.
We are not responsible for these Organizers or their third-party Organizers’ actions regarding your Personal Data, including when they are used through the tools offered by the Service. It is important that you scrutinize the Organizers’ current policies (or, if available, of the designated third parties) regarding an event prior to supplying Personal Data through the Service.
We authorize the Organizers to use our tools to communicate with the Participants via the emails and SMS’s we send them for in their name. If you registered for an event on the Service, your email is made available to the relevant Organizer. The Organizers may also import emails from external sources. The Organizer, not Digitevent, is in charge of these mailings. The Organizers are bound to use our email tools exclusively in compliance with the current legislation. Digitevent supplies an “Unsubscribe” link in each email to enable the Participants or Guests to unsubscribe from the communications regarding a specific event.
Communications are not only marketing – they may also be relevant to the transaction (example: your ticket or registration confirmation). You will still receive these transactional emails regardless of your subscription choice. The only way to stop receiving these messages is to contact Digitevent.
3. Legal requirements
We may disclose your Personal Data to comply with a legal requirement:
- to obey a subpoena or upon request from the public authorities regarding a national security matter or to comply with the law;
- or should we believe in good faith that such action is necessary to protect or defend our rights, assets, or the rights or assets of third parties; to protect the Services users or the public’s personal security in an emergency.
VII. Access and modification of data
You may request to access, correct, or remove any Personal Data concerning you. However, should you be a participant, even if, at your request, Digitevent deletes or anonymizes your Personal Data, your Personal Data may still be available in the Organizer’s database should it have been downloaded by the Organizer prior to its deletion or anonymization.
IX. Disputes & Questions
We acknowledge and answer all requests in accordance with the current legislation. You may contact us through the postal address stated in our legal notice or via email at firstname.lastname@example.org.