Privacy policy

Processing of personal data at InvitePeople

Introduction

Matchmeeting AB, org. number: 556598–6634 (hereinafter referred as “InvitePeople”) provides a cloud-based service to manage and conducting digital and physical events (“the service”). Through the service a Customer can sell or distribute their tickets to their clients. InvitePeople is responsible for the technical mediation of tickets through its system.

Data protection and the data integrity is something that InvitePeople take very seriously, for both our Customers and their End user. Personal data is information that, directly or indirectly, can identify an individual, such as name, telephone number, address, and email. InvitePeople complies with all applicable legislation and all personal data processing, that InvitePeople are responsible for, takes place based on the EU Data Protection Regulation, GDPR (EU) 2016/679.

Personal data responsibility

InvitePeople provides the service to the organizer (“Customer”), where InvitePeople acts as data processor and the customer as data controller. A Personal Data Processing Agreement is signed between the Customer and InvitePeople to ensure secure, correct and legal processing of personal data in each individual case. The Customer is responsible for the personal data from the end users (“data subject”) that are processed within the service and InvitePeople is responsible to only process data in accordance with instructions from the Customer.

InvitePeople ensures that only employees within InvitePeople who need to have access to deliver the service are given access to the personal data that is processed on behalf of the Customer. All employees that have access to Customer personal data has received training in information security and any special instructions from the Customer.

The customer has the right to access information required to show that all data responsibilities are met.

Personal data that are processed within the service

InvitePeople process personal data within the service as follows:

Process Category of data subject Category of personal data

Administering end user personal information to be able to provide the service to invite, implement and manage digital and physical events for the Customer, following processes are involved:

  • Registration of user
  • End user
  • Email
  • IP-address

Administering administrator personal information to be able to provide the service to invite, implement and manage digital and physical events for the Customer, following processes are involved:

  • Registration of user
  • Communication logs
  • Administrator
  • Email
  • IP-address
  • Phone number
  • First name
  • Surname

The Customer have also the ability to add other processes, data subjects and categories of personal data that will be processes within the service. InvitePeople only process these in accordance with the instructions from the Customer and InvitePeople, as data processor, are not responsible for the legality of handling this information. Below are examples of processes, data subjects and categories of personal data that a customer may add to the service:

Process Category of data subject Category of personal data

Administering data subjects personal information to be able to provide the service to invite, implement and manage digital and physical events for the Customer, following processes are involved:

  • Registration at signup
  • Storage in IT-system
  • Analysis of personal data (to know who has participated in the event)
  • Seminar / meeting bookings
  • Lead scanning
  • Manage social networking
  • Logging
  • Support
  • Error handling
  • SMS and Email communication
  • Chat logs
  • End user
  • Email
  • IP-address

If an End user or Administrator (“data subject”) would like to know which categories of personal data each Customer use within the service contact, in first place, the organizer.

Data subjects’ rights

If a data subject considers that any personal information about him or her is incorrect or misleading, you should contact in first place the organizer and ask for rectification. A data subject should also contact the organizer if him or her in any way wish to restrict the handling of the personal data, object to the processing, delete them (subject to certain exceptions), transfer any data or request information about which personal data that are processed.

Revoke consent

If an End user would like to withdraw a consent you can use: https://invitepeople.com/revoke

Regular data erasure of personal data within the service

The customer (”data controller”) are responsible for the data erasure time frame for the processed personal data. All personal data will be processed throughout the term of the agreement between InvitePeople and the Customer.

Location

  • InvitePeople process personal data within EU
  • In special cases, with prior approval from the Customer, some process may be located outside EU. In those cases, the process is regulated via a standard contractual agreement.

Sub-contractors

InvitePeople uses sub-contractors to provide the service. All sub-contractors sign a Personal Data Processing Agreement with InvitePeople to agree on the relationship where the requirements are at least what is agreed in the Personal Data Processing Agreement with the Customer. InvitePeople does not transfer personal data
outside the EU / EEA without prior approval from the Customer. If personal data is transferred to a sub-contractor outside EU/EEA a standard contractual agreement is signed.

To find out which subcontractors are affecting, contact the organizer.

Security measures

InvitePeople maintain a high level of technical and organizational security measures and we continuously update and test our security measures and technology, although these may change over time InvitePeople will not do so in a way that adversely affects the security of the Customer processed personal data.

Technical security

Below is a list with examples of technical security measures (but the technical security is not limited to these).

  • InvitePeople uses established standards and recommendations for secure development
  • Best practice for code reviewing and testing
  • The service is hosted in a safe and secure environment
  • All issues and abnormalities are logged, tracked, analyzed to identify the root cause, any critical security threats are handled instantly
  • InvitePeople have implemented logging for security events (e.g. logins)
  • Well known and updated antivirus software
  • Updated firewalls
  • All VPN traffic to InvitePeoples network is encrypted
  • Perform regular security analysis
  • Penetration test on a regular basis
  • Continuous vulnerability scanning
  • Daily backups stored off site
  • Enforced password complexity, MFA when available and high requirements for storage of passwords
  • InvitePeople have implemented a variety of security techniques for countermeasures

Organizational security

Below is a list with examples of organizational security measures (but the organizational security is not limited to these).

  • No sensitive data is sent, or received, through insecure channels.
  • Access to InvitePeoples systems is limited to “need to have” basis, where only individuals that need to have access to personal data will have that. Everyone is also educated in the obligations and minimum-security requirement specified for the Customer.
  • Access is controlled via unique user ID and a up to date registers is kept
  • No shared accounts are used
  • All employees undergo information security educations on a regular basis
  • Appointed responsible individual within the organization for the overall information security
  • All employees are bound by terms and conditions and confidentiality agreement
  • A Data Protection Agreement is always signed to ensure secure, correct and legal processing of personal data
  • InvitePeople have appointed an external DPO (Data Protection Officer)
  • InvitePeople is actively working towards an ISO/IEC 27001:2017 certification

Contact regarding integrity

Matchmeeting AB
privacy@invitepeople.com
Tysta gatan 9
SE-115 20 Stockholm
Sweden
Org.nr 556598-6634