GDPR and Data Privacy
At EventReception, we are fully compliant with the EU General Data Protection Regulation (GDPR), which took effect on May 25, 2018, replacing Directive 95/46/EC. This section provides a clear overview of the essential concepts of GDPR and how they relate to the use of our solutions.
The information provided here is for informational purposes only and should not replace professional legal advice. If you’re unsure about how GDPR affects your operations, we encourage you to consult a qualified legal advisor.
Understanding GDPR Roles
GDPR distinguishes between key roles in handling personal data:
- Data Controllers: Entities or individuals who determine the purposes and means of processing personal data. They must comply with GDPR and ensure that any processors or sub-processors they engage also meet the law’s requirements.
- Data Processors: Entities who process personal data on behalf of data controllers. They are responsible for implementing safeguards to protect the data and must comply with GDPR obligations relevant to processors.
- Sub-Processors: Entities engaged by data processors to assist in processing personal data on behalf of the data controller. They carry the same responsibilities and obligations as data processors.
EventReception's Role and Compliance
In the context of GDPR, EventReception may act as a Data Processor, a Sub-Processor, or a Data Controller, depending on the relationship with the user:
- When corporate clients use our solutions, EventReception acts as a Data Processor.
- When corporate clients engage another company (eg. an event planner) who uses our solutions, EventReception acts as a Sub-Processor.
- When individual users (e.g., couples) use our solutions directly, EventReception acts as a Data Controller.
EventReception is committed to meeting its GDPR obligations, including:
- Ensuring confidentiality agreements are in place for staff handling personal data.
- Implementing robust technical and organizational security measures to protect data at all times.
- Responding promptly to requests for data deletion, updates, or access.
- Notifying users of any data breaches within the GDPR’s required timeframes.
- Demonstrating full compliance with GDPR through regular reviews and audits.
For more detailed information, including cases where EventReception acts as the Data Controller (e.g., when individuals from the EU use our solutions directly), please refer to our detailed Privacy Policy.
Examples of GDPR Roles in Practice
To illustrate how these roles apply, let's consider three examples:
-
Example 1:
A Company Uses EventReception's Solutions to Invite Attendees to a Conference
- Data Controller: The Company
- Data Processor: EventReception
Explanation: The company determines the purposes and means of processing personal data (e.g., collecting attendee information for the conference). EventReception processes this data on behalf of the company, making us the Data Processor.
-
Example 2:
A Company Engages a Planner Who Uses EventReception's Solutions for an Employee Event
- Data Controller: The Company
- Data Processor: The Planner
- Sub-Processor: EventReception
Explanation: The company decides to hold the event and collect employee data, making it the Data Controller. The planner processes this data on behalf of the company, acting as the Data Processor. EventReception provides services to the planner, thus acting as a Sub-Processor.
-
Example 3:
A Couple Uses EventReception's Solutions Directly for Their Wedding
- Data Controller: EventReception
- Exempt Party: The Couple (not subject to GDPR obligations)
Explanation: The couple is exempt from GDPR obligations under the household exemption provided by Article 2(2)(c) and Recital 18, as they are natural persons processing personal data for a purely personal or household activity. In this case, EventReception acts as the Data Controller, determining the purposes and means of processing personal data within our platform.
Responsibilities of EventReception Users
For Corporate Users
To ensure compliance, our corporate users must:
- Collect and process personal data from EU citizens in compliance with GDPR by ensuring they have a valid lawful basis—such as consent, contract necessity, legal obligation, vital interests, public task, or legitimate interests.
- Adhere to GDPR rules and other relevant privacy laws.
- Accept EventReception's role as a Data Processor or Sub-Processor.
- Establish Data Processing Agreements (DPAs) with EventReception when required.
For Individual Users (EU Citizens)
When individual users from EU, such as couples planning personal events, use our solutions directly, they should:
- Use our solutions in accordance with our Terms of Service and Privacy Policy.
- Handle personal data responsibly and ethically, respecting the privacy of others.
- Acknowledge that while they are generally exempt from GDPR obligations under the household exemption when processing personal data for purely personal or household activities, EventReception acts as the Data Controller under GDPR and will process personal data in compliance with GDPR requirements.
Note: Even though individual users are exempt under GDPR, we encourage them to inform their guests about the processing of their personal data when possible, respecting their privacy and preferences.
Moving Forward Together
By understanding these roles and responsibilities, both corporate and individual users can work effectively with EventReception while ensuring compliance with GDPR. We are committed to protecting personal data and supporting our users in meeting their data protection obligations.