Data Privacy Policies
Why do you need to ask for a link to my privacy policies?
What if I do not have a web site with a privacy policy.
You kept my previous year data for a lot longer than 90 days - what changed?
In May of 2018, a new law went into effect in the European Union regarding data privacy. We have a number of events that include EU attendees (or the event is held inEurope). In light of this change and the EventCORE audience, we are implementing a site-wide change regarding our data privacy.
There are three big changes that have occurred:
SITE ADMINS: When you go to the site set up page, there is a new section titled "Privacy Policy and Attendee Retention." This section includes three required fields.
- Link to Privacy Policy. You must provide a link to the privacy policy for your organization. The data collected through EventCORE belongs to you. We have control over the data while it is in our system, but once you download the data to your own servers, it is out of our control. In light of this, we need to provide attendees with a link to where they can learn what you might do with this data. It can be your parent corporation privacy policy or you can take them to a specific page just for this event.
- Data Manager Email. This is the office or person whom an attendee can contact if they have questions about your their data. The new EU law states that an individual can request a review of data or a permanent deletion of all data. That request will go to you not us. So this is the email address that an attendee would use to make a post-event inquiry about their data.
- Retention Acceptance. You must answer "yes" to this drop down in order to use EventCORE. The retention policy is explained in the next section.
RETENTION OF DATA: EventCORE previously retained data indefinitely. It was "archived" and you needed to make a special Tier 3 Support request to gain access, but the data was still all there. Beginning in May 2018, we will only retain user specific data for 90-days past the end of your event. This should allow adequate time you to process refunds, answer attendee questions or download the data to your local servers.
Prior to the user-specific data being erased, Tier 3 will contact you to confirm that you are aware that the data will soon be destroyed. You will still be able to obtain statistical data (numbers, trends, etc.*) but all personalized user-specific data will be removed (names, addresses and phone numbers will be randomized, email addresses will be encrypted, street addresses removed.).
Passport numbers and other ultra sensitive data will be destroyed within 10 days of the completion of the event.
*Statistical data will allow you to see your men to women ratio, when people signed up, how many attendee types you had, etc.
END USERS: The information that you provide for your privacy policy and data manager email now appear at the bottom of the registration form. There is a highlighted paragraph that explains to the end user that EventCORE will retain their data for 90 days past the close of the event. It also states that the retention policy of the event sponsor/creator has their own policies and we then provide links for additional information.
FAQ
Why do you need a link to my privacy policy? We manage the attendee data during the registration process and for 90 days afterwards. But since you have the ability to download contact information, we are required to provide a link to your privacy policies. You can link to your parent organization's privacy policy (that's essentially what we do...). It does not have to be unique to this event.
What if I do not have a web site with a privacy policy and cannot provide a link? Having an explained policy statement is a requirement for any data you intend to use AFTER the event or for individual contact during the event. If you are using EventCORE for an isolated, single purpose and you will not download or save any data, then we can allow an exception. But if that is not the case, you can write your own policy statement and write it up as a special left menu item.
Can I use a link to a left menu item as the link to my privacy policy? Yes, you will be able to link to it in the gray box. Since you're on the same domain, you only need include the short link to it.
If your long link to the left menu answer is: https://intre.org/event.php?a=info&i=5566
You could just put event.php?a=info&i=5566 in the admin settings for the privacy policy.
Why the 90-day limit to data retention? It was not that way in the past? You mostly have seen a number of recent data breaches that have occurred in recent years. The European Union have really changed their guidelines for doing business in Europe. We anticipate similiar changes could take place worldwide. It is in light of these changed regulations that we are changing our policy. The significant implications of not meeting a regulation are significantly mitigated by not retaining data.