General Data Protection Regulation (GDPR)

Overview

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all organizations operating within the EU and to organizations outside the EU that offer goods or services to individuals in the EU or monitor the behavior of EU data subjects.

At EventBit, we take data protection seriously and have implemented robust measures to ensure compliance with GDPR requirements. This page outlines our approach to GDPR compliance and your rights under this regulation.

Key GDPR Principles We Follow

• Lawfulness, fairness, and transparency: We process personal data lawfully, fairly, and in a transparent manner.
• Purpose limitation: We collect personal data for specified, explicit, and legitimate purposes.
• Data minimization: We limit personal data collection to what is necessary for the purposes for which it is processed.
• Accuracy: We take reasonable steps to ensure personal data is accurate and kept up to date.
• Storage limitation: We keep personal data in a form that permits identification of data subjects for no longer than necessary.
• Integrity and confidentiality: We process personal data in a manner that ensures appropriate security.
• Accountability: We are responsible for and can demonstrate compliance with GDPR principles.

Your Rights Under GDPR

Under GDPR, you have several important rights. These include:

How We Process Your Data

We process your personal data only when we have a lawful basis to do so. This may include:

• Consent: You have given clear consent for us to process your personal data for a specific purpose.
• Contract: The processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
• Legal obligation: The processing is necessary for us to comply with the law.
• Legitimate interests: The processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests.

Data Protection Measures

We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data
• Ability to ensure ongoing confidentiality, integrity, availability, and resilience of processing systems and services
• Ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
• Regular testing, assessing, and evaluating of the effectiveness of technical and organizational measures for ensuring the security of the processing

International Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place to protect your data. These safeguards may include:

• Transferring to countries that the European Commission has determined provide an adequate level of protection for personal data
• Using specific contracts approved by the European Commission that give personal data the same protection it has in Europe
• Implementing binding corporate rules that provide appropriate safeguards

Data Breach Procedures

We have procedures in place to deal with any suspected personal data breach. In the event of a breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
• Notify you directly if the breach is likely to result in a high risk to your rights and freedoms
• Document all breaches, including the facts relating to the breach, its effects, and the remedial action taken

Data Protection Officer

We have appointed a Data Protection Officer (DPO) responsible for overseeing questions in relation to this privacy notice and our GDPR compliance. If you have any questions about this notice or how we handle your personal information, please contact our DPO at:

How to Exercise Your Rights

To exercise any of your rights under GDPR, please submit a request to our Data Protection Officer using the contact details above. We will respond to all legitimate requests within one month. Occasionally, it may take us longer if your request is particularly complex or you have made a number of requests.

Complaints

You have the right to make a complaint at any time to the supervisory authority for data protection issues in your country. We would, however, appreciate the chance to deal with your concerns before you approach the authority, so please contact us in the first instance.

Changes to This GDPR Notice

We may update this GDPR notice from time to time. When we update this notice, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, by other means.