GDPR and Data Privacy

At EventReception, we adhere fully to the EU General Data Protection Regulation (GDPR), which took effect on May 25, 2018, replacing Directive 95/46/EC.

This section provides a clear overview of the essential concepts of GDPR and how they relate to the use of our solutions.

The information provided here is for informational purposes only and should not replace professional legal advice. If you’re unsure about how GDPR affects your operations, we encourage you to consult a qualified legal advisor.

Data Hosting and Security

To ensure full GDPR compliance, all personal data is securely stored within the EU. Our web servers are hosted in the Digital Realty Datacenter in Greece. This guarantees that data remains within EU boundaries, simplifying compliance with GDPR requirements and offering additional reassurance to our users about the safety and privacy of their information.

Understanding GDPR Roles

GDPR distinguishes between key roles in handling personal data:

  • Data Controllers: Entities or individuals who determine the purposes and means of processing personal data. They must comply with GDPR and ensure that any processors or sub-processors they engage also meet the law’s requirements.
  • Data Processors: Entities who process personal data on behalf of data controllers. They are responsible for implementing safeguards to protect the data and must comply with GDPR obligations relevant to processors.
  • Sub-Processors: Entities engaged by data processors to assist in processing personal data on behalf of the data controller. They carry the same responsibilities and obligations as data processors.

EventReception's Role and Compliance

In the context of GDPR, EventReception may act as a Data Processor, a Sub-Processor, or a Data Controller, depending on the relationship with the user:

  1. When corporate clients use our solutions, EventReception acts as a Data Processor.
  2. When corporate clients engage another company (e.g., an event planner) who uses our solutions, EventReception acts as a Sub-Processor.
  3. When individual users (e.g., couples) use our solutions directly, EventReception acts as a Data Controller.

EventReception is committed to meeting its GDPR obligations, including:

  • Ensuring confidentiality agreements are in place for staff handling personal data.
  • Implementing robust technical and organizational security measures to protect data at all times.
  • Responding promptly to requests for data deletion, updates, or access.
  • Notifying users of any data breaches within the GDPR’s required timeframes.
  • Demonstrating full compliance with GDPR through regular reviews and audits.

For more detailed information, including cases where EventReception acts as the Data Controller (e.g., when individuals from the EU use our solutions directly), please refer to our detailed Privacy Policy.

Examples of GDPR Roles in Practice

To illustrate how these roles apply, let's consider three examples:

  • Example 1:

    A Company Uses EventReception's Solutions to Invite Attendees to a Conference

    • Data Controller: The Company
    • Data Processor: EventReception

    Explanation: The company determines the purposes and means of processing personal data (e.g., collecting attendee information for the conference). EventReception processes this data on behalf of the company, making us the Data Processor.

  • Example 2:

    A Company Engages a Planner Who Uses EventReception's Solutions for an Employee Event

    • Data Controller: The Company
    • Data Processor: The Planner
    • Sub-Processor: EventReception

    Explanation: The company decides to hold the event and collect employee data, making it the Data Controller. The planner processes this data on behalf of the company, acting as the Data Processor. EventReception provides services to the planner, thus acting as a Sub-Processor.

  • Example 3:

    A Couple Uses EventReception's Solutions Directly for Their Wedding

    • Data Controller: EventReception
    • Exempt Party: The Couple (not subject to GDPR obligations)

    Explanation: The couple is exempt from GDPR obligations under the household exemption provided by Article 2(2)(c) and Recital 18, as they are natural persons processing personal data for a purely personal or household activity. In this case, EventReception acts as the Data Controller, determining the purposes and means of processing personal data within our platform.

Responsibilities of EventReception Users

For Corporate Users

To ensure compliance, our corporate users must:

  • Collect and process personal data from EU citizens in compliance with GDPR by ensuring they have a valid lawful basis—such as consent, contract necessity, legal obligation, vital interests, public task, or legitimate interests.
  • Adhere to GDPR rules and other relevant privacy laws.
  • Accept EventReception's role as a Data Processor or Sub-Processor.

For Individual Users (EU Citizens)

When individual users from EU, such as couples planning personal events, use our solutions directly, they should:

  • Use our solutions in accordance with our Terms of Service and Privacy Policy.
  • Handle personal data responsibly and ethically, respecting the privacy of others.
  • Acknowledge that while they are generally exempt from GDPR obligations under the household exemption when processing personal data for purely personal or household activities, EventReception acts as the Data Controller under GDPR and will process personal data in compliance with GDPR requirements.

Note: Even though individual users are exempt under GDPR, we encourage them to inform their guests about the processing of their personal data when possible, respecting their privacy and preferences.

Moving Forward Together

By understanding these roles and responsibilities, both corporate and individual users can work effectively with EventReception while ensuring compliance with GDPR. We are committed to protecting personal data and supporting our users in meeting their data protection obligations.