1. Important information and who we are
The controller of certain personal data you provide to EventsX (collectively EventsX, "we" or "us") is EventsX.
Our data privacy manager is responsible for overseeing any questions about this policy.
Full name of legal entity: EventsX Limited
Email address: email@example.com
Whenever you wish, you may file a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection issues ( www.ico.org.uk ). Nevertheless, we would appreciate the opportunity to address your concerns before you contact the ICO, so please contact us in the first instance.
Access to and use of third-party websites or services available through the EventsX Platform
As part of the EventsX Platform, there are links to third-party websites, applications, and service providers offering services in relation to a particular Event.
Third party web sites and applications.
When you click on links to other websites, content or applications, other parties may collect and share personal information about you. These third-party websites and content are not under our control and we are not responsible for their privacy policies or how they collect or use your data. Please read the privacy policies of any third parties who provide services to or access an Event, including Event organizers, advertisers, sponsors, and any other parties attending the Event. Third parties that collect or use your data are beyond our control and we are not responsible for their privacy policies.
Without your express permission, we will never share your data with a third-party service provider online or off.
We provide a platform. Like any other off-line Event, you may attend an event on the EventsX platform. EventsX does not engage in correspondence or relations with you, whether as a user of the EventsX Event Platform or as an attendee of any Event (except where EventsX directly provides you with those services). We do not participate in any part of any service or contract for services that may be offered to you by any other party at any Event or any Event organiser or otherwise accessible to you as a user. You are responsible for ensuring that any specific services you use are suitable for you.
2. Information we collect about you
Personal data refers to any information about an individual that can be used to identify that person. Data that has been anonymized is not included.
Different types of personal data about you may be collected, used, stored, and transferred by us. These are grouped together as follows:
Identity Data. Images, maiden name, last name, username or similar identifier, title, date of birth, gender, and marital status are included. Other audio-visual content that you appear in in the course of contributing to or participating in an Event may also be included.
Contact Data. Included are your home address, email address, and telephone number.
Transaction Data. The EventsX Event Platform keeps track of the payment and usage details of products and services you have accessed and used. Card information is not stored on our server. Stripe processes credit card and debit card payments on their secure payment server, and all the details of the cards are encrypted and stored by them.
Technical Data. Internet Protocol (IP) addresses, browser types and versions, hardware information, time zone settings and locations, browser plug-in types and versions, operating systems and websites, and other technology used to access the EventsX Event Platform are all included for this purpose.
Profile Data. This includes your username and password, purchases or orders you have made, your interests, volunteer records, preferences, feedback, and survey responses.
Usage Data. We collect information about how you use our Platform, products, and services.
Marketing and Communications Data. You can specify how you would like to be marketed to by us and our third-party Platform Partners, as well as how you want to communicate with us. We store these preferences.
Aggregated Data, such as demographic or statistical data, is also collected, used and shared. While aggregate data may be derived from your personal data, it is not considered personal data under the law since it does not directly or indirectly reveal your identity.
Personal information is not kept longer than necessary. We will protect this information with commercially acceptable means to prevent its loss, theft, unauthorized access, disclosure, copying, use, or modification. Nonetheless, we advise that no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute data security. Your personal information may be retained to comply with a legal obligation or to protect your vital interests or the vital interests of another individual.
If you fail to provide personal data
By failing to provide personal data when requested, we may not be able to perform the agreement we have or are attempting to enter into with you (for example, we may not be able to provide you with access to the EventsX Event Platform and particular services).
3. How is your personal information collected?
Different methods are used to collect data from and about you, including:
Direct interactions. By filling out forms or by contacting us via email or another means on the EventsX Event Platform, you may give us your Identity, Contact, and other Data. In this case, your personal data will be included in the following ways: (a) creating an account with us; (b) subscribing (or being subscribing) to our services; (c) requesting marketing to be sent to you; (d) entering a promotion or survey; or (e) giving us feedback or contacting us.
Automated technologies or interactions. We will automatically collect Technical Data about your equipment, browsing actions, and patterns when you interact with the EventsX Event Platform. The personal data we collect is collected using cookies, server logs, and similar technologies.
4. How we use your personal data
Automated technologies or interactions. We will automatically collect Technical Data about your equipment, browsing actions and patterns when you interact with the EventsX Event Platform. The personal data we collect is collected using cookies, server logs, and similar technologies
If we need to perform the contract we are about to enter into or have entered into with you (e.g. to grant you access to the EventsX Platform's functionality).
When it is necessary for our legitimate interests (or those of a third party) and your interests do not override those interests.
If we must comply with a legal obligation.
Purposes for which we will use your personal data
Please find below, in table format, a description of all the ways in which we will use your personal data, as well as the legal bases upon which we do so. Additionally, we have listed our legitimate interests where applicable.
Depending on the specific purpose for which we are using your data, we may process your personal data for more than one lawful ground. If you would like to know more about the specific legal basis on which we are relying to process your personal data, please contact us.
Type of data
Lawful basis for processing including basis of legitimate interest
To register you as a user of the EventsX Event Platform
Performance of a contract with you
To process any paid entry to an Event:
(a) Managing payments, fees and charges
(b) Verifying your identity and details of your payment method or credit card account
(c) Communicating with you, for example sending you confirmation of your attendance for an Event.
(d) Marketing and Communications
(a) Performance of a contract with you
(b) Necessary for our legitimate interests
To manage our relationship with you which will include:
(a) Providing access to Platform services
(c) Asking you to leave a review or take a survey
(d) Investigating complaints
(d) Marketing and Communications
(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how users use the EventsX Event Platform and associated products/services)
To administer and protect our business and our services (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
(a) Necessary for our legitimate interests (for running our business, administering our CRM, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation
To enable you to partake in a competition or complete a survey
(e) Marketing and Communications
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to study how users use the EventsX Event Platform and to develop and grow our business)
To deliver relevant Platform content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
(e) Marketing and Communications
Necessary for our legitimate interests (to study how users use the EventsX Event Platform and to grow our business and inform our marketing and growth strategy)
To use data analytics to improve our Platform, products/services, marketing, user and Partner relationships and experiences
Necessary for our legitimate interests (to define types of users for certain Platform services and to keep our services and web site updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about Events or other services available through the EventsX Event Platform that may be of interest to you
(f) Marketing and Communications
Necessary for our legitimate interests (to develop the products and services available through the EventsX Event Platform)
We strive to provide you with choices regarding how certain personal data is used, especially when it comes to marketing and advertising.
Recommendations from us
Identity, Contact, Technical, Usage and Profile Data may be used to determine what we think might be of interest to you. We use this data to determine what services and offers may be relevant to you.
If you have requested information from us, used our services, or purchased products or services via the EventsX Event Platform and you have not opted out of receiving marketing from us, you will receive marketing communications from us.
Before sharing your personal data with any third party for marketing purposes, we will get your express consent.
At any time, you can request that we or third parties stop sending you marketing messages. We will not send you marketing messages if you opt out of receiving them by using the EventsX Event Platform or any services associated with the platform.
Depending on your browser settings, you can refuse all or some browser cookies, or get notified when a website sets or accesses cookies.
Change of purpose
Unless we reasonably believe that we need to use your personal data for another reason that is compatible with the original purpose, we will only use your personal data for the purposes for which it was collected. We can explain how the processing for the new purpose is compatible with the original purpose if you contact us. We will notify you if we need to use your data for an unrelated purpose, as well as explain the legal basis for doing so.
When required or permitted by law, we may process your personal data without your knowledge or consent.
5. Disclosure of your personal information
Your personal data may be shared with the parties listed below for the purposes outlined in the table "Purposes for which we will use your data" above.
External Third Parties, as defined in the Glossary.
A third party to which we may sell, transfer, or merge some of our business or assets. We may also acquire other businesses or merge with them. In the event that our business changes hands, the new owners may use your data in the same way as outlined in this privacy statement.
Third parties may receive certain personal data from you if they provide you with Events or support the provision of services through the EventsX Event Platform. We have no control over the third parties with whom you request your data be shared, but we require that all third parties respect the security of your personal data and treat it according to the law. Any third-party Event or service provider that receives your personal data from us will not use your data for their own ends without your explicit consent. They may only use your personal information for specified purposes and in accordance with your instructions.
We may also use aggregated information to help improve and enhance our services by analyzing trends, gathering broad demographics, detecting suspicious or fraudulent transactions, and most importantly, monitoring and improving our operations on a day-to-day basis. During the course of this activity, we may provide some aggregated and anonymized information to third parties.
Third parties you disclose to
6. International transfers
During the performance of our services, your personal data may be transferred outside of the European Economic Area (EEA).
The following safeguards are implemented whenever we transfer your personal data outside the EEA:
Your personal data will only be transferred to countries that have been deemed by the European Commission to provide an adequate level of privacy protection.
Some of the service providers we use may use specific contracts approved by the European Commission that give personal data the same protection as in Europe.
We only transfer data to US providers under the scope of a Data Processing Agreement that contains Standard Contractual Terms or Binding Corporate Rules that obligate them to provide the same level of protection as Europe and the US.
If you would like further information about the specific mechanism we use when transferring your data outside the EEA, please contact us.
7. Security of data
In order to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed, we have implemented appropriate security measures. Additionally, we restrict access to your personal data to those employees, agents, contractors, and other third parties with a business need to know. Your personal data will only be processed on our instructions and they are bound by confidentiality agreements. When we are legally required to do so, we will notify you and any applicable regulator of a breach of your personal information.
8. Retention of data
For how long will you use my personal data?
Your personal data will only be retained for as long as reasonably necessary to fulfill the purposes for which it was collected, including to meet any legal, regulatory, financial, accounting or reporting requirements. In the event of a complaint or if we reasonably believe that litigation could be involved in relation to our relationship with you, we may keep your personal data for a longer period of time.
When choosing a retention period for personal data, we consider the amount, nature, and sensitivity of the data, the potential for harm from unauthorised use or disclosure of your data, the purposes for which we process your data and whether they can be achieved through other means, and the applicable legal, regulatory, tax, accounting, or other requirements.
Our Event Platform may be used to process sensitive personal data with your prior consent.
The data includes details about your race or ethnicity, religious beliefs, sexual orientation, political beliefs, trade union membership, information about your health, and genetic information. We will not share sensitive personal data without your express written consent.
Depending on your situation, you can ask us to delete your data: see your legal rights below for more information.
It may be necessary to anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, whereupon we may use the information for indefinite periods of time without further notice.
9. Your legal rights
Under certain circumstances, you have rights relating to your personal data under data protection laws.
Whenever you wish, you can request access to your personal data (commonly referred to as a "data subject access request"). You can obtain a copy of the personal data we hold about you and confirm that it is lawfully processed.
If you believe that the information we hold about you is inaccurate, you are entitled to request the correction. By doing so, we will be able to correct any inaccuracies in the data we hold about you, although we may need to verify the accuracy of the new information you provide.
In addition, you can request that your personal data be deleted or removed if you successfully exercised your right to object to processing (see below), if we may have processed your information unlawfully, or if we must delete your data to comply with a local law. We may not always be able to grant your request for erasure due to specific legal reasons that will be explained to you, if necessary, at the time when you make your request.
You have the right to request the restriction of the processing of your personal data. You can request us to suspend the processing of your personal data in the following situations:
If you want us to verify the accuracy of the data.
You believe we are using your data unlawfully, but you do not want it to be erased.
Where you need us to hold the data even if we no longer need it since you need it to establish, exercise or defend legal claims.
Our use of your information has been objected to by you, but we need to verify if we have overriding legitimate grounds to do so.
You can request that your personal data be transferred to you or to a third party. We will provide your personal data to you, or a third party you choose, in a structured, commonly used, machine-readable format. You can exercise this right only if we used your automated information to perform a contract with you or if you initially consented to its use.
Where consent is required to process your personal information, you have the right to withdraw consent at any time. However, it will not affect the lawfulness of any processing conducted before you withdraw your consent. We may not be able to provide certain products or services to you if you withdraw your consent. If this is the case, we will notify you when you withdraw your consent.
Please contact us if you wish to exercise any of the above rights.
Usually no fee is charged
For accessing your personal information (or for exercising any other right), you will not have to pay a fee. We may, however, charge you a reasonable fee if your request is clearly unfounded, repetitive or excessive. As an alternative, we may turn you down in these cases.
What we might need from you
In order to verify your identity and ensure your right to access your personal data (or to exercise any other rights you may have), we may need you to provide specific information. The purpose of this security measure is to prevent personal data from being disclosed to anyone without permission. In order to speed up our response, we might also contact you to ask for more information about your request.
Within one month, we try to respond to all legitimate requests. We can sometimes take longer than a month to process your request if it is particularly complex or if you have made several requests. If this is the case, we will keep you updated.
Legitimate Interest means that our business is interested in operating and managing its business in a manner that will provide you with the best service/product and the most secure experience possible. Before we use your personal data for our legitimate interests, we consider and balance any potential impact on you (both positive and negative) and your rights. When your interests are overridden by the effect on you, we will not use your personal data (unless we have your consent or are otherwise required or permitted by law). Please contact us if you would like more information about how we assess our legitimate interests against any potential impact on you in connection with specific activities.
The term "performance of contract" means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps upon your request before entering into one. In the case of EventsX, this is the performance of our agreement with you to make the EventsX Event Platform and its services available to you. In any engagement you enter into with our third party partners, we are not involved in the processing of your Personal Data. If you enter into an agreement with any third party to provide you with services, we will always get your consent to transfer any Personal Data to that third party.
Comply with a legal obligation means processing personal data in order to fulfill a legal obligation to which we are subject.
External Third Parties means:
Service providers acting as processors. These providers do our IT and system administration services.
Providers of our cloud services (this can include AWS and Google).
Stripe – for the purposes of payment management.
Professional advisers acting as processors or joint controllers. These can include lawyers, bankers, auditors and insurers. These are all based in the United Kingdom and provide consultancy, banking, legal, insurance and accounting services.
Regulators and other authorities acting as processors or joint controllers. These are based in the United Kingdom and they require reporting of processing activities in certain circumstances.
Our third-party partners and affiliates who you engage with by using the EventsX Event Platform.