|
This Data Processing Addendum ("DPA") supplements the
Eventbee Terms of Service ("Agreement") entered into by and between Eventbee ("Processor")
and the entity utilizing the Eventbee platform to host events ("Event Manager" or "Controller").
This DPA governs the processing of Personal Data in connection with the platform services provided by Eventbee.
By utilizing the platform to collect information from data subjects in the European Union (EU),
European Economic Area (EEA), or the United Kingdom (UK), the parties agree to comply with the terms of this DPA.
|
|
|
"Applicable Privacy Laws" means all binding data protection laws applicable to the
processing of Personal Data under this DPA, including the EU General Data Protection Regulation 2016/679 ("GDPR")
and the UK Data Protection Act 2018. "Personal Data" means any information relating to an identified
or identifiable natural person processed by Eventbee on behalf of the Event Manager through the SaaS platform. "Data Controller" means the Event Manager, who determines the purposes and means of processing Personal Data. "Data Processor" means Eventbee, which processes Personal Data strictly on behalf of and under the instruction of the Data Controller.
|
Subject Matter: The technical provision of event registration, ticketing software, and platform data management tools. Duration of Processing: The duration of the Agreement plus the period from the expiry of the Agreement until the deletion of all data in accordance with this DPA. Nature and Purpose: To collect, organize, store, and transmit registration and ticketing data to enable Event Managers to run events. Categories of Data Subjects: Event attendees, ticket buyers, registrants, and sponsors. Types of Personal Data: Names, email addresses, phone numbers, company names, job titles, and any customized registration form inputs selected by the Event Manager (excluding Prohibited Sensitive Data).
|
|
| |
|
|
Eventbee covenants and agrees to handle all Controller Personal Data under the following strict parameters:
3.1 Documented Instructions: Eventbee shall process Personal Data solely on behalf of
and in accordance with the documented instructions of the Event Manager,
including with respect to transfers of Personal Data to a third country.
The Agreement and this DPA constitute the complete instructions. 3.2 Personnel Confidentiality: Eventbee shall ensure that all personnel authorized to process
the Personal Data have committed themselves to strict confidentiality agreements
or are under an appropriate statutory obligation of confidentiality. 3.3 Security Measures: Eventbee shall implement and maintain appropriate technical
and organizational security measures to protect Personal Data against unauthorized
or unlawful processing and accidental loss, destruction, damage, alteration, or disclosure. 3.4 Data Subject Rights Assistance: Taking into account the nature of the processing,
Eventbee shall assist the Event Manager by appropriate technical and organizational measures, insofar as this is possible,
for the fulfillment of the Event Manager's obligation to respond to requests for exercising data subjects' rights
outlined in Chapter III of the GDPR (such as deletion or access requests). 3.5 Incident Notification: Eventbee shall notify the Event Manager without
undue delay (and in no event later than 72 hours) after becoming aware of a confirmed Personal Data breach
or security incident affecting the Event Manager's attendee data.
|
|
|
| |
|
4.1 Appointment of Sub-processors: The Event Manager grants a general written authorization
to Eventbee to engage third-party sub-processors (such as cloud hosting infrastructure providers, database operators,
and platform security tools) to facilitate the Service. 4.2 Sub-processor Requirements: Eventbee shall ensure that any sub-processor
it engages is bound by written data protection obligations that are at least as restrictive as those imposed
on Eventbee under this DPA. Eventbee remains fully liable to the Event Manager for the performance
of the sub-processor’s privacy obligations.
|
|
| |
5.1 Standard Contractual Clauses (SCCs): To the extent that the provision of the Services
requires the transfer of Personal Data from the EU, EEA, or UK to the United States,
the parties hereby incorporate and agree to abide by the European Commission’s Standard Contractual Clauses
(Module 2: Controller-to-Processor). 5.2 Execution of SCCs: For the purposes of the SCCs: (a) the Event Manager is the data exporter;
(b) Eventbee is the data importer; and (c) the governing law of the SCCs shall be the law of the country
from which the data is exported, or as otherwise mandated by the GDPR.
|
| |
6.1 Compliance Demonstrations: Eventbee shall make available to the Event Manager
all information reasonably necessary to demonstrate compliance with the obligations laid down in this DPA. 6.2 Operational Inspections: Eventbee shall allow for and contribute to audits,
including inspections, conducted by the Event Manager or an independent auditor mandated by the Event Manager.
Any such audit must be requested at least thirty (30) days in advance, conducted during standard business hours,
structured to avoid operational disruption to Eventbee's cloud infrastructure,
and executed entirely at the Event Manager's sole expense.
|
| |
7.1 Deletion Upon Termination: Upon termination or expiration of the main Agreement,
or upon the explicit written request of the Event Manager, Eventbee shall delete
or return all Personal Data to the Event Manager and delete existing copies,
unless applicable domestic or international law requires the continued storage of that Personal Data.
|
| |
8.1 Liability Cap Alignment: The total aggregate liability of either party arising out of
or related to this DPA, whether in contract, tort, or under any other theory of liability,
shall be strictly subject to the limitations of liability and caps set forth in Section 11 of the Eventbee Terms of Service.
|
|
