• The information we collect and why we collect it;
• How we use that information;
• How we share information; and
• The choices we offer.
1. Personal Data
When you use or interact with us through the Service, we collect certain personal information about you or the device you are using in order to access the platform (“Personal Data”). Sometimes this will be on our own behalf and other times this will be on behalf of an Organizer (as defined below) using our Service to organize an event. Users must consent to us collecting their Personal Data before accessing the Service.
1.1 All Users
For all Users, we gather Personal Data when you voluntarily give such data to the Service, for example, when you sign up to use the Service, send an enquiry, access a resource provided by us or interact with the Service in any other way. The Personal Data we may gather includes, but is not limited to, your name, address, email address and other data that empowers Users to be distinguished.
We may track Users by storing a unique identifier (or short UUID) for analytics purposes or for storing Users' preferences. We may also automatically collect certain Personal Data when Users visit the Service, including site analytics, Users' IP addresses, site usage data, browser name, the type of computer and technical information about Users means of connection to our Service, such as the operating system and the internet service providers utilized and other similar information.
When you register for the Service or otherwise submit Personal Data to us, we may associate other non-Personal Data (including non-Personal Data we collect from third parties) with your Personal Data. Such non-Personal Data shall include any data which falls outside of that specifically designated as Personal Data. At such instance, we will treat any such combined data as your Personal Data until such time as it can no longer be associated with you or used to identify you.
If you join a community for a specific event using our mobile application (each an “Event Community”), we will collect information you submit to the Event Community. This may include content you post or message to others. We will also collect analytics about how you use the Event Community.
If you create or contribute to an Event Community, we will collect information you submit, including event related information, and messages you send.
Organizers can set up event registration pages to collect virtually any data from Consumers in connection with registration for an Organizer's event listed on the Service. Eventzilla does not control an Organizer's registration process nor the Personal Data that they collect. Organizers may also import Personal Data about external contacts into the Service and then use the Service to send invitation emails to their events. Eventzilla does not vet or verify the Personal Data imported and maintained by Organizers using the Service. See Section 5 for details about how Personal Data collected on behalf of Organizers is provided to the Organizer of the applicable event.
We may also collect or receive Personal Data from third-party sources, such as Organizers, other Consumers, social media or other third-party integrations, our payment processing partners or other third parties.
If you have queries or concerns about the personal information being collected or used by an Organizer on an event page, you may contact them directly using the “Contact Organizer” link provided on the event page. If you are not satisfied with the outcome, you may escalate your concerns with us at firstname.lastname@example.org.
2. Web browser cookies and similar mechanisms
3. How We Use Your Personal Data
(a) - Eventzilla collects and uses Users' Personal Data and other information for the following purposes:
i. - To register for a User account, including as a Seller (as defined in the Terms of Service).
ii. - To personalize User experience. We may use Personal Data in the aggregate to understand how our Users as a group use the services and resources provided on our Service.
iii. - To improve our Service. We continually strive to improve our website offerings based on the Personal Data and feedback we receive from you. When you access the Service or open one of our HTML emails, we may automatically record certain information from your system by using cookies and other types of tracking technologies. This automatically collected information may include Internet Protocol address (IP Address), a unique User ID, device type, device identifiers, browser types and language, referring and exit pages, Platform type, version of software installed, system type, the content and pages that you access on the Service, the number of clicks, the amount of time spent on pages, the dates and times that you visit the Service, and other similar information. Depending on the law of your country of residence, your IP address may legally be considered Personal Data.
iv. - To process transactions, including ticket purchases. We may use the Personal Data Users provide about themselves when placing an order only to provide Service to that order. We do not share this information with outside parties except to the extent necessary to provide the Service.
v. - To maintain marketing communications, Where it is in accordance with your marketing preferences, we may use your Personal Data to contact you in the future for our marketing and advertising purposes, including without limitation, to inform you about Services or events we believe might be of interest to you, to develop promotional or marketing materials and provide those materials to you, and to display content and advertising on or off the Service that we believe might be of interest to you.
vi. - To facilitate Organizer communications - We allow Organizers to use our email tools to contact Consumers for their current and past events, so you may receive emails from our system that originate with such Organizers and that we send on their behalf. If you registered for an event on the Service, your email address is available to that Organizer. However, Organizers may also import the email addresses they have from external sources and send communications through the Service to those email addresses, and we will deliver those communications to those email addresses on the Organizer's behalf. The Organizer and not Eventzilla is responsible for sending these emails. We will also share Community Event analytics about you with Organizers. This helps Organizers understand interest in their events.
vii. - To provide support. We may use your Personal Data when providing you with customer or technical support.
4. How We Protect Your Personal Data
(a) - We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your Personal Data, username, password, transaction information and data, including Personal Data, stored on our Service.
(b) - Sensitive and private data exchange between the Service and its Users happens over industry standard Secure Sockets Layer (SSL) encryption technology.
(c) - Please note that while we endeavor to protect your Personal Data, we cannot guarantee the security or privacy of your Personal Data. You agree to transmit your Personal Data solely at your own risk.
(d) - We shall investigate and report data breaches within 72 hours of becoming aware of such breach. When a breach of Personal Data is likely to result in a high risk to the rights and freedoms of individuals then the Company, as Data Controller (as defined below), will notify the affected individuals without undue delay.
5. How We Disclose and/or Share Your Personal Data
We do not sell, trade, or rent Users' Personal Data to others except as provided for herein:
(a) - We may use third-party service providers to help us operate our business and the Service or administer activities on our behalf, such as sending out newsletters or surveys. We may share your Personal Data with these third parties for those limited purposes.
(b) - We may share Personal Data with our software developers, system integrators, and payment processors, subject to our safeguards and protective measures.
(d) - We may disclose Personal Data if required by law or when we deem it necessary in an emergency situation.
(e) - We may disclose Personal Data to assist us in settling a dispute or to address allegations of fraud.
6. How You Can Access, Update or Delete Your Personal Data
You can request access to some of your Personal Data being stored by us. You can also ask us to correct, update or delete any inaccurate Personal Data that we process about them.
If you are a registered Organizer, you can exercise these rights by logging in and visiting the My profile page under your account settings. If you are (a) a Consumer, (b) attending an event for which you are registered through the Service, and (c) have registered for the self-service portal for attendees, some of your Personal Data may be available to be editable depending on whether or not the Organizer of the event allows it. If not, you can contact the Organizer of the event directly to exercise these rights.
If a Consumer initiates a data deletion request, Eventzilla is authorized to delete or anonymize Personal Data of the requesting Consumer from the Service even if that means removing its availability to the Organizer through the Service. However, if you are a Consumer, you understand that even if Eventzilla deletes or anonymizes your Personal Data upon your request or pursuant to this Policy, your Personal Data may still be available in the Organizer's own databases if transmitted to the Organizer prior to Eventzilla receiving or taking action on any deletion or anonymization activity.
Both registered and unregistered Users may also exercise these rights by contacting us directly by writing to us at 545 Metro Place South, One Metro Place, Suite 100, Dublin, OH 43017 or emailing us at: email@example.com. We will consider and respond to all requests in accordance with applicable law.
7. How Long We Retain Your Personal Data
We may retain your Personal Data as long as you are registered to use the Service. You may close your account by contacting us. However, we may retain Personal Data for an additional period as is permitted or required under applicable laws. Even if we delete your Personal Data it may persist on backup or archival media for an additional period of time for legal, tax or regulatory reasons or for legitimate and lawful business purposes.
8. Third-Party Websites and Content
(a) - Users may find content posted by other Users, advertising, or other content on our Service that link to the sites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties (collectively, “Third-Party Content”). We do not control the content or Third-Party Content links that appear on these sites and are not responsible for the practices employed by websites linked to or from our Service or content posted by other Users. In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website or Third-Party Content, including websites which have a link to our Service, is subject to that website's own terms and policies.
(b) - Users, including event Organizers, may post Third-Party Content on the Service. Eventzilla takes measures to delete Third-Party Content, including that posted by Sellers, that is found to be incorrect, fraudulent, or spam. Users may notify us if they believe Third-Party Content should be removed for violating the Terms of Service. However, we cannot monitor all Third-Party Content and are under no obligation to remove any Third-Party Content. You agree to access Third-Party Content, including event listings, solely at your own risk.
9. The EU General Data Protection Regulation (GDPR)
In May 2018, a new data privacy law known as the EU General Data Protection Regulation (or the "GDPR") became effective for citizens of the EEA, Switzerland and England.
The GDPR requires Eventzilla and Organizers using the Service to provide Users with more information about the processing of their Personal Data. Here is what you need to know:
(a) - The GDPR requires us to tell you about the legal ground we're relying on to process any Personal Data about you. The legal grounds for us processing your Personal Data for the purposes set out in Section 1 above will typically be because:
• you provided your consent;
• it is necessary for our contractual relationship;
• the processing is necessary for us to comply with our legal or regulatory obligations; and/or
• the processing is in our legitimate interest as an event organizing and ticketing Platform (for example, to protect the security and integrity of our systems and to provide you with customer service, etc.).
(b) - Personal Data retention
We retain your Personal Data for as long as necessary to provide you with our Services, or for other important purposes such as complying with legal obligations, resolving disputes, and enforcing our agreements.
If you have an account with us, we will typically retain your Personal Data for a period of 90 days after you have requested that your account is closed or if it's been inactive for 7 years.
(c) - Your rights
Data protection law provides you with rights in respect of Personal Data that we hold about you, including the right to request a copy of the Personal Data, request that we rectify, restrict or delete your Personal Data and unsubscribe from marketing communications.
For the most part, you can you can exercise these rights by logging in and visiting the My Profile page under your account settings or through the Self-Service portal for attendees, changing the "cookie settings" in your browser. You can also request a copy of your data as set forth in Section 11. Please note that requests to exercise data protection rights will be assessed by us on a case-by-case basis. There may be circumstances where we are not legally required to comply with your request because of the laws in your jurisdiction or because of exemptions provided for in data protection legislation.
(d) - Eventzilla as a Data Controller and a Data Processor
EU data protection law makes a distinction between organizations that process Personal Data for their own purposes (known as "Data Controllers") and organizations that process Personal Data on behalf of other organizations (known as "Data Processors"). If you have a question or complaint about how your Personal Data is handled, these should always be directed to the relevant Data Controller since they are the ones with primary responsibility for your Personal Data.
Eventzilla may act as either a Data Controller or a Data Processor in respect of your Personal Data, depending on the circumstances.
For example, if you create an account with us to organize your events, Eventzilla will be a Data Controller in respect of the Personal Data that you provide as part of your account.
Similarly, if you are a Consumer who registered to attend an event though the Service and also explicitly registered to Eventzilla Attendees Mobile App, which is the app designated for attendees of events, or the Self Service Portal for attendees, which is where attendees can access the Services to take certain actions without assistance by Eventzilla, then Eventzilla will be a Data Controller in respect of the Personal Data that you provide as part of your account.
However, if you register for an event as a Consumer, we will process your Personal Data to help administer that event on behalf of the Organizer (for example, sending confirmation, promotional and feedback emails, processing payments, etc.) and to help the Organizer target, and understand the success of, their event and event planning (for example, providing event reports, using analytics to gain insights into the effectiveness of various sales channels, etc.). In these circumstances, Eventzilla merely provides the "tools" for Organizers; Eventzilla does not decide what Personal Data to request on registration forms, nor is it responsible for the continued accuracy any Personal Data provided. Any questions that you may have relating to your Personal Data and your rights under data protection law should therefore be directed to the Organizer as the Data Controller, not to Eventzilla.
10. California Privacy Rights
For Residents of California - California Consumer Privacy Act (CCPA)
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section provides additional details about the personal information we collect about California consumers and the rights afforded to them under the California Consumer Privacy Act or “CCPA.”
Subject to certain limitations, the CCPA provides California consumers the right to request to know more details about the categories or specific pieces of personal information we collect (including how we use and disclose this information), to delete their personal information, to opt out of any “sales” that may be occurring, and to not be discriminated against for exercising these rights.
California residents may make requests to obtain certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please send an email to firstname.lastname@example.org. Your request will be responded to within 45 days. Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. Government identification may be required to verify any requests received.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We only use personal Information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.
For more details about the personal information we have collected over the last 12 months, please see section 1 regarding the types of information collected by us. We collect this information for the business and commercial purposes that are described in section 3. We share this information with the types of third parties as described in section 5. We do not sell the personal information we collect and will not sell it without providing users right to opt out. Please note that we do use third-party cookies for our advertising purposes, which is further described in section 2.
11. Information correction
If you believe that the information we’ve collected on you is incorrect, you are encouraged to contact us to update it. Any data that is no longer needed for the purposes specified in this Policy will be deleted. You may request to have your data updated or deleted at any point by emailing us at email@example.com.
12. The rights of Users
Users have the right, at any time, to know whether their Personal Data has been store and can consult the Data Controller to learn about their contents and origin, to verify their accuracy or to ask for them to be supplemented, cancelled, updated or corrected, or for their transformation into anonymous format or to block any data held in violation of the law, as well as to oppose their treatment for any and all legitimate reasons. Requests should be sent by email to firstname.lastname@example.org.
14.1. Personal Data Provided to Others
14.2. Third-Party Links
15. Children - Children's Online Privacy Protection Act
16. Storage and Processing
If you are using our Services from outside the United States, please be aware that you are sending information (including Personal Data) to the United States where our servers are located. Eventzilla may transfer information that we collect about you, including personal information, to affiliate entities, or to other third parties across borders and from your country or jurisdiction to other countries or jurisdictions around the world. If you are located in the European Union or other regions with laws governing data collection and use that may differ from United States law, please note that we will not transfer information, including personal information, to a country and jurisdiction that does not have the same data protection laws as your jurisdiction.
17. Governing Law
18. Contacting us
Notice to European Users: this privacy statement has been prepared in fulfilment of the obligations under Art. 10 of EC Directive n. 95/46/EC, and under the provisions of Directive 2002/58/EC, as revised by Directive 2009/136/EC, on the subject of Cookies.