Last updated date: 03-02-2023
The PDPA has made a further distinction between Personal Data and Business Contact Information which specifies the scope of application of the Act itself.
“Personal Data” refers to data about an individual who can be identified from that data; or from that data and other information that the organisation is likely to have access. On the other hand, “Business Contact Information” is defined as “an individual’s name, position name or title, business telephone number, business address, business electronic mail address or business fax number and any other similar information about the individual, not provided by the individual solely for his personal purposes.”
The PDPA does not cover Business Contact Information.
For the avoidance of doubt, all references to “Services” shall include our event management platform (“the Platform”), applications, technological tools, products, features and offering that is made available by us to our Customers and/or Users. All references to “Client” herein shall refer to an individual or entity who has engaged and/or entered into an event management agreement with us for the purposes of using our Services for, inter alia, a specific event or as the case may be. All references to “Attendee” herein shall include an individual or entity who has registered an account with our Services for the purposes of attending the said event.
Acceptance of the Policy
Which information we may collect on our Clients?
We collect two types of data and information:
A. Non-personal Information
The first type of information is non-identifiable and anonymous information (“Non-personal Information”). To put it simply, we have no idea what is the identity of the User from which we have collected the Non-personal Information. Like most websites on the Internet the Non-personal Information which is being gathered consists of technical information and behavioral information, without limitation, details such as:
- Type of operation system (e.g. Windows, Linux, etc.)
- Type of Browser (e.g. Firefox, Chrome etc.)
- Browser and keyboard language (e.g. English)
- IP Address
- Your approximate geographic location
- Any Similar technical information
- User activity such as log-ins, date, and time of access.
- Overall, impersonal statistical information regarding total amount of e-mails that were sent, received, opened and/or hyperlinks clicked by the recipient(s).
Please note that in order to collect the Non-Personal Information we may use common third party analytics services such as: Google Analytics , Facebook Insightetc.
B. Personal Information
The other type of information is individually identifiable information (“Personal Information”). To put it simply, this information may identify an individual or is of a private and/or sensitive nature. Personal Information which is being gathered consists of any personal details provided voluntarily by the User (e.g. User’s name, email address, company etc.) mainly by registration to the Platform and/or sync services of such Personal Information on our Platform. The clicks, mouse movements and similar information with regard to the User’s session (e.g. the fact that User has chosen to click on a certain link or access a certain webpage) may be identifiable and regarded as Personal Information. We also respect and treat any email you may send to us as Personal Information.
We shall keep all Personal Information confidential and shall only process Personal Information on behalf of and in accordance with your instructions. For the avoidance of doubt, we will only comply with such instructions that are not in contravention with the applicable laws, including but not limited to privacy and/or data protection laws enforceable at the time.
To avoid confusion, rest assured that any Non-personal Information combined with Personal Information shall be regarded as Personal information.
C. Aggregated Personal Information:
When you connect to third-party services provider (“Third-Party Services Provider”) via the Platform, for the first time, you will be asked to permit such Third-Party Services Provider to share with us information about you, such as: Basic Information (your first and last name, your profile picture and/or its URL & gender); Your latest Profile Status update; Pages you admin, your living location and hometown as specified in your profile; information regarding and/or relating to posts and/or posts in your news feed; Your user ID number, which is linked to publicly available information such as name and profile photo.
How do we collect information on our Clients?
Following are our main methods of collecting information on our clients
- We collect information while you install, access, browse, view or otherwise use the Platform. In other words, when you use or otherwise access the Platform we are aware of your usage of the Platform, and may gather, collect and record the information relating to such usage. For example, when you connect to the Platform, your computer tells us your IP address.
- We collect information which you provide us voluntarily. For example, when you wish to register to the Platform, we may ask you to provide certain Personal Information which shall be kept on our servers. Each time you will be interested in providing information voluntarily we may ask you to consent to the collection and public display of such information.
- We will store, on our Platform, your customized templates, including and not limited to, your uploaded images and any other information you included in your templates, with our online backup & sync services.
- We will store, on our Platform, your email distribution lists, including and not limited to, email addresses that were imported to or created on our platform, and any additional fields that were imported to or created on our platform.
- We may track overall, Non-personal, email usage and hyperlink engagement. We will do so using standard email tracking methods, such as measuring hyperlink clicks and/or embedding a tiny tracking image. We do so to measure and improve the performance and quality of our services.
What are the purposes of collecting our Clients information?
Non-personal Information is collected in order to:
- Enhance the User’s experience on the Platform (e.g. by determining the best location for buttons and links etc.).
- Learn about the preferences of Users and general trends on our Platform (e.g. understand which functionality of our Platform is more popular than others).
- Better understand the priorities and interests of our potential customers and partners in order to better suit their needs and increase the efficiency of our sales and marketing processes.
- Administer the Platform, help diagnose problems with our server, to gather broad demographic information.
Personal Information is collected in order to:
- Register you as a user of the Platform and to control access to your personal account.
- Personalize your experience on the Platform.
- Provide you with certain Features, services and information you have asked us to provide.
- Allow us to update you with news and tailored information regarding new features, offers and display content and advertising on or of the Services that we believe might be of relevance to you
- Manage your account and provide you with customer service, and to generally manage the Services and our business.
Attendee Gevme Account
When an attendee registers for an event on Gevme, a corresponding Gevme account is created for that attendee. Among other things, this Gevme account allows the attendee to login to view the events they registered for and to edit their registration details.
Processing of Attendees Data
In case you would engage us for our managed services offerings. We shall only process Personal Information on behalf of and in accordance with your instructions. For the avoidance of doubt, we will only comply with such instructions that are not in contravention with the applicable laws, including but not limited to privacy and/or data protection laws enforceable at the time
Sharing your Attendees Data with third parties
We may use your Attendees Data for planning, research, design and marketing of services, rendering assistance to law enforcement, government or regulatory agencies, or complying with any applicable laws or any order of court.
Any information disclosed in the public areas of the Site (such as message boards and forums) becomes public information. You should exercise caution when disclosing your personal information in this way.
We do not under any circumstances, sell your email distribution lists, contact people on your lists, market to people on your lists, steal your lists, or share your lists with any other party, unless it’s required by law. If someone on your list complains or contacts us, we may then contact that person. Only authorized employees have access to view email distribution lists. You may be allowed access to your email distribution lists from our platform at any time during the entire duration such lists are stored on our Platform.
Retention and Access of Attendees Data
Our policy is for Attendees personal data to be retained on our Platform for a period of up to five years upon termination of your subscription. If for any reason you wish to delete your Attendees Data, you should send an email to the address firstname.lastname@example.org or contact your account manager, and we will make reasonable efforts to anonymised any such information pursuant to any applicable privacy laws. The anonymisation process is irreversible.
To the extent legally permitted, we shall promptly notify you if we receive a request from an Attendee to exercise his/her right of access, right to rectification, restriction of processing, right to be forgotten, data portability, object to the processing, or right not to be subject to an automated individual decision making. In such an event, we shall assist you by appropriate organizational and technical measures, insofar as this is possible, for the fulfilment of your obligation to respond to an Attendee’s request in accordance with the applicable privacy and/or data protection laws enforceable at the time.
We take great care in maintaining the security of the Platform and your information therein, and in preventing unauthorized access to the Platform through the use of standard industry technologies and internal procedures. However, we do not guarantee that unauthorized usage or access will never occur. We cannot assure that no unpermitted use of your locally personalized information is made by any third-party with access to your computer You are solely responsible for protecting your computer and your locally stored personal information in any way from unpermitted access and use.
Users using the Platform agree to keep their password in strict confidence and not disclose such password to any third party.
GEVME makes use of third parties Sub-processors to provide specific functions with in the Services. The Sub-providers and their purposes are listed as below. In order to provide the relevant functionality these Sub-processors access Service Data only for the use of the indicated services.
|Entity Name||Purpose||Applicable Services|
|Amazon Web Services||Amazon Web Services (AWS) is a subsidiary of Amazon that provides on-demand cloud computing platforms to individuals, companies and governments, on a paid subscription basis. We use AWS for the majority of our cloud computing and storage needs.||All|
|MongoDB Inc||MongoDB Inc (MongoDB) provides the MongoDB Atlas service, an on-demand fully managed NoSQL database. We run MongoDB Atlas runs on AWS for storing data used by our applications on the cloud. The primary information that MongoDB has is the information of the attendees stored in our database.||GEVME, CrowdFlow|
|Elastic NV||Elastic NV ("Elastic") provides the Elastic Stack made up of Elasticsearch, Logstash and Kibana. We use these for gathering logs and analysing the performance of the applications we run. These logs contain information such as the timestamp, token ID, email address, user agent, username, Account ID, User ID, name, IP address, application paths and parameters, Session IDs, provisioned infrastructure, Ticket and Help Center data, Agent data and other types of Service Data||GEVME, CrowdFlow|
|The Rocket Science Group||The Rocket Science Group. (“Mandrill”) is an email campaign service provider we use to send campaigns and notification emails. The primary information Mandrill has access to is the email addresses of recipients of the emails and the content of the emails themselves.||GEVME Email Campaigns|
|Mailgun Technologies, Inc.||Mailgun Technologies, Inc. (“Mailgun”) is an email campaign service provider we use to send campaigns and notification emails. The primary information Mandrill has access to is the email addresses of recipients of the emails and the content of the emails themselves.||GEVME Email Campaigns|
|New Relic, Inc||New Relic, Inc. (“NewRelic”) is a third party logging platform that we use for ingesting, parsing, querying and performing analytics on Service application and infrastructure logs (“Logs”). These Logs are then used for debugging, troubleshooting, auditing, reporting, and detecting and alerting on unexpected application behavior. Incidental to the purpose of the Log Processing, Service Data and Personal Data may be Processed by New Relic. Examples of the data that may be in the Logs includes: timestamp, token ID, email address, user agent, username, Account ID, User ID, name, IP address, application paths and parameters, Session IDs, provisioned infrastructure, Ticket and Help Center data, Agent data and other types of Service Data.||GEVME, CrowdFlow|
|Imperva, Inc||Imperva, Inc. (“Incapsula”) provides content distribution, security and DNS services for web traffic transmitted to and from the Services. This allows us to efficiently manage traffic and secure the Services. The primary information Incapsula has access to is information in and associated with our website URL that the End-User is interacting with (which includes End-User IP address). All information (including Service Data) contained in web traffic transmitted to and from the Services is transmitted through Incapsula's systems. Incapsula also processes a limited amount of Personal Data (specifically End-User IP addresses and browser and operating system information) for logging purposes.|
Third Party Sites
EU Representative Contact
Pursuant to Article 27 of Europe’s General Data Protection Regulation (GDPR), GlobalSign in has appointed European Data Protection Office (EDPO) as its GDPR representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR by sending an email to email@example.com, using EDPO’s online request form,or writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium.
Support and Enquiry