PRIVACY POLICY

This is the Privacy Policy of Attendu Group companies (collectively “Attendu” or “we”). Attendu provides a web application for online guest list management and related products and support for event organization (together “Services”).

SCOPE OF THIS PRIVACY POLICY

This Privacy Policy describes how Attendu as a data controller collects and uses your personal data if you use our Services or if you show an interest in our Services, for example by requesting a demo (“you”). This document also provides important information about your rights.

In addition to information below, Attendu as a data processor may also process personal data of individuals who interact with persons or entities who use our Services (each of them a “Customer”). Customers to our Services act as data controllers and are solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations relating to the collection of personal data of such individuals with whom our Customers interact. However, we are committed to provide tools for protecting the privacy of such individuals. For more information about the purpose and legal grounds of such processing and about the rights of the concerned individual, please refer to the privacy policy (sometimes also referred to as a privacy notice) of the particular Customer, as these are out of the scope of this Privacy Policy.

DATA CONTROLLERS

Attendu s.r.o. (Londýnská 730/59, Prague 12000 Czech Republic) and Attendu Inc. (838 Walker Road Suite 21-2 Dover, DE 19904, USA) are the data controllers for the personal data processed in connection with use of our Services, depending on which entity is party to the contract under which you use the Services. If you are not a user yet, Attendu s.r.o. and Attendu Inc. are both data controllers.

You may reach each data controller at their registered address, via our support or at support@attendu.com.

PERSONAL DATA WE COLLECT

Data that you provide to us:

When you intend to use, or use our Services, we ask you to provide certain personal data (“Account Data”) to identify you as a contractual party or a user and to allow you to invite other users, if applicable, and to allow you and the invited users to use our Services. This data may include your name, email address, company and other information, such as names and email addresses of users you want to invite. By voluntarily providing us with personal data of invited users, you represent that you are an authorized user of such personal data and no invited user has objected to such processing by us. When you request a demo, we collect and use your email address. We ask for and collect personal data such as your name, address, phone number and email address when you register for or attend an event organized by us. We will make it clear in case some data are collected on a voluntary basis. In absence of such information, the provision of the information is compulsory for you to be able to use our Services. Personal Data refers to information that can identify, describe, or be associated with a specific individual or household, either directly or indirectly.

How We Process the Personal Data of Guests

When you use the event management software or app as an end-user of the Customer, we function as a Service Provider under the California Privacy Rights Act (CPRA) and as a Processor under EU data protection laws or other comprehensive privacy laws in US states (where applicable). We handle and store your Personal Data in accordance with the data processing agreement established with the Customer. Our agreements with the Customer restrict us from utilizing this information except for the purpose of enhancing and delivering the event management software, as allowed by this Privacy Policy and relevant legal provisions.

In the context of our role as a data processor/service provider, Attendu handles your Personal Data. If you wish to submit a privacy rights request, we will forward your request to our Customer (or the ultimate data controller). Alternatively, you can directly contact them, and we will collaborate with the customer to facilitate your request.

We collect your Personal Data when you:

Register for the mobile app and/or event management software. When using the event management software and/or mobile app, we gather your registration details, including personal identifiers (such as name, email address, and telephone number), limited health information necessary for the safe execution of the Customer’s event (such as food allergies or preferences, mobility requirements), and any other information requested by the Customer (subject to specific restrictions related to sensitive categories of personal information). We utilize this information on behalf of our Customer to register you for the event, communicate event-related details, and provide event materials and logistics. Additionally, we share this information with our Customer and any integrated third-party service providers employed by our Customer to enhance functionality and services.
When the Customer uploads the guest’s information into the event management software which includes personal identifiers, the process under (1) above applies as well.
Access the Mobile App. Upon logging in, we’ll gather your unique identifiers (email and password) for account authentication. Similarly, when you log in via the Website, we’ll collect your identifiers (email address and password) to verify your account.
Automated Data Gathering. Alongside the previously mentioned personal details, when interacting with the Mobile Apps, both we and our third-party provider capture your online and electronic network activity (including IP Address, Operating System, device model, geographical location, and advertising ID) through software development kits (SDKs). These SDKs ensure that the Mobile Apps function as intended. Certain SDKs also store and retrieve data on your device, akin to a cookie or a comparable tracking mechanism.

Third-Party Payment Processing

Through our third-party payment processor, we collect your financial account information, including credit card number, expiration date, CVV, or account number and routing number. This information is used to communicate with you about the services we provide, conduct business, and process payments. Under EU data protection law, the legal basis for this processing is to perform a contract with you. If you make payments by credit card, we share your personal identifiers and payment card information with our payment processor. Additionally, if you request integration of third-party services, we share this information with the third-party service provider for seamless integration. We do not process this information ourselves; rather, we act as a conduit between our client and the third-party provider. We retain this information for the duration of the subscription plan for the event or until we receive a deletion request, unless an exception applies.

Categories of Data We Process

We may disclose or, with respect to billing and payment information, otherwise integrate features through our Services pursuant to which you may disclose, your Personal Data to the categories of service providers and other parties listed in this section.

Service Providers:

These parties help us provide the Services or perform business functions on our behalf and include:

Hosting, Technology, and Communication Providers: These entities assist us in delivering our services and managing technical aspects. They include hosting providers, technology experts, and communication specialists.
Security and Fraud Prevention Consultants: We engage security and fraud prevention consultants to safeguard our systems and protect your data.
Co-location Service Providers: Co-location providers help us maintain efficient infrastructure by offering physical space for our servers and equipment.
Staff Augmentation and Contract Personnel: We collaborate with staff augmentation agencies and contract personnel to enhance our workforce and meet operational demands.
Payment Processors: Our payment processing partner Stripe, Inc. (“Stripe”) securely handles your payment card information for transaction processing. Please review Stripe’s terms of service and privacy policy for details on data usage and storage.

Advertising Partners: These parties assist in marketing our services and presenting relevant offers. They include ad networks and marketing providers.

Analytics Partners: Companies specializing in web traffic and usage analytics help us understand user behavior. This includes tracking how users discover our services and interact with them.

Business Partners: We collaborate with third-party integration providers to offer joint services. If you’ve provided consent, we may share your Personal Data with these partners for promotional purposes.

Parties You Authorize, Access, or Authenticate: When using our services, you may interact with third parties, such as social media platforms or other users. Your interactions are subject to their terms and conditions.

In the past 12 months we have collected data which includes the following:

Category of Personal Data	Examples of Personal Data We Collect	Categories of Third Parties To Whom We Disclose this Personal Data
Profile or Contact Data	First and last name Email Phone number Mailing address Unique identifiers such as passwords	Service Providers Parties You Authorize, Access or Authenticate
Identifiers	Cultural or social identifiers	Service Providers Parties You Authorize, Access or Authenticate
Device/IP Data	IP address Device ID Type of device/ operating system	Analytics Partners
Web Analytics	Web page interactions Browsing history Referring webpage/source through which you accessed the Services Statistics associated with the interaction between device or browser and the Services	Advertising Partners Service Providers Analytics Partners
Consumer Demographic Data	Zip code	Advertising Partners
Photos, Videos and Recordings	Photos, videos or recordings of your environment	Service Providers Analytics Partners Business Partners Parties You Authorize, Access or Authenticate
Geolocation Data	Any identifying information in emails, letters, texts or other communications you send us All other event attendee or event registration Information you upload to Attendu or make available in connection with your registration for an event. This data may include Personal Data if you choose to include Personal Data in such content, and data such as information about you, your event attendance, your contacts, the venues you will be attending and your registration information as well as about your events, your event attendees, customers, vendors, contacts, fees and venues.	Advertising Partners Service Providers Business Partners Parties You Authorize, Access or Authenticate

Data that we collect from you when you use our Services or websites

We use cookies and other information gathering technologies to provide, market and improve our Services. These technologies may provide us with personal data, information about devices and networks you utilize to access our websites or Services, and other information regarding your interactions with our websites or Services. Web beacons, tags and scripts may be used on our websites or in email or other electronic communications we send to you. These assist us in understanding usage and campaign effectiveness and determining whether an email has been opened and acted upon. We gather certain information and store it in log files when you interact with our websites and Services.

Contacting Us with an Inquiry

When reaching out to us via email or submitting an inquiry, we gather your personal identifiers (such as name and business email address) along with any additional information you provide. This data enables us to address your questions, troubleshoot issues related to our services, and ensure effective communication. We collaborate with a third-party customer service provider to handle requests and utilize a customer relationship management platform. Additionally, our email communications provider assists in facilitating our interactions with you. We retain this information throughout the duration of your subscription plan or until we receive instructions to delete it, unless exceptions apply. Under EU data protection law, the legal basis for this processing is contract performance.

When you engage with our customer service representatives via phone, we obtain your consent to record the call. During these conversations, we collect your identifiers (such as name, business email address, and telephone number) and auditory information (voice recordings). This data is shared with our third-party call recording, transcription, and training provider, Zendesk. The legal basis for this processing, under EU data protection law, is your consent. We retain this information as long as it remains relevant to your account or our training program, unless exceptions apply.

Should you choose to instant message with a customer service representative, we collect your identifiers (including name, telephone number, and business email address) and any other relevant details from your communications. Our third-party customer service provider assists us in managing customer service requests. Under EU data protection law, the legal basis for this processing is contract performance. We retain this information for the duration of your subscription plan or until we receive a request for deletion, unless exceptions apply.

HOW WE USE THE DATA – PURPOSE OF DATA PROCESSING

We use the personal data which we collect about you to:

(a) provide, operate, maintain and improve the Services;

(b) enable you to access and use the Services;

(d) send Services messages, including responses to your comments, questions, and requests; provide customer service and support; and send you technical notices, updates, security alerts, and support and administrative messages;

(e) send promotional communications, such as providing you with information about products and services, features, surveys, newsletters, offers, promotions, contests, and events; and provide other news or information about us and our partners;

(f) monitor and analyze trends, usage, and activities in connection with our websites and Services and for marketing or advertising purposes;

(g) investigate and prevent fraudulent transactions, unauthorized access to the Services, and other illegal activities;

(h) personalize our websites and Services;

(i) comply with our legal obligations, including our obligations related to personal data protection.

DATA SHARING AND TRANSFERS

We may share your personal data with our affiliates and third-party service providers to provide data-warehousing, development, analytics and other services for us. These third-party service providers may have access to or process your personal data for the purpose of providing these services for us. We do not permit our third-party service providers to use the personal data that we share with them for their marketing purposes or for any other purpose than in connection with the services they provide to us. By default, we and our service provider process your personal data only within the EU. If the data are exceptionally transferred outside the EU, we do so in accordance with applicable laws and we rely either on adequacy decisions for the relevant countries, or other transfer mechanisms as may be available under applicable law, such as the Standard Contractual Clauses.

Our Subprocessors can be found at Attendu Subprocessors.

How We Handle Your Information

Attendu takes privacy seriously. Here’s how we manage your personally identifiable information (PII):

Personally Identifiable Information (PII): We do not rent, sell, trade, or transfer your PII to external parties. While we may store personal information on servers or databases co-located with hosting providers, we maintain strict control over its use. If you choose to make PII publicly available on our sites (such as posting comments on our blog), it will be accessible to others. Removing public information may not completely erase it, as cached or archived copies might still exist.
Legal Obligations: We will disclose your information if legally required, such as in response to a subpoena or other legal proceedings. Additionally, we may take action to enforce our Terms of Service, protect our Service’s security and integrity, or safeguard the rights, property, or personal safety at events, our users, or others.
Change of Control: In the event of company changes (e.g., mergers, acquisitions, divestitures), your information (including customer names and email addresses) may be transferred. We’ll notify you via email or prominently on our site if there are any changes in ownership or how your personal information is used.
Testimonials: We are proud to display testimonials from satisfied customers on our site. With your consent, we may include your testimonial along with your name. If you’d like to update or delete your testimonial, feel free to contact us at support@attendu.com.

OPT-IN AND OPT-OUT FOR SMS/MMS SERVICES

When opted-in, you will receive text messages (SMS/MMS) from Attendu to your telephone number. These kinds of messages may include account notifications.
Your Opt-in data, consent for text messaging, mobile numbers, and personnel information will not be shared or sold to third parties, except for messaging partners, for the purpose of enabling and operating our text messaging program.
You can cancel the messaging service at any time. Just text “STOP” to the telephone number you received SMS from. We will send you an SMS message to confirm that you have been unsubscribed successfully. After this, you will no longer receive SMS messages from us. If you want to join again, just sign up as you did the first time and we will start sending SMS messages to you again.
If you are experiencing issues with the messaging program you can reply with the keyword “HELP” for more assistance, or you can get help directly at support@attendu.com.

SECURITY OF YOUR PERSONAL DATA

We take reasonable and appropriate steps to protect your personal data in an effort to prevent loss, misuse, and unauthorized access, disclosure, alteration and destruction.

Protecting Visitor Information

Ensuring the safety of visitor data is a top priority for Attendu. However, we cannot guarantee the absolute security of any information you share with us. Despite our industry-standard safeguards, there is always a risk of unauthorized access, disclosure, alteration, or destruction. When you provide sensitive details (such as login credentials) via our registration or order forms, we employ secure socket layer technology (SSL) to encrypt the data. Keep in mind that no method of transmitting information over the Internet or storing it electronically is entirely foolproof. If you have any security-related inquiries, feel free to reach out to us at support@attendu.com.

Additionally, we regularly scan our website for security vulnerabilities to enhance your safety during your visits.

For more information check the Attendu Security Page.

LEGAL GROUNDS FOR PROCESSING (IF YOU RESIDE IN EEA, UK OR SWITZERLAND)

We process your data for the purposes described in this Privacy Policy, based on the following legal grounds:

(i) When we’re pursuing legitimate interests:

We process your information for our legitimate interests and those of third parties. This means that we process your information for things like: providing, operating; maintaining, and improving our Services; enabling you to access and use the Services; promoting the Services; sending promotional communications; monitoring and analyzing trends, usage, and activities in connection with our websites and Services; investigating and preventing fraudulent transactions, unauthorized access to the Services, and other illegal activities; personalizing the websites and Services.

(ii) When we’re providing a service:

We process your data to provide a Service you’ve asked for under a contract between you and us. This means that we process your information for things like: enabling you to access and use the Services; processing transactions, and sending you related information; providing customer service and support; personalizing our websites and Services.

(iii) When we’re complying with legal obligations:

We’ll process your data when we have a legal obligation to do so, for example, if we’re responding to a legal process or an enforceable governmental request.

(iv) With your consent:

We may ask for your agreement to process your information for specific purposes and you have the right to withdraw your consent at any time. For example, we may ask for your consent to publish your testimonial, if it includes your identification. If you wish to withdraw your consent, you can contact us at support@attendu.com.

YOUR RIGHTS (IF YOU RESIDE IN EEA, UK OR SWITZERLAND)

To the extent available by data protection protection applicable to you (such as GDPR), you may exercise the following rights:

(a) you may request access to your data from us (information about what your specific data we process and how do we work with them); (b) you may request restriction of the processing your data (which means that we do not delete the data but we will not work with them); (c) you may request data deletion and correction (always if the legal conditions are met); (d) you may object to the processing of data – it means that you may refuse data processing based on a legitimate interest and we will limit processing, unless we prove serious and qualified legitimate reasons for the processing; and (e) you may exercise your right to data portability. To exercise any of these rights, contact us via above mentioned contact details – the easiest way is to send us an email to support@attendu.com and we would be glad to help you exercise your rights. If you believe that we are violating legal rules by processing your personal data, you have the right to lodge a complaint with the national supervising authority (Czech Office for Personal Data Protection for Attendu s.r.o.).

CALIFORNIA RESIDENTS

Under the California Consumer Privacy Act (“CCPA”), we are required to inform California residents who are users about the categories of personal information we collect about you and the purposes for which we will use this information. We collect information which you give us at the registration, in particular your name and email address and information about your use of our Services. We use and disclose the personal information we collect for our business purposes as identified in the CCPA for communicating with you about the Services as well as for legal compliance, performing services, internal operations, protection against security incidents and activities to improve and maintain our business. California residents have the right to request that we disclose what personal information we collect from you, to delete that information, and to opt-out of the sale of your personal information, subject to certain restrictions. We do not, and will not, sell your personal information.

MINORS

We do not knowingly collect any personal data from children under the age of 16. If you are under the age of 16, please do not use or submit any personal data through our websites or Services. If you have reason to believe that a child under the age of 16 has provided personal data to us through our websites or Services, please contact us at support@attendu.com, and we will use commercially reasonable efforts to delete that information.

DATA RETENTION AND DELETION

We retain personal data we collect from you where we have an ongoing legitimate business need to do so (for example, to comply with applicable legal, tax or accounting requirements, to enforce our agreements or comply with our legal obligations). When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing, until deletion is possible. When processing data on behalf of our Customers, we will retain such data for as long as our customer instructs us to based on our Service contract with the Customer and/or as required by applicable law.

CHANGES TO THIS PRIVACY POLICY

We may change this Privacy Policy from time to time. If we make any changes to this Privacy Policy, we will add or change the “Last Updated” date at the top of the page. If such changes are material in nature, we will provide you with additional notice (such as adding a statement to our website or sending you an email notification).

POLICY EFFECTIVE DATE: 4/1/2024