The General Data Protection Regulation (GDPR), which entered into force on May 25, 2018, is a new legal framework for the protection of personal data in the European Union. It applies to any data controller or processor established in a Member State, or when their processing activities relate to the supply of goods or services to individuals within the territory of the Union.
1. What You Need to Know
The objective of this Regulation is to strengthen the rights of European citizens regarding their personal data in the global digital environment. It requires companies to comply with the processing of personal data—whether automated or not—by a data controller or processor. It affects any company that processes the personal data of individuals living in the UE, regardless of whether the company is established within the European Union.
1.1 Reminder and Definitions
"Personal data refers to any information related to a physical person who can be identified, directly or indirectly" (CNIL). For example: last name, first name, photo, fingerprint, postal address, email address, telephone number, social security number, IP address, computer connection identifier, etc.
Personal data can be defined as "sensitive" if it reveals ethnic origin, political, philosophical, or religious beliefs, trade union membership, or the health or sex life of a physical person. Data is also considered sensitive when it reveals the commission of offenses or criminal convictions, or when it refers to genetic or biometric data.
Processing of personal data is any operation, regardless of the method used: collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction, etc.
1.2 Regulatory Responsibilities
The GDPR requires the following:
Obligation to inform: Communicate who the data controller is, the purposes and duration of the processing, the recipients of the data, the rights users have over their data, and the identity of the Data Protection Officer (DPO), if applicable.
Obligation to obtain consent: Consent can no longer be implied. Now, user consent must be actively given, meaning the user explicitly accepts the collection and use of their data. It is also necessary for them to retain the option to withdraw it at any time by unsubscribing.
Obligation to respect user rights: * Access: To access the data held by your organization.
Portability: The user has the right to retrieve the data held about them to reuse it for their own purposes or to transmit it to another data controller.
Erasure (Right to be forgotten): To be removed from the list by deleting the data.
Object: The right not to be solicited or to request that the organization stop processing their data.
2. Weezevent, Event Organizers, and Attendees: Scope of Action and Responsibility
True to our commitment from the very beginning, you maintain control over your data. As former event organizers ourselves, this is one of Weezevent's core values, and it will remain so.
Therefore, your data is accessible at all times and at your disposal, and we put all our energy into protecting it. There is a good reason why we work for government events in France and why more and more event organizers decide to trust us.
2.1 Weezevent and Attendees
As part of its activity, Weezevent collects attendees' personal data for its own purposes in order to ensure the proper execution of transactions (ticket sales) and to retain proof of these transactions.
As a subcontractor for you, the event organizer, Weezevent is authorized to process the necessary data on your behalf to provide the following services:
Ticket sales.
Provision of equipment to control access for ticket holders to the event.
Dissemination of information and updates regarding the event schedule.
The purpose of the data collection and processing is:
Identification of attendees.
Verifying that the attendee is authorized to attend the event.
Verifying that the specific conditions set for your event's ticket types are met.
Interoperability with third-party access control solutions.
Disseminating practical information about the event.
Archiving proof of the transaction between Weezevent, the attendee, and you.
2.2 Weezevent and Event Organizers
For the proper provision of Weezevent's services, as an event organizer, you provide the following data:
Name or company name.
Email address.
Legal status.
Tax identification number, if applicable.
First and last name of the legal representative.
Postal address.
Bank details, as soon as Weezevent records a ticket sale.
Please note that we reserve the right to request any information related to your organization if there is any doubt regarding the organization of the event, its morality, or good faith.
At any time, you can :
Find all information regarding the purpose of your data processing and its storage in the Terms and Conditions of our Services.
Find your data in your management interface and retrieve it using data exports.
Unsubscribe from mailing lists if you no longer wish to receive information about us and our services.
Request the modification or deletion of your data by writing to us at 164 rue Ambroise Croizat - 93200 Saint-Denis or by email at [email protected], explaining your request.