Privacy and Security Policy
At EventChain SmartTicket Service Ltd. (the “Company”, “we”), we respect your privacy. We have established this Privacy and Security Policy so that you may better understand what information we collect and how we collect, use and disclose the information collected. In this way, you may make an informed decision when using the Company’s software as a service (including the Company hosted website(s)), (collectively “Company Services”).
The Company Services are used by businesses (incorporated or otherwise) (“Businesses”) who register for the Company Services and by the customers and/or potential customers of such Businesses (“Consumers”, “you”). We collect information from the Businesses and Consumers. We also collect information in connection with the operation, maintenance and usage of the Company Services.
By using or accessing the Company Services, you accept and agree to the practices described in this Privacy and Security Policy.
Information You Provide
In connection with the Company Services, Businesses and/or Consumers may choose to upload, publish or otherwise display, or share with others (collectively “provide”) certain material, including contact information, photos, personal information, messages, notes, text, and/or any other content (collectively the “User Content”) on or through the Company Services. You agree that you are providing the User Content at your own risk and the Company and its directors, employees, partners or agents are not responsible for the use, confidentiality, disclosure or security of such User Content; This Privacy and Security Policy is not applicable to User Content you publicly provide.
The Types of Information We Collect
1. Registration Information for Businesses:
When a Business registers to use the Company Services, we collect certain registration information from the Business. This includes the Business name, a user name and password to be used by the Business, and other contact information for the Business representative(s), such as email, mailing address and telephone number, etc. (collectively “Registration Information”).
2. Billing Information:
When a Business purchases fee-based services/products from us, we will also collect billing information from the Business using PCI compliant 3rd party services to collect and process credit card information.
3. Other Information Collected from Businesses and Consumers in connection with Company Service offerings:
(a) Information about the Business Operations:
In connection with the Company Services, we may also collect certain information about the Business and its operations, including, the geographic location of the Business, the services and/or products offered by the Business, a general description of the Business operations (including hours of operation), pricing, policies, names of staff members/contractors/agents, contact information for staff members/contractors (including, but not limited to, email addresses, phone numbers, names of such personnel), photographs of business and/or staff members/contractors/agents, etc. (collectively “Business Information”).
(b) Consumer Information:
In connection with the Company Services, we may also collect certain information (including personal information) about the Consumers of the Businesses. For example, Businesses may input and/or upload certain information about their Consumers and the Consumers of the Business may input and/or upload such information about them (collectively “Consumer Information”).
(c) Aggregate Site Usage Information:
We also collect aggregate information from the Consumers of the Company Services regarding the Consumers systems and their usage of the Company Services (“Aggregate Site Usage Information”). This includes, but is not limited to:
• information derived from the web browser’s of the Consumers of the Company Services including information derived from “cookies” or similar technology,
• Internet Protocol addresses collected from server logs, traffic and volume statistical data,
• frequency of visits,
• type and time of transactions,
• statistical data,
• browser type,
• operating system,
• activity on site,
• links to external sites,
• clicks on advertisements,
• volume statistical information, etc.
How and When We Use Information Collected
The Company and/or its business partners or contractors my collect the information provided by Businesses and/or Consumers for the following purposes.
1. General purposes
(a) to provide, maintain, administer and update the Company Services;
(b) to analyze and evaluate usage of the Company Services;
(c) to support the users of the Company Services, including correcting any errors or failures of the Company Services;
(d) to customize any marketing, advertising, and/or other content presented to users of the Company Services;
(e) to fulfill requests for Company Services and/or products;
(f) to improve Company Services;
(g) to conduct research; and/or
(h) to provide anonymous reporting and/or data for internal and external clients.
2. Specific purposes
(a) Registration Information to authenticate the representatives of the Business, to contact and communicate with the Business and its representatives, to provide information regarding service updates, to provide service updates and/or other useful information to the Business;
(b) Billing Information to charge for services and/or products purchased;
(c) Business Information is deemed public information (including any personal information provided as contact information) and may be published on the internet, including to third party web sites in order to advertise or promote the Business products/services;
(d) Aggregate Site Usage Information to diagnose technical problems, to administer the Company Services, for product development and testing, for backup/recovery purposes, to improve the quality and types of Company Services delivered, to analyze the usage and customize the content and/or advertising appropriately, and/or to market/validate services and products offered;
(f) the Company (and/or its business partners or contractors) may also use the Business and/or Consumer contact information to communicate with the Business and Consumers. The Company may also facilitate the transfer of information between Businesses and their Consumers. For example, as a Consumer, we may send you emails containing information you requested from the relevant Business. If you are the Business, we may send you emails containing information you have requested from the Consumers.
Generally, you may configure your personal account settings to set the frequency of emails or opt-out of promotional emails. For details, see the section on Communications Email Opt-Out below.
How and When We Share Information Collected
1. Consumer’s Personal Information with a Business
We will share the information we collected from you as necessary and contemplated by the Company Services in order to provide Company Services. For example, we will share your name/contact information with the Business you are contacting. By using Company Services you agree that you are consenting to disclosure of your personal information but only to the extent disclosure is necessary to enable us to provide or facilitate providing the Company Services to you.
2. Consumer’s Personal Information with our Agents/Contractors
We may contract with third parties to perform certain tasks on our behalf. We might share certain information we collect with such third parties in order to perform those tasks. These tasks include sending emails, text messages, credit card payment services and Internet and hosting services. Unless we otherwise inform you, our agents/contractors will not have access to your personal information beyond what is necessary to perform such services.
3. Company Business Partners
In certain instances, Company Services are offered jointly with our business partners. For example, we may partner with third parties to offer a private labeled hosted service or a co branded service. You can easily recognize when our business partner is associated with a particular service offering/opportunity/transaction. In this case, we will share user information that is related to such service offering/opportunity/transaction with that affiliated business partner. Disclosure of such information to our business partner is subject to them agreeing contractually to comply with the terms of this Aggregate Non-Identifying Information. We may provide aggregate non-identifying information (specifically including Aggregate Site Usage Information) to these partners in order to market our products/services and to demonstrate the value we deliver.
4. Third Party Advertisers
5. Sale or Merger of the Business or Portions of the Business
If we sell all or a portion of the Company’s assets, or we merge with another entity, or if the Company goes out of business or enters bankruptcy, the Company data (including user information collected) may be transferred or acquired by a third party in an asset sale or transfer. After such a transaction, the third party that becomes the custodian of the information/data purchased would have the right to continue using the information/data as set forth in this policy. You acknowledge that such transfers may occur, and that any acquirer may continue to use your information as set forth in this policy in accordance with applicable privacy legislation.
6. Compliance with Laws; Protection of Company and Others
We may release information collected (including personal information) for the purposes of complying with laws or regulations, subpoenas, or the authorized requests of law enforcement or other government authorities or that disclosure is reasonably necessary to enforce/apply Company’s Terms of Service or other agreements, or that disclosure is required in order to protect the rights, property, or safety of the Company, its employees, our users, or other third parties. This includes, without limitation, exchanging information with other companies and organizations for fraud protection. Where legally required, we will take all reasonable steps to notify you when your personal information may be shared with third parties so you can choose to prevent the sharing of this information.
Relationship and Disclosures between the Consumers and Businesses
To the extent you are the Consumer and you provide information to the Business via Company Services or otherwise (including but not limited to any personal information you provide to the Business), we are not responsible for the Business’ collection, use or disclosure of such information. For example, if you provide your email address or other personal information to a Business via the Company Services or otherwise, the Business may use that information and contact you with promotional or other information or disclose that information to others. The Company is not responsible in any way in how you exchange information (including your personal information) between you and the Business.
Similarly, to the extent you are the Business and provide information to the Consumers via Company Services or otherwise (including personal information), the Company is not responsible in any way in how the Business exchanges information (including personal information) between it and Consumers.
Third Party Sites
Our site is collaborative, and may contain links to other third party websites, including many that have different privacy and security policies and practices. No endorsement or approval of any third party or its advice, opinions, information, products or services is expressed or implied by any content provided through these third party sites. We urge you to consult the policies available on those sites to further understand your rights and their practices.
Privacy & Security
The Company has implemented processes designed to protect the information it collects and stores. Registered Users are assigned a unique user name and password which are required to access their account. It is the Organizer’s responsibility to protect the security of their use name and password.
The Company employs firewalls and other advanced security technologies, which we believe are reasonably sufficient to adequately safeguard the information we collect from unauthorized access from outside intruders. Unauthorized entry or use or disclosures, hardware or software failures, and other factors may compromise the security of the information we collect and store. The Company is not responsible for circumvention of any privacy settings or security measures used in connection with its Service.
The Company uses technologies and procedures (collectively “Safeguards”) that protect the Organizer and the personal information of the Organizer’s customer (“Customer Data”). The Safeguards include:
• An audit trail that logs what, who and when personal information or financial information is created or modified.
• Electronic signed consent, on a per use basis, by ticket purchasers for use of their personal information in accordance with GDPR, including: Statement of Purpose, Privacy Statement and Disclosure Statement (including to third parties), as well as the option to Opt-Out.
• A minimum eight character password for all Users of the System.
• A User interface with permission levels and passwords designed to prevent User access to data of third parties.
• 128 – 256 bit SSL encryption of all data transmissions via the Company and on all data whereby SSL is an industry standard security technology for establishing an encrypted link between a web server and a browser.
• A secure hosting environment that maintains an EU-US Privacy Shield Certification.
• Customer personal information is isolated from its identifying information, making it possible to render personal information anonymous and harmless;
Controlled access of the Organizer’s staff and agents using the Service through secure Access Control Levels (“ACL”) that can grant or remove their web access to all or limited areas of Customer Data. The Company will use reasonable security standards to protect Customer Data that are no less protective than security standards used by the Company for its own information of a similar type.
The Company has implemented at least industry standard systems and procedures to ensure the security and confidentiality of the Customer Data, protect against anticipated threats or hazards to the security or integrity of the Customer Data and protect against unauthorized access to, collection, use, or disclosure of the Customer Data in accordance with GDPR.
Unless previously authorized in writing by Organizer, the Company will not disclose any personal information about Organizer’s use of the Service, unless required by law.
The Service is hosted on a secure hosting environment that maintains an EU-US Privacy Shield Certification in the USA. If you use the Service from outside of the USA, you are voluntarily transferring information (potentially including personal information) and content to the USA.
Accessing, Correcting and Revising Registration and Contact Information
To update your record/account information, log on to the service and select the available user account management pages.
If you choose to cancel your account, please be aware that we may retain residual/historical information in our databases for audit, legal or other purposes.
Communications Email Opt-Out
As part of our Services, you agree that we may contact you and send you communications as part of our ongoing business relationship. We may also, from time-to-time, send you certain promotional emails/communications so that you are aware of our products and services. If you wish to stop receiving promotional emails/communications you may opt out by checking the unsubscribe option on such communications or from your account notifications settings page.
Compliance with Children’s Online Privacy Protection Act
As a business service, Company does not target its offerings toward, and does not knowingly collect any personal information from users under 13 years of age without parent’s consent.
Changes to the Privacy and Security Policy
We reserve the right to change this Privacy and Security Policy and will provide notification of any material change. We will indicate in the notification of the effective date of the change. If you do not agree with the changes, you always have the option of terminating your account and stop using the Company Services.
You may contact us with any questions pertaining to this policy at privacyevc@EventChain.io.
Privacy related Inquires
We will respect your request for access to your information. Send all requests or questions about our privacy practices to us in writing by email. In your correspondence, please describe your questions in as much detail as possible. We will investigate your concerns promptly and will respond to you within 30 days.
Write to our Privacy Officer, Dino Bassanese or our Data Protection Officer, Geoffrey Spooner, at privacyevc @ EventChain.io (spaces added to deter spammers).