The General Data Protection Regulation (GDPR)

GDPR is Europe's data privacy and security law that was put into effect on May 25, 2018.
It imposes obligations on organizations worldwide, if they target or collect data related to people in the EU.

This document is intended to convey general information for event organizers who need to have a general understading on GDPR. Please read the Disclaimer.
For accurate information check for the official GDPR publications. See the General data protection regulation

GDPR terms

Personal data
Personal data is information that relates to an individual who can be directly or indirectly identified. Names, email, social ID number, passport numbers are considered personal data. Location information, ethnicity, gender, biometric data, religious beliefs and political opinions can also be personal data
Data processing
Any action, automated or manual performed on the data. For example storing, creating backups, editing, searching, publishing, using or deleting.
Data subject
If you are an event participant this is you.
Data controller
The organization or person who decides why and how personal data will be processed. If you use the Eventact platform as an event organizer. This is you.
Data processor
A third party that processes personal data on behalf of a Data Controller. Eventact is a Data processor on behalf of the event organizer.
DPO - Data Protection Officer
DPO is a role given to a person incharge of compliance with GDPR by Data Controller.
An existing employee can designated as the DPO, or a DPO could be hired externally.

GDPR principles

Data processing has to be done according to seven protection and accountability principles

Lawfulness, fairness and transparency
Data must be proceesed in lawfully, fairly and in a transparent manner in relation to the data subject
Purpose limitation
Process data for the specified, explicit declared purposes you collected it
Data minimisation
Limit data processing to what is necessary in relation to the purpose
Take reasonable steps to keep data up to date and deleted without delay
Storage limitation
Do not keep data longer than what is necessary
Integrity and confidentiality
Ensures appropriate security and protection against unauthorised or unlawful processing and accidental loss
The data controller is responsible compliance with GDPR terms and has to be able to demonstrate it

See GDPR Article 5.1-2

GDPR, Eventact and the event organizer

Eventact is an online event managementplatform for event organizers. Eventact applications, websites and online service ( the "system" or "eventact platform") allow our customers, event organizers (hereinafter: the "organizers") to create event websites, registration forms and various other forms, build event applications, build social communities around events, collect paymnets , promote events, invite and register potenital event guests, check-in event guests, send e-mail, SMS and push messages to event participants and potential event participants (hereinafter: "participants")

The the event organizer as a Data Controller is resposible for GDPR compliance. Eventact, As a Data Processor can assist event organizers to comply with GDPR by providing tools and applications that enable secure data managment, enable participants to perform actions that are required by GDPR, provide avidence for cocent. ways to publish

Eventact use of personal information collected using the system is limited to provid the service for the organizers, to improve our services and products or as required or permitted by law. The organizers decide what information to collect from participants and how to use the information collected. As a participants (event guests or potential event guests) your data is controled by the event organizer who can manage, update, delete and use the data or transfer the data according to his Privacy Policy.

Information collected when using Eventact platform or our websites

When using Eventact event applications, event websites or browsing our website, information may be collected about the way you access , use and interact with features in the system, the device users use, the location of the computer through which users accessed the system , its IP address and more (hereinafter: the "Information"). EventAct may store the information in its servers.

Eventact use of data

Eventact use of participant data, as well as the data organizers provide during the process of adding potential participants to the system , will be done according to the Eventact privacy policy or in accordance with the provisions of any law - for the following purposes:


This document is intended to convey general information only, and should only be used as a starting point in your understanding of issues relating to events and GDPR. This is not intended as legal advice, nor is it meant to convey legal facts or opinions. The contents of this document should not be relied upon in any particular situation, and the information presented here is not guaranteed to be correct, complete or up-to-date. No action should be taken in reliance on the information found here, and Eventact disclaims all liability with respect to any acts or omissions based on the contents of this document. You should consult a licensed attorney or regulatory expert to discuss your specific legal, compliance and GDPR-related issues.

Changes to our Privacy Policy

Eventact may change this policy from time to time. We will post those changes on this page. You should check back here periodically to see if the policy has been updated. We show the date of the latest modification of the Privacy Policy at the top of the page so you can tell when it was last revised.