GDPR and Privacy
For 10 years, eventilo.com has had a privacy policy that does not contain any surprises: we do not do anything with your data, or that of your participants, that you would not do yourself. In fact, we do not do anything with your data unless you ask us to. You can read more about this in our privacy statement. eventilo.com has been working for 10 years in accordance with the European Privacy Act and now this transition to the GDPR is of course included.
eventilo.com meets all obligations arising from the GDPR. In addition to the regulations on data handling, the GDPR also sets a number of specific operational requirements:
- eventilo.com has carried out a Privacy Impact Assessment.
- A Data Protection Officer has been appointed.
- All processes are audited on 'privacy by design.'
- Procedures have been set up to comply with the obligation to help individuals to view, modify and delete their personal data.
- eventilo.com does not carry out profiling or decision structures on the basis of personal data.
- The data storage takes place in Europe.
The GDPR is a law that applies to the entire European Union. Because of this law, the protection of privacy is now well regulated throughout Europe. In addition, the European Union has drawn up so-called 'Model Clauses' for companies with data centers that process and store data from Europeans. These 'Model Clauses' provide the framework within which data can be processed safely and lawfully. The datacenters that eventilo.com uses are in the European Union and comply with these Model Clauses. With eventilo.com you meet the obligation to process data within the privacy regulations of the EU.
Data Processing Agreement
The GDPR stipulates that a Data Processing Agreement is required between eventilo.com and you. This agreement states the role we play in the processing of personal data and codifies mutual expectations. eventilo.com offers every customer the possibility to sign a processing agreement. For this we have set up a very easy do-it-yourself process in your account page.
What is required of you?
The GDPR states that you are obliged to provide a secure registration system. The law does not prescribe how you take care of this, but the intention and intent of the law does have similarities with the principles of ISO27001. This is no coincidence: ISO27001 is the best-known standard in the area of information security and the ISO27001 certificate provides proof that the registration system and the supplier are subject to extensive security checks. Without a certificate, you should carefully examine the safety of the system and the business operations of the supplier in order to comply with the obligations within the GDPR.
What can you pay attention to?
Some registration systems include in their security statement that HTTPS connections and ISO27001 data centers are used. These security measures are most easily implemented and eventilo.com has classified these as the lowest level of security.
Please note that an ISO27001 data center does not say anything about the security of the systems that have been set up there. It also says nothing about the security of the software or about the security in the operations of the suppliers. HTTPS also gives no guarantees about the protection of the supplier's networks or the security of the data storage. For data security, HTTPS and a secure data center are not sufficient.
At eventilo.com, security is a system that works through all layers of service and is an integral part of the product. eventilo.com distinguishes itself in the field of data security.
