Privacy policy

Introduction

Matchmeeting AB, org. number: 556598–6634 (hereinafter referred as “InvitePeople”) provides a cloud-based service to manage and conducting digital and physical events (“the service”). Through the service a Customer can sell or distribute their tickets to their clients. InvitePeople is responsible for providing the technical mediation of tickets through its system.

Data protection and the data integrity is something that InvitePeople take very seriously, for both our Customers and their End user. Personal data is information that, directly or indirectly, can identify an individual, such as name, telephone number, address, and email. InvitePeople only processes personal data in accordance with applicable legislation, the EU Data Protection Regulation, GDPR (EU) 2016/679.

InvitePeople’s responsibility as data processor

InvitePeople provides the service to the organizer (“Customer”), where InvitePeople acts as data processor and the Customer as data controller. A Personal Data Processing Agreement is signed between the Customer and InvitePeople to ensure secure, correct and legal processing of personal data in each individual case. The Customer is the controller of the personal data for the End user that are processed within the service and InvitePeople only process such data in accordance with instructions from the Customer. InvitePeople’s processing of Personal Data on behalf of the Customer is not subject to this Privacy Policy.

If an End user would like to withdraw their consent you can use:
https://invitepeople.com/revoke

InvitePeople’s responsibility as data controller

InvitePeople processes personal data in capacity as data controller in accordance with the information below:

Process	Category of data subject	Category of personal data	Legal basis	Retention period
Administering customer information to be able to provide the service to invite, implement and manage digital and physical events, following processes are involved: Registration of user Communication logs	Administrator (Customer)	Name Email address IP-address Phone number	Performance of contract	As long as you are a customer and for 24 months after you have ended your contractual relationship with InvitePeople.
Collection of contact information to representatives at companies that have shown interest in our services.	Sales leads of potential customers.	Name Email address Phone number	Legitimate interest	24 months
We collect cookie information that is necessary for the website to function properly. We also collect information for statistical purposes as well as for marketing purposes to provide tailored advertisement.	Website visitors	Cookie ID	Legitimate interest Consent	24 months

Process

Category of data subject

Category of personal data

Legal basis

Retention period

Administering customer information to be able to provide the service to invite, implement and manage digital and physical events, following processes are involved:

Registration of user
Communication logs

Administrator (Customer)

Name
Email address
IP-address
Phone number

Performance of contract

As long as you are a customer and for 24 months after you have ended your contractual relationship with InvitePeople.

Collection of contact information to representatives at companies that have shown interest in our services.

Sales leads of potential customers.

Name
Email address
Phone number

Legitimate interest

24 months

We collect cookie information that is necessary for the website to function properly. We also collect information for statistical purposes as well as for marketing purposes to provide tailored advertisement.

Website visitors

Cookie ID

Legitimate interest
Consent

24 months

Data subjects’ rights

If a data subject considers that any personal information about him or her is incorrect or misleading or if the data subject in any way wish to restrict the handling of the personal data, object to the processing, delete them (subject to certain exceptions), transfer any data or request information about which personal data that are being processed, please contact our Data Protection Officer at privacy@invitepeople.com

Processors

InvitePeople uses suppliers to provide the service. When suppliers process personal data on our behalf, a Data Processing Agreement is signed which sets out the parties’ responsibilities for the processing activities.

Sharing of personal data

InvitePeople share personal data with the following categories of recipients:

Payment providers to enable them to process payments from our customers.
Suppliers of digital marketing and statistical analysis that InvitePeople use to provide relevant advertising to potential customers.

International transfers

Some of the suppliers with whom InvitePeople have entered into service agreements with are storing personal data outside the EU/EEA. In cases when third country transfers occur, InvitePeople have entered into EU’s standard contractual clauses with the suppliers to ensure a sufficient level of security for such transfers.

Security measures

InvitePeople maintain a high level of technical and organizational security and we continuously update and test our technology and measures to ensure a level of security that is appropriate to the risk of our business.

Technical security

Below is a list with examples of technical security measures (but the technical security is not limited to these).

InvitePeople uses established standards and recommendations for secure development
Best practice for code reviewing and testing
The service is hosted in a safe and secure environment
All issues and abnormalities are logged, tracked, analysed to identify the root cause, any critical security threats are handled instantly
InvitePeople have implemented logging for security events (e.g. logins)
Well known and updated antivirus software
Updated firewalls
All traffic to InvitePeople’s network is encrypted through SSL or VPN tunnel
Perform regular security analysis
Penetration test on a regular basis
Continuous vulnerability scanning
Daily backups stored off site
Enforced password complexity, MFA when available and high requirements for storage of passwords
InvitePeople have implemented a variety of security techniques for countermeasures

Organizational security

Below is a list with examples of organizational security measures (but the organizational security is not limited to these).

No sensitive data is sent, or received, through insecure channels.
Access to InvitePeoples systems is limited to “need to have” basis, where only individuals that need to have access to personal data will have that.
Access is controlled via unique user ID and a up to date registers is kept
No shared accounts are used
All employees undergo information security educations on a regular basis
Appointed responsible individual within the organization for the overall information security
All employees are bound by terms and conditions and confidentiality agreement
A Data Protection Agreement is always signed to ensure secure, correct and legal processing of personal data
InvitePeople have appointed an external DPO (Data Protection Officer)
InvitePeople is actively working towards an ISO/IEC 27001:2017 certification

Cookies

We process personal data through cookies for technical purposes in order to improve your experience when using our website. We also use cookies for statistical purposes to measure the number of visitors and and for marketing purposes to be able to provide targeted advertising.

For more information on how InvitePeople use cookies including a full list of the cookies we use please see our Cookie Policy here:
https://invitepeople.com/cookies

Contact information

Matchmeeting AB
privacy@invitepeople.com
Tysta gatan 9
SE-115 20 Stockholm
Sweden
Org.nr 556598-6634