Eventioo Privacy Policy (eventioo.com)

Effective from 15.02.2024

This Privacy Policy outlines the methods and principles of processing personal data related to the use of our portal available at the domain eventioo.com (Portal).

For matters related to data processing and security of your personal data, you can contact us by sending an email to: rodo@eventioo.com.

We attach great importance to the protection of privacy and confidentiality of personal data. Therefore, we carefully select and apply technical and organizational measures to ensure the protection of processed personal data. We process personal data in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR).

1. What personal information is collected and used by Eventioo?

Users of our portal remain anonymous until registration. Information from system logs (such as IP addresses) resulting from general principles of Internet connections is used by Eventioo for technical purposes related to the administration of our servers. Additionally, IP addresses are used to collect general statistical demographic information (e.g., about the region from which the connection originates). Registration with Eventioo requires filling out a form in which you provide an email address as a login identifier and for communication with the user. We also ask for your first and last name, which serves the purpose of creating a host entity used for further event management within Eventioo. We do not process any other personal data without your explicit consent.

When managing an event, users define a guest list, hosts, and service providers by providing first names, last names, and gender. This is done to enable the functionality of the system. Users should use full names only when authorized to do so; otherwise, we recommend using masked names shortened to initials.

2. What is Eventioo's policy regarding "cookies"?

What are cookies?

Your web browser can store text files (commonly known as "cookies") on your computer's hard drive. These cookies contain information necessary for the proper functioning of the portal, especially those requiring authentication. The content of cookies does not allow for user identification, and they do not process or store personal data.

Use of cookies in Eventioo

Eventioo stores cookies on users' computers for the following purposes:

• Better customization of services to meet user needs.
• Creating viewership statistics to improve the functioning of the portal.

You have the option to configure your web browser to completely disable the storage of cookies on your computer's hard drive. However, keep in mind that this change may result in the loss of certain features on the Eventioo portal.

Cookies used

Eventioo is integrated with Microsoft Clarity and Microsoft Advertising to collect information about how users interact with the Eventioo system through behavioral metrics, heatmaps, and anonymized session replays. This is solely for the purpose of analyzing and optimizing the performance of the Eventioo portal. For additional information on data collection and usage by Microsoft, please refer to Microsoft's privacy statement: Microsoft Privacy Statement.

Eventioo is also integrated with the Tawk.to chat platform, administered by Tawk.to Inc in the USA. Tawk.to's privacy policy can be found here: Tawk.to Privacy Policy.

3. How does Eventioo protect information?

All connections between the user's browser and the servers handling Eventioo's functionality are made using encrypted TLS protocols. Additionally, all connections made for logged-in users are secured with a user token issued during system login (persistent for the duration of the session). Data within the system is stored using secure technologies, such as:

• User management: Amazon AWS Cognito (AWS Cognito)
• System data storage: Amazon AWS DynamoDB (AWS DynamoDB)

These systems are known for their reliability, security, and data durability.

Are the provided details shared with other entities?

We do not share user data or event information with any external entities.

Users managing a Premium Event have the option to collaborate on an event and invite another user to edit the event by providing their email address. In such cases, users voluntarily and knowingly decide to share their data (other moderators of the event will see the administrator's full name and email address), as well as the event-related information regarding guests, hosts, and service providers. The system's functionality allows for limiting specific moderators' access to certain information.

From Eventioo's perspective, we emphasize raising user awareness about the consequences of any actions taken within the system.

4. Right to Access, Correct, and Delete User Information

To delete your profile, please submit a written request to Eventioo at the email address rodo@eventioo.com. Eventioo provides each user with a profile page accessible after authorization. This page allows you to view and modify the personal data held by Eventioo about you. If you find this solution insufficient, you may also contact Eventioo in writing (rodo@eventioo.com).

5. Freedom of Choice

Eventioo gives its users the choice of whether and to what extent they want to use the system's features and share information about themselves. From a functionality perspective, details such as full names are not required, and users can use pseudonyms or just their first names. Additionally, users can choose to resign and delete their profiles at any time. When handling payments, true user data is required, but the decision to purchase a Premium plan is entirely voluntary.

6. Questions

Our goal is to provide the highest level of protection. As technology and Eventioo's offerings evolve, our privacy policy may change, and we will inform users accordingly.

Eventioo welcomes any opinions, feedback, and questions from users regarding the confidentiality of information. Please direct them to Eventioo at the email address rodo@eventioo.com.

4. Legal Basis and Purposes of Processing User Personal Data by Eventioo

1. The administrator of personal data for Users who are natural persons is Eventioo's administrator, Bartosz Pogoda. The information obligation referred to in Article 13 of the GDPR is fulfilled by Eventioo with respect to Users during Account Registration. The content of the information clause is available in the table at the end of the attachment.

2. To enable Eventioo to provide services to Users within the Platform, where processing is necessary: a. Personal data of individuals whom the User interacts with using the Application (guests, hosts, and service providers). b. It is necessary for the User to entrust the processing of personal data of such individuals. Therefore, the User and Eventioo enter into a data processing agreement.

3. The User is aware that terminating the Data Processing Agreement will result in Eventioo being unable to provide services to the User based on the Agreement in the scope requiring the processing of data for which the User is the administrator. Consequently, upon termination of the Data Processing Agreement, Eventioo's obligations in this regard expire in accordance with Article 475 §1 of the Civil Code.

4. The User is the administrator of personal data of individuals whose data they input into the Application. Eventioo processes this data on behalf of the User based on the Data Processing Agreement.

5. Eventioo processes data, including personal data of the User, only to the extent necessary for the proper provision of services and the correct implementation of the Agreement. Eventioo is not responsible for the scope of personal data collected by Users or the legality of collecting such data by Users. Detailed obligations of the parties related to this matter are specified in the Data Processing Agreement.

Information obligation for the User

We inform you that we process your personal data - detailed information can be found below:

Administrator of personal data

The administrator of your personal data is Eventioo's administrator, Bartosz Pogoda.

Contact details of the administrator

You can contact us:

1. By phone at +48 518 908 559;
2. By email: rodo@eventioo.com

Scope of processed personal data

To allow you to register an account in the Eventioo service and fully utilize its features, we will process the following categories of your personal data:

1. First name and last name
2. Gender
3. Email address
4. IP address
5. Profile picture

Purposes and Legal Bases for Data Processing

We process your personal data for the following purposes:

1. Registration and implementation of Eventioo system functionalities (Article 6(1)(b) of the GDPR).
2. Fulfillment of legal obligations incumbent on Eventioo under applicable law – processing your personal data in this case is necessary to comply with legal requirements applicable to Eventioo (Article 6(1)(c) of the GDPR).
3. Creating summaries, analyses, and statistics for internal Eventioo purposes (including reporting, service development planning, development work within the Eventioo system, creating statistical models) – such processing of your personal data is necessary for the legitimate interest of Eventioo (Article 6(1)(f) of the GDPR), which is analysis and business development.
4. Implementation of new or expanded solutions/functionalities in Eventioo systems/applications (application functionality development, testing of new solutions, analysis of the type of necessary new functionalities, creation of analytical tools/reports, etc.) – such processing of your personal data is necessary for the legitimate interest of Eventioo (Article 6(1)(f) of the GDPR), which is the development and security of Eventioo systems/applications.
5. To respond to your message and communicate with you when you send us a message – such processing of your personal data is necessary for the legitimate interest of Eventioo (Article 6(1)(f) of the GDPR), which is the ability to respond to your message and communicate with you.

Profiling and Grouping

We hereby declare that we do not perform any profiling or grouping of users.

Categories of Data Recipients

The recipients of your personal data may include:

1. Entities authorized under applicable law (courts, state authorities).
2. Entities providing accounting, IT, marketing, communication, analytical, legal, and debt collection services.
3. Our subcontractors and other entities with whom we cooperate.

We confirm that all entities to whom we provide your personal data ensure at least the same level of protection for your personal data as specified in this privacy policy and as required by Apple Inc. guidelines.

Transfer of Data Outside the European Economic Area

To use the direct communication tool (chat) Tawk.to, your personal data may be transferred to the United States, where Tawk.to servers are located. Tawk.to Inc. is listed as a participant in the Data Privacy Framework program, which means that data protection is adequate in relation to the regulations applicable in the European Union, in accordance with the European Commission's Implementing Decision (EU) C(2023) 4745 of 10 July 2023 on the adequate level of data protection pursuant to the EU-USA Data Privacy Framework.

Data Retention Period

1. For the purpose of implementing system functionality – until the user's account is terminated, along with archiving or randomizing all information about organized events.
2. To fulfill legal obligations – until the expiration of data retention obligations arising from legal provisions.
3. For creating summaries, analyses, and statistics for internal purposes – for the duration of the agreement, and then until the expiration of claims arising from the agreement or until an objection is raised against processing data for this purpose.
4. For implementing new or expanding solutions/functionalities in Eventioo systems/applications – until termination or expiration of the agreement, or until an objection is raised against processing data for this purpose.
5. To respond to your message and communicate with you when you send us a message – for the duration of communication with you, and then until the expiration of claims.

Your Rights

1. The right to access your data and receive copies of it.
2. The right to rectify (correct or complete) your data.
3. The right to delete data and restrict data processing.
4. The right to data portability. To exercise the above rights, contact Eventioo via email at rodo@eventioo.com.
5. The right to lodge a complaint with the supervisory authority (the Office for Personal Data Protection).

Right to Delete Data

At any time, you can request the deletion of your personal data from the Eventioo service. You can do this by submitting a request to delete your personal data to the following address: rodo@eventioo.com.

Information on the Requirement or Voluntariness of Providing Data and the Consequences of Not Providing It

Providing your personal data is voluntary but necessary for using the Eventioo service and achieving the other purposes mentioned above.