EU-U.S. Privacy Shield Framework
Last Updated: October 27, 2022
EU-US and Swiss-US Privacy Shield Framework
We, Eventbrite, Inc. (“Eventbrite”) are committed to protecting your privacy and comply with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework (together the “Privacy Shield”) as set forth by the US Department of Commerce regarding the collection, use and retention of personal data from European Economic Area (“EEA”) member countries, the United Kingdom (“UK”)and Switzerland. Eventbrite has certified that it adheres to and will abide by the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability.
For purposes of enforcing compliance with the Privacy Shield, Eventbrite is subject to the investigatory and enforcement authority of the US Federal Trade Commission.
For more information about the Privacy Shield, see the US Department of Commerce’s Privacy Shield website located at: https://www.privacyshield.gov. To review our certification on the Privacy Shield list, see the US Department of Commerce’s Privacy Shield self-certification list located at: https://www.privacyshield.gov/list.
Types of personal data we collect and use
Data transfers to third parties
Agents, consultants and service providers: We may share your personal data with our contractors and service providers who process personal data on behalf of Eventbrite to perform certain business-related functions. These companies include our marketing agencies, database service providers, backup and disaster recovery service providers, email service providers and others. When we engage another company to perform such functions, we may provide them with information, including personal data, in connection with their performance of such functions.
If we have received your personal data in the United States and subsequently transfer that information to a third party agent or service provider for processing, we remain responsible for ensuring that such third party agent or service provider processes your personal data to the standard required by our Privacy Shield commitments.
Eventbrite Group Companies: We may also share your personal data with our parent companies, subsidiaries and/or affiliates for purposes consistent with this Notice.
Business Partners: We also provide information to our channel partners, such as distributors and resellers, to fulfill product and information requests, and to provide customers and prospective customers with information about Eventbrite and its products and services.
Business Transfers: As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, personal data may be part of the transferred assets.
Disclosures for National Security or Law Enforcement: Under certain circumstances, we may be required to disclose your personal data in response to valid requests by public authorities, including to meet national security or law enforcement requirements.
Organizers: When you purchase tickets to, register for or donate to an event or related fundraising page on or through our services, we provide the personal data entered on the applicable event or related fundraising page to the Organizers of such event and related fundraising page.
Facebook and Other Third Party Connections: You can connect your Eventbrite account to your accounts on third party services like Facebook, in which case we may collect, use, disclose, transfer and store/retain information relating to your account with such third party services in accordance with this Notice.
Legal Requirements: We may disclose your personal data if required to do so by law in order to (for example) respond to a subpoena or request from law enforcement, a court or a government agency, or in the good faith belief that such action is necessary to
comply with a legal obligation,
protect or defend our rights, interests or property or that of third parties,
prevent or investigate possible wrongdoing in connection with the Services,
act in urgent circumstances to protect the personal safety of Users of the Services or the public, or
protect against legal liability.
We try to minimize disclosures of personal data as reasonably practical because we are mindful of our responsibility and potential liability in cases of onward transfers to third parties.
We maintain reasonable and appropriate security measures to protect personal data from loss, misuse, unauthorized access, disclosure, alteration, or destruction in accordance with the Privacy Shield.
You may have the right to access personal data that we hold about you and request that we correct, amend, delete it if it is inaccurate or processed in violation of Privacy Shield. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. If you would like to request access to, or a correction, amendment, or deletion of your personal data, you can submit a written request to the contact information provided below. We may request specific information from you to confirm your identity. In some circumstances we may charge a reasonable fee for access to your information.
You can request your personal data in the Personal Data section of your Eventbrite account. You can request to delete your personal data in the Close Account section of your Eventbrite account. You can also unsubscribe from our marketing communications by following the instructions or unsubscribe mechanism in the e-mail message, or by updating your email preferences located in your Account Settings.
Standard Contractual Clauses
Eventbrite uses Standard Contractual Clauses (Controller-to-Processor) as set forth in the Annex to European Commission Implementing Decision (EU) 2021/914 of June 4, 2021, as the legal mechanism for data transfers from the EU and EEA to the United States.
Questions or complaints
You can direct any questions or complaints about the use or disclosure of your personal data to us at firstname.lastname@example.org. We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of personal data within 45 days of receiving your complaint. We have further committed to cooperate and comply with the panel of European data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner respectively in the resolution of any Privacy Shield complaints we do not otherwise satisfactorily address with you directly. Your DPA contact details can be found here. Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
How to contact us
If you have any questions regarding this Notice or if you need to request access to or update, change or remove personal data that we control, you can do so by contacting email@example.com or by regular mail addressed to:
Eventbrite, Inc. Attn: Legal Department 95 Third Street 2nd Floor San Francisco, California, 94103 United States
Changes to this Notice
We reserve the right to amend this Notice from time to time consistent with the Privacy Shield's requirements.
Still have questions?