Privacy Policy
Introduction
Event Team Alliance, LLC (”ETA LLC”, “We” or “Us”) respects your privacy and is dedicated to protecting the privacy of those persons (“You”) participating in events organized by ETA and using the ETA website and associated services (“Services”). This Privacy Policy helps You to understand what Personal Information (as defined below) and non-personal information We collect, and how We use it.
This Privacy Policy applies to the processing of Personal Information and non-personal information in connection with the Services and You should read this document before using our Services.
“Personal Information” refers to information, which allows You to be directly or indirectly identified as an individual person. We may also collect “non-personal information” meaning it can’t be used to specifically identify anyone. Non-personal information may also result from removing the personally identifiable parts from Personal Information. We may collect and use both types of information and combinations of both types.
What personal information do we collect and how do we process it?
ETA will only collect such Personal Information that is relevant for the purposes described in this Privacy Policy.
- ETA will process Your Personal Information (your name, email address, photographic image and event video content) for the purposes of providing the Services, including organizing the events and facilitating participant networking using the ETA website and the associated services.
- ETA will process Your Personal Information to provide event registration, customer service and other services at your or your employer’s request, to send You information, including confirmations, invoices, and other communications, as well as communicate with You about promotions and other news about services offered by ETA.
- ETA commits to adhere to the applicable laws and regulations pertaining to the processing of personal information, namely the General Data Protection Regulation (GDPR), the California Consumer Privacy Act 2018 (CCPA) and the Virginia Consumer Data Protection Act (VCDPA), as well as to process personal information using sound practices and appropriate technical and organisational measures.
- All ETA personnel processing Personal Information are obliged to keep such information strictly confidential. ETA utilises air-gapping technology, an advanced data protection feature used to isolate and detach storage volumes from unsecured networks, production environments and host platforms thus significantly mitigating against the threat of unauthorised access, hacking and malware.
What is our legal basis for the processing
The applicable legal basis for the processing of Personal Information depends on the circumstances relating to the relevant processing activities, as further described below:
If the processing of Personal Information is necessary for one or more specific purposes, GDPR art. 6(1)(a) serves as the legal basis for processing operations.
- Performance of a contract. If the processing of Personal Information is necessary for the performance of a contract, such as for providing certain services, to which the data subject is party, GDPR art. 6(1)(b) serves as the legal basis for processing operations. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services.
- Legal obligation. If the processing of Personal Information is necessary for complying with a legal obligation, such as for the fulfilment of tax obligations, GDPR art. 6(1)(c) serves as the legal basis for processing operations.
- Vital interests. If the processing of Personal Information is necessary for protecting the vital interests of a natural person, such as if a visitor were injured in our premises and their information would have to be passed on to medical personnel, GDPR art. 6(1)(d) serves as the legal basis for processing operations.
- Legitimate interests. If the processing of Personal Information is necessary for processing operations which are not covered by any of the abovementioned legal grounds but are deemed permissible for the purposes of the legitimate interests pursued by Us, so long as it does not outweigh your interests, GDPR art. 6(1)(f) serves as the legal basis for processing operations.
Information we collect and sources of information
We collect several categories of information:
- Information You, or your Employer, give to us,
- Technically gathered information when You or your Employer use our Services,
- Information from publicly available sources and third parties in relation to our service.
We collect information that You give to us, for example when You use our Services. This information may include your name, email, photographic image or event video content.
ETA also collects non-personal information on Your activities in the Services, such as your Internet Protocol address, and time of Your requests or actions in the website and referring website addresses, hardware type, operating system version, browser type, and language.
ETA retains the Personal Information collected pursuant to this Privacy Policy for the period necessary to fulfil the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law. The criteria used to determine the period of storage of Personal Information is dependent on the applicable legal basis for the processing of Personal Information: e.g. where the processing of Personal Information is necessary for the performance of a contract, ETA retains the Personal Information as long as it is necessary for the fulfilment of the contract or the initiation of a contract; or, where the processing of Personal Information is necessary for complying with a legal obligation, ETA retains the Personal Information for the respective statutory retention period; or, where the processing of Personal Information is permissible for the purposes of the legitimate interests pursued by Us, such as marketing, ETA retains the Personal Information as long as it is permitted by law.
Thereafter, if the collected Personal Information is no longer needed for purposes specified in this Privacy Policy, ETA will delete Personal Information in its possession on the instruction of the Data Controller or render it anonymous, meaning “non-personal information”.
How we disclose and host personal information
ETA will not disclose your stored Personal Information to third parties for direct electric marketing (email, text messages) without your consent or except as part of a specific program or feature for which You will have the ability to opt-in or opt-out. You may always opt-out of receiving promotional emails by following the instructions in those emails. If You opt-out, ETA may still send You non-promotional customer information, such as emails about providing the Service or ETA’s ongoing business relations.
Our third-party service providers:
ETA uses certain third-party service providers (“sub processors”) to help us run our Events. These include:
- Sub Processors involved in organizing a live Event. These can include conference centers, hotels, event planners, and consultants.
- Sub Processors that help us run the Event, register participants, and provide event services. For example, we may share personal information with service providers who host our websites or provide email services on our behalf. We may share your registration details with these processors solely for the purpose of providing services for the Event.
We currently use the following sub processors;
Wistia, Inc, a video sharing platform https://Wistia.com/privacy
Frame.io Inc., a video editing and feedback tool https://frame.io/privacy
Egnyte, a recognised industry leader in Data Governance and Data Security, for the purpose of sharing and co-editing of files. https://egnyte.com/privacy-policy
We use these external service providers to provide technical solutions or services for processing stored information and access the stored information by using a technical interface and share your personally information with third-party service providers to the extent that it is reasonably necessary to perform, improve or maintain the Services. We use third-party service providers, such as e-mail service providers, credit card processors, information analyzers and business intelligence providers. ETA retains the right to share Personal Information as necessary for the aforementioned service providers to provide their services to ETA. ETA is not liable for the acts and omissions of these third parties. ETA may host the Services in and transfer Personal Information for this purpose to countries outside the European Union or the European Economic Area in accordance with mandatory legislation and this Privacy Policy.
How we secure your personal information
ETA commits to adhere to the applicable laws and regulations pertaining to the processing of personal information, including the GDPR, as well as to process personal information using sound practices and appropriate technical and organisational measures.
ETA utilises air-gapping technology, an advanced data protection feature used to isolate and detach storage volumes from unsecured networks, production environments and host platforms thus significantly mitigating against the threat of unauthorised access, hacking and malware.
Personal information such as name, email address and photographic image or video content will be maintained in external service providers’ servers with appropriate safeguards, such as password protection, granting the access to the stored information only to persons working at ETA or ETA’s partners who are contracted as sub processors by ETA.
Although we make good faith efforts to store the information collected on the services in a secure operating environment that is not available to the public, We cannot guarantee the absolute security of that information during its transmission or its storage on our systems. ETA will post a notice on the ETA website or through the Services in the case of a material security breach that endangers your privacy or Personal Information. ETA may also temporarily shut down a service to protect Personal Information.
Data breaches and incidents
We have appropriate measures in place to protect the data we collect, process and store. In the unlikely event of an incident occurring, we will follow internal procedures to manage and respond to the incident.
Our staff are trained to recognise a breach and are instructed to inform management immediately if they suspect a breach has occurred or have evidence of a potential breach. It will then be escalated to senior management and a response plan will be initiated. If the incident relates to client data, we will inform that client without undue delay and assist in any subsequent investigations.
Cookies and tracking technologies
A cookie is a string of information or a small text file that a website stores on a visitor’s device, and that the visitor’s browser or operating system provides to “remember” things about your visit. ETA uses cookies to help it identify and track visitors, their usage of the Services, and their access preferences, improving quality, tailoring recommendations, and developing the Services. The cookies will not enable ETA to access and review information stored on Your computer. In addition to cookies, ETA may use other existing or later developed tracking technologies.
ETA works with third parties who use cookies and other tracking technologies to track the effectiveness of the advertisements that may be placed in the Services. They are used for analyzing advertisement view counts. They might also allow the advertiser to tailor advertising to you when you visit other websites, and/or set, change, alter or modify settings or configurations on your device.
If You do not wish to have cookies placed on Your computers, You should set the devices to refuse cookies or tracking before using the Services, with the drawback that certain features of such service may not function properly.
Please note that some parts of the Services may be country specific, and may not work properly if ETA is unable to tell where You are accessing the Services from.
Rights of the data subjects and contact information
Right to access, correct and object
You may contact us and we will inform what Personal Information we have collected and processed regarding you and the purposes such data are used for. You have the right to have corrected any incorrect, incomplete, outdated, or unnecessary Personal Information stored about you by contacting us.
You may object to certain use of Personal Information, including direct marketing, if such data are processed for other purposes than the purposes necessary for the performance of our Services or for compliance with a legal obligation. You may also object any further processing of Personal Information after prior given consent. If you object to the further processing of Personal Information, this may lead to fewer possibilities to use our Services.
Right to deletion and restriction of processing
You may also ask us to delete your Personal Information from our systems. We will comply with such request unless we have a legitimate ground to not delete the data. After the data has been deleted, we may not immediately be able to delete all residual copies from all our systems. Such copies shall be deleted as soon as reasonably possible.
You may request us to restrict processing of certain Personal Information, this may however lead to fewer possibilities to use our website and other Services.
Right to data portability
You have the right to receive Personal Information provided by you to us in a structured, commonly used format.
How to use the rights
These rights may be used by sending a letter or e-mail to us on the addresses set out below, including the following information: name, phone number, login information/ email address and details of the Services you have used. We may request the provision of additional information necessary to confirm your identity. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.
In case you consider our processing activities of Personal Information to be inconsistent with the applicable data protection laws, a complaint may be lodged with the local supervisory authority for data protection.
Depending on where you are located, you may wish to contact any of the authorities below:
- List of European Data Protection Supervisory Authorities can be found here.
- The authority in the UK is the Information Commissioner’s Office.
- In California, the authority is the Attorney General’s Office.
- In Virginis, the authority is the Attorney General of Virginia.
ETA as a data processor
In certain instances when providing our services, we will process personal data on behalf of our clients, and they will be the Data Controller. If personal data is provided to us at any time or we have access to the data, we are obliged to comply with the current data protection laws.
Where we are acting as a Data Processor, we act solely on the instruction of the Data Controller, we do not change the purpose and the means in which the data is used. At the commencement of each engagement, we will determine whether personal data will be provided and, if so, what type and the purposes for which we may process that data. We also have the right to object to receiving any personal data if we believe that such data has been collected or is being used in breach of the law.
As a Data Processor, we will:
- Not engage another Processor without the Controller’s written consent.
- Process Personal Data only on written instructions from the Controller.
- Ensure that anyone who is authorised to process Personal Data is committed to confidentiality.
- Implement the “appropriate technical and organisational measures” and provide sufficient guarantees to the Controller that we have done so. In addition, we will:
- Help the Controller meet their obligations to fulfil Data Subjects’ rights
- Help the Controller comply with the any requirements relating to:
- Security
- Data breach notification
- DPIAs (data protection impact assessments), and
- Prior consultation.
- Delete or return all Personal Data to the Controller after processing it, and delete any copies unless the law or contractual provisions require us to keep it; and
- Make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in law and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller.
Changes to the privacy policy
ETA reserves the right to change this Privacy Policy from time to time, and at ETA‘s sole discretion. All changes hereto will be made available on our website: www.etahq.com/privacy-policy/ . We will inform of the changes in the applications or by email, if available, in case of any significant changes affecting your rights.
Contact Information
You may at any time contact ETA at the address here below.
ETA HQ
844 Livingston Court
Marietta, Georgia 30067
U.S.A
Phone number: (404) 654 0200
Website: www.etahq.com