It’s official: Billetto is GDPR compliant. You might wonder what that means, exactly. Let’s look at the most important bits.
“GDPR” is short for General Data Protection Regulation and it is designed to streamline and improve data privacy laws across Europe. It comes into effect on May 25, 2018.
Very briefly, GDPR says that companies (like Billetto) must take specific steps to securely store any personal data they process on EU citizens and to use this data for lawful reasons.
GDPR also gives consumers more control over how their personal data is used by others.
Just about anyone who has anything to do with personal data of EU citizens. If you’re an EU citizen or handle personal data of EU citizens, GDPR applies to you. Simple, right?
Now, GDPR is certainly not the first ever regulation protecting people’s data. So what exactly is different now? In short:
Here’s how we make sure to comply:
GDPR defines two “roles” when it comes to handling of personal data:
Where Billetto collects personal data from organisers and attendees who register for our services, we are the Data Controller. We may use such data for analysis, improving our platform, and providing event recommendations.
Where Billetto collects data on behalf of the organiser, such as when they ask additional questions during ticket purchase, we are the Data Processor.
Because we may process the same data for our own and organisers’ needs, we may have a dual role (and different obligations) as both the Data Controller and Data Processor.
If you’re using Billetto to create and manage events, you need to know a few things.
In situations where you decide what data to collect about your attendees and how to use it, you are the Data Controller. In those cases, Billetto is the Data Processor. We collect and process that data on your behalf.
As the Data Controller, you must comply with GDPR when collecting and using such data. More specifically...
Data you collect from attendees via Billetto should follow these principles:
2. Purpose limitation. Only use that data for its stated purpose and nothing else.
3. Data minimisation. Don’t collect more data than you absolutely need.
4. Accuracy. Make sure this data stays accurate and respond to any customer requests to change or delete it.
5. Storage limitation. Don’t store this data after it’s served its purpose.
6. Integrity & confidentiality. Handle this data securely and prevent it from being misused.
EU citizens using Billetto to attend events have the right to ask Billetto (or the organiser) to:
Billetto and event organisers must show you this data latest one month after your initial request. If you’re a registered user, you can also visit the "My Data" page to instantly see some of the data we store and delete that data directly.
We’ve written the above to help everyone using Billetto better understand the impact of GDPR. It’s purely for information and can’t be considered legal advice. We encourage everyone to work with and consult legal professionals to make sure you understand and comply with GDPR.