Connexion
Créez votre événement

Fonctionnalités

Découvrez la puissante plateforme d'Eventzilla

Alimentez votre prochaine conférence, formation ou expérience entièrement virtuelle.

Eventzilla est parfait pour:

  • Conférences et conventions
  • Événements en ligne / virtuels
  • Formations et cours
  • Collectes de fonds
Parlez à notre équipe commerciale

Solutions

Par type d’événement

Par industrie

Par format d’événement

E-BOOK

Planification et marketing des événements hybrides

Listes de vérification, stratégies, guide et plus encore

Obtenez un exemplaire gratuit
Connexion
Créez votre événement

Data Processing Addendum
for Processors & Sub-processors

This Data-Processing Addendum (“DPA”) governs the provision of any services rendered to Eventzilla Corporation and its affiliates (collectively “Eventzilla”) by you (“Vendor”) in your capacity as a Processor or Sub-Processor (the “Services”). By commencing or continuing the Services after the date of publication, Vendor acknowledges that it is bound by the terms of this DPA. If Vendor has executed a separate written agreement with Eventzilla that specifically references data-processing obligations, the terms of that agreement will prevail to the extent of any direct conflict with this DPA.

1. Definitions

Capitalised terms not defined in this document have the meanings given in the “UK GDPR” or “EU GDPR” (as applicable). Controller means the natural or legal person who determines the purposes and means of processing Personal Data. Processor means a person who processes Personal Data on behalf of the Controller. Sub-Processor means any party engaged by a Processor to process Personal Data. “Personal Data” and “Processing” take the meanings set out in Article 4 of the GDPR. 

2. Scope and Relationship of the Parties

For the limited and purely administrative Personal Data that Vendor will process in order to deliver the Services to Eventzilla, Eventzilla is the Controller, and Vendor acts as Processor (or, when Vendor engages further suppliers, as the entity responsible for its own Sub-Processors). Vendor shall process Personal Data strictly in accordance with documented instructions supplied by Eventzilla, including those contained in this DPA, any ordering document and the relevant Statement of Work. Vendor will not process Personal Data for its own purposes or for any other purpose except where required to comply with a legal obligation, in which case Vendor will give advance notice to Eventzilla unless the law prohibits such notice.

3. Vendor Obligations

Vendor shall (a) process Personal Data solely for the purpose of performing the Services; (b) implement and maintain appropriate technical and organisational measures designed to safeguard Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access; (c) ensure that any person acting under Vendor’s authority who has access to Personal Data is bound by enforceable confidentiality commitments; (d) not engage another Sub-Processor without meeting the requirements of Section 4 below; (e) cooperate with Eventzilla in responding to any Data-Subject request Eventzilla receives and in carrying out any data-protection impact assessment that Eventzilla is legally required to conduct; and (f) promptly inform Eventzilla if, in Vendor’s opinion, an instruction violates Data-Protection Laws.

4. Use of Sub-Processors

Vendor may engage Sub-Processors only with prior written authorisation from Eventzilla. Where authorisation is granted, Vendor shall enter into a written contract with the Sub-Processor that imposes data-protection obligations no less stringent than those set out in this DPA. If the Sub-Processor fails to fulfil its data-protection obligations, Vendor remains fully liable to Eventzilla for the performance of that Sub-Processor’s duties.

5. Security Measures

Vendor will implement controls that include, at a minimum, logical access management, encryption (where appropriate to the sensitivity of the Personal Data), system monitoring, vulnerability-management procedures, and business-continuity arrangements that reflect industry standards for the type of Services Vendor provides. Vendor will make available to Eventzilla—upon reasonable request—summaries of third-party audit reports or certifications (for example ISO 27001 or SOC 2) that demonstrate Vendor’s compliance with these obligations.

6. Personal-Data Breach

In the event Vendor becomes aware of a Personal-Data Breach affecting Eventzilla’s Personal Data, Vendor will notify Eventzilla without undue delay and will furnish sufficient information for Eventzilla to meet any breach-notification obligations owed to regulators or individuals. Vendor shall take reasonable steps to contain, investigate and mitigate the effects of the breach and will keep Eventzilla informed of progress.

7. International Transfers

If Vendor processes, or permits any Sub-Processor to process, Personal Data outside the European Economic Area, Switzerland or the United Kingdom, Vendor will ensure that such transfer complies with an approved transfer mechanism such as the Standard Contractual Clauses (Module 3, Processor→Sub-Processor) or the UK International Data-Transfer Addendum. Vendor shall, upon request, provide Eventzilla with evidence of the transfer mechanism employed.

8. Data-Subject Rights

Vendor shall, taking into account the nature of the Processing, provide reasonable assistance to Eventzilla to enable Eventzilla to respond to any request from a Data Subject to exercise rights under Data-Protection Laws (including rights of access, rectification, restriction, erasure, data portability and objection). Vendor shall not respond directly to such a request unless authorised to do so in writing by Eventzilla.

9. Return or Deletion of Data

Upon termination or expiry of the Services, Vendor shall, at Eventzilla’s choice, either return to Eventzilla or securely delete all Personal Data (including copies) processed on Eventzilla’s behalf, unless retention is required by applicable law. Vendor will confirm in writing when deletion has been completed.

10. Audit and Compliance

Vendor will make available all information reasonably necessary to demonstrate compliance with the obligations set out in this DPA and will allow for and contribute to audits conducted by Eventzilla or a third-party auditor mandated by Eventzilla, provided that such audits are (a) conducted during normal business hours, (b) subject to reasonable notice, and (c) bound by appropriate confidentiality undertakings.

11. Liability and Indemnity

Vendor shall indemnify and hold harmless Eventzilla from and against all reasonable costs and damages arising from a breach of this DPA or violation of Data-Protection Laws attributable to Vendor. The aggregate liability of either party under this DPA is limited to the amount set out in the governing service agreement or, if no such amount is specified, the fees paid by Eventzilla to Vendor in the twelve (12) months preceding the event giving rise to the liability. 

12. Governing Law

Unless the Standard Contractual Clauses require otherwise, this DPA is governed by the laws of the State of Ohio, USA, and the parties submit to the exclusive jurisdiction of its courts. Questions regarding this DPA should be directed to privacy@eventzilla.net.

Download Ultimate Guide to Planning and Marketing Hybrid Events

Download Ultimate Guide to Planning and Marketing Hybrid Events