Eventbrite & California Data Protection
Eventbrite takes data privacy and security very seriously. We take steps to make sure that we comply with our data privacy law obligations, and our goal is to make it easy for our Organizers to comply with their respective obligations. For information on our privacy program, read more below.
TIP: To learn more about Eventbrite's Legal Terms, take a look here.
NOTE: Capitalized terms in this article are defined in our Terms of Service.
The California Consumer Privacy Act (CCPA) takes effect on January 1, 2020. Our goal is to make it easy for our Organizers to comply with their respective obligations. We have updated our data privacy program in light of the CCPA’s requirements. Here are a few highlights.
1. Eventbrite as a “Business” and a “Service Provider”.
Eventbrite as “Business” — Where an Organizer creates an account with Eventbrite to organize and ticket their events, Eventbrite will be a “business” (as that term is defined in the CCPA) as to the personal information that Organizers provide about themselves as part of the account creation process. Similarly, where a Consumer provides Eventbrite with personal information in the course of creating an account, Eventbrite will be a business as to the personal information provided to Eventbrite directly by that Consumer. Eventbrite will also be a business as to personal information that Eventbrite obtains in the course of an Organizer or Consumer's use of Eventbrite Services, which Eventbrite may then use, for example, to conduct research and analysis, improve our products and features, and provide more relevant recommendations.
Eventbrite as a “Service Provider” — Eventbrite will be a “service provider” (as that term is defined in the CCPA) as to a Consumer's personal information that Eventbrite obtains as a result of providing its core ticketing services to our Organizers. For example, Eventbrite may process Consumers’ personal information on behalf of Organizers to allow Organizers to learn more about their attendees during the ticket purchase, facilitate the transmission of emails to Consumers at the request of the Organizer, process payments, or provide event reports and tools so Organizers can gain insights into the effectiveness of various sales channels.
Given that Eventbrite processes a Consumer's personal information both in providing Eventbrite Services to the Organizer, and in managing Eventbrite’s direct relationship with the Eventbrite account-holding Consumer directly in his or her own use of Eventbrite, Eventbrite may be both a business and a service provider in relationship to a Consumer’s personal information and will be held to different processing obligations as a result.
2. A Data Processing Addendum for Organizers.
As a service provider processing Personal information on behalf of the Organizer, Eventbrite is subject to a Data Processing Addendum to our Terms of Service with our Organizer. Our Data Processing Addendum, incorporated in our Terms of Service, includes Eventbrite's legal obligations as a service provider consistent with the CCPA.
3. Individual Rights.
For personal information for which Eventbrite is a “business,” Eventbrite will honor Consumers’ requests with respect to the processing of their personal information, consistent with applicable law. For instance, Consumers can request access to their personal information that we process. They can also ask us to delete such personal information.
Access. Eventbrite will honor a Consumer’s request that Eventbrite provide a summary of its processing of the Consumer’s personal information, if applicable, and grant the Consumer access to that information, consistent with applicable law. You can request your personal data in the Personal Data section of your Eventbrite account.
Deletion. Eventbrite will honor a Consumer's request that Eventbrite delete that Consumer's personal information consistent with applicable law. You can request to delete your personal data in the Close Account section of your Eventbrite account.
As a result, there may be a time when your Organizer dashboard will show anonymized personal information for a particular attendee. The financial data associated with that attendee should remain as part of the report for that event, however. If Eventbrite removes personal information on its own in accordance with our internal data retention policy, this same view within the dashboard will appear.
In the event an Organizer's data retention needs require that Eventbrite no longer provide such Organizer with access to the personal information of its former attendees, the Organizer can accomplish this by removing the event from its dashboard. Should the Organizer still need access to the non-personal event data, it should first download the event to a .csv or text file and manipulate that file as it sees fit.
Should one of your attendees ask you directly to have Eventbrite remove that attendee's personal information from our system, please forward the request to us at email@example.com. Our support team may reach out to the Consumer directly to confirm the request.
4. How does Eventbrite secure personal information?
Eventbrite is committed to protecting personal information. In this effort, Eventbrite has implemented and continues to monitor a range of security measures. You can find out more about the security and privacy measures Eventbrite has implemented in the "Eventbrite Security and Safety Guide," available at www.eventbrite.com/security.
5. What else is Eventbrite doing as a result of CCPA?
Accountability and Training. We revamped our internal data privacy guidelines to make sure they're in line with the CCPA, and we're making sure that employees are trained on them appropriately. This means that everyone at Eventbrite is expected to handle personal information in a legitimate and fair way.
Vendors. We reviewed our vendor and sub-processor contracts to make sure that they meet the requirements of the CCPA.
Additional data privacy information.
Still have questions?