EVENTBUILDER DATA PRIVACY FRAMEWORK NOTICE

Last updated: March 22, 2024

1. Statement of Compliance

NW Virtual Partners LLC dba EventBuilder and our affiliates and subsidiaries (collectively, “EventBuilder”, “us”, or “we”) complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. EventBuilder has certified to the U.S. Department of Commerce that we adhere to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of Personal Information received from the European Union in reliance on the EU-U.S. DPF, from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of Personal Information received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Data Privacy Framework Notice and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework program.

2. Scope of DPF Notice

This Data Privacy Framework Notice ("DPF Notice") applies to the Personal Information of identifiable individuals located in the European Economic Area, United Kingdom, or Switzerland (Data Subjects) collected through our Services. As used in this DPF Notice, our “Services” include portal.eventbuilder.com, eventbuilder.com, eventbuilder.rocks, and other websites we own or operate (collectively, the “Site”), our suite of software and professional services owned and operated by NW Virtual Partners LLC and/or delivered under the business name EventBuilder (the “Software”) for creating and managing virtual events, webinars, and online meetings and presentations (collectively, “Events”), our other digital properties or services, and your communications with us by any means.

This DPF Notice does not apply to any information collected through third-party products or services, such as websites or platforms of Organizers (as defined in our Privacy Notice), websites, platforms, software, or other products not listed above. Additionally, this DPF Notice does not apply to Personal Information collected as an employer or through our recruiting process.

3. Personal Information

For purposes of this DPF, “Personal Information” means data about an identified or identifiable individual that is received by EventBuilder in the United States from the EEA, Switzerland, or the United Kingdom, and recorded in any form, and is within the scope of Regulation (EU) 2016/679 (“GDPR”), the Swiss Federal Data Protection Act, or the UK Data Protection Act 2018 (“UK GDPR”), respectively.

4. EventBuilder Responsibilities

EventBuilder is responsible for the processing of Personal Information it receives under the DPF and subsequently transfers to a third party acting as an agent on its behalf. EventBuilder
complies with the DPF Principles for all onward transfers of Personal Information from the EU, UK, and Switzerland, including the onward transfer liability provisions. The Federal Trade Commission has jurisdiction over our compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.

In certain situations, EventBuilder may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

EventBuilder commits to resolve complaints concerning our handling of Personal Information received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF through the recourse mechanisms described in Section 12 of this DPF Notice. 

5. EventBuilder as a Service Provider 

EventBuilder offers powerful, end-to-end webinar & virtual events solutions through our Services for the benefit of Organizers and prospective customers in the EEA, Switzerland, and the United Kingdom through employees located in the United States. Our United States operations may process Personal Information to provide Services to Organizers and prospective customers located in the EEA, Switzerland, or the United Kingdom. When EventBuilder processes Personal Information, we do so only to provide the Services to Organizers or to discuss our Services with prospective customers.

Organizers are responsible for managing the data that they process and store within EventBuilder Services. EventBuilder requires minimal Personal Information to provide the Services (see Section 3 of our Privacy Notice) and Organizers determine any additional categories of Personal Information and other information that are stored by EventBuilder. Similarly, Organizers and prospective customers who disclose data to EventBuilder determine the categories of Personal Information that will be disclosed to EventBuilder and the purposes of such disclosure.

6. Responsibilities of Organizers and Prospective Customers 

EventBuilder designs the Services to require minimal Personal Information to provide the Services to Organizers and their end users. Prospective customers, Organizers, and end users may choose to include additional Personal Information among the data processed or stored within the Services or otherwise disclosed to us. EventBuilder processes only the Personal Information that Organizers or prospective customers have chosen to submit or disclose to EventBuilder.

Data Subjects only access and use the Services through an Organizer or prospective customer. As such, EventBuilder has no direct or contractual relationship with the Data Subjects whose Personal Information is processed on the Services. For this reason, the Organizer or prospective customer is solely responsible for satisfying all legal obligations owed directly to the Data Subject under applicable data protection laws. It is the Organizer’s or prospective customer's responsibility to:

  • Provide the Data Subject any notices required by applicable law;
  • Ensure that the Personal Information is collected in a manner that is lawful in the country of origin; and
  • Respond appropriately to the Data Subject's request to exercise their privacy rights.

In addition, the Organizer or prospective customer is responsible for ensuring that its use of EventBuilder’s Services is consistent with its own privacy notice and any notices it has provided to Data Subjects.

EventBuilder is not responsible for Organizer’s or prospective customer's privacy notices or practices. EventBuilder does not review, comment upon, or monitor Organizer’s or prospective customer's privacy notices or their compliance with such notices. 

Organizers and prospective customers are responsible for instructing EventBuilder to process Personal Information in compliance with policies, notices, and applicable law. EventBuilder is not responsible for reviewing instructions or Data Subject authorizations for compliance with any privacy notice, authorization, or applicable law.

7. Access 

Data Subjects have the right to access their Personal Information held by a company or other organization and, if their Personal Information is inaccurate or processed in violation of the DPF Principles, the Data Subject may also request that Personal Information be corrected, amended, or deleted.

When EventBuilder receives Personal Information, it does so on behalf of an Organizer or prospective customer. Data Subjects should contact the Organizer or prospective customer to request access to, or correction, amendment, or deletion of, their Personal Information. EventBuilder will cooperate with reasonable requests to assist Data Subjects in exercising their rights.

8. Choice

Data Subjects have the right to opt out of:

  • Disclosures of their Personal Information to third parties not identified at the time of collection or subsequently authorized; and
  • Uses of Personal Information for purposes materially different from those disclosed at the time of collection or subsequently authorized.

As a courtesy to Organizer, EventBuilder provides methods through the Services for Organizer, Attendees, and Presenters to change Event registration, to correct, update, or delete Personal Information associated with a registration, or to update communication preferences. See Section 6 of the Privacy Notice for details.

However, Organizer and our prospective customers are responsible for informing their end users when they have the right to opt out of such uses or disclosures and for assisting those end users in exercising those rights. Data Subjects who wish to limit the use or disclosure of their Personal Information should submit that request to the relevant Organizer or prospective customer that controls the use and disclosure of their Personal Information. EventBuilder will cooperate with Organizers’ and prospective customers’ instructions regarding Data Subjects’ choices.

9. Security

EventBuilder takes reasonable and appropriate measures to protect Personal Information in our possession from loss, misuse, unauthorized access, disclosure, alteration, and destruction. We have implemented and maintain a combination of technical and organizational security measures, procedures, and standards to govern Personal Information processing and safeguard the data in our possession. For example, we use multi-factor authentication, industry standard SSL for data encryption, proprietary technology, and other technical safeguards to protect information online and stored on our systems. Only trained and authorized employees and subcontractors may access Personal Information, and only when necessary for a specific business reason. Employees and/or contractors who violate our policies are subject to disciplinary action, up to and including termination. Our security measures are designed to meet our duty of care with respect to your Personal Information. Please note, however, that no transmission of data over the Internet is 100% secure, and we cannot guarantee that unauthorized third parties will not defeat our security measures or use your Personal Information for improper purposes.

10. Data Integrity and Purpose Limitation

In providing the Services to Organizers and offering the Services to prospective customers, EventBuilder will request only the minimum amount of information required to perform the applicable Services and will retain such information only for as long as necessary to provide the Services or for compatible purposes, such as to provide additional Services, to comply with legal requirements, or to preserve or defend our legal rights. Organizers and prospective customers of EventBuilder Services are responsible for providing EventBuilder with instructions or authorization for the processing of Personal Information consistent with such purposes.

Organizers and prospective customers of EventBuilder Services are responsible for limiting their collection of Personal Information to that which is necessary to accomplish the purposes disclosed to Data Subjects and compatible purposes. Organizers and prospective customers of EventBuilder Services also are responsible for ensuring that (a) the Personal Information they collect is accurate, complete, current, and reliable for its intended uses; and (b) Personal Information is retained only for as long as is necessary to accomplish the customer's or prospective customer's legitimate business purposes disclosed to the Data Subject and for compatible purposes. EventBuilder will cooperate with Organizers’ and prospective customers' reasonable requests for assistance in meeting these obligations.

11. Onward Transfers

EventBuilder may disclose Personal Information to subcontractors and third-parties that assist EventBuilder in providing the Services or for other lawful purposes. EventBuilder’s activities relating to onward transfers are detailed in Section 5 of our Privacy Notice. EventBuilder will not otherwise disclose Personal Information to third parties.

Before disclosing any Personal Information, EventBuilder will obtain assurances from the recipient that the recipient will only use the Personal Information to assist us in providing the Services and will provide at least the same level of protection for Personal Information as EventBuilder promises by this Privacy Notice and in compliance with Data Privacy Framework Principles.

All recipients of disclosed Personal Information are required to notify EventBuilder if the recipient becomes unable to provide these protections. Upon notice of, or if we learn of any unauthorized processing of disclosed Personal Information, EventBuilder will act promptly to discontinue and remediate the processing.

EventBuilder may also be required to disclose, and may disclose, Personal Information in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. To the extent permitted, EventBuilder will inform its relevant customer or prospective customer before making such disclosure and provide it with a reasonable opportunity to object to such disclosure. 

12. Recourse, Enforcement, and Liability

In compliance with DPF Principles, EventBuilder commits to resolve complaints relating to our collection or use of Personal Information transferred to the United States and your privacy through a recourse mechanism made available to you free of charge.

European Union, Swiss, and United Kingdom individuals with inquiries or complaints about our handling of Personal Information received in reliance on the DPF should first contact EventBuilder online using our Consumer Privacy Request form form or by email at privacy@eventbuilder.com.

You may have the right to complain to the data protection authority of your country of residence. If you live in the UK, you can make a complaint with the Information Commissioner’s Office. If you live in the EU, here is the relevant data protection authority information. The U.S. Federal Trade Commission has jurisdiction over EventBuilder’s compliance with the DPF, if you’d like to submit a complaint.

In compliance with DPF Principles, EventBuilder further commits to refer unresolved privacy complaints under the DPF Principles to an independent recourse mechanism, JAMS Data Privacy Framework Dispute Resolution. If EventBuilder does not acknowledge your complaint in a timely fashion, or your complaint is not addressed to your satisfaction, please submit your complaint to JAMS. This service is provided free of charge to you.

Further, EventBuilder commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of Personal Information received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.

If your DPF complaint cannot be resolved through the above options, under certain conditions you may have the option to invoke binding arbitration for certain residual claims. More information is available through the Data Privacy Framework Program. The Federal Trade Commission has jurisdiction over EventBuilder’s compliance with the DPF.

13. Questions?

Data Subjects with questions about how EventBuilder processes Personal Information related to an Event should first contact the Organizer of the Event. Data Subjects with questions relating to EventBuilder’s processing in reliance on DPF Principles can contact EventBuilder at privacy@eventbuilder.com.

14. Changes and Updates

EventBuilder may revise this Policy at any time. If EventBuilder decides to materially change this DPF Notice, we will post the revised Policy at this location. This policy is executed in English and may be translated into other languages. In the event of any conflict or discrepancy between the English language version and a translated version, the English language version of this policy shall control.