GDPR ensures that any personal data collected, stored, or processed by organizations is handled with strict confidentiality and security. Personal data includes any information that can identify an individual, such as names, addresses, phone numbers, and even IP addresses.

• Organizations must obtain explicit consent from individuals before collecting or processing their data. The consent must be clear, specific, and easy to withdraw.

• GDPR gives individuals several rights over their personal data, including the right to access their data, the right to have their data corrected, the right to have their data deleted (known as the “right to be forgotten”), and the right to object to certain types of data processing.

In Eventbuizz, generally, when the attendee has accepted the event organizer’s GDPR policy from the registration site or event app, the attendee information will be visible to other attendees.

Each time an event is created in the event center the event organizer is responsible for which of the two following options for GDPR policies to be activated in settings.

1. Enable GDPR

When this option and policy is enabled, and the attendee has not accepted the event organizer’s GDPR policy, the attendee will only appear with “First Name” and “Last Name”.

2. Invisible GDPR

When this option and policy is enabled, and the attendee has not accepted the event organizer’s GDPR policy, the attendee will not appear with any information at all.

GDPR for event organizer

The information that is collected within the system and the information that the organizers can export will remain the same, although for export: Attendees, sub-registration results & orders, we have added a new field to indicate, if the attendee have accepted your GDPR regulations or not. The data that is collected, exported or distributed is the organizers responsibility at all time.

GDPR disclaimer management

The content of the GDPR disclaimer is maintained on each event and can be found in Setting -> GDPR -> GDPR disclaimer.

 

“Subject” field contain the header text and the “Inline text” field is the description you see after the checkbox that the attendee has to select on the registration site or in the app, to accept the GDPR. In the “Inline text” field between {detail_link} and {/detail_link} all text will contain the hyper link for the GDPR description.

The GDPR disclaimer is versioned and the system is keeping log of each version. The system is also logging which version of the GDPR the attendee has accepted.

A “GDPR policy link” link usually directs users to a page that outlines the policy of the event. You can integrate it in anywhere within the app or event.

GDPR activation

The GDPR needs to be activated on each event and can be found under Setting -> GDPR -> Settings.

Enable GDPR

This setting controls the module. When this setting is OFF, the user cannot turn on the GDPR setting from the general settings in the form. If this setting is ON, the user can change the GDPR setting from the form’s settings.

Form-based settings apply to individual forms, click here for details.   

Show GDPR on web app

Detailed explanation & impact:

The “Show GDPR on web app” setting is a new configuration in the GDPR module that controls the visibility of GDPR-related elements on the web app. This setting ensures that GDPR notices and compliance check boxes appear only when necessary, giving event organisers more control over how GDPR is displayed to users.

What does this setting do?

This setting decides if the GDPR popup and consent checkbox should be visible on the web app.

Default setting:  ON (GDPR elements will be shown by default).
Works only If: “Enable GDPR” is ON.

How does it work?

The visibility of GDPR elements depends on two settings: “Enable GDPR” and “Show GDPR on web app”.

Scenario 1: GDPR is disabled

• “Enable GDPR” = OFF → Everything is hidden.
• No GDPR popup appears.
• GDPR checkbox is not shown on the edit profile page.

Scenario 2: GDPR is enabled & show GDPR on web app = On (default)

• GDPR popup appears  after login when users visit the web app.
• GDPR checkbox is visible on the edit profile page.

When both “Enable GDPR”, and “Show GDPR on web app” settings are on then after login on web app GDPR popup will show.

Also on edit profile a consent check box of GDPR will show when both setting will enabled.

Scenario 3: GDPR is enabled & show GDPR on web app = Off

• GDPR popup does not appear after login on the web app.
• GDPR checkbox is hidden from the edit profile page.

Attendee invisible

When this option and policy is enabled, and the attendee has not accepted the event organizer’s GDPR policy, the attendee will not appear with any information at all, the functionality will be limited to display only. Please note the attendee will not be displayed/visible within the full app and it will not be possible to scan this attendee with the “Lead scanner app”.

If “Attendee invisible” feature is activated, then the attendees who have not accepted the GDPR, will have limited access to the features of the app. Their “First Name” and “Last Name” will appear in following modules:

• • Attendee
  • Chat
  • Survey
  • Polls
  • Q&A
  • Social Wall
  • Groups
  • Speaker list
  • Sponsor/Exhibitor will not be able to scan your name badges

GDPR required

When GDPR is required, it means that certain actions, such as agreeing to terms or providing consent for data processing, must be completed before you can proceed. In simple terms, it ensures that your personal data is protected according to strict rules, and you can’t move forward without acknowledging or accepting these terms on web app.

Attendee GDPR log

The organizer will have a full overview off when the attendee has accepted GDPR and when they made changes to it. The log can be found in Setting ->GDPR ->GDPR disclaimer              ->Attendee GDPR log.

GDPR – Delete data flow

Below is listed different types of data deletion options:

• Event deleted by the organizer
• Event attendees deleted by the organizer
• Event sub-registration results deleted by the organizer
• Event poll results deleted by the organizer
• Event survey deleted by the organizer
• We have automated DB backups midnight and we retain backups for 35 days

Event deleted by the organizer

Organizers who deletes an event, will always be “soft” deleted, meaning that Eventbuizz will be able to undo the deletion. After 30 days the system will automatically “hard” delete all data, meaning that Eventbuizz will not be able to undo the deletion.

Event attendees deleted by the organizer

Attendee deleted in the event by the organizer will be “soft” deleted and “hard” deleted after 30 days of the event end date. Please note “hard” deleted data cannot be restored at any time.

Event sub-registration results deleted by the organizer

Sub-registration results deleted in the event by the organizer will be “soft” deleted and “hard” deleted after 30 days of the event end date. Please note “hard” deleted data cannot be restored at any time.

Event poll results deleted by the organizer

Poll results deleted in the event by the organizer will be “soft” deleted and “hard” deleted after 30 days of the event end date. Please note “hard” deleted data cannot be restored at any time.

Event survey results deleted by the organizer

Survey results deleted in the event by the organizer will be “soft” deleted and “hard” deleted after 30 days of the event end date. Please note “hard” deleted data cannot be restored at any time.