Last updated: 15 May, 2018
Eventival complies with all the applicable legal regulations regarding Data Protection and Privacy, in particular with the Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“General Data Protection Regulation”).
This Policy is applicable to and applied by all employees and other staff used by Eventival as an internal policy and Eventival ensures regular appropriate training.
When you upload personal data to the Service or otherwise provide your personal data to Eventival, you acknowledge and agree that Eventival will process such data in order to provide and improve the Service. Personal data regarding our employees and other staff will be processed solely for the purpose of managing such employment or similar relationship.
Eventival does not collect data from public sources, it only processes personal data uploaded to the Service by its customers accessing the Service through “Back Office”, end users accessing the Service through “Visitor Page” or otherwise provided to Eventival directly by the data subjects interested in making contact with other users of the Service or in maintaining a relationship with Eventival (such as an employment or other contractual or potential contractual relationship).
Such personal data may include a person’s: (i) name, (ii) email address, (iii) phone number, (iv) postal address, (v) gender, (vi) date of birth, (vii) nationality, (viii) citizenship, (ix) photos, (x) education, (xi) other contact details, (xi) information regarding his/her profession and professional activities and interests.
Eventival may use the personal data to carry out profiling based on certain criteria which may further enable it to improve the Service and connect its customers (event organisers) with an appropriate group of end users, including the sending of commercial notices for this purpose.
Eventival also may store data in a master database containing the data uploaded by all the users of the Service for the purpose of further improving the Service and its security. Eventival may also create and share aggregate, anonymized data about the use of its Service.
Any individual has the right to have personal data concerning him or her rectified and a “right to be forgotten” where the retention of such data infringes the General Data Protection Regulation or the Czech Republic. If you have given a consent with the processing of your personal data through the Service and you no longer agree with that, you have the right to withdraw your consent at any time. Regarding any such request, please notify us at the following e-mail address: email@example.com.
You have the right to lodge a complaint regarding the personal data processing with the supervisory authority, being the Czech Data Protection Office at www.uoou.cz.
Any Personal Data processed by Eventival shall be: (i) processed lawfully, fairly and in a transparent manner, (ii) collected and processed only for specified, explicit and legitimate purposes, (iii) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed, (iv) accurate and, where possible, kept up to date, (v) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed and (vi) processed in a manner that ensures appropriate security of the personal information.
Eventival mainly serves as a Personal Data processor for a number of data controllers and as such Eventival complies with all the obligations applicable to processors.
To the extent that Eventival is the controller of certain Personal Data, it complies with all the obligations applicable to controllers.
When using the Service as a customer accessing the Service through the “Back Office” („Customer“), you, as the data controller within the meaning of the General Data Protection Regulation must ensure full compliance with the requirements laid down by the General Data Protection Regulation, in particular:
To the extent that Eventival acts as a controller regarding any Personal Data processed by it, the above obligations equally apply to Eventival and all its employees and any of its other staff.
Eventival as Personal Data processor ensures full compliance with the requirements laid down by the General Data Protection Regulation, in particular:
While using our Service or otherwise entering into a legal relationship with Eventival, you may provide us with certain personal data that can be used to identify or contact you or other persons.
Such Personal Data collected by us may include a person’s: (i) name, (ii) email address, (iii) phone number, (iv) postal address, (v) gender, (vi) date of birth, (vii) nationality, (viii) citizenship, (ix) photos, (x) education, (xi) other contact details, (xi) information regarding his/her profession and professional activities, (xii) other Personal Data you may decide to upload onto the Service.
Any Personal Data will be processed by Eventival only as long as necessary for the purpose of such processing (that is for the use of the Service, maintaining a relationship with our Customers and managing information about our employees and other staff, as the case may be).
Upon termination of a Customer’s use of the Service, Eventival will without undue delay remove or delete the Personal Data uploaded to the Service by the Customer, in accordance with the Terms of Service.
Eventival will also delete any Personal Data regarding its employees, other staff or other business partners once the mutual relationship is terminated.
Eventival will in general remove any Personal Data it no longer needs for the above specified purposes.
To the extent that Eventival acts as controller of Personal Data, it ensures that the data subjects have the right to obtain from Eventival a confirmation as to whether or not Personal Data concerning him or her are being processed, and, where that is the case, access to such data and the following information:
(a) the purposes of the processing;
(b) the categories of personal data concerned;
(c) the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations;
(d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
(e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
(f) the right to lodge a complaint with a supervisory authority;
(g) where the personal data is not collected from the data subject, any available information as to its source;
(h) the existence of automated decision-making, including profiling, and a meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Upon the data subject’s request, Eventival will provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, Eventival may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information will be provided in a commonly used electronic form.
As our Customer or end user of the Service, you agree that Eventival may use your e-mail address to send you Service-related notices (including any notices required by law, in lieu of communication by postal mail).
We may also use your e-mail address to send you announcements and information about other products or services (including third party services or products) that we think may interest you (“Marketing Messages”).
You may opt-out of receiving Marketing Messages at any time by following the instructions provided in the Marketing Message or by simply e-mailing us at firstname.lastname@example.org. Through your account interface, you may also opt-out of receiving categories of Service-related notices that are not deemed by Eventival to be integral to your use of the Service.
Even if you are not a registered user of our Service, if you email us we may retain a record of such email communication, including your e-mail address, the content of your e-mail, and our response.
Your use of the Service as a Customer or End user will involve you uploading or inputting various content into the Service (the “Content”). You are responsible for your Content and you control how your Content is shared with others via your settings on the Service.
Eventival may view your Content only as necessary (i) to maintain, provide and improve the Service; (ii) to resolve a support request from you; (iii) if we have a good faith belief, or have received a complaint alleging, that such Content is in violation of this Policy; (iv) as reasonably necessary to allow Eventival to comply with or avoid the violation of applicable law or regulation; or (v) to comply with a request that meets the requirements this Policy.
You agree that we may also analyse the Content in aggregate and on an anonymized basis, in order to better understand the manner in which our Service is being used.
We may also collect information that your browser sends whenever you visit our Service ("Log Data"). This Log Data may include information such as your computer's Internet Protocol ("IP") address, browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages and other statistics.
In addition, we may use third party services such as Google Analytics that collect, monitor and analyse this type of information in order to increase our Service's functionality. These third party service providers have their own privacy policies addressing how they use such information.
Eventival may use "cookies" to collect information necessary for providing the Service. Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer's hard drive.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
We may employ third party companies and individuals to facilitate our Service, to provide the Service on our behalf, to perform Service-related services (such as server providers, mobile phone applications and ticketing software providers) or to assist us in analysing how our Service is used. These third parties may have access to any Personal Data controlled or processed by Eventival only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
You agree that we may enlist another processor, provided that the same data protection obligations applicable to Eventival shall be imposed on that other processor, and we shall inform you of any intended changes concerning the addition or replacement of other processors, thereby giving you the opportunity to object to such changes and stop using the Service.
We may disclose the Personal Data processed by Eventival where required to do so by law or if we believe that such action is necessary to comply with the law and the reasonable requests of the respective authorities or to protect the security or integrity of our Service.
The security of all Personal Data is important to us and we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks associated with any misuse of such data, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing.
Despite our effort to ensure maximum security, please remember that no method of transmission over the Internet, or method of electronic storage of data is 100% secure. Therefore while we strive to use commercially acceptable means to protect all Personal Data processed by us, we cannot guarantee its absolute security.
We use industry-standard physical, managerial, and technical safeguards to preserve the integrity and security of Personal Data, by, for example, (i) continuously and regularly backing up the data to help prevent data loss and aid in data recovery, (ii) guarding against common web attack vectors, (iii) hosting data in secure data centres, and (iv) regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
We ensure that any natural person acting under the authority of Eventival who has access to Personal Data does not process them (except on instructions from the respective Customer or data subject), unless he or she is required to do so by law.
To the extent that Eventival acts as a processor for its Customers, it shall notify the respective Customer without undue delay after becoming aware of a Personal Data breach, specifying:
(a) the nature of the breach including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;
(b) communicate the name and contact details of the data protection manager or other contact point where more information can be obtained;
(c) describe the likely consequences of the breach;
(d) describe the measures taken or proposed to be taken by the Customer to address the breach, including, where appropriate, measures to mitigate its possible adverse effects.
If it is not possible to provide the above information at the same time, the information may be provided in phases without undue further delay.
To the extent that Eventival acts as Personal Data controller, it shall document any Personal Data breaches, comprising the facts relating to the breach, its effects and the remedial action taken
All Personal Data processed by Eventival is maintained on computers and servers located in the Czech Republic and Eventival will not transfer any Personal Data outside the EU.
Our Service is not intended for use by anyone under the age of 16 ("Children").
To the extent that the Personal Data you control and process using the Service relates to Children, you must ensure that any consent with his or her Personal Data processing is expressed or approved by his parents or responsible legal representatives.
If you are a parent or guardian and you are aware that Personal Data of your Children is being processed using the Service and do not agree with such processing, please contact us at email@example.com. If we become aware that we are processing any Personal Data from a Child without parental consent, we take steps to remove that information.
To the extent that Eventival acts as Personal Data processor for its Customers, where required by applicable law, it maintains an electronic record of all categories of processing activities carried out on behalf of a Customer, containing:
(a) the name and contact details of the processor or processors and of each controller on behalf of which the processor is acting, and, where applicable, of the controller's or the processor's representative, and the data protection manager;
(b) the categories of processing carried out on behalf of each controller;
(c) where applicable, transfers of personal data to a third country or an international organisation, the documentation of suitable safeguards;
(d) where possible, a general description of the technical and organisational security measures.
To the extent that Eventival acts as the controller of Personal Data, it maintains an electronic record of processing activities under its responsibility, containing all of the following information:
(a) the name and contact details of the controller, the controller's representative and the data protection manager;
(b) the purposes of the processing;
(c) a description of the categories of data subjects and of the categories of personal data
(d) the categories of recipients to whom the personal data have been or will be disclosed including recipients in third countries or international organisations;
(e) where applicable, transfers of personal data to a third country or an international organisation, the documentation of suitable safeguards;
(f) where possible, the envisaged time limits for erasure of the different categories of data;
(g) where possible, a general description of the technical and organisational security measures.
Eventival and its representatives cooperate with the supervisory authority of the Czech Republic, which may be contacted at www.uoou.cz.
Eventival will in particular make the above described records available to the supervisory authority upon its request, including records of any breaches Personal Data security.
You have the right to lodge a complaint regarding the personal data processing with the supervisory authority, being the Czech Data Protection Office at www.uoou.cz.
Eventival has appointed a data protection manager, who may be contacted at firstname.lastname@example.org.