Your privacy is critically important to us. At Event Smart we have a few fundamental principles:
- We don’t ask you for personal information unless we truly need it.
- We don’t share your personal information with anyone except to comply with the law, develop our products, or protect our rights.
- We don’t store personal information on our servers unless required for the on-going operation of one of our services.
- We aim to make it as simple as possible for you to control what’s visible to the public, seen by search engines, kept private, and permanently deleted.
- We comply with and adhere to the European Union’s General Data Protection Regulation (GDPR)
- Our services include a number of places where you can send data to third parties. If you want to use these, you should check you are happy with the way they use your data
- We do not market to you without your consent and, if you give us your consent, you can withdraw it at any time
- We take security seriously and host our services on servers in USA data centers
If you have questions about erasing or correcting your personal data please contact our support team.
Event Espresso, LLC. (“Event Espresso” and “Event Smart”) is a limited liability company registered in the United States of America, P.O. Box 681, Washington, Utah. We operate several websites including EventEspresso.com and EventSmart.com, Demoee.org, among a few ancillary others. It is Event Event Smart’s policy to respect your privacy regarding any information we may collect while operating our websites.
How we process your data
Like most website operators and processors, Event Smart collects non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. Event Smart’s purpose in collecting non-personally identifying information is to better understand how Event Smart’s visitors use its website. From time to time, Event Smart may release non-personally-identifying information in the aggregate, e.g., by publishing a report on trends in the usage of its website.
Event Smart may collect statistics about the behavior of visitors to its websites. For instance, Event Smart may monitor the most popular sites on the EventSmart.com site or use spam screened by the Akismet service to help identify spam. Event Smart may display this information publicly or provide it to others. However, Event Smart does not disclose personally-identifying information other than as described below.
Gathering and Protection of Personally-Identifying Information
Certain visitors to Event Smart’s websites choose to interact with Event Smart in ways that require Event Smart to gather personally-identifying information. The amount and type of information that Event Smart gathers depend on the nature of the interaction. For example, we ask visitors who sign up for services at EventSmart.com to provide a username and email address. Those who engage in transactions with Event Smart – by purchasing – are asked to provide additional information, including as necessary the personal and financial information required to process those transactions. In each case, Event Smart collects such information only insofar as is necessary or appropriate to fulfill the purpose of the visitor’s interaction with Event Smart. Event Smart does not disclose personally-identifying information other than as described below. And visitors can always refuse to supply personally-identifying information, with the caveat that it may prevent them from engaging in certain website-related activities.
Event Smart discloses potentially personally-identifying and personally-identifying information only to those of its employees, contractors and affiliated organizations that (i) need to know that information in order to process it on Event Smart’s behalf or to provide services available at Event Smart’s websites, and (ii) that have agreed not to disclose it to others. Some of those employees, contractors and affiliated organizations may be located outside of your home country; by using Event Smart’s websites, you consent to the transfer of such information to them. Event Smart will not rent or sell potentially personally-identifying and personally-identifying information to anyone. Other than to its employees, contractors and affiliated organizations, as described above, Event Smart discloses potentially personally-identifying and personally-identifying information only in response to a subpoena, court order or other governmental request, or when Event Smart believes in good faith that disclosure is reasonably necessary to protect the property or rights of Event Smart, third parties or the public at large. If you are a registered user (including attendees) of an Event Smart website and have supplied your email address, Event Smart may occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what’s going on with Event Smart and our products. We primarily use our various product blogs to communicate this type of information, so we expect to keep this type of email to a minimum. If you send us a request (for example via a support email or via one of our feedback mechanisms), we reserve the right to publish it in order to help us clarify or respond to your request or to help us support other users. Event Smart takes all measures reasonably necessary to protect against the unauthorized access, use, alteration or destruction of potentially personally-identifying information.
When you access any of our services we will store a record of your IP address along with details of your request in our logs. This information is stored and used by our system team to ensure the integrity of our services.
Retention: This information is stored for a minimum of 50 months.
Authorization & session data
Whenever you log in to one of our services we will use at least four cookies that will identify your session to our services. This is necessary to provide our service to you.
WordPress uses the following cookies to enable registered users to log into the website:
|Cookie name||Data stored||When does it expire?||Description|
|wordpress_test_cookie||The text ‘WP Cookie check’||A session cookie, deleted when you close your web browser.||WordPress sets this cookie when you navigate to the login page. The cookie is used to check whether your web browser is set to allow, or reject cookies.|
|wordpress_*||Your login authentication details in an encrypted form||A session cookie, deleted when you close your web browser.||WordPress uses these cookies to store your authentication details, and their use is limited to the admin console area.|
|wordpress_logged_in_*||Your login details in an encrypted form||A session cookie, deleted when you close your web browser.||WordPress uses this cookie to indicate when you’re logged in, and who you are, for most interface use.|
|wp-settings-*,wp-settings-time-*||Text indicating your preferred settings||Persistent cookie, expire a little under one year from the time they’re set.||WordPress uses this cookie to customize your view of admin interface, and possibly also the main site interface.|
If you comment on an article on this website, WordPress uses the following cookies:
|Cookie name||Data stored||When does it expire?||Description|
|comment_author,comment_author_email,comment_author_url||Your name, email address and website address||Persistent cookies, which expire a little under one year from the time they’re set.||WordPress sets these cookies purely for convenience, so that you won’t need to re-type all your information again when you want to leave another comment.|
Further information is available in the WordPress Codex:
- WordPress Codex: WordPress Cookies
In addition to these cookies, we also store IP addresses & user agents with your session. This allows us to look for anomalies in its use to help us protect your account and our systems.
Retention: This data is stored until such time as the associated user account is deleted.
When you sign up, we need to know your first & last name so that you can be identified. We will use your name to address you and it may be stored in various systems that you use (for example: our support desk, Help Scout). This is necessary to provide our service to you.
Your name may be shared with other people that share access to an account you are part of. For example, if you have a Event Smart account, your name will be shared with other members of that account.
Retention: Your name will be retained until your user account is deleted. In some cases, your name may be kept with your billing records were we have a legal obligation to store this information.
We will store your e-mail address for the purposes of managing your account with us. This will be used for transactional e-mails that relate directly to your account or services. This information is required in order to ensure you are informed about your account and can take appropriate actions in various situations.
We may also use your e-mail address to send you messages about our services which may include notifications about newly launched features, improvements to the service, upcoming maintenance as well as ways to help you make the most of your service. If you would rather not receive these messages, please let us know or click the unsubscribe link in these e-mails.
We will not send you any other marketing messages unless you subscribe to our newsletter which you can do through our website when signing up or through one of our applications. When you do this, you will be consenting with us to use your email address for this purpose. You may withdraw this consent at any time by unsubscribing from the messages or contacting us.
If you are using a service that allows multiple users to have access to the same account, your e-mail address may be shared with the other users on this account.
Our applications may share a cryptographic hash (MD5) of your e-mail address with the Gravatar service to allow us to display an appropriate profile image with your images. If you do not have an account with Gravatar, they will not be able to determine your actual e-mail address.
Retention: Your email address will be kept until such time as all accounts associated with it are deleted from our systems.
If we send you transactional e-mails, these will be passed through a third-party mail service (Help Scout, Mandrill, or MailGun) and stored for a period of time in to assist with debugging delivery problems and ensuring messages are appropriately delivered to their destinations. This is necessary to provide our service to you.
The information stored includes the contents of the message sent, the e-mail addresses of the recipients and any other headers.
Retention: The contents of messages are stored for a period of 50 months from the date the message is received by our mail system.
If you send us e-mails, these may be passed through our third-party mail services. If some cases, these messages will be consumed by one of our services or applications, for example, tickets sent to your EventSmart.com account or updates to tickets submitted to Help Scout (our email support system). This is necessary to provide our service to you.
Retention: Our mail servers will store the contents of messages for 50 months.
We never store your own passwords on our services in plain text. Passwords are hashed using an industry standard hashing algorithm. As a good security practice, we recommend the following with regards to choosing your password:
- Use a unique password with our services that is not shared with any others.
- Choose a long secure password containing either multiple random words, or a good combination of letters, numbers & symbols.
- Exercise good password hygiene and change your password on a regular basis.
- When sharing usernames and passwords for support reasons, only share a temporary username and password.
Company name & your postal address
We require your postal address in order to provide you with an invoice for your services. This information is collected as a legal obligation and will be stored on our systems along with invoices for a minimum period of time.
We may wish to send you items by post (for example t-shirts, mugs, stickers etc…). To do this, you will need to provide your address to us again and consent to us using it for the purposes of sending you items by post. We may store your address on file to allow us to send you items in the future. You may opt to have this address removed from our records at any time by contacting us.
We do not store full payment card details on our own servers. We work with external PCI-compliant payment processors (Stripe, Authorize.net, PayPal, Recurly, etc.) who store these details.
We also store the country that the card was registered in and the IP address country that the card was added from as a legal obligation to ensure that the correct VAT rate is charged for your payments.
Retention: We will instruct our payment processors to delete any stored card details when you cancel your account.
Note about Paypal: If you pay for our services using Paypal, we do not control the data that you provide to Paypal in order to make your payment. Paypal shares minimal information with us regarding your payment. You should refer to their privacy notices for details on how they manage this information. PayPal also shares revenue with Event Smart from processing fees.
Note about Stripe: If you pay for our services using Stripe, we do not control the data that you provide to Stripe in order to make your payment. Stripe shares minimal information with us regarding your payment. You should refer to their privacy notices for details on how they manage this information. When connecting your Event Smart website to Stripe, Stripe Connect grants Event Smart access to your data. We do not use this data other than to process the transaction for your event. Stripe also shares revenue with Event Smart from processing fees.
Any data added by you and stored in your accounts
When you use our services you might upload or generate personal information relating to your own customers and users. You will remain the data controller for all such data that is stored within our systems and are responsible for ensuring you have an appropriate lawful basis & notices in place to allow us to store this data on your behalf.
If you use an Event Smart’s service which allows you to upload, store or process any personal data, you are responsible for ensuring that you are compliant with appropriate laws & regulations (for example the General Data Protection Regulation) for this data.
We do not recommend customers store any personal data in areas of our systems that are not designed for the purposes of storing this information.
Retention: Data stored in the services you have with us will be kept until such time as you delete the data yourselves or you cancel your account. Upon cancellation of an account, we may keep the data for up to 7 days at which point it will be purged from our databases.
We use several services to help us track the details of visitors browsing our public websites. We configure our tracking codes to anonymize any IP addresses.
Support by contact form or e-mail
If you contact us by e-mail or through one of our website contact forms, you will be sharing your contact details (e-mail address, ip address, and/or phone number) with us for the purposes of responding to your query. This is necessary to provide our service to you.
Retention: We retain all support requests (including name & contact details) that we receive for the purposes of auditing and training of staff.
Support by live chat
If you chat with us on our live chat service, you will be sharing your e-mail address with us for the purposes of sending you a transcript as well as identifying yourself to our support team. This is necessary to provide our service to you.
In addition to this information, our live chat system will place a cookie in your browser which will persist until you quit your browser. This is required to ensure that your live chat can continue between separate page requests to our website.
We also use records of live chats for staff training, to make sure we can offer you the best possible service.
Retention: We retain transcripts of all live chats (including name & contact details of the website visitor) for the purposes of auditing and training of staff.
E-mails directly to/from our employees
If you communicate with our employees directly by e-mail (i.e. not using our normal support channels), we may retain your name & e-mail address in the mailboxes of the employee(s) that you communicate with. This is necessary to provide our service to you.
Retention: Employee e-mails are kept indefinitely. Any e-mails that contain sensitive data that are delivered by accident will be removed immediately.
We store backups of data stored by us for use in disaster recovery. Backup data is encrypted and stored off site in a secure data center. This is necessary to provide our service to you.
Retention: Backup data is stored for a period of 4 weeks.
If you apply for a job with us, we will store the personal data that you submit for the purposes of considering your application.
Retention: Job application data will only be kept until the position has been filled unless you ask us to keep your information on record for considering for a future position.
We lease space on servers which are located in the United States. The physical data center has numerous physical security measures including biometric security, full CCTV coverage as well as 24/7 manned security.
Transfer of data to group companies
We may share and/or transfer your data to other companies within our group for the purposes of administration and company structuring.
Transfer of data on product or service acquisition
If Event Smart, or substantially all of its assets, were acquired, or in the unlikely event that Event Smart goes out of business or enters bankruptcy, user information would be one of the assets that are transferred or acquired by a third party. You acknowledge that such transfers may occur and that any acquirer of Event Smart may continue to use your personal information as set forth in this policy. You will be notified by e-mail in the event that such an acquisition occurs.
Third party processors
In some cases, we may use third parties to provide storage or computing services. We maintain a list of third parties that process data on our behalf.
|Professional Services||We may share your details with professional service companies such as accountants or accounting software.|
|Payment service providers||We may share your details with a company who provide us with payment services for taking payments from credit/debit cards.|
|Technical service providers||We may share your details with providers we use to provide computing services.|
|E-Mail marketing software||We may share your details with e-mail marketing software providers to allow us to send e-mails to customers.|
|Communication services||We may share your details with companies who provide us with communication services such as a live chat or e-mail providers.|
We will not share your data with third parties for the purposes of any marketing without your consent unless otherwise specified in this privacy notice.
Some of our applications allow users to configure integrations with third-party services. When using any of these integrations, you share your data with the organizations who operate these services. You should review their own private information with regard to how they will treat this information once it has been provided.
Third–party services and infrastructure:
- Adsense – For displaying personalized advertising based on your browsing history.
- Amazon Web Services – For web server infrastructure and storage.
- Akismet – For monitoring comment spam.
- Chatlio – For online chat conversations.
- Google Analytics – For tracking website activity and performance.
- Gravatar – For displaying personalized images of people (if available).
- HelpScout – For email communication with contacts.
- Mixpanel – For tracking web application activity.
- Monster Insights – For controlling popups.
- Pagely – For managed hosting.
- PayPal – For processing online payments.
- Recurly – For processing service subscriptions
- Segment – For managing data processing
- Stripe – For processing online payments.
Correcting your personal data
It is important to us that the information we store is up to date and accurate. You may update your details at any time through our various websites & applications.
Removal of your personal data
In some cases, you may be able to request that we remove your personal data from our systems. As with correcting your data, you can often delete your data yourselves through our websites & applications. In other cases, though, please feel free to contact us using the information below.
You have a lot of rights, including the right to request access to and rectification or erasure of your personal data or restriction of processing of it. You also have the right to object to our processing of your data in some situations, as well as the right to data portability.
From time to time we may use your name or logo in promoting you and the Event Smart service. We do not intend any harm, in fact, we hope as we give you exposure it helps you and your brand. If you have an issue with this please contact us.
Notification of data breaches
Upon discovering any data breaches, we will notify any affected individuals as soon as its practical following our data breach notification policy. This policy dictates that in the event of a data breach concerning personal data, the affected parties will be notified by e-mail to the main e-mail address we store with your account.
Electronic storage of data
No method of electronic storage can be 100% secure, however, we have sophisticated and detailed security & development policies that govern our systems & applications to help ensure your data is as secure as it can be.
Use of our services by persons under the age of 16
We do not allow anyone under the age of 16 to signup, use or store any personal data with us on any of our services. If we discover or are notified about the presence of a user under this age, we will remove their data from our systems without notice.
Our lawful basis for data processing
Under the General Data Protection Regulation, unless we have otherwise specified above, we will be processing your data as a legitimate interest. These interests include staff training, ensuring the security of our systems and to allow us to operate our business in an efficient manner.
Where our processing is based on consent, you may withdraw consent at any time.
Where our processing is necessary for us to perform our contract with you, or to take steps to enter into a contract with you, we will not be able to enter into a contract with you or deliver our services to you if you do not give us the data in question.
Disclosure of information to law enforcement agencies
We may disclose your information if we are requested to by any law enforcement agency where we believe we are required to comply with the request under any applicable laws.