Privacy and General Data Protection Regulation

Since its creation, Digitevent has been giving data security a major importance by making it an absolute imperative. The GDPR (General Data Protection Regulation), applicable as of May 25th 2018, has for main objective to unify regulation on data protection within the European Union. Even though its fundamental principles are based on current EU rules, GDPR widens its application scope and adds mandatory norms as well as sanctions for those who would not respect it.

3 fundamental commitments have been put in place at Digitevent :

Transparency

  • Every personal and confidential data, stored by Digitevent, is subject to a CNIL declaration (Receipt number 1762952) in accordance with the « Information Technology, Data Files and Civil Liberties » law, integrated to the GDPR.

  • Personal and confidential data are hosted on servers located within the European Union ( https://aws.amazon.com/fr/compliance/eu-data-protection/ )

  • Access to routine backups is protected and credentials are restricted to the data protection representative.

  • Digitevent has for main activity the creation of event registration websites, the management of contacts databases and the access control at events. The client is the exclusive owner of its contacts data. This data is exclusively stored to ensure a proper functioning of the Service and won’t be accessible by third parties without the client credentials. Digitevent will never make any commercial use of its clients data. In particular, it will never communicate, sell, lend or exchange it with any third parties. The client is responsible for the data use on the platform.

Control

  • Personal data is exclusively accessible using credentials. The data is stored for one year after the event finishes and is then permanently and automatically deleted. Nevertheless, every client can, at any moment, delete permanently or edit its contacts without any human intervention at Digitevent.

  • From Digitevent, clients can and insert legal informations in their email campaigns (company name, address and unsubscribe links)

  • We ensure that any data processing services used by Digitevent states for GDPR compliance.

Security

  • All exchanges are done through HTTPS / SSL.

  • Digitevent passwords require complexity and security pre-requisites. Moreover, they are encrypted and therefore cannot be accessed by any team member at Digitevent.

  • An advanced server logging system had been put in place and allows to know : queries hours, types, requests IPs, user-agents, endpoints. This data is by default stored for 7 days.

  • This rigour is also strictly applied within the company and among the Digitevent team. All computers are protected by passwords. The use of a password manager is required to and ensure that a distinct password is used for each service. Every collaborator commits personally by signing a confidentiality and data protection charter. It is strictly forbidden for him/her to store or share any client data.

Measures listed above are not exhaustive. Lucien Derhy, co-founder, CTO and data protection representative would be happy answer any complementary questions you may have ([email protected]).

© Digitevent 2013 - All rights reserved.