A blue, green and orange image of a globe in a paper cut style with communications icons surrounding it

EventBuilder's Role in Privacy Data

Last updated: June 24, 2026
Last reviewed: June 24, 2026

We take the privacy and security of your data seriously and are ISO/IEC 27701 Certified. As such, we have internal procedures and processes in place for maintaining compliance with applicable laws regarding data processing and security protocols. Following is an overview of EventBuilder's role in processing Personally Identifiable Information (PII) and our customers' role in managing Personally Identifiable Information.

Definitions
ISO/IEC 27701 Certification
A Privacy Information Management System standard published in August 2019 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
GDPR
General Data Protection Regulation. The GDPR strengthens security protection of personal data in the European Union.
CCPA
California Consumer Privacy Act. A state statute giving consumers more control over the personal information businesses collect about them.
PII - Personally Identifiable Information
PII is information that identifies, relates to, describes, references or is capable of being associated with, or could be reasonably linked - directly or indirectly - with a particular individual consumer or device. Examples include name, address, date of birth, race, citizenship, employment status, non-public education information protected under the Family Educational Rights and Privacy Act, and product purchase histories.
PII Controller
The PII controller is the entity that determines the purpose and means for processing PII, defines why and how PII is processed, and is responsible for the implementation of privacy and security protocols to meet applicable legal standards.
PII Processor
The PII processor then processes PII on behalf of and in accordance with the instructions and privacy controls set by the PII controller.

EventBuilder As a PII Processor

EventBuilder is a processor of your PII. This role is determined by both internal and external factors relevant to context and intended outcomes under ISO/IEC 27701 framework. Internal factors include EventBuilder's commercial purpose and contractual obligations to customers. External factors include legal and regulatory requirements that apply to our commercial activities, meeting the standards of the GDPR, CCPA, and any federal and state consumer privacy laws.

Our Customers' Responsibilities as a PII Controller

Our customers are the controller of PII. As such, they are responsible for collecting personal information, determining what to collect, changing or modifying collected information, how the PII will be used, and for what purpose. The PII controller also decides how long the data is kept, and when to dispose of it.

Consumer Privacy Rights and Privacy Record Requests

Consumer Privacy Rights are available in the EventBuilder Privacy Notice , Section 6, paragraph b. If you are an account holder or tenant owner and receive an email from EventBuilder indicating we have received a Consumer Privacy Request from someone associated with your tenant:

Please respond in a timely manner to indicate that you have received notification of the request. Here is an example of what the emails might look like:

Hi Tall Green Tree Team,

This message notifies you that on June 22, 2026 EventBuilder received a request to exercise privacy rights from a consumer whose data resides on the Tall Green Tree Tenant on the EventBuilder software. As a service provider to Tall Green Tree, EventBuilder is required to notify your team when we receive a privacy request from a Registrant for your Event(s) so that you can process and fulfill the request. Please respond within three business days to confirm that you have received this notification and will take the necessary steps to fulfill the request.

We have notified the requester that we received their request and have relayed it to you, and that Mickey Mouse (mmouse@tallgreentree.com) should be contacted if they have any questions going forward.

I am providing a secure link for the recipients of this email who have a named user and not a generic email alias on their EventBuilder Administrator account, to access the privacy request information: [secure view-only OneDrive link]. Please note that we will maintain a record of this request, but the linked file will be permanently deleted 10 business days from today.

Directions to redact or delete registrant data in EventBuilder software can be found in our Delete or Redact a Registrant Knowledge Base article. Redacting a registrant's information preserves their ability to access the associated Event(s). In this case an anonymous Registrant will be indicated on Event Reports. Deleting (canceling) a Registrant’s information completely removes their access to Event(s) they’ve registered for and reduces the number of Registrants indicated on Event Reports. We recommend redaction rather than deletion, as it safeguards the registrant’s ability to participate in future events for which they are already registered, and allows for an accurate Registrant count on Event Reports. EventBuilder will support your team as necessary so that you can fulfill this request as required by law.

This notification is governed by EventBuilder’s Privacy Notice. Please contact privacy@eventbuilder.com if you have any questions.

Have a great day!

The EventBuilder Team is happy to provide assistance as you fulfill the Consumer Privacy Request.
To learn more about consumer privacy rights and procedures for submitting a consumer privacy records request: