Eventbrite & Singapore Data Protection
Eventbrite takes data privacy and security very seriously. We take steps to make sure that we comply with our data privacy law obligations in Singapore (primarily, the Personal Data Protection Act 2012 (“the PDPA”)), and our goal is to make it easy for our Organizers to comply with their respective obligations. At Eventbrite, we have tailored our data privacy program in light of the PDPA’s requirements. Here are a few highlights.
TIP: To learn more about Eventbrite's Legal Terms, take a look here.
PRO TIP: We may translate this information into other languages for your convenience. If there is a conflict between the English version and a translated version, the English version will control.
NOTE: Capitalized terms in this article are defined in our Terms of Service.
1. Eventbrite's data processing obligations.
Eventbrite is subject to the PDPA with respect to various personal data collection and processing activities. These arise in the course of providing Services to Organisers, managing direct relationships with account-holding Consumers, and processing personal data of non-account-holding Consumers, including those in which:
An Organiser creates an account with Eventbrite to organise and ticket events, and we obtain the Organiser’s consent to process the personal data about him or herself that the Organiser provides as part of the account creation process;
A Consumer provides Eventbrite with personal data in the course of creating an account, and we obtain the Consumer’s consent to process his or her personal data;
Eventbrite obtains personal data in the course of an Organiser’s or Consumer's use of our Services, and we obtain the Organiser’s or Consumer’s consent to then use that data, for example, to conduct research and analysis, improve our products and features, and provide targeted recommendations; or
Eventbrite obtains a Consumer's personal data as a result of providing our core ticketing services to our Organisers. For example, we may process Consumers’ personal data on behalf of Organisers to allow Organisers to learn more about their attendees during the ticket purchase, facilitate the transmission of emails to Consumers at the request of the Organiser, process payments, or provide event reports and tools so Organisers can gain insights into the effectiveness of various sales channels.
2. A Data Processing Addendum for Organisers and Sub-Processors.
When Eventbrite processes personal data on behalf of the Organiser, Eventbrite will be subject to a Data Processing Addendum to our Terms of Service with our Organiser. Our Data Processing Addendum (DPA) for Organisers, incorporated in our Terms of Service, includes Eventbrite's legal obligations as a processor consistent with the PDPA.
Eventbrite also published a public facing list of Eventbrite's Sub-Processors as referenced in the DPA for Organisers.
3. Email Tools.
We offer the ability for Organisers to email Consumers directly through our platform. This functionality was built to send service related emails specific to an Organiser's event attended by the recipient of such email. If an Organiser wants to use this function for marketing its products or events, the Organiser needs to secure its own compliant consents or ensure that it has the right to send marketing emails to individuals. Eventbrite does not do this on an Organiser's behalf.
4. Individual Rights.
Eventbrite will honor account-holding Consumers’ requests with respect to the processing of their personal data, consistent with applicable law. For instance, account-holding Consumers can request access to their personal data that we process. They can also ask us to correct such personal data.
Access. Eventbrite will honor an account-holding Consumer’s request that Eventbrite confirm the existence of the processing of the Consumer’s personal data, if applicable, grant the Consumer access to that data, and provide the Consumer with information regarding the uses and disclosures of his or her personal data in the year preceding the request, consistent with applicable law. You can request your personal data in the Personal Data section of your Eventbrite account.
Correction. Eventbrite will honor an account-holding Consumer’s request that Eventbrite correct errors or omissions in the Consumer’s personal data that we process, consistent with applicable law. You can update your personal data in the Contact Info section of your Eventbrite account.
5. Data Incident Notifications.
In cases in which personal data of Organisers, or of Consumers who have created an Eventbrite account in the course of a ticket purchase, are impacted by a data security incident requiring notification to affected individuals, we will notify the affected individuals directly, rather than notifying the Organiser of each event associated with an affected Consumer.
In cases in which Eventbrite processes the personal data of a Consumer who purchased tickets on Eventbrite without creating an account with Eventbrite directly, we will notify the Organiser(s) we determine to be most likely in contact with that Consumer whose personal data has been impacted by a data security incident requiring notification.
6. Cross-border Data Transfers.
7. How does Eventbrite secure personal data?
Eventbrite is committed to protecting personal data. In this effort, Eventbrite has implemented and continues to monitor a range of security measures. You can find out more about the security and privacy measures Eventbrite has implemented in the "Eventbrite Security and Safety Guide," available at www.eventbrite.sg/security.
8. What else is Eventbrite doing as a result of the PDPA?
Accountability and Training. We’ve created internal data privacy guidelines and we're making sure that employees are appropriately trained on them. This means that everyone at Eventbrite is expected to handle personal data in a legitimate and fair way.
Data Retention and Destruction. We take reasonable steps to destroy or de-identify personal data as required by applicable law. As a result, there may be a time when your Organiser dashboard will show anonymized personal data for a particular attendee, however the financial data associated with that attendee should remain as part of the event.
In the event an Organiser's data retention needs require that Eventbrite no longer provide such Organiser with access to the personal data of its former attendees, the Organiser can accomplish this by removing the event from its dashboard. Should the Organiser still need access to the non-personal event data, it should first download the event to a .csv or text file and manipulate that file as it sees fit.
Vendors. We review our vendor and sub-processor contracts to make sure that they meet the requirements of the PDPA and are compliant with rules on international data transfers.
Additional data privacy information.
California (United States)
Still have questions?