Besides being compliant with the General Data Protection Regulation (GDPR) when it comes into force on May 25, 2018, we believe the new law is a strong resource to protect citizens in regards to their data privacy. So Snafflz has been extensively working on features to help our users who are impacted by this new law and taking measures to ensure maximum transparency over the way we store and handle data.
As a data controller and data processor, Snafflz has the obligation to process the event attendee information provided by our clients, the event professionals. For instance, when an event professional creates a registration page and collects data from potential guests, this is stored by us in order to be accessible to the event professional. In this operation personal data is protected according to the various terms of the GDPR.
How are we protecting your data?
An all encompassing set of different actions was taken in order to ensure compliance with the new regulation, as described in our FAQ. Please take a look at the details and check which scopes concern your event and your guest data. We reaffirm our commitment to security, privacy and transparency and will never sell or transmit any personal data without your consent.
Important: the FAQ (Frequently Asked Questions) were designed to help our users acknowledging the scope of the GDPR in concern with their use of the Snafflz application. It is not an official page or represents warranties or legal representation from us. We recommend all clients (the event organiser) to get professional advice regarding how the GDPR may affect their organization and procedures.
What changes with GDPR?
The GDPR regulates how companies approach handling the data of individuals (also named data subjects). We at Snafflz see it as big step towards privacy as a standard, as companies are now required to obtain personal data only with the informed permission of individuals.
What are the roles established by the new regulations?
GDPR classifies users and data processors in order to clarify and organize roles. These are:
- data subject. The individual person whose personal data(*) is stored and actually the data itself.
- data controller. Who was given the data subject, who stores this personal data for some reason.
- data processor. Who might not be in direct contact with the person, but handles and process the data on behalf of the data controller.
* Personal data is any information relating to an identified or identifiable natural person.
How is Snafflz compliant?
As our service as event management solution involves the storing and processing data of event invitees and attendees for our clients (the event organiser), Snafflz has different roles towards users as explained in detail below.
We have performed extensive reviews to take the necessary steps and creating the tools that improve the protection of personal data within and beyond the borders of the European Union.
In regards to our event registrants, we have a role as a joint-data controller, because we handle registration pages, where we collect data of potential event attendees on behalf of our clients (the event organiser) through our system. In this case we share the data controller role with our clients (the event organiser). And we are data processors in regards to the guests that are added or imported to guest lists by our clients (the event organiser).
What measures have been taken?
- We have raised our encryption systems and ensured that all third parties we work with are also compliant to GDPR.
- If a client wishes to delete the user account or registrants, we assure that the most sensitive personal information is permanently erased from our database servers. We never sell or transmit any client and attendee data.
What do I need to know as an event attendee (registrant)?
If a client (an event professional) requests any personal data from you it is also the event professional's responsibility to protect this information. Thus, all event professional using Snafflz should be compliant with the GDPR as they act as data controllers of every person sharing information with them via the platform. Snafflz created tools to help our event professionals being compliant, such as a privacy consent statement on the registration page as we see it as a priority to support our clients (the event organiser) managing the protection of personal guest data.
I need further details about Snafflz and the GDPR or other data protection issues.
If you have any question that is not covered in this FAQ, please contact us at firstname.lastname@example.org. We'll be happy to assist.