This is an overview of EventBuilder's role in processing Personally Identifiable Information (PII) and our customer's role in managing Personally Identifiable Information.
We take the privacy and security of your data seriously and are ISO/IEC 27701 Certified. As such, we have internal procedures and processes in place for maintaining compliance with applicable laws regarding data processing and security protocols.
Definitions
ISO/IEC 27701 Certification - A Privacy Information Management System standard published in August 2019 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
GDPR - General Data Protection Regulation. Enacted in 2018, the GDPR strengthens security protection of personal data in the European Union.
CCPA - California Consumer Privacy Act. A state statute giving consumers more control over the personal information businesses collect about them.
PII - Personally Identifiable Information - PII is information that identifies, relates to, describes, references or is capable of being associated with, or could be reasonably linked - directly or indirectly - with a particular individual consumer or device. Examples include name, address, date of birth, race, citizenship, employment status, non-public education information protected under the Family Educational Rights and Privacy Act, and product purchase histories.
PII Controller - The PII controller is the entity that determines the purpose and means for processing PII, define why and how PII is processed, and is responsible for the implementation of privacy and security protocols to meet applicable legal standards.
PII Processor - The PII processor then processes PII on behalf of and in accordance with the instructions and privacy controls set by the PII controller.
EventBuilder As a PII Processor
EventBuilder is a processor of your PII. This role is determined by both internal and external factors relevant to context and intended outcomes under ISO/IEC 27701 framework. Internal factors include EventBuilder's commercial purpose and contractual obligations to customers. External factors include legal and regulatory requirements that apply to our commercial activities, meeting the standards of the GDPR, CCPA, and any federal and state consumer privacy laws.
Our Customer's Responsibilities as a PII Controller
Our customers are the controller of PII. As such, they are responsible for collecting personal information, determining what to collect, changing or modifying collected information, how the PII will be used, and for what purpose. The PII controller also decides how long the data is kept, and when to dispose of it.
Consumer Privacy Rights and Privacy Record Requests
If you are an account holder or portal owner and receive an email from EventBuilder indicating we have received a Consumer Privacy Request from someone associated with your portal:
1. Please respond in a timely manner to indicate whether we should proceed in the fulfillment of the request. If a response is not received, we will send two additional notifications. In the event that we do not receive a response to the third notification, we will proceed to fulfill the request, as we are legally responsible to do so. Here is an example of what the emails might look like:
Hi Tall Green Tree team,
This is to notify you that on May 10, 2021 EventBuilder received a Consumer Privacy Request from a Consumer whose data resides on the Tall Green Tree Portal on the EventBuilder software. As a Data Processor, EventBuilder is to promptly notify the Tall Green Tree team as the controller, when we receive a Consumer Privacy Request. We do not have any service providers that maintain the consumer’s personal information. EventBuilder will cooperate with and assist in your efforts to fulfill this request as required by applicable law. Please respond within 5 business days to confirm that we should proceed in the fulfillment of this request.
The Consumer Privacy Request information is here (document will be securely linked). Please note that we will maintain a record of this request, but the linked file will be permanently deleted 10 business days from today.
This notification is governed by EventBuilder’s Privacy Notice available at https://www.eventbuilder.rocks/legal-and-security. If you have questions regarding your privacy or would like additional information, please contact us at: privacy@eventbuilder.com
Have a great day!
2. If directed to proceed, we will fulfill the Consumer Privacy Request.
3. Unless otherwise directed, EventBuilder will notify the requester upon completion of the request.
To learn more about consumer privacy rights and procedures for submitting a consumer privacy records request: