Privacy Policy For Event Organizers
Privacy Policy for Event Organizers
1. Introduction
Welcome to EventNook, a cloud-based event management and registration platform operated by EVENTNOOK PTE. LTD. ("we," "our," or "us"). This Privacy Policy outlines how we handle the personal data you, as Event Organizers ("you" or "your"), collect, store, and manage through our platform. It also details your responsibilities in ensuring the security and privacy of the data you handle. In this context, EventNook acts as the Data Processor, while you, the Event Organizer, are the Data Controller. We are committed to ensuring that all data processing activities comply with Singapore’s Personal Data Protection Act (PDPA) and the European Union’s General Data Protection Regulation (GDPR), where applicable, ensuring that your registration data is managed with the highest standards of security and privacy.
2. Platform Role and Data Collection
As the Data Controller, you, the Event Organizer, determine the purposes and means of processing the personal data collected from your event attendees. EventNook, as the Data Processor, provides you with secure tools to collect, store, and manage this data. The types of data collected may include names, contact information, payment details, and other event-specific information. This data is securely stored on the EventNook platform and is accessible to you for event management purposes.
3. Your Responsibilities as a Data Controller
As the Data Controller, you are responsible for ensuring that the personal data you collect and manage through the EventNook platform is handled securely and in compliance with both the PDPA, GDPR (where applicable), and other relevant data protection laws. This includes, but is not limited to:
- Obtaining Consent: Ensuring that you have obtained the necessary consents from attendees for the collection, use, and disclosure of their personal data.
- Purpose Limitation: Using the data only for the purposes for which it was collected, in accordance with the PDPA’s and GDPR’s purpose limitation obligations.
- Data Protection: Implementing appropriate measures to protect the data from unauthorized access, disclosure, or misuse.
- Data Accuracy: Ensuring that the personal data is accurate and complete, particularly when it is used to make decisions that affect individuals.
- Responding to Data Requests: Handling attendee data responsibly, including updating information, processing deletions, managing cancellations, and responding to any data access, correction, or deletion requests from attendees as required by the PDPA and GDPR.
4. Event Partners and Data Collection
There may be instances where you, as the Event Organizer, allow your event partners, such as Exhibitors or Sponsors, to collect attendee data. For example, exhibitors may use the EventNook Exhibitor Scan (Lead Retrieval app) to collect leads or contacts from attendees who are interested in their booth. In such cases, it is your responsibility as the Data Controller to ensure that proper consent has been obtained from attendees for their data to be collected and used by these partners. EventNook, as the Data Processor, has no control over how your event partners handle the data once it is collected.
5. Sharing Attendee Data with Suppliers and Event Coordinators
As the Data Controller, you may choose to allow access to your attendee data by other suppliers, event coordinators, or team members to assist in event operations. When doing so, it is crucial that you:
- Limit Access: Restrict access to only those who need it to perform their roles.
- Implement Security Measures: Implement measures to minimize the risk of data breaches, such as requiring individual login credentials and enabling Two-Factor Authentication (2FA).
- Monitor Data Access: Continuously monitor who has access to the data and ensure their activities comply with your privacy obligations.
It is your responsibility to ensure that these third parties handle the data securely and in accordance with applicable privacy laws, such as the PDPA (for Singapore-based entities and attendees), GDPR (for entities operating in the EU or handling the data of EU citizens), and any other relevant data protection regulations.
6. Data Export and Transfer
EventNook allows you, as the Data Controller, to export attendee data or transfer it to external systems (e.g., CRM, marketing platforms) as needed for your event operations. However, once you export or transfer data out of the EventNook platform, EventNook, as the Data Processor, no longer has control over the security or privacy of that data. After it leaves our platform, it becomes your responsibility to ensure that the data is handled securely and in compliance with the PDPA, GDPR, and other relevant privacy regulations.
7. Cross-Border Data Transfers
If you are based in the European Union or process data of EU citizens, any transfer of personal data outside the EU must comply with GDPR’s cross-border data transfer requirements. EventNook ensures that any data transferred outside Singapore or the EU is done so in compliance with applicable data protection regulations, including ensuring that the receiving country provides an adequate level of data protection or implementing appropriate safeguards such as Standard Contractual Clauses (SCCs).
8. Data Management and Purging
You, as the Data Controller, have full control over the data you collect and manage through the EventNook platform. If you need to update, delete, or cancel attendee information, it is your responsibility to process these changes. EventNook provides the necessary tools to facilitate these actions, but the responsibility for executing and managing these changes lies with you.
Additionally, if you wish to purge your event and attendee data from the EventNook platform, you can request this at any time. As the platform provider and Data Processor, we will support you by securely deleting all relevant data from our systems in compliance with the PDPA and GDPR.
9. Communication and Consent Management
As the Data Controller, you have the ability to send communications to your participants through the EventNook platform. These communications may include:
- Invitation Emails
- Ticket Delivery
- Confirmation Emails
- Reminder Emails
- Event Updates and Engagements
- Post-Event Engagement Emails
You are responsible for managing the consent of your attendees regarding these communications. You must ensure that emails and other forms of communication are sent in accordance with the consent provided by your attendees, in compliance with both the PDPA and GDPR. You are also responsible for managing and updating consent preferences as per your attendees' requests.
10. EventNook’s Use of Attendee Data
As the Data Processor, EventNook does not use your attendee data for its own marketing purposes. Our access to attendee data is strictly limited to providing the following services:
- Customer service and support
- Technical support and troubleshooting
- Platform usage reports for service subscription billing and payment matters
- Analysis for improving product and customer experience
EventNook is committed to maintaining the privacy and security of your attendee data, using it solely for the purposes mentioned above, and ensuring compliance with the PDPA and GDPR.
11. Data Security on EventNook
EventNook is committed to protecting the data stored on our platform through robust security measures that fully comply with the PDPA and GDPR. These measures include:
- Encryption: Data is encrypted during transmission and at rest to prevent unauthorized access.
- Access Controls: Access to data is restricted to authorized personnel based on their job roles.
- Security Audits: Regular audits and assessments are conducted to identify and mitigate potential vulnerabilities.
- Incident Response: We have a plan in place to quickly address any security breaches or data incidents.
- Two-Factor Authentication (2FA): We strongly recommend that Event Organizers enable Two-Factor Authentication (2FA) on their accounts. 2FA adds an additional layer of security by requiring a second form of verification when accessing your account, significantly reducing the risk of unauthorized access.
- Individual Login Credentials: To maintain the security of your event data, we recommend that each event coordinator or team member create their own individual login credentials rather than sharing a single login access. This practice ensures accountability and further protects against unauthorized access to sensitive data.
While we take extensive measures to protect data within our platform, your role in maintaining data security is equally critical, especially once data is exported or transferred.
12. Third-Party Integrations
As the Data Controller, you may choose to integrate EventNook with third-party platforms for additional services, such as marketing automation or data analytics. If you do so, you must ensure that any data shared with these third parties is managed in accordance with your privacy obligations and that the third parties provide comparable levels of data protection as required under the PDPA and GDPR. EventNook, as the Data Processor, is not responsible for the data practices of third-party platforms once data is transferred.
13. Compliance with Privacy Laws
EventNook is committed to compliance with the PDPA, GDPR, and other applicable data protection laws. As the Data Controller, you are responsible for ensuring that your collection, storage, and use of personal data comply with all applicable privacy laws and regulations. This includes:
- Transparency: Providing clear and transparent information to attendees about how their data will be used.
- Consent Management: Obtaining and documenting consent where required.
- Data Subject Rights: Responding to requests from attendees to access, correct, or delete their personal data in accordance with the PDPA, GDPR, and other relevant laws.
14. Indemnity
By using the EventNook platform, you agree to indemnify and hold EVENTNOOK PTE. LTD., its affiliates, officers, agents, and employees harmless from any claims, actions, liabilities, damages, losses, or demands, including without limitation reasonable legal and accounting fees, arising out of or in connection with:
- Your use of the platform
- Your breach of this Privacy Policy
- Your violation of any applicable laws or the rights of any third party
- Any issues resulting from improper data handling, unauthorized data sharing, or failure to obtain necessary consent from your attendees
- Any involvement in spam-related activities or the distribution of inappropriate content.
This indemnity protects EVENTNOOK PTE. LTD. from any loss, damage, liability, or claims resulting from your actions, omissions, or misuse of the platform. It ensures that EventNook is safeguarded against any consequences arising from your failure to comply with the platform’s terms or improper use.
15. Account Termination
As a user of the EventNook platform, you are responsible for ensuring that your activities are lawful and appropriate. EVENTNOOK PTE. LTD. reserves the right to terminate your account without notice if you engage in any activities that violate these terms, including but not limited to:
- Engaging in illegal activities, such as fraud, theft, or any violation of local, national, or international laws
- Sending spam or unsolicited communications
- Distributing or promoting inappropriate, obscene, or offensive content, including but not limited to materials that are defamatory, discriminatory, or incite hatred or violence
- Engaging in activities that promote or incite violence, hatred, or bigotry, including but not limited to content that targets individuals or groups based on race, religion, gender, sexual orientation, or other protected characteristics
- Abusing the platform or attendee data, including unauthorized access, data scraping, or any other misuse of data
- Infringing on the intellectual property rights of others, including the unauthorized use or distribution of copyrighted materials, trademarks, or proprietary information
- Misrepresenting your identity or affiliation or engaging in any fraudulent or deceptive practices.
EventNook takes these violations seriously, and we reserve the right to take immediate action, including the termination of your account and access to the platform if you breach any of these standards. Termination may occur without prior notice, and EventNook will not be liable for any consequences or losses resulting from such termination.
16. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any significant changes by posting the updated policy on our website and, if necessary, by obtaining your consent for certain changes.
17. Contact Us
If you have any questions or concerns about this Privacy Policy or how your personal data is handled on the EventNook platform, please contact us at:
EVENTNOOK PTE. LTD.
Email: dpo@eventnook.com