EventBuilder's Role in Privacy Data

Last updated: December 22, 2023
Last reviewed: December 22, 2023

We take the privacy and security of your data seriously and are ISO/IEC 27701 Certified. As such, we have internal procedures and processes in place for maintaining compliance with applicable laws regarding data processing and security protocols. Following is an overview of EventBuilder's role in processing Personally Identifiable Information (PII) and our customers' role in managing Personally Identifiable Information.


ISO/IEC 27701 Certification - A Privacy Information Management System standard published in August 2019 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

GDPR - General Data Protection Regulation. The GDPR strengthens security protection of personal data in the European Union. 

CCPA - California Consumer Privacy Act. A state statute giving consumers more control over the personal information businesses collect about them. 

PII - Personally Identifiable Information - PII is information that identifies, relates to, describes, references or is capable of being associated with, or could be reasonably linked - directly or indirectly - with a particular individual consumer or device. Examples include name, address, date of birth,  race, citizenship, employment status, non-public education information protected under the Family Educational Rights and Privacy Act, and product purchase histories.

PII Controller - The PII controller is the entity that determines the purpose and means for processing PII, defines why and how PII is processed, and is responsible for the implementation of privacy and security protocols to meet applicable legal standards.

PII Processor - The PII processor then processes PII on behalf of and in accordance with the instructions and privacy controls set by the PII controller. 

EventBuilder As a PII Processor

EventBuilder is a processor of your PII. This role is determined by both internal and external factors relevant to context and intended outcomes under ISO/IEC 27701 framework. Internal factors include EventBuilder's commercial purpose and contractual obligations to customers. External factors include legal and regulatory requirements that apply to our commercial activities, meeting the standards of the GDPR, CCPA, and any federal and state consumer privacy laws.

Our Customers' Responsibilities as a PII Controller

Our customers are the controller of PII. As such, they are responsible for collecting personal information, determining what to collect, changing or modifying collected information, how the PII will be used, and for what purpose. The PII controller also decides how long the data is kept, and when to dispose of it.

Consumer Privacy Rights and Privacy Record Requests

If you are an account holder or portal owner and receive an email from EventBuilder indicating we have received a Consumer Privacy Request from someone associated with your portal:

1. Please respond in a timely manner to indicate that you have received notification of the request. Here is an example of what the emails might look like:

Hi Tall Green Tree team,

This message notifies you that on May 1, 2023, EventBuilder received a Consumer Privacy Request from a consumer whose data resides on the Tall Green Tree Portal on the EventBuilder software. 

As a data processor to Tall Green Tree, EventBuilder is required to promptly notify your team when we receive a Consumer Privacy Request from an attendee of your Event(s). Please respond within 5 business days to confirm that you have received this notification and understand the required actions for you as the Controller.
I am providing a secure link for the recipients of this email who have a named user and not a generic email alias on their EventBuilder account, to access the Consumer Privacy Request information: <Secure OneDrive Link should be inserted here>  Please note that we will maintain a record of this request, but the linked file will be permanently deleted 10 business days from today.

Directions to redact or delete registrant data in EventBuilder software can be found in our Registrant Management Knowledge Base article. Redacting a Registrant's information still allows them access to their Event. A redacted Registrant's name, email, and other identifiable information will not appear in Event Reports. Deleting (canceling) an individual's Registration means they will no longer have access to the Event.

Please contact privacy@eventbuilder.com Email to privacy@eventbuilder.com if you have any questions. EventBuilder will support your team as necessary so that you can fulfill this request as required by law.

This notification is governed by EventBuilder’s Privacy Notice available at  https://www.eventbuilder.rocks/legal-and-security

Have a great day!

The EventBuilder Team is happy to provide assistance as you fulfill the Consumer Privacy Request. will notify the requester upon completion of the request.

To learn more about consumer privacy rights and procedures for submitting a consumer privacy records request: