Data Processor Agreement Eventtia

This Data Processing Agreement (“Agreement”) is entered into between Eventtia, incorporated in the United States, as the Data Processor (“Processor”), and the Client, as the Data Controller (“Controller”), in relation to the provision of event management services by Eventtia.

1. Purpose and Scope

Eventtia is authorized to process personal data solely for the purposes of providing the following services:

  • Provision of an event management platform;
  • Gathering, storage, and management of personal data of event participants;
  • Issuing communications to participants;
  • Support and maintenance activities necessary for the functioning of the platform.

Types of personal data processed: identification data, contact data, responses to questionnaires, feedback, and connection data.

Categories of data subjects: individuals participating in the Client’s events.

Duration: for the term of the underlying service agreement, unless otherwise required by law.

2. General Obligations of Eventtia

Eventtia shall:

  • Process personal data only in accordance with the Controller’s documented instructions;
  • Ensure authorized personnel are bound by confidentiality and trained in data protection;
  • Implement appropriate technical and organizational security measures;
  • Assist the Controller with data subject rights requests and regulatory obligations, where applicable;
  • Notify the Controller of any personal data breach within 72 hours.

3. Sub-processors

Eventtia may engage resources, affiliates, or independent contractors located mainly in France, Spain, Colombia, Mexico, and Madagascar, as well as third-party service providers (e.g., hosting, email routing, analytics, and technical support).

Eventtia shall maintain an up-to-date list of sub-processors. The Controller may object to the appointment of a new sub-processor within 15 days of notification, provided the objection is reasonable. Eventtia shall ensure all sub-processors are bound by data protection obligations equivalent to this Agreement.

4. International Data Transfers

Personal data processed under this Agreement may be accessed by Eventtia’s resources or sub-processors in different jurisdictions as required for service delivery.

  • Eventtia ensures that any international transfers of personal data are conducted with appropriate safeguards to protect confidentiality, integrity, and availability.

  • Eventtia commits to following generally accepted international privacy principles, including those set out by the OECD Privacy Guidelines, the APEC Privacy Framework, and the core principles of the EU General Data Protection Regulation (GDPR).

5. Security Measures

Eventtia shall implement, at minimum, the following measures:

  • Encryption of data in transit and at rest;
  • Secure facilities for data hosting;
  • Regular penetration tests, vulnerability scans, and monitoring;
  • Encrypted password storage;
  • Change management and code review procedures;
  • Disaster recovery measures ensuring restoration of access within 24 hours.

6. Assistance & Audit

Eventtia shall provide necessary documentation to demonstrate compliance. The Controller may request an audit once per year with prior notice, at its own expense, limited to data protection measures.

7. Termination & Data Return

Upon termination of the underlying contract, Eventtia shall, at the Controller’s option:

  • Return all personal data in a commonly used format; or
  • Destroy all personal data (excluding anonymized data retained for statistical purposes).
  • Eventtia shall provide written confirmation of destruction.

8. Applicable Law

This Agreement shall be interpreted in accordance with the data protection and privacy laws applicable in the jurisdictions where services are provided, including but not limited to laws in the United States, the European Union, Canada, and Latin America.