EN

PRIVACY

Data Protection and Privacy Policy

Last updated: 15 May, 2018

This Data Protection and Privacy Policy of Eventival, s.r.o., with its registered office at Praha 3 - Žižkov, Seifertova 1527/16, Post Code 13000, Company ID 28991214 (“Eventival”) sets out our policies regarding the collection, use and processing of any personal information or data (“Personal Data”) we collect from and/or about: (i) our customers and other users when using our cloud based software solution created for the purpose of data management and event logistics (the “Service”), (ii) our employees and other staff, (iii) any other persons that may provide us with their personal data in connection with our business (the “Policy”). 

Eventival complies with all the applicable legal regulations regarding Data Protection and Privacy, in particular with the Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“General Data Protection Regulation”).

This Policy is applicable to and applied by all employees and other staff used by Eventival as an internal policy and Eventival ensures regular appropriate training.

1.    Important Notice

When you upload personal data to the Service or otherwise provide your personal data to Eventival, you acknowledge and agree that Eventival will process such data in order to provide and improve the Service. Personal data regarding our employees and other staff will be processed solely for the purpose of managing such employment or similar relationship.

Eventival does not collect data from public sources, it only processes personal data uploaded to the Service by its customers accessing the Service through “Back Office”, end users accessing the Service through “Visitor Page” or otherwise provided to Eventival directly by the data subjects interested in making contact with other users of the Service or in maintaining a relationship with Eventival (such as an employment or other contractual or potential contractual relationship).

Such personal data may include a person’s: (i) name, (ii) email address, (iii) phone number, (iv) postal address, (v) gender, (vi) date of birth, (vii) nationality, (viii) citizenship, (ix) photos, (x) education, (xi) other contact details, (xi) information regarding his/her profession and professional activities and interests.

Eventival will not disclose the personal data to any other recipients (except its third party providers in accordance with clause 12 of the Data Protection and Privacy Policy who are bound by confidentiality duty) and it will not transfer the data outside the EU. The personal data will be retained by Eventival only as long as required to provide you with the Service or maintain the employment or similar relationship with you (for example based on a cooperation agreement).

Eventival may use the personal data to carry out profiling based on certain criteria which may further enable it to improve the Service and connect its customers (event organisers) with an appropriate group of end users, including the sending of commercial notices for this purpose.

Eventival also may store data in a master database containing the data uploaded by all the users of the Service for the purpose of further improving the Service and its security. Eventival may also create and share aggregate, anonymized data about the use of its Service.

Any individual has the right to have personal data concerning him or her rectified and a “right to be forgotten” where the retention of such data infringes the General Data Protection Regulation or the Czech Republic. If you have given a consent with the processing of your personal data through the Service and you no longer agree with that, you have the right to withdraw your consent at any time. Regarding any such request, please notify us at the following e-mail address: data@eventival.com.

You have the right to lodge a complaint regarding the personal data processing with the supervisory authority, being the Czech Data Protection Office at www.uoou.cz.

For further details regarding the above, please read our entire Data Protection & Privacy Policy below.

2.    General Principles

Any Personal Data processed by Eventival shall be: (i) processed lawfully, fairly and in a transparent manner, (ii) collected and processed only for specified, explicit and legitimate purposes, (iii) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed, (iv) accurate and, where possible, kept up to date, (v) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed and (vi) processed in a manner that ensures appropriate security of the personal information.

Eventival mainly serves as a Personal Data processor for a number of data controllers and as such Eventival complies with all the obligations applicable to processors.

To the extent that Eventival is the controller of certain Personal Data, it complies with all the obligations applicable to controllers.

3.    Obligations of Customers as Data Controllers

When using the Service as a customer accessing the Service through the “Back Office” („Customer“), you, as the data controller within the meaning of the General Data Protection Regulation must ensure full compliance with the requirements laid down by the General Data Protection Regulation, in particular:

  • respect the above listed general principles applicable to any Personal Data processing and be able to demonstrate that,
  • to the extent any processing of Personal Data using the Service is based on consent, you, as the controller shall bear the burden of proof regarding the data subject's consent,
  • you must ensure that the data subject has an effective right to withdraw his or her consent at any time and inform the data subjects of this right,
  • you must not collect and process, using the Service, any Personal Data revealing race or ethnic origin, political opinions, religion or beliefs, trade-union membership, and the processing of genetic or biometric data or data concerning health or sex life or criminal convictions (except when such processing is permitted under Article 9 (2) (d) of the General Data Protection Regulation),
  • you must comply with your notification obligations vis-à-vis the data subjects and provide them with all the information required pursuant to Articles 12 – 14 of the General Data Protection Regulation.

To the extent that Eventival acts as a controller regarding any Personal Data processed by it, the above obligations equally apply to Eventival and all its employees and any of its other staff.

4.    Obligations of Eventival as Data Processor

We use any Personal Data processed through the Service only for the purpose of providing and improving the Service, and will not use or share it with anyone except as described in this Data Protection and Privacy Policy.

Eventival as Personal Data processor ensures full compliance with the requirements laid down by the General Data Protection Regulation, in particular:

  • it carries out any processing of Personal Data belonging to its Customer only on instructions from the Customer and promptly informs the Customer if, in its opinion, an instruction infringes the General Data Protection Regulation,
  • it employs only staff who have committed themselves to confidentiality,
  • maintains all the required evidence of Personal Data processing,
  • respects the conditions for engaging another processor,
  • insofar as this is possible given the nature of the Service, creates in agreement with its Customers the necessary technical and organisational requirements for the fulfilment of the controller’s obligation to respond to requests for exercising the data subject’s rights,
  • assists its Customers in ensuring compliance with their obligations pursuant to Articles 32 to 36 of the General Data Protection Regulation;
  • hands over to the Customer or destroys all results of the processing after the end of the processing and does not process the Personal Data otherwise;
  • makes available to its Customers and to the supervisory authority all information necessary to control compliance.

 

5.    Personal Data Collection And Use

While using our Service or otherwise entering into a legal relationship with Eventival, you may provide us with certain personal data that can be used to identify or contact you or other persons.

Such Personal Data collected by us may include a person’s: (i) name, (ii) email address, (iii) phone number, (iv) postal address, (v) gender, (vi) date of birth, (vii) nationality, (viii) citizenship, (ix) photos, (x) education, (xi) other contact details, (xi) information regarding his/her profession and professional activities, (xii) other Personal Data you may decide to upload onto the Service.

Any Personal Data will be processed by Eventival only as long as necessary for the purpose of such processing (that is for the use of the Service, maintaining a relationship with our Customers and managing information about our employees and other staff, as the case may be).

6.    Retention and Deletion of Personal Data

Upon termination of a Customer’s use of the Service, Eventival will without undue delay remove or delete the Personal Data uploaded to the Service by the Customer, in accordance with the Terms of Service.

Eventival will also delete any Personal Data regarding its employees, other staff or other business partners once the mutual relationship is terminated.

Eventival will in general remove any Personal Data it no longer needs for the above specified purposes.

7.    Individuals Rights

To the extent that Eventival acts as controller of Personal Data, it ensures that the data subjects have the right to obtain from Eventival a confirmation as to whether or not Personal Data concerning him or her are being processed, and, where that is the case, access to such data and the following information:

(a) the purposes of the processing;

(b) the categories of personal data concerned;

(c) the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations;

(d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

(e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;

(f) the right to lodge a complaint with a supervisory authority;

(g) where the personal data is not collected from the data subject, any available information as to its source;

(h) the existence of automated decision-making, including profiling, and a meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Upon the data subject’s request, Eventival will provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, Eventival may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information will be provided in a commonly used electronic form.

8.    Information and Marketing

As our Customer or end user of the Service, you agree that Eventival may use your e-mail address to send you Service-related notices (including any notices required by law, in lieu of communication by postal mail).

We may also use your e-mail address to send you announcements and information about other products or services (including third party services or products) that we think may interest you (“Marketing Messages”).

You may opt-out of receiving Marketing Messages at any time by following the instructions provided in the Marketing Message or by simply e-mailing us at data@eventival.com. Through your account interface, you may also opt-out of receiving categories of Service-related notices that are not deemed by Eventival to be integral to your use of the Service.

Even if you are not a registered user of our Service, if you email us we may retain a record of such email communication, including your e-mail address, the content of your e-mail, and our response.

9.    Your Content

Your use of the Service as a Customer or End user will involve you uploading or inputting various content into the Service (the “Content”). You are responsible for your Content and you control how your Content is shared with others via your settings on the Service.

Eventival may view your Content only as necessary (i) to maintain, provide and improve the Service; (ii) to resolve a support request from you; (iii) if we have a good faith belief, or have received a complaint alleging, that such Content is in violation of this Policy; (iv) as reasonably necessary to allow Eventival to comply with or avoid the violation of applicable law or regulation; or (v) to comply with a request that meets the requirements this Policy.

You agree that we may also analyse the Content in aggregate and on an anonymized basis, in order to better understand the manner in which our Service is being used.

10.    Log Data

We may also collect information that your browser sends whenever you visit our Service ("Log Data"). This Log Data may include information such as your computer's Internet Protocol ("IP") address, browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages and other statistics. 

In addition, we may use third party services such as Google Analytics that collect, monitor and analyse this type of information in order to increase our Service's functionality. These third party service providers have their own privacy policies addressing how they use such information.

11.    Cookies

Eventival may use "cookies" to collect information necessary for providing the Service. Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer's hard drive. 

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

12.    Service Providers

We may employ third party companies and individuals to facilitate our Service, to provide the Service on our behalf, to perform Service-related services (such as server providers, mobile phone applications and ticketing software providers) or to assist us in analysing how our Service is used. These third parties may have access to any Personal Data controlled or processed by Eventival only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

You agree that we may enlist another processor, provided that the same data protection obligations applicable to Eventival shall be imposed on that other processor, and we shall inform you of any intended changes concerning the addition or replacement of other processors, thereby giving you the opportunity to object to such changes and stop using the Service.

13.    Disclosure of Personal Data to ensure Compliance with Laws

We may disclose the Personal Data processed by Eventival where required to do so by law or if we believe that such action is necessary to comply with the law and the reasonable requests of the respective authorities or to protect the security or integrity of our Service.

14.    Security

The security of all Personal Data is important to us and we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks associated with any misuse of such data, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing.

Despite our effort to ensure maximum security, please remember that no method of transmission over the Internet, or method of electronic storage of data is 100% secure. Therefore while we strive to use commercially acceptable means to protect all Personal Data processed by us, we cannot guarantee its absolute security.

We use industry-standard physical, managerial, and technical safeguards to preserve the integrity and security of Personal Data, by, for example, (i) continuously and regularly backing up the data to help prevent data loss and aid in data recovery, (ii) guarding against common web attack vectors, (iii) hosting data in secure data centres, and (iv) regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

We ensure that any natural person acting under the authority of Eventival who has access to Personal Data does not process them (except on instructions from the respective Customer or data subject), unless he or she is required to do so by law.

To the extent that Eventival acts as a processor for its Customers, it shall notify the respective Customer without undue delay after becoming aware of a Personal Data breach, specifying:

(a) the nature of the breach including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;

(b) communicate the name and contact details of the data protection manager or other contact point where more information can be obtained;

(c) describe the likely consequences of the breach;

(d) describe the measures taken or proposed to be taken by the Customer to address the breach, including, where appropriate, measures to mitigate its possible adverse effects.

If it is not possible to provide the above information at the same time, the information may be provided in phases without undue further delay.

To the extent that Eventival acts as Personal Data controller, it shall document any Personal Data breaches, comprising the facts relating to the breach, its effects and the remedial action taken

15.    International Data Transfer

All Personal Data processed by Eventival is maintained on computers and servers located in the Czech Republic and Eventival will not transfer any Personal Data outside the EU.

16.    Links To Other Web Sites

Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party's site, our Data Protection and Privacy Policy will no longer be in effect, and your activities on that website will be subject to its own rules and policies.

We strongly advise you to review the Privacy Policy of every site you visit. We have no control over, and assume no responsibility for the content, privacy policies or practices of any third party sites or services. 

17.    Children's Privacy

Our Service is not intended for use by anyone under the age of 16 ("Children").

To the extent that the Personal Data you control and process using the Service relates to Children, you must ensure that any consent with his or her Personal Data processing is expressed or approved by his parents or responsible legal representatives.

If you are a parent or guardian and you are aware that Personal Data of your Children is being processed using the Service and do not agree with such processing, please contact us at data@eventival.com. If we become aware that we are processing any Personal Data from a Child without parental consent, we take steps to remove that information.

18.    Changes to Our Data Protection and Privacy Policy

Whenever we update this Data Protection and Privacy Policy, we will post the changes on this page and will send you an e-mail notice. Please make sure that you review any updates of this Policy. Changes to our Privacy Policy are effective when they are posted on this page.

19.    Records of Personal Data Processing

To the extent that Eventival acts as Personal Data processor for its Customers, where required by applicable law, it maintains an electronic record of all categories of processing activities carried out on behalf of a Customer, containing:

(a) the name and contact details of the processor or processors and of each controller on behalf of which the processor is acting, and, where applicable, of the controller's or the processor's representative, and the data protection manager;

(b) the categories of processing carried out on behalf of each controller;

(c) where applicable, transfers of personal data to a third country or an international organisation, the documentation of suitable safeguards;

(d) where possible, a general description of the technical and organisational security measures.

To the extent that Eventival acts as the controller of Personal Data, it maintains an electronic record of processing activities under its responsibility, containing all of the following information:

(a) the name and contact details of the controller, the controller's representative and the data protection manager;

(b) the purposes of the processing;

(c) a description of the categories of data subjects and of the categories of personal data

(d) the categories of recipients to whom the personal data have been or will be disclosed including recipients in third countries or international organisations;

(e) where applicable, transfers of personal data to a third country or an international organisation, the documentation of suitable safeguards;

(f) where possible, the envisaged time limits for erasure of the different categories of data;

(g) where possible, a general description of the technical and organisational security measures.

20.    Cooperation with the Data Protection Authority

Eventival and its representatives cooperate with the supervisory authority of the Czech Republic, which may be contacted at www.uoou.cz.

Eventival will in particular make the above described records available to the supervisory authority upon its request, including records of any breaches Personal Data security.

You have the right to lodge a complaint regarding the personal data processing with the supervisory authority, being the Czech Data Protection Office at www.uoou.cz.

21.    Contact Us

Eventival has appointed a data protection manager, who may be contacted at data@eventival.com.

If you have any questions about Eventival Data Protection and Privacy Policy, please contact the data protection manager or email us at info@eventival.com