Privacy Policy for Eventoly
Effective Date: August 5th, 2024
Your privacy is essential to us, and we are committed to protecting your personal information in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
Information We Collect
When you interact with our Site, we collect a variety of personal information to enhance your experience. This includes identity information such as your full name, username, and account credentials, as well as contact details like your email address, phone number, and billing address. We also gather financial information, including payment card details, which are securely processed through our payment provider, Stripe. Additionally, we automatically collect technical information related to your device and your interactions with our Site. This includes your IP address, browser type and version, time zone settings, and details about your visits, such as the pages you view, how long you stay, and the paths you take through our Site.
How We Use Your Information
Your personal information is used for several essential purposes. We use it to provide and maintain our services, process payments, personalize your experience, and analyze site usage to improve our offerings. Communication is key, so we may use your data to keep you informed about updates and provide customer support. With your consent, we may also use your information for marketing and advertising purposes, such as delivering targeted advertisements through platforms like Google Ads and Meta, analyzing the effectiveness of our marketing campaigns, and sending you promotional communications.
Legal Basis for Processing
Our processing of your personal data is grounded in various legal bases. We rely on your consent for marketing communications, cookie usage, and personalized advertising. For activities such as account creation, payment processing, and service delivery, we depend on contractual necessity. Additionally, we may process your data based on our legitimate interests, which include enhancing security, preventing fraud, improving our services, and conducting analytics.
At Elite Systems s.r.o., we partner with several carefully selected third-party service providers to enhance our service delivery and ensure a smooth user experience. Each of these partnerships is governed by strict data processing agreements that comply with GDPR requirements.
Google Analytics
We use Google Analytics to understand how visitors interact with our website, providing insights into user behavior.
When you visit our website, Google Analytics collects technical information such as your IP address (which is anonymized), browser type, and device characteristics. This data helps us understand which devices and browsers we need to optimize for. The service also tracks your engagement with our content, including which pages you find most interesting and how you navigate between different sections of our site. We have configured Google Analytics with privacy-focused settings, including IP anonymization and data retention limits. While Google Analytics stores this data on servers worldwide, they are bound by strict data processing agreements and EU Standard Contractual Clauses to ensure your data remains protected.
Data Processed:
- Browsing patterns
- Pages visited
- Time spent on each page
- Journey through the website
- Technical information (IP address, browser type, device characteristics)
Privacy Settings:
Configured with privacy-focused settings, including IP anonymization and data retention limits.
Data Protection:
Data stored on servers worldwide under strict data processing agreements and EU Standard Contractual Clauses.
More Information: https://policies.google.com/privacy
PostHog Analytics
PostHog serves as our primary tool for understanding product usage and user experience, processing all data exclusively within the EU.
PostHog helps us understand how you interact with our platform through two main functions: Product Analytics: We track how different features are used, which helps us identify areas for improvement and ensure our most valuable features are easily accessible. This includes analyzing common user paths through our platform, feature adoption rates, and any technical issues that might affect your experience. Session Recording: To improve our user interface and identify usability issues, PostHog creates anonymous recordings of user sessions. These recordings capture mouse movements, clicks, and page scrolls, but with important privacy protections in place. All sensitive data, including personal information and input fields, is automatically redacted before recording. We use this information solely to improve our user interface and fix technical issues. We've configured PostHog with privacy as a priority. All data is processed and stored within the EU, and we employ strict data minimization principles. Our session recordings are automatically scrubbed of any personally identifiable information before storage, and we maintain limited retention periods for all collected data.
Data Processed:
- Product analytics to track feature usage
- Session recordings capturing mouse movements, clicks, and scrolls
Privacy Settings:
Configured for privacy, with session recordings scrubbed of sensitive data.
Data Protection:
Data is processed and stored within the EU, adhering to strict data minimization principles.
More Information: https://posthog.com/privacy
Stripe Payment Processing
We utilize Stripe for secure and reliable transaction handling.
When you make a payment on our platform, you interact directly with Stripe's secure payment infrastructure. We've implemented Stripe's direct payment processing system, which means your sensitive payment information is handled entirely on Stripe's secure servers and never passes through our own systems. Our integration with Stripe is specifically configured for one-time payments through their API. When you make a payment, Stripe collects necessary transaction information such as your payment card details, billing address, and email address. This information is processed securely on Stripe's PCI-DSS compliant infrastructure, ensuring the highest level of payment data security. While we receive confirmation of your payment and basic transaction details, we never have access to your complete payment card information. Stripe maintains industry-leading security practices, including encryption of sensitive data, regular security audits, and compliance with international payment processing standards.
Data Processed:
- Payment card details
- Billing address
- Email address
Privacy Settings:
Payment information is handled on Stripe's secure servers; we never have access to complete payment card information.
Data Protection:
Stripe maintains PCI-DSS compliance and industry-leading security practices.
More Information: https://stripe.com/privacy
Meta (Facebook) and Google Ads
Integrated advertising capabilities through Meta and Google Ads to reach potential users and measure campaign effectiveness.
To provide you with relevant advertising and measure its effectiveness, we have integrated advertising capabilities through Meta (Facebook) and Google Ads platforms. These integrations allow us to reach potential users and understand how our advertising campaigns perform. When you interact with our ads or visit our website, these platforms may collect information about your interactions. This includes: • How you interact with our advertisements • Which pages you visit on our website • Basic device and browser information • General location data (typically at a city level) We have configured these advertising platforms with privacy-focused settings that limit data collection to essential information only. While we have the technical capability to use advanced features like remarketing and custom audiences, we implement these features with careful consideration for user privacy and in full compliance with data protection regulations.
Data Processed:
- Interaction with advertisements
- Pages visited on our website
- Basic device and browser information
- General location data
Privacy Settings:
Configured to limit data collection to essential information only.
Data Protection:
Advanced features like remarketing are implemented with user privacy in mind.
Cloudflare
Cloudflare ensures our website is fast, secure, and reliable.
We employ Cloudflare's services to ensure our website is fast, secure, and reliable for users worldwide. Cloudflare acts as an intermediary between our users and our hosting infrastructure, providing essential security protections and performance optimizations. Cloudflare's content delivery network (CDN) stores cached versions of our static content in data centers around the world, allowing for faster page loading times regardless of your location. When you access our website, Cloudflare processes technical information about your connection to provide these services, including: • IP addresses (which are logged for security purposes) • Basic device and browser information • Connection timing data • Request routing information This information is used to protect against security threats, optimize content delivery, and ensure stable service. Cloudflare's processing of this data is governed by strict privacy controls and data protection agreements. We also use Cloudflare for storage.
Data Processed:
- IP addresses
- Basic device and browser information
- Connection timing data
- Request routing information
Privacy Settings:
Processing governed by strict privacy controls and data protection agreements.
Data Protection:
Information used to protect against security threats and optimize content delivery.
More Information: https://www.cloudflare.com/privacypolicy/
Vercel Hosting Infrastructure
Our website is hosted on Vercel's cloud platform, which provides necessary infrastructure for web application delivery.
Vercel's involvement in data processing is primarily technical in nature, handling the server infrastructure that makes our service accessible. When you access our website, Vercel's systems process basic technical data necessary for serving web pages, including: • Server access logs • Performance metrics • Error tracking information • Request handling data This technical data is processed to ensure reliable service delivery and maintain optimal performance. Vercel's global edge network allows us to serve content quickly to users anywhere in the world while maintaining high standards of security and reliability.
Data Processed:
- Server access logs
- Performance metrics
- Error tracking information
- Request handling data
Privacy Settings:
Technical data processed to ensure reliable service delivery and optimal performance.
Data Protection:
Maintains high standards of security and reliability.
More Information: https://vercel.com/legal/privacy-policy
International Data Transfers
We may transfer and process your data globally. When transferring personal data outside the European Economic Area (EEA), we ensure that adequate safeguards are in place, such as Standard Contractual Clauses (SCCs) and compliance with European Commission adequacy decisions.
Data Security
We implement appropriate technical and organizational measures to protect your data. This includes using SSL/TLS encryption for data in transit, secure data storage with encryption at rest, access controls, regular security assessments, employee training on data protection, and incident response procedures.
Your Rights Under GDPR
As a data subject under GDPR, you have several rights regarding your personal data. These rights include: Right to Access: You can request access to your personal data. Right to Rectification: You can ask for corrections to any inaccurate or incomplete data. Right to Erasure: You can request the deletion of your personal data under certain circumstances. Right to Restrict Processing: You can request restrictions on the processing of your data. Right to Data Portability: You can request your data in a structured, commonly used format for transfer. Right to Object: You can object to the processing of your data based on legitimate interests or for direct marketing. To exercise these rights, please contact us at support@eventoly.com. We will respond to your request within 30 days.
Data Retention
We retain your personal data for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. The specific retention periods may vary based on the type of data and its purpose.
Changes to This Privacy Policy
We may update this Privacy Policy periodically. Any changes will be reflected on this page, and by continuing to use our services after updates are made, you agree to the revised policy. We encourage you to check back periodically to stay informed about our practices.
Contact Information
For any privacy-related inquiries or to exercise your rights, please reach out to us at: Elite Systems s.r.o. Email: support@eventoly.com Address: Příkop 843/4, Zábrdovice, 602 00 Brno, Czechia