The General Data Protection Regulation (GDPR), which came into force on 25 May 2018, is a new legal framework for the protection of personal data in the European Union. It shall apply to any data-controller or processor established in a Member State or where their processing activities concern the supply of goods or services to persons within the territory of the Union.
1. What you should know
The objective of this Regulation is to strengthen the rights of European citizens with regard to their personal data in the global digital environment. It requires companies to comply with the processing of personal data, whether automated or not, by a controller or processor. Any company that processes the personal data of individuals living in the EU is concerned, whether or not the company is established within the European Union.
1.1 Reminder and definitions
Personal data refers to any information relating to a natural person that can be identified, directly or indirectly." (CNIL). For example: a family name, first name, photo, fingerprint, postal address, email address, telephone number, social security number, IP address, computer connection ID, etc.
Personal data may be defined as "sensitive" if it reveals ethnic origins, political, philosophical or religious beliefs, trade union membership, health or sex life of a natural person. A piece of data is also considered sensitive when it reveals the perpetration of offences or criminal convictions or when it relates to genetic or biometric data
Processing of personal data is any operation, whatever the method used: collection, recording, sorting, storage, adaptation, editing, modification, extraction, consultation, use, communication by dissemination, transmission or any other form of making available, matching or interconnection, blocking, deletion or destruction, etc.
1.2 Regulatory responsibilities
The GDPR requires the following:
- Duty to inform: communicate on the data-controller, the purposes and duration of the processing, the recipients of the data, the rights users have over their data, the identity of the DPO (Data Protection Officer) if necessary.
- Duty to obtain consent: it cannot be implicit anymore. Now, the user's consent must be actively given, i.e. the user accepts the collection and use of their data. It is also necessary that they retain the option to withdraw at any time by unsubscribing.
- Duty to respect the user’s rights:
- to access the data held by your organisation
- to portability - the user has the right to recover the data held on them in order to reuse it for their own purposes or to transmit it to another data controller
- to be de-listed, by deleting data
- to object - the right not to be solicited or to stop their data being processed by the organisation.
2. Weezevent, event organisers and attendees: scope of action and responsibility
True to our commitment from the start, it is important to remember that you are the only one in control of your data. We are former event organisers so it is one of Weezevent’s founding values, and it will remain so.
Therefore, your data is accessible at all times and at your disposal, and we put all our energy into protecting it. There is a good reason why we work for Government events in France and an increasing number of event planners are choosing to trust us.
2.1 Weezevent and attendees:
As part of its business, Weezevent collects personal data from attendees for its own purposes, in order to ensure correct execution of transactions (ticket sales) and to retain proof of these transactions.
As subcontractor for you, event organiser, Weezevent is authorised to process the necessary data, on your behalf, to provide the following services:
- Ticket sales
- Availability of equipment to control access of ticket holders to the event
- Dissemination of information and changes about the event scheduling.
The purpose of the data collection and processing is:
- Attendee identification
- Checking that the attendee is authorised to attend the event
- Checking that the specific conditions set-up for your event’s ticket types are met
- Interoperability with third party access control solutions
- Disseminate practical information about the event
- Archive proof of transaction between Weezevent, the attendee and yourself.
2.2 Weezevent and event planners:
For the proper execution of Weezevent’s services, as an event planner, you are making the following data available:
- Name or corporate name
- Email address
- Legal status
- VAT registration number if necessary
- First and last name of the legal representative
- Street address
- Bank details as soon as ticket sales are registered by Weezevent.
Please note - we reserve the right to ask you for any information related to your organisation if there is any doubt about the holding of the event or morality and good faith
At all times, you can:
- Find all the information on the purpose of our processing of your data and data storage on our Services’ Terms and conditions
- Find your data on your management interface and recover it using data exports.
- Unsubscribe from mailing lists if you no longer wish to receive information about us and our services.
Ask to edit or delete your data by writing to us at 164 rue Ambroise Croizat - 93200 Saint-Denis or by email at dpo@weezevent.com explaining your request