Privacy Policy Addendum for Residents of EEA

RSVPify PRIVACY POLICY ADDENDUM
FOR RESIDENTS OF THE UK OR EEA

If you are a resident of the UK or European Economic Area (EEA), which is the European Union plus Norway, Iceland and Lichtenstein, the following rules apply to you. This Addendum prevails over standard terms of our Privacy Policy.

What is personal data and what kinds of personal data do we process?

Personal data is information that relates to an identifiable individual.

For example, personal data includes any information that can be used to uniquely identify, contact, or locate you such as your name, physical address, e-mail address, telephone number, date of birth, or credit card number.

The Company collects this information so far as you voluntarily provide it to us, such as when you register to use the Services, set up a profile, create content, sign up for a special offer, enter a sweepstakes or promotion, upgrade your Services, or complete a survey. If you purchase products or subscribe for paid services, you might also be asked to provide your credit card and related information for billing purposes.

Personal data also includes additional information about yourself that does not, itself, specifically identify you, that you might also be asked for, or choose to provide and which is linked to information that identifies you directly. Some information of this kind, such as your age, gender, geographic location and shopping preferences may be required (or merely requested) when you register for the Services.

We may also automatically collect other types of information as you use the Services, including technical information (such as your internet protocol (“IP”) address, mobile device ID, or browser type) and usage information (such as location data, preferred language, the parts of the Services you have visited, which links you have clicked and other information about how you interact with the Services). This information will be personal data so far as it can be used to identify you, either alone or in combination with other data we hold. However, sometimes we will collect information in aggregated form only, or in such a way so it cannot be linked with your identity or used to distinguish you from a group. This aggregated information is not personal data. Similarly, we may create aggregated information from personal data, so the new information cannot be used to identify you. This is not personal data.

Personal data is protected by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (GDPR), whilst aggregated information falls outside of the scope of these laws.

Who controls your personal data?

We, the Company as defined in the Privacy Policy, control your personal data. You can contact us using the contact details provided at our website in the Contact section. You may reach RSVPify’s representative for the purposes of GDPR inquires (Maciej Gawronsk) by sending an email to [email protected].

Who do we process personal data about?

We collect and process personal data from the following categories of people:

Website Visitors

If you browse this website or register an account on our website, we will collect and process your personal data in connection with your interaction with us and our website.

Customers

We may collect and process your personal data in connection with the supply of Services to you.

Guests

We collect and process your personal data if you are invited to an event by a Customer using our Services.

Where our Customer is an organization, they will be the data controller of your personal data, and we process your data on their behalf. You should refer to the Customer’s privacy notice for more information about how they use your personal data.

People who contact us with enquiries

If you contact us with an enquiry, submit a complaint, or provide any feedback to us, we will collect and process your personal data in connection with your interaction with us and our website.

People who work for our Customers and suppliers

If you work for one of our Customers or suppliers and have responsibility for placing orders with us, administering your organization’s account with us or handling our orders or our account with your organization, we will process your personal data in connection with your organization’s relationship with us.

Job applicants

If you apply for a job with us, whether through the website or otherwise, we will collect and process your personal data in connection with your application.

Purposes and basis for processing

Your personal data may be used in one of the following ways:

Fulfilment of our Services, customer service and dealing with enquiries

We collect and maintain personal data that Customers submit to us for the purpose of supplying our Services. These purposes include:

• To contact you regarding your account in performance of our contract or to provide pre-contractual information. These communications may include notices regarding changes to our policies, Service updates, account management procedures and customer service transactional messages.
• To bill your credit card or other specified form of payment, in accordance with the Terms of Use.
• To respond to complaints or enquiries.

We also process some personal data about Guests on behalf of our Customers. Customers have control over the RSVP fields in an invitation and so the information held depends on the specifics of the RSVP invitation the Customer has created. Guests should be aware that the personal data they provide will be shared with the Customer as part of the Services.

Our legal basis for processing

It is necessary for us to use personal data to perform our obligations in accordance with any contract that we may have with Customers, or it is in our legitimate interest or a third party’s legitimate interest to use personal data in such a way to ensure that we provide the Services and deal with queries and enquiries in an effective, safe and efficient way.

Where our Customer is an organization the Customer will be the data controller of Guest personal data. Guests should refer to the Customer’s Privacy Notice for information about how the Customer uses their personal data and the legal basis for the processing.

Insights and Analysis

We use personal data (and share it with certain third-party providers) in order to analyze how you use our website and our Services and the effectiveness of our website and our Services, including:

• To enable us to generate aggregated data about website traffic and website interaction.
• To customize your experience (your information helps us to better respond to your individual needs).
• To make improvements to the website and Services.
• To help us understand the type of marketing content that is most likely to appeal to our Customers.
• To inform potential partners and advertisers about the size and characteristics of our audience.
• To show you advertisements most relevant to your demographic characteristics.

In particular, we maintain internal logs of usage of the Services. Logs include NIPD information such as IP address, browser type and version, computer processing speed, connection speed, clickstream data, and computer operating system. The Company uses logs mainly for our legitimate interests such as internal systems administration and diagnostic purposes, and to detect improper use of the website. The Company may collect such usage logs even if the App is not open on your device, or you do not have the website open.

Our legal basis for processing

It is in our legitimate interest to use personal data for these purposes. Where your data is collected through the use of non-essential cookies, we rely on your consent to collect your personal data and for the onward processing purpose. Please see the section “Do we use Cookies or other forms of tracking” for further details about Cookies.

If we send you direct marketing regarding our Services

We use your personal data such as your name, email address, telephone number and any marketing preferences / service communication preferences to send you (or the organization you represent) marketing communications by post and/or email. This includes newsletters or tips about how to use the Services, inform you of product updates, or notify you about our own special offers or those of our third-party partners.

[Our marketing communications may include personalized and non-personalized marketing. Personalized marketing has been specifically tailored to you and will include content that we think is most relevant to you, based on what we know about you. Where we are sending you personalized marketing, we may use your personal data to help us decide what sort of personalized marketing to send you.

Our legal basis for processing

It is in our legitimate interest to use your personal data for marketing purposes, for example to decide what marketing content we think may appeal to you.

We will only send marketing communications to you by email where you have consented to receive such content by email, or where we have another lawful right to send marketing to you using email. For example, if you are a business customer we may rely on our legitimate interest to send email marketing. We also rely on legitimate interest to send customers marketing in relation to similar products of ours.

Unsubscribing from post or email marketing

You can unsubscribe from post or email marketing by clicking on the ‘Unsubscribe’ link in the bottom of any email message sent by RSVPify.

If we carry out any online personalized advertising

We and our third-party partners may use personal data that is collected through your interactions with third-party websites and services to provide you with, and analyze the effectiveness of, personalized ads when you visit other websites and/or use other services.

By “personalized ads”, we mean advertisements for products and services that you have shown an interest in when you have used our website or which you otherwise might be interested in based on your browsing habits or the information we know about you [although our third-party partners may use the data that is collected to show personalized ads for products and services offered by third parties].

Our legal basis for processing

Where your data is collected through the use of non-essential cookies, we rely on your consent to collect your personal data and for the onward processing purpose. Please see the section “Do we use Cookies or other forms of tracking” for further details about the specific Cookies we use.
Our third-party partners may rely on a different lawful basis in respect of their use of your personal data. Please read the privacy notice of the relevant third-party providers.

If we advertise to you on social media and other platforms

We share your email address (usually in an encrypted or ‘hashed’ form) with third-party providers of social media platforms and other services (in particular [Facebook, Twitter, Pinterest, LinkedIn]]) so that the third-party providers can try to “match” your data with the data of their registered users of their Social Platforms.

Where there is a successful match, we will display our advertising to you when you use the relevant Social Platform (e.g. on your Facebook newsfeed). This is known as “custom audience” advertising, because we “customise” the audience that we want to reach on the relevant service.

Some of the advertising that you see may be personalized to you or based on your characteristics.

This activity is also subject to the privacy choices you have elected to make on such Social Platforms.

Our legal basis for processing

We will only share your personal data with the third-party providers of the Social Platforms, so that we can advertise our Products and Services to you when you use those Platforms, where you have provided your consent.

If we use your personal data in connection with our recruitment activities

We use your personal data for recruitment purposes, in particular, to assess your suitability for any of our positions that you apply for, whether such application has been received by us online, by email or by hard copy and whether submitted directly by you or by a third-party recruitment agency on your behalf. We also use your personal data to communicate with you about the recruitment process, to keep records about our recruitment process and to comply with our legal and regulatory obligations in relation to recruitment.

We will process any personal data about you that you volunteer, including during any interview, when you apply for a position with us. We may also process your personal data obtained from any third parties we work with in relation to our recruitment activities, including without limitation, recruitment agencies, background check providers, credit reference agencies and your referees.

The personal data we process may include your identity and contact details, details of your education, qualifications and employment history, any other personal data which appears in your curriculum vitae or application, any personal data that you volunteer during an interview or your interactions with us, or any personal data which is contained in any reference about you that we receive. Such information may also include special categories of personal data (such as information about your health, any medical conditions and your health and sickness records) and information relating to criminal convictions and offenses if that information is relevant to the role you are applying for.

We also use your personal data for the purposes of reviewing our equal opportunity profile in accordance with applicable legislation. We do not discriminate on the grounds of gender, race, ethnic origin, age, religion, sexual orientation, disability or any other basis covered by local legislation. All employment-related decisions are made entirely on merit.

Our legal basis for processing

Where we use your personal data in connection with recruitment, it will be in connection with us taking steps at your request to enter into a contract we may have with you or it is in our legitimate interest to use personal data in such a way to ensure that we can make the best recruitment decisions.

We will not process any special (or sensitive) categories of personal data or personal data relating to criminal convictions or offences except where we are able to do so under applicable legislation or with your explicit consent

If we have engaged you or the organization you represent to provide us with products or services

If we have engaged you or the organization you represent to provide us with products or services (for example, if you or the organization you represent provide us with services such as IT support or financial advice), we will collect and process your personal data in order to manage our relationship with you or the organization you represent, to receive products and services from you or the organization you represent and, where relevant, to provide our Services to others. The personal data we collect from you may include your identity and contact details and any other personal data you volunteer which is relevant to our relationship with you or the organization you represent.

Our legal basis for processing

It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you or the organization you represent, or it is in our legitimate interest to use personal data in such a way to ensure that we have an effective working relationship with you or the organization you represent and are able to receive the products and services that you or your organization provides, and provide our Services to others, in an effective way.

If we need to use your personal data to comply with our legal obligations or in connection with the administration of our business

We may use your personal data: (i) to enforce our legal rights; (ii) to protect the rights of third parties; (iii) to make any necessary corporate filings; (iv) for regulatory and compliance purposes; and (v) in connection with a business transition such as a merger, reorganisation, acquisition by another company, or sale of any of our assets.

Our legal basis for processing

Where we use your personal data in connection with a business transition, to enforce our legal rights or to protect the rights of third parties, it is in our legitimate interest to do so. For all other purposes described in this section, we have a legal obligation to use your personal data to comply with any legal obligations imposed upon us.

Who is your personal data shared with?

You can find information about the categories of potential recipients of your personal data in our main Privacy Policy, in the section titled “Do we disclose any information to other parties?”.

Due to use of social media and other third-party plug-ins, pages or third-party services and integrations (e.g. for authorization or localization purpose) we may disclose information about your browser, activity, localization to other entities in order to fulfil your requests, or to provide services that you have requested.

RSVPify complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. RSVPify has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. Although RSVPify has continued with its Privacy Shield certification as a matter of good data privacy governance, it respects the decision of the ECJ in Case C-311/18 (“Data Protection Commissioner v Facebook Ireland Ltd, Maximillian Schrems or “Schrems II”) and applies other safeguards when it receives personal data from data controllers in the UK/ EEA including by entering into the Standard Contractual Clauses with the UK/EU data controller sending the data.

How secure is your personal information?

The security of our user data is very important to us. We store your information securely in a globally leading cloud services infrastructure provider, using industry-compliant encryption technology. When you enter sensitive information (such as a credit card number) on our web forms, we encrypt the transmission of that information using secure socket layer technology (SSL).

How long do we retain your personal information?

The retention period of collected information depends on the type of information and the reasons why we collect it.

Primary retention

Customer account information is retained while your account is active, unless you submit a request to us to delete the information or close your account, in which case some information may still be retained for a reasonable time up to 180 days post-closing in case you decide to re-activate your account.

Please be advised that if you request that we delete your information or close your account, some of the information you shared through the Services may still be accessible by those users with whom you shared it (including Guests).

Secondary Retention

We may also retain some information we believe in good faith is necessary for legal and regulatory compliance, research and development, business matters, and improvement of our Services. Where appropriate, we would anonymize and encrypt such information until complete deletion.

Further, some information may be retained if it is contained in system logs, deleted emails or electronic documents which are archived by our Company in compliance with our standard archival processes but which, in the ordinary course of operations, are not accessible by the individuals who created or received such emails or documents.

In case your information is needed for a specific legal proceeding, we may keep such information as long as the proceeding in question is ongoing.

Your Rights

You have the right to:

request access and copies of your personal data, unless it would adversely affect the rights and freedoms of others;
request to have your information rectified if it is inaccurate or incomplete;
request we erase your personal data in certain circumstances;
request restriction of processing of your personal data in certain circumstances;
request to receive your data you have provided to us based on your consent or a contract, in a structured, commonly used and machine-readable format or request that we transmit said data to another controller; and
to object to processing of your personal data if we are relying on a legitimate interest in case you are in a particular situation or if we are processing your information for direct marketing purposes;

Right to withdraw consent. If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time, but this will not affect any processing of your data that has already taken place. If you exercise this right, we may keep minimal information about you (for example, on a so-called “Robinsons list”) as necessary for our and your legitimate interest to ensure your opt out choices are respected in the future and to comply with data protection laws.

To exercise your rights please contact us at [email protected]. However, please note that we may not be able to provide some or all of the Services without some necessary data collected from you.

Right to lodge a complaint with the data protection authority. If you believe that our processing of your personal data infringes upon your rights under GDPR, you may lodge a complaint with the data protection authority in the member state of European Union of your habitual residence, place of work or place of the alleged data infringement.

Children’s Personal Data

We do not knowingly collect Personal Data from children under the age of thirteen (13). If you are under the age of thirteen (13), please do not submit any personal data through the Services. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children never to provide personal data through the Services without their permission. If you have reason to believe that a child under the age of 13 has provided personal data to us through the Services, please email us at [email protected] and we will endeavor to delete that information from our databases.

If you are under the age of 16, your legal parent or guardian must provide us with consent to allow us to process your personal data.

Do we use cookies or other forms of tracking?

Cookies are small files that a website or one of its service providers transfers to your computer’s storage device via your Web browser (if your browser is configured to permit this) that enable its systems to recognize your browser and store certain information. We use “cookies” to collect information and improve our Services. We may use “persistent cookies” to save your user ID and password for future logins to the Service. We may use “session ID cookies” to enable certain features of the Service, to better understand how you interact with the Service and to monitor aggregate usage and web traffic on the Service.

Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to your computer and can only be read by a web server of the website that issued the cookie to you.

Categories of cookies.

Necessary cookies. Strictly necessary cookies are strictly necessary to provide you with the Services. The information collected through these cookies is used only for the purpose of providing you with the Services and is never shared with third parties.

You cannot refuse those cookies. You may block or delete them by changing your browser settings, but you may not be able to use Services or Application features, and in some cases the RSVPify website simply will not perform.

Functional cookies. Functional cookies allow us to remember the choices you make and provide enhanced, more personal features. Examples include your username, language, region, customizations, and prior purchase history. The information collected through these cookies is used for this purpose only and is never shared with third parties.
Performance & Analytical Cookies. We work with third parties who use cookies to collect data that helps us understand how people are using our website. We use this information to identify improvements we can make to the user experience. See ‘Purposes and Basis of Processing’ above for further information about how we use the data gathered by these cookies for analytics purposes.
Marketing & Targeting Cookies. We work with third parties who use cookies to collect information about the pages, links, and other sites that you visit. These cookies are used to deliver advertisements that are more relevant to you and your interests across the internet. The information collected by these cookies will be used to track visits and actions on our website, as well as to deliver reporting and analytics to us and our partners. See ‘Purposes and Basis of Processing’ above for further information about how we use the data gathered by these cookies.The following cookies are used:

Facebook (https://www.facebook.com/policies/cookies/)
Google Maps (https://policies.google.com/technologies/types?hl=en)
Google Analytics (https://policies.google.com/technologies/partner-sites?hl=en)
Twitter (https://help.twitter.com/en/rules-and-policies/twitter-cookies)
Pinterest (https://policy.pinterest.com/en/privacy-policy)
Intercom (https://www.intercom.com/legal/privacy)
LinkedIn (https://www.linkedin.com/legal/privacy-policy)

How can I control cookies?

Your options for managing your cookie preferences are set out below:

Through the Cookie Preference Centre on our website

When you access our website, we will ask you to provide consent for our use of non-essential cookies (categories 2,3 and 4 above). We may repeat this request on subsequent visits to our website, for example if you delete cookies from your browser or we need to request new consents from you.

When we seek your consent, you will either be able to provide consent for all non-essential cookies that we would like to use, or you can tailor your cookie preferences (provide consent for some but not all non-essential cookies) using our Cookie Preference Centre. You can also change your preferences and/or withdraw consent at any time by visiting our Cookie Preference Centre.

Just as a reminder, where cookies are essential to the operation of our website, we can use these without your consent and they cannot be managed using our Cookie Preference Centre

Through your Browser

All browser technologies enable you to manage the cookies in the cookie folder of your web browser. This means that you can either delete cookies from your cookie folder once you have finished your visit at our website or you can set your preferences with regard to the use of cookies before you begin browsing our website. Please note, as stated above, that deleting or rejecting cookies may adversely affect your user experience of our website.

You can find further information at:

To control privacy settings within mobile applications, please visit the privacy settings of your Android or iOS device and select “opt-out of interest based ads” (Android) or “limit ad tracking” (Apple iOS).

Where can I find more information about cookies?

If you want to learn more about cookies or how to control, disable or delete them, please visit www.aboutcookies.org for detailed guidance. In addition, certain third-party advertising networks, including Google, permit users to opt out of or customize preferences associated with your internet browsing. To learn more about this feature from Google visit https://adssettings.google.com/u/0/authenticated?hl=en

You can also learn more about targeting and retargeting for advertising, and about how to turn this feature off, by visiting www.networkadvertising.org, or in the case of those residing in the EU or UK, by visiting http://www.youronlinechoices.com.

Tracking technologies

Cookies are not the only way to recognize or track visitors to a website. Web beacons (sometimes called “tracking pixels” or “clear gifs”) are tiny graphics files that contain a unique identifier that enable us to recognize when someone has visited our website or taken an action in relation with Services. We also facilitate our third -party platforms ability to learn more about your interest in their event at their request through their use of these tracking pixels on our Services.

We also use tracking pixels in the emails we send in relation to our Services. Any emails you receive from us may contain cookies to help us to see if recipients have opened an email and understand how recipients have interacted with it. Once you click on an email that contains a cookie, your contact information may subsequently be cross-referenced to the source email and/or the relevant cookie. If you have enabled images, cookies may be set on your computer or mobile device. Cookies will also be set if you click on any link within the email.

If you do not wish to accept cookies from any one of our emails, simply close the email before downloading any images or clicking on any links. You can also set your browser to restrict cookies or to reject them entirely. These settings will apply to all cookies whether included on websites or in emails.

In some instances, depending on your email or browser settings, cookies in an email may be automatically accepted (for example, when you’ve added an email address to your address book or safe senders list). Please refer to your email browser or device instructions for more information on this.

Where can I find further information?

You may find more information on the way we process your information in our main Privacy Policy or by contacting our passionate support and privacy teams.