Whilst our Privacy/Terms covers all aspects of GDPR we wanted to provide a clear document detailing the 12 points of GDPR.
For the purposes of this document SERVICE means EventsTag/CrowdReactive Ltd. WE means the company providing the SERVICE as per point 12.
EventsTag's data is stored in the European Union, in situations where it is transferred and stored in the USA sub-processors are on the certified EU-US Privacy Shield framework.
Sub-processor: SendGrid | Office Location: USA | Purpose: Email Notifications
Sub-processor: Twilio | Location: USA | Purpose: SMS/MMS Notifications
Sub-processor: Amazon | Office Location: USA | Purpose: Hosting Provider
Sub-processor: Xero | Office Location: USA | Purpose: Accounting Software
Sub-processor: Mailchimp | Office Location: USA | Purpose: Newsletter MarketingSub-processor: Google Analytics | Office Location: USA | Purpose: Website usage tracking
Our employees, responsible for infrastructure, software development and support are fully aware of the concepts and principles of GDPR.
This can change on a case-by-case basis but our basic product collects the following information
This data is kept for the minimum amount of time possible before being deleted from our system (mostly within 8 weeks, depending on needs). It is only used for the purposes for which the user has given consent. We cannot use the data or pass it on to anyone without the explicit consent from the user.
Our privacy and terms are clearly communicated on our website .
We reply to all access requests within 4 weeks (the legal limit from GDPR is 1 month).
All access requests are free of charge.
User Content is the lawful basis for any processing.
Consent is provided by our customers when signing up for the service and logged by us.
Consent is provided by our users when using the products.
This service is not available to Children (under the age of 16). Our product is strictly B2B (business-to-business)
Photos and data of under 16s will only be processed with the express consent of their parent or guardian.
You can read more on our security here .
We will notify customers and the relevant supervisory authority within 24 hours of a breach.
Security and Data Privacy always comes first when implementing new features, our Data Protection Officer is in involved at every stage of development.
For the purposes of EventsTag/CrowdReactive Ltd and related services our Data Protection Officer is:
We operate and are established in the UK (England), our supervisory authority is the ICO (Information Commisioner's Office) based in the UK.
Address: 103 Gaunt Street, London, SE1 6DP, United Kingdom
Company No: 08504555 (registered in England & Wales)
Companies using EventsTag's platform and handling European user data may need to sign a Data Processing Agreement (DPA). If we need this from you then we notify you via email or phone.