PRIVACY AND DATA PROTECTION POLICY
Last modified: October 30, 2019
Thank you for your interest in Event.com, Inc’s Privacy and Data Protection Policy (hereafter “Policy”). Events.com (hereafter “Company”, “we”, “our” or “us”) values and respects the privacy of all of its customers, and is committed to being transparent on the subject of our collection, use and protection of your data. We also want to provide you with instructions on how to request your data, and the choices you have when it comes to sharing your data.
1. WHAT IS (AND IS NOT) COVERED BY THIS POLICY AND WHO IS AFFECTED BY IT?
This Policy describes the information we collect from our customers who utilize our website www.events.com (the “Site”), as well as all related websites, networks, applications, and other services provided by us and on which a link to this Policy is displayed (collectively, together with the Site, our “Services”). This Policy also describes how we use and disclose such information, and the steps we take to protect such information.
Our customers consist broadly of anyone who utilizes our Services (“Users”, “you”, “your”). Users can be separated out into: (a) customers who utilize our Services in order to promote, market, sell and run an event (“Event Organizer”); and (b) customers who utilize our Services in order to find, register and participate in events (“Event Goer”).
What This Policy Does Not Cover: Note that this Policy does not cover, nor are we responsible for, the collection and use of Users’ data by Event Organizers or third-parties who might otherwise utilize our Services in collecting such data. Accordingly, we are not responsible for the practices of these Event Organizers or third-parties, and their respective collection and use of your data. You are advised to review the privacy policies of those specific Event Organizers and third-parties and contact them directly with any questions on this subject. This Policy also does not apply to information collected by us offline or through any other means, or by any other website, app or third party, including through any application or content that may link to or be accessible from the Services.
Please read this Policy carefully to understand our practices for collecting, using, maintaining, protecting and disclosing your data. By accessing or using the Services, you agree to this Policy and described practices, including the collection, use and sharing of your information as described herein. If you do not agree with this Policy, you must not access or use the Services. If you have any questions about this Policy, you may email us at firstname.lastname@example.org.
This Policy is incorporated into and is subject to the Events.com Terms of Service. Capitalized terms used but not defined in this Policy have the meaning given to them in the Events.com Terms of Service.
2. INFORMATION WE COLLECT FROM USERS
a) User Provided Information: When you use our Services, you may provide, and we may collect, data that contains information that specifically identifies you (referred to in this Policy as “Personal Information”). Examples of Personal Information you provide to us through the Services may include such things as:
- your name
- email and mailing address, phone numbers
- credit card or other billing information
- date of birth, geographic area, age and sex
- other information that may enable you to be personally identified
You may provide us with Personal Information in various ways on or through the Services. For example, you may provide us with Personal Information when you create or register for an account, use the Services, make a purchase on the Services, fill in or submit forms on the Services, post materials, type search queries, or send us customer-service-related requests.
b) Your Own User Contributions: You also may provide information to be posted, submitted, published, displayed or transmitted (“posted”) on public areas of the Services, or to other users of the Services or third parties (collectively, “User Contributions”). Your User Contributions are posted on and transmitted to others at your own risk. Although you may set certain privacy settings for such information by logging into your account profile, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users of the Services with whom you may share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.
c) Automatically Collected User Information: When you use and interact with our Services, we may use automatic data collection technologies that collect certain information related to your usage (such as traffic data, usage details, location, online status, log files, and communication data) and other diagnostic and performance data (such as information about your device, Internet connection, IP address, hardware model, operating system, and browser type). Information we collect automatically is statistical data and does not include Personal Information, however we may maintain it or associate it with Personal Information we collect in other ways or receive from third parties. Technologies we use to collect data automatically may include:
- Analytics Tracking: Pages of the Services may contain tracking codes that permit us to count users who have visited those pages, and for other related website statistics (for example, tracking visits to certain content, site performance and page speed, and search terms used to find the Services. Google Analytics, which we use for analytics tracking, provides some additional privacy options described at www.google.com/policies/privacy/partners/.
- Cookies: A cookie is a small file containing a string of alphanumeric characters placed on your device when you use the Services, and is used to remember your choices and preferences, or track your usage on the Services. We may use both session cookies and persistent cookies. A session cookie disappears after you close your browser. A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits to the Service. You may refuse to accept browser cookies by activating the appropriate setting on your browser, so please review your web browser “Help” file to learn the proper way to modify your cookie settings. Please note that if you delete, disable or choose not to accept, cookies from the Service, some parts of the Services may be inaccessible or not function properly, and you may not be able to use the Service to its fullest potential.
- Beacons: We may also automatically record certain information from your device by using technology such as “clear gifs” or “web beacons.” This automatically collected information may include your IP address, web browser, device type, the web pages you visit just before or after using the Services, pages or content you view or interact with on the Services, and the dates and times you visit, access, or use the Services. We also may use these technologies to collect information regarding your interaction with email messages, such as whether you opened, clicked on, or forwarded a message.
- Geo-location: We may obtain information about your physical location, such as by use of GPS and other geo-location features in your device, or by inference from other information we collect (for example, your IP address indicates the general geographic region from which you are connecting to the Internet).
d) Information We Collect From Event Organizers: Due to their additional involvement with the Services, we collect additional data from Event Organizers, such as payment, credit card, and banking information, which are used to secure payment for using Event Organizer features.
e) Information from Other Sources: We may obtain data, including Personal Information, from third parties and sources other than the Services, such as our customers, partners and advertisers. If we combine or associate information from other sources with Personal Information we collect through the Service, we will treat the combined information as Personal Information in accordance with this Policy.
3. INFORMATION THAT MAY BE COLLECTED AND USED BY EVENT ORGANIZERS AND THIRD-PARTIES
c) Payment Information: All payments made through the Services are processed by third-party payment processors, and all payment information you provide is provided directly to such third parties. However, we may receive information, such as payment confirmation or receipts, from third parties processing your payment. We endeavor to work with payment processors that encrypt payment transactions with SSL or other comparable security technology, however we cannot and do not verify the security methods implemented or maintained by such third parties.
d) Other Third-Party Connections: When using the Services you may connect your account to your accounts for other third-party services (such as Instagram, Twitter, Facebook, Google or Linkedin), in which case we may collect, use, disclose, transfer or store information relating to your account with that third-party in accordance with this Policy. For example, if you connect to Instagram, we may store your Instagram data (which may include your identification, username, email, profile picture, follower list and location) and use that data to connect to your Instagram account in order to provide certain functionality (such as recommending or sharing events you may be interested in with your Instagram followers or the event’s Event Organizer). We use services provided by LoginRadius to create these third-party account connections. As required for those services, we have granted LoginRadius a non-exclusive, worldwide, royalty free right to the user content in order to modify, analyze, distribute and use such data in connection with the operation of the service. LoginRadius will not sell or share any original user data to any third party.
4. HOW WE USE YOUR INFORMATION
We use information we collect through the Services in a variety of ways to help us improve or provide the Services, operate our business, or to deliver a more personalized experience. We use such information to:
- Operate, maintain, present, improve, fix, troubleshoot, customize and enhance the Services and its contents.
- Provide services and information that you request, communicate with you when you contact us, respond to comments and questions, to otherwise provide support to users, and to process and deliver entries and rewards in connection with promotions that may be offered from time to time on or through the Services.
- Understand and analyze the usage patterns and preferences of our users, estimate our audience size, improve the performance and speed of the Services, and to develop new products, services, features, and functionality.
- Contact you for administrative purposes, such as customer service or to send communications, including updates about your account, expiration and renewal notices, updates to our Policies, changes to the Services, promotions and events, relating to products and services offered by us or by third parties we work with.
- Store and remember information about your preferences: (i) so that you will not have to re-enter it during your visit or the next time you visit the Service; (ii) to provide customized advertisements, content, and information; (iii) to monitor and analyze the effectiveness of the Service and third-party marketing activities; (iv) to monitor aggregate site usage metrics such as total number of visitors and pages viewed; and (v) to track your entries, submissions, and status in any promotions or other activities on the Service.
- To facilitate purchases and sales through the Services, and to communicate with you regarding purchases or sales transactions you enter into through the Services.
- Carry out our obligations, and enforce our rights under our Terms of Service, this Policy, and other policies associated with the Services, including to investigate any violations of our policies, or other suspicious activity.
- Fulfill any other purpose for which the information is provided, or for any other purpose with your consent.
- You may opt out of receiving promotional communications as described below under “Your Choices”.
5. HOW AND WHEN YOUR INFORMATION MAY BE DISCLOSED
a) Company Disclosures: Except as described in this Policy, we will not disclose your information that we collect on the Services to third parties without your consent. We may disclose information that we collect or you provide as follows:
- To subsidiaries, affiliates, contractors, and other third-party service providers, that we work with to provide the Services, such as for website and application development, hosting, maintenance, and personal information data management services, and other services to support our business. Generally, these third parties are bound by contractual obligations to keep Personal Information confidential and use it only for the purposes for which we disclose it to them.
- If required to do so by law, or in the good-faith belief that such action is necessary to comply with state and federal laws, in response to a court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies.
- If we believe, in good faith, it is appropriate or necessary to: (i) take precautions against liability; (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity; (iii) investigate and defend ourselves against any third-party claims or allegations; (iv) protect the security or integrity of the Services and any facilities or equipment used to provide the Services; or (v) enforce the terms of our policies and agreements, protect our property or other legal rights, or the rights, property, or safety of our customers or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection, credit risk reduction, billing and collection purposes.
- To a buyer, successor, or assignee as part of any merger, acquisition, debt financing, divestiture, restructuring, dissolution, sale or transfer of our assets, or similar transaction, or in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.
- To fulfill the purpose for which you provide it, or any other purpose disclosed by use with you provide the information.
- For any other purpose with your consent.
b) User Disclosures: Any information that you voluntarily choose to include in a publicly accessible area of the Services will be available to anyone who has access to that content, including other users or third parties. Other users that you communicate with may store or re-share your information with others. You may manage your user settings to adjust these features.
c) Event Organizers: Certain Event Organizers (e.g., Event Organizers involve in endurance races and similar types of competitive athletic events) may release, and publish on-line, pre-race rosters which may include all or part of the following information: your first and last name, gender and age or age group in which you have registered to participate. These pre-race rosters will be accessible by the public.
d) Aggregated Information: We may disclose certain aggregated, automatically-collected, or otherwise non-Personal Information, to third parties for various purposes, including: (i) compliance with various reporting obligations; (ii) for business or marketing purposes; or (iii) to assist such parties in understanding our users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, promotions, or functionality available through the Services.
6. YOUR CHOICES FOR MANAGING YOUR PERSONAL INFORMATION
a) Decline: You may, of course, decline to provide or share certain Personal Information with us. Please note however, in that case we may not be able to provide to you some of the features and functionality of the Services.
b) Privacy Settings: You may update or correct your account information and preferences at any time by logging into your account on the Services and visiting the privacy preferences page. You may also email us at email@example.com to request access to, or to correct or delete any Personal Information you have provided to us.
c) Account Deletion: You may delete your account at any time by using the delete feature in your account. You may also request we delete your account by emailing us at firstname.lastname@example.org. If you simply uninstall the Services, your account will not be deleted.
d) Data Retention & Backups: Please note that while any changes you make or request will be reflected in active user databases within a reasonable period of time, we may retain any information you submit for backups, archiving, prevention of fraud or abuse, analytics, satisfaction of legal obligations, to operate or provide the Services, or where we otherwise reasonably believe that we have a legitimate reason to do so. Please also note, deleting your account or data does not affect the information that has been stored or shared by other parties. Further, if you delete your User Contributions from the Services, copies of your User Contributions may remain viewable in cached and archived pages, or might have been copied or stored by other Services users.
e) Unsubscribe: If you receive commercial email from us, you may unsubscribe at any time by following the instructions contained within the email. You may also opt out from receiving such emails by sending us a request at email@example.com or to the address listed at the end of this Policy. Please be aware that if you opt out of receiving commercial emails from us, or otherwise modify the nature or frequency of promotional emails you receive from us, it may take up to ten (10) business days for us to process the request, and you may continue receiving communications from us during that period. Further, even after you opt out from receiving commercial messages from us, you will continue to receive administrative messages from us regarding the Services.
f) International Users: In compliance with their local laws, international users may be required to expressly consent and/or opt-in prior to receiving commercial emails or other forms of electronic communication from us.
e) Device Settings: Your device operating system or browser may include settings, options, or add-on components to control the placement and presence of cookies and access to location information.
7. CHILDREN UNDER THE AGE OF 13
Protecting the privacy of children is especially important to us. The Services are not intended for or directed to children under the age of 13, and we do not knowingly collect Personal Information from children under the age of 13 without obtaining parental consent. If you are under 13 years of age, please do not use or access the Services, do not make any purchase through the Services, register on the Services, or provide any information about yourself to us, at any time or in any manner. If we learn that Personal Information has been collected on the Service from persons under 13 years of age and without verifiable parental consent, we will take appropriate steps to delete the information. If you believe we might have information from or about a child under 13, or if you are a parent or guardian that discovers your child under 13 has obtained an account on the Service, please contact us at firstname.lastname@example.org and request that we delete that child’s Personal Information from our systems.
8. DATA SECURITY
We use certain physical, managerial, and technical safeguards that are designed to improve the integrity and security of the data and Personal Information that we collect, and to protect that information from accidental loss or unauthorized use. Unfortunately, no security measures are perfect or impenetrable. We are not responsible for circumvention of any privacy settings or security measures contained on the Services. Though we do our best to protect your information, we cannot and do not guarantee that your information will not be accessed, viewed, disclosed, altered, or destroyed by breach of any of our security safeguards. Any transmission of Personal Information is at your own risk. If we learn of a security breach, we may attempt to notify you electronically so you can take appropriate protective steps. We may also post a notice through the Services if a security breach occurs.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Services, you are responsible for keeping this password confidential. You should not share your password with anyone. We strongly urge you to be careful about providing information in public areas of the Services like messaging threads, blog posts or forums. The information you share in public areas may be viewed by any user of the Services.
9. INTERNATIONAL USERS & GEOGRAPHIC RESTRICTIONS
All of our Services are hosted in the United States. If you choose to use the Services from Canada, the European Union or other regions of the world, please note that many countries may have laws governing data collection and use that differ from U.S. law. If you are accessing or using the Services from any country or region other than the United States, please note that you are transferring your Personal Information outside of that country or region to the United States for storage and processing. Please note, we may also transfer your data from the U.S. to other countries or regions in connection with the storing and processing of the data, fulfilling your requests, and/or operating the Services. By providing any information, including Personal Information, on or through the Service, you consent to such transfer, storage, and processing.
If you are an international User (i.e. using the Services from outside of the United States), and you have appropriately indicated to us that you are an international User, you may not receive certain commercial emails from us, unless you expressly opt in and consent to receive such email, or other electronic communications, in compliance with your country’s local privacy laws (such as the Canada’s Anti-Spam Legislation).
10. EU-US PRIVACY SHIELD PROGRAM
We participate in and comply with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of Personal Information from countries that are members of the European Union, to the United States. We have certified that we adhere to the Privacy Shield Privacy Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. We are also subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). To learn more about the Privacy Shield Framework, and to view our certification page, please visit https://www.privacyshield.gov.
Our self-certification means that we promise the following:
- Notice. When we collect your Personal Information, we will give you timely and appropriate notice describing what Personal Information we are collecting, how we will use it, and the types of third parties with whom we may share it.
- Choice. We will give you choices about how we use or share your Personal Information, and respect the choices you make.
- Relevance. We will collect only as much Personal Information as we need for specific, identified purposes, and we will not use it for other purposes without obtaining your consent.
- Retention. We will keep your Personal Information only as long as we need it for the purposes for which we collect it, or as permitted by law.
- Accuracy. We will take appropriate steps to make sure the Personal Information in our records is accurate.
- Security. We will take appropriate physical, technical, and organizational measures to protect your Personal Information from loss, misuse, unauthorized access or disclosure, alteration and destruction.
- Sharing. Except as described in this Policy, we will not share your Personal Information with third parties without your consent.
- International Transfer. If we transfer your Personal Information to another country, we will take appropriate measures to protect your privacy and the Personal Information we transfer.
- Enforcement. We will regularly review how we are meeting these privacy promises, and we will provide an independent way to resolve complaints about our privacy practices.
EU Dispute Resolution: We have further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint. Please note that if your complaint cannot be resolved through these channels, under certain limited conditions for individuals, binding arbitration option may be available before the Privacy Shield Panel.
11. CONSUMERS RESIDING IN CALIFORNIA
a) Additional Rights To California Residents: Pursuant to California data privacy laws, including the California Consumer Protection Act of 2018 (CCPA), residents of California have specific rights regarding the collection, use, sharing and deletion of their Personal Information, which may expand beyond the provisions described above. Specifically, if you are a California resident you have the following rights with respect to your Personal Information:
- The right to request disclosure of our data collection and sales practices as it may apply to you, including the categories of Personal Information collected, the source of the information, our use of the information and, if the information was disclosed or sold to third parties, the categories of Personal Information disclosed or sold to third parties and the categories of third parties to whom such information was disclosed or sold;
- The right to request a copy of your specific Personal Information we collected during the twelve (12) months before your request (together with right (a) above, a “personal information request”) (Note: A California resident may only make a personal information request twice in a 12-month period. Moreover, if you make such a request, we will need to collect information from you so that we can verify your identity, and we will have forty-five (45) days from receiving such personal information to respond to your request);
- The right to have your Personal Information deleted (with certain exceptions described above such as, by example, information which must be maintain for financial or legal purposes);
- If applicable, the right to request that your Personal Information not be sold to third parties; and
- The right not to be discriminated against because you exercised any of the above rights.
b) Process For Acting On Your Rights: To exercise any of the rights listed above, California residents must submit a verifiable consumer request to us using any of the following methods:
By Email: email@example.com
By Mail: Events.com, Inc.
Attn: Privacy Compliance / General Counsel
7825 Fay Avenue, Suite 100
La Jolla, California 92037
By Telephone: (858) 257-2300
Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child.
As stated above, you may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative; and
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
c) Timing and Format of Response: We will try to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to ninety (90) days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We also do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
12) CHANGES & UPDATES TO THIS POLICY
Please revisit this page periodically to stay aware of any changes to this Policy, which we may update from time to time. If we modify this Policy, we will make it available through the Services, and indicate the date of the latest revision. Changes to this Policy are effective immediately when we post them. In the event that the modifications materially alter your rights or obligations hereunder, we will make reasonable efforts to notify you of the change. For example, we may send a message to your email address, if we have one on file, or generate a pop-up or similar notification when you access the Service for the first time after such material changes are made. You are responsible for periodically visiting our Services and this Policy to check for any changes. Your continued use of the Services after the revised Policy has become effective indicates that you have read, understood and agreed to the current version of this Policy, so please check the Policy for updates from time to time.
13) YOUR QUESTIONS, CONCERNS & COMMENTS
We always welcome any feedback you may have about our company or our policies. We will investigate all complaints and will take all reasonable steps to resolve privacy-related issues. Please send us any questions or comments about this Policy, your Personal Information, our use and disclosure practices, or your consent choices, to our Data Protection Officer who may be reached in any one of the following ways:
By Email: firstname.lastname@example.org
By Mail: Events.com, Inc.
Attn: Privacy Compliance / General Counsel
7825 Fay Avenue, Suite 100
La Jolla, California 92037
By Phone: (858) 257-2300
Events.com, Inc. is a California corporation.