EventBuilder's Role in Privacy Data
Last updated: June 24, 2026
Last reviewed: June 24, 2026
We take the privacy and security of your data seriously and are ISO/IEC 27701 Certified. As such, we have internal procedures and processes in place for maintaining compliance with applicable laws regarding data processing and security protocols. Following is an overview of EventBuilder's role in processing Personally Identifiable Information (PII) and our customers' role in managing Personally Identifiable Information.
EventBuilder As a PII Processor
EventBuilder is a processor of your PII. This role is determined by both internal and external factors relevant to context and intended outcomes under ISO/IEC 27701 framework. Internal factors include EventBuilder's commercial purpose and contractual obligations to customers. External factors include legal and regulatory requirements that apply to our commercial activities, meeting the standards of the GDPR, CCPA, and any federal and state consumer privacy laws.
Our Customers' Responsibilities as a PII Controller
Our customers are the controller of PII. As such, they are responsible for collecting personal information, determining what to collect, changing or modifying collected information, how the PII will be used, and for what purpose. The PII controller also decides how long the data is kept, and when to dispose of it.
Consumer Privacy Rights and Privacy Record Requests
Consumer Privacy Rights are available in the EventBuilder Privacy Notice , Section 6, paragraph b. If you are an account holder or tenant owner and receive an email from EventBuilder indicating we have received a Consumer Privacy Request from someone associated with your tenant:
Please respond in a timely manner to indicate that you have received notification of the request. Here is an example of what the emails might look like:
Hi Tall Green Tree Team,
This message notifies you that on June 22, 2026 EventBuilder received a request to exercise privacy rights from a consumer whose data resides on the Tall Green Tree Tenant on the EventBuilder software. As a service provider to Tall Green Tree, EventBuilder is required to notify your team when we receive a privacy request from a Registrant for your Event(s) so that you can process and fulfill the request. Please respond within three business days to confirm that you have received this notification and will take the necessary steps to fulfill the request.
We have notified the requester that we received their request and have relayed it to you, and that Mickey Mouse (mmouse@tallgreentree.com) should be contacted if they have any questions going forward.
I am providing a secure link for the recipients of this email who have a named user and not a generic email alias on their EventBuilder Administrator account, to access the privacy request information: [secure view-only OneDrive link]. Please note that we will maintain a record of this request, but the linked file will be permanently deleted 10 business days from today.
Directions to redact or delete registrant data in EventBuilder software can be found in our Delete or Redact a Registrant Knowledge Base article. Redacting a registrant's information preserves their ability to access the associated Event(s). In this case an anonymous Registrant will be indicated on Event Reports. Deleting (canceling) a Registrant’s information completely removes their access to Event(s) they’ve registered for and reduces the number of Registrants indicated on Event Reports. We recommend redaction rather than deletion, as it safeguards the registrant’s ability to participate in future events for which they are already registered, and allows for an accurate Registrant count on Event Reports. EventBuilder will support your team as necessary so that you can fulfill this request as required by law.
This notification is governed by EventBuilder’s Privacy Notice. Please contact privacy@eventbuilder.com if you have any questions.
Have a great day!

