English
Svenska Deutsch

Privacy policy

Introduction

Matchmeeting AB, org. number: 556598–6634 (hereinafter referred as “InvitePeople”) provides a cloud-based service to manage and conducting digital and physical events (“the service”). Through the service a Customer can sell or distribute their tickets to their clients. InvitePeople is responsible for providing the technical mediation of tickets through its system. 

Data protection and the data integrity is something that InvitePeople take very seriously, for both our Customers and their End user. Personal data is information that, directly or indirectly, can identify an individual, such as name, telephone number, address, and email. InvitePeople only processes personal data in accordance with applicable legislation, the EU Data Protection Regulation, GDPR (EU) 2016/679. 

InvitePeople’s responsibility as data processor 

InvitePeople provides the service to the organizer (“Customer”), where InvitePeople acts as data processor and the Customer as data controller. A Personal Data Processing Agreement is signed between the Customer and InvitePeople to ensure secure, correct and legal processing of personal data in each individual case. The Customer is the controller of the personal data for the End user that are processed within the service and InvitePeople only process such data in accordance with instructions from the Customer. InvitePeople’s processing of Personal Data on behalf of the Customer is not subject to this Privacy Policy. 

If an End user would like to withdraw their consent you can use: https://invitepeople.com/revoke.
InvitePeople will forward your request to the data controller of your data.

InvitePeople’s responsibility as data controller 

InvitePeople processes personal data in capacity as data controller in accordance with the information below: 

Process Category of data subject Category of personal data Legal basis Retention period

Administering customer information to be able to provide the service to invite, implement and manage digital and physical events, following processes are involved:

  • Registration of user
  • Communication logs
  • Administrator (Customer)
  • Name
  • Email address
  • IP-address
  • Phone number
  • Performance of contract
  • As long as you are a customer and for 24 months after you have ended your contractual relationship with InvitePeople.

Collection of contact information to representatives at companies that have shown interest in our services.
  • Sales leads of potential customers.
  • Name
  • Email address
  • Phone number
  • Legitimate interest
  • 24 months

We collect information for invoicing of customers and agreements administration.
  • Customers
  • Invoicing addresses
  • Contact details
  • Fulfillment of contract
  • During the length of the agreement and 7 years thereafter according to the Accounting act.

We collect cookie information that is necessary for the website to function properly and for statistical purposes.
  • Website visitors
  • Cookie ID
  • IP-addresses
  • Consent
  • 2 months

We collect cookie information for marketing purposes to provide tailored advertisement.
  • Website visitors
  • Cookie ID
  • IP-addresses
  • Consent
  • 2 months

Data subjects’ rights 

If a data subject considers that any personal information about him or her is incorrect or misleading or if the data subject in any way wish to restrict the handling of the personal data, object to the processing, delete them (subject to certain exceptions), transfer any data or request information about which personal data that are being processed, please contact our Data Protection Officer at privacy@invitepeople.com. Data subjects also have the right to submit a complaint to the Supervisory Authority in their country.

Processors

InvitePeople uses suppliers to provide the service. When suppliers process personal data on our behalf, a Data Processing Agreement is signed which sets out the parties’ responsibilities for the processing activities. 

Sharing of personal data 

InvitePeople share personal data with the following categories of recipients:

  • Payment providers to enable them to process payments from our customers. 
  • Suppliers of digital marketing and statistical analysis that InvitePeople use to provide relevant advertising to potential customers. 
  • InvitePeople may need to provide necessary information to authorities such as the Police, the Financial Supervisory Authority, the Tax Agency, or other authorities and courts.

International transfers 

Some of the suppliers with whom InvitePeople have entered into service agreements with are storing personal data outside the EU/EEA. In cases when third country transfers occur, InvitePeople have entered into EU’s standard contractual clauses with the suppliers to ensure a sufficient level of security for such transfers. 

Security measures 

InvitePeople maintain a high level of technical and organizational security and we continuously update and test our technology and measures to ensure a level of security that is appropriate to the risk of our business. 

Technical security 

Below is a list with examples of technical security measures (but the technical security is not limited to these). 

  • InvitePeople uses established standards and recommendations for secure development 
  • Best practice for code reviewing and testing 
  • The service is hosted in a safe and secure environment 
  • All issues and abnormalities are logged, tracked, analysed to identify the root cause, any critical security threats are handled instantly 
  • InvitePeople have implemented logging for security events (e.g. logins) 
  • Well known and updated antivirus software 
  • Updated firewalls 
  • All traffic to InvitePeople’s network is encrypted through SSL or VPN tunnel 
  • Perform regular security analysis 
  • Penetration test on a regular basis 
  • Continuous vulnerability scanning 
  • Daily backups stored off site 
  • Enforced password complexity, MFA when available and high requirements for storage of passwords 
  • InvitePeople have implemented a variety of security techniques for countermeasures 

Organizational security 

Below is a list with examples of organizational security measures (but the organizational security is not limited to these). 

  • No sensitive data is sent, or received, through insecure channels. 
  • Access to InvitePeoples systems is limited to “need to have” basis, where only individuals that need to have access to personal data will have that. 
  • Access is controlled via unique user ID and a up to date registers is kept 
  • No shared accounts are used 
  • All employees undergo information security educations on a regular basis 
  • Appointed responsible individual within the organization for the overall information security 
  • All employees are bound by terms and conditions and confidentiality agreement 
  • A Data Protection Agreement is always signed to ensure secure, correct and legal processing of personal data 
  • InvitePeople have appointed an external DPO (Data Protection Officer) 
  • InvitePeople is actively working towards an ISO/IEC 27001:2017 certification 

Cookies

We process personal data through cookies for technical purposes in order to improve your experience when using our website. We also use cookies for statistical purposes to measure the number of visitors and for marketing purposes to be able to provide targeted advertising. 

For more information on how InvitePeople use cookies including a full list of the cookies we use please see our Cookie Policy here:
https://invitepeople.com/cookies

Contact information 

Matchmeeting AB 
privacy@invitepeople.com 
Tysta gatan 9 
SE-115 20 Stockholm 
Sweden 
Org.nr 556598-6634