Help Centre
Data Privacy Framework Notice
Last Updated: October 13, 2023
In this article
- Data Privacy Framework
- Types of personal data we collect and use
- Data transfers to third parties
- Security
- Access rights
- Your choices
- Standard Contractual Clauses
- Questions or complaints
- How to contact us
Data Privacy Framework
We, Eventbrite, Inc. (“Eventbrite”) are committed to protecting your privacy and comply with the EU-US Data Privacy Framework, the Swiss-US Data Privacy Framework, and the UK Extension to the EU-US Data Privacy Framework (together the “Data Privacy Framework”) as set forth by the US Department of Commerce regarding the collection, use and retention of personal data from European Economic Area (“EEA”) member countries, the United Kingdom (“UK”)and Switzerland. Eventbrite has certified that it adheres to and will abide by the Data Privacy Framework Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability.
For purposes of enforcing compliance with the Data Privacy Framework, Eventbrite is subject to the investigatory and enforcement authority of the US Federal Trade Commission.
For more information about the Data Privacy Framework, see the US Department of Commerce’s Data Privacy Framework website located at: https://www.dataprivacyframework.gov/. To review our certification on the Data Privacy Framework list, see the US Department of Commerce’s Data Privacy Framework’s self-certification list located at: https://www.dataprivacyframework.gov/s/participant-search.
Types of personal data we collect and use
Our online privacy policy describes the categories of personal data we may receive in the United States, as well as the purposes for which we use that personal data. We will only process personal data in ways that are compatible with the purpose we collected it for, or for the purposes you later authorize. Before we use your personal data for a purpose that is materially different from the purpose we collected it for or that you later authorized, we will provide you with the opportunity to opt-out. We maintain reasonable procedures to help ensure that personal data we collect and use is reliable for its intended use, accurate, complete, and current.
Data transfers to third parties
Agents, consultants and service providers: We may share your personal data with our contractors and service providers who process personal data on behalf of Eventbrite to perform certain business-related functions. These companies include our marketing agencies, database service providers, backup and disaster recovery service providers, email service providers and others. When we engage another company to perform such functions, we may provide them with information, including personal data, in connection with their performance of such functions.
If we have received your personal data in the United States and subsequently transfer that information to a third party agent or service provider for processing, we remain responsible for ensuring that such third party agent or service provider processes your personal data to the standard required by our Data Privacy Framework commitments.
Eventbrite Group Companies: We may also share your personal data with our parent companies, subsidiaries and/or affiliates for purposes consistent with this Notice.
Business Partners: We also provide information to our channel partners, such as distributors and resellers, to fulfill product and information requests, and to provide customers and prospective customers with information about Eventbrite and its products and services.
Business Transfers: As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, personal data may be part of the transferred assets.
Disclosures for National Security or Law Enforcement: Under certain circumstances, we may be required to disclose your personal data in response to valid requests by public authorities, including to meet national security or law enforcement requirements.
Organizers: When you purchase tickets to, register for or donate to an event or related fundraising page on or through our services, we provide the personal data entered on the applicable event or related fundraising page to the Organizers of such event and related fundraising page.
Facebook and Other Third Party Connections: You can connect your Eventbrite account to your accounts on third party services like Facebook, in which case we may collect, use, disclose, transfer and store/retain information relating to your account with such third party services in accordance with this Notice.
Legal Requirements: We may disclose your personal data if required to do so by law in order to (for example) respond to a subpoena or request from law enforcement, a court or a government agency, or in the good faith belief that such action is necessary to
comply with a legal obligation,
protect or defend our rights, interests or property or that of third parties,
prevent or investigate possible wrongdoing in connection with the Services,
act in urgent circumstances to protect the personal safety of Users of the Services or the public, or
protect against legal liability.
We try to minimize disclosures of personal data as reasonably practical because we are mindful of our responsibility and potential liability in cases of onward transfers to third parties.
For further information about how we disclose your personal data, please see our online privacy policy.
Security
We maintain reasonable and appropriate security measures to protect personal data from loss, misuse, unauthorized access, disclosure, alteration, or destruction in accordance with the Data Privacy Framework.
Access rights
You may have the right to access personal data that we hold about you and request that we correct, amend, delete it if it is inaccurate or processed in violation of the Data Privacy Framework. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. If you would like to request access to, or a correction, amendment, or deletion of your personal data, you can submit a written request to the contact information provided below. We may request specific information from you to confirm your identity. In some circumstances we may charge a reasonable fee for access to your information.
Your choices
You can request your personal data or to delete your personal data by visiting the Eventbrite Privacy Center. You can also unsubscribe from our marketing communications by following the instructions or unsubscribe mechanism in the e-mail message, or by updating your email preferences located in your Account Settings.
Standard Contractual Clauses
Eventbrite uses Standard Contractual Clauses (Controller-to-Processor) as set forth in the Annex to European Commission Implementing Decision (EU) 2021/914 of June 4, 2021, as the legal mechanism for data transfers from the EU and EEA to the United States.
Questions or complaints
You can direct any questions or complaints about the use or disclosure of your personal data to us at privacy@eventbrite.com. We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of personal data within 45 days of receiving your complaint. We have further committed to cooperate and comply with the panel of European data protection authorities (DPAs),the Swiss Federal Data Protection and Information Commissioner and the UK Information Commissioner respectively in the resolution of any Data Privacy Framework complaints we do not otherwise satisfactorily address with you directly. Your DPA contact details can be found here. Under certain conditions, more fully described on the Data Privacy Framework website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
How to contact us
If you have any questions regarding this Notice or if you need to request access to or update, change or remove personal data that we control, you can do so by contacting privacy@eventbrite.com or by regular mail addressed to:
Eventbrite, Inc. Attn: Legal Department 95 Third Street 2nd Floor San Francisco, California, 94103 United States
Changes to this Notice
We reserve the right to amend this Notice from time to time consistent with the Data Privacy Framework’s requirements.