Introduction
EventsAir’s Data Protection Toolkit is a fully integrated set of tools and processes designed to help event organizers provide superior data protection for their client’s personal data.
This helps you meet regulations and rules surrounding the protection of personal data, including the General Data Protection Regulation (GDPR) enacted by the European Union. This includes how you manage collection, storage, reporting, logging and tracking of personal data in order to comply with privacy laws.
Definitions – read about the terminology of data protection here.
EventsAir's Data Protection Toolkit is designed as a structured workflow for event organizers to use. This workflow follows the typical path that a planner would use in designing and running an event.
IMPORTANT NOTE: Please note the steps and processes discussed here represent best practices for protecting personal data, but aren’t intended to specify the exact steps and actions you will undertake. You'll need to determine your own internal practices and workflows, and how to apply those practices to your ongoing registration and event management processes.
Identify Users who can be Data Administrators
Some processes in EventsAir should only be completed by an EventsAir user with sufficient knowledge of data regulations, who is trusted to have additional rights above regular users.
There are two significant functions in EventsAir that warrant the granting the special designation of Data Administrator:
- A Data Administrator must be a trusted EventsAir user who is authorized to search for Anonymized Records in the Attendee Panel
- A Data Administrator is able to generate Data Processing Statements in the Contact Locator Tool.
Why are these special? A person can ask for their data to be forgotten (removed). This conflicts with the need to keep financial data for many years. EventsAir includes the ability to Anonymize contacts, which removes any personally identifiable fields. Any user can still see Anonymized records, however only a Data Administrator can still search for a real name from an encrypted storage only available to Data Administrators. This restricts access to the encrypted data and respects the attendee’s request to be forgotten.
The other special function is to create a Data Processing Statement. If an attendee wants to see all personal data stored about them (potentially across multiple events), a Data Processing Statement contains everything. Due to the high sensitivity of the information in this document, it can only be created by Data Administrators, who should follow a documented procedure to verify the identity of the individual requesting this data.
Whenever you add users to EventsAir, you do so in Application Setup: Users. This is where you create new users and assign specific rights within EventsAir.
For any user on your team that is authorized to perform as a Data Administrator, you can check the appropriate box in user setup, as shown in this illustration.
Create Global (Default) Data Processing Consent Policies
Data Processing Consent policies are statements shown to a contact before they submit their personal information to you during event registration or using the Attendee App. These statements describe how you plan to use a contact’s personal data, including:
- Your organization’s contact details
- Your Data Protection Officer’s details
- Your purpose in collecting personal data
- Any third parties that would view or receive personal data (such as hotels or clients)
- How long their personal data will be stored by you
- Any additional information regarding your use of the contact’s personal data
You can also configure default language for:
- Withdrawn Consent Messages
- Attendee App Personal Data policy
- Terms of use for Quick Exports and Quick Reports by third parties
- Email communications for advising third parties about use of personal data
How do contacts see Data Processing Consent Policies?
Whenever you first engage with a contact, such as when they use a registration site or read a marketing email, you can display these default Data Processing Consent Policies, informing them in clear and easy to read language how their personal data will be used by your organization.
You should then ask the contact to agree, or Consent, to having their personal data used for your event management purposes. Alternately, you could also allow them to decline participation, or Withdraw Consent. In this circumstance, you would either remove the contact from your marketing activities or terminate the current registration process.
Default text is not provided since every EventsAir user will develop their own unique Consent Policies appropriate for their organization.
However, Appendix A of this data sheet will list example Consent Policies that you can reference and modify for your organization’s use.
Configure Event-level policies
Once you have defined your global Data Processing Policies, the next step is to add these to any new event you are creating.
Located in Event Setup: System Setup: Data Consent, these policies can simply use the defaults that you defined in Application Setup, or you can edit individual policies as needed to fit the parameters of your specific event.
Identify fields that contain Personal Data
EventsAir, being an event management platform, has many fields that contain personal data. For purposes of managing data privacy of its attendees, fields containing personally identifiable data in the Contact record are recognized as private by default (ie name, email, photo, address, phone, social media, IP Address).
Beyond that, many additional fields in EventsAir have the potential of containing personal data. These fields include:
- Contact User Defined Fields
- Note Types
- Marketing Tags
- Custom Fields
It is a crucial step for event managers to review any additional fields they may have created and marking those fields as containing personal data. This is used by EventsAir to identify these fields for reporting to attendees and when anonymizing or deleting a contact record for data privacy reasons.
The Data Processing Log
An important aspect of managing Data Privacy is to maintain a log of all actions that relate to data privacy.
This includes:
- Attendees providing Consent to providing personal data
- Attendees withdrawing Consent to providing personal data
- Third parties (such as hotel partners or clients) viewing personal data through data reports and exports
- Any occurrence of personal information being exported out of AIR Drive
These details are logged in the Data Processing Log, found in the Contact Record.
The information in the Data Processing Log is also shared with any attendee wishing to know how their personal data was being used in EventsAir. A special report called a Data Processing Statement can be generated and sent to an inquiring party from the Contact Locator Tool.
Log all Personal Data sent to Third Parties
In today’s security conscious landscape, it is critical to know and manage which third-party processors or individuals are accessing personal data contained in EventsAir.
Typically, this could be:
- Hotel partners
- Service providers (like catering or transportation services)
- Clients
- E-commerce Providers
Configure Quick Reports/Exports for secure use
The Data Processing Toolkit provides a way to mark Quick Exports and Reports as Private, meaning only authorized parties are able to receive the exported data.
When you create a Quick Report or Export in EventsAir and enable Web Publishing, you have two options:
- Public – anyone can view a report or export via a web URL - NOT RECOMMENDED
- Private – only nominated parties can receive a report or export via email
Using this process correctly also lets the Data Protection Toolkit track and log every time an authorized third party accesses a Private Quick Report or Export.
Display Data Consent Policies and Capture Consent
A recommended process is to display your data privacy policies during registration (on your registration site) or in an email communication, and then to officially collect either consent or a withdrawal of consent.
This process follows current regulations in place today (such as GDPR), by collecting a formal Consent or Withdrawal of Consent and then logging the details of that acceptance or withdrawal. The process is straightforward and easy to manage.
Interactive Site Builder
In the Interactive Site Builder, you can drag over the Data Processing Consent Component, and then expand the component to edit the heading and label text for the Consent and Withdrawal of Consent options.
A few important notes:
- You can choose to display ONLY the Consent option or show both the Consent and the Withdrawal of Consent.
- If you leave the Withdrawal of Consent option blank, then only the Consent option as a checkbox appears.
- If you place text in both options, then both options will appear as radio buttons.
- If the attendee elects to Withdraw consent, the registration process is ended.
Merge Docs
The process is similar for Merge Docs. Simply drag over the Data Processing Consent Component, and then select the Fields Tab to select which Consent options you wish to display and then edit the heading and label text for the Consent and Withdrawal of Consent options.
Note: Typically, you would collect Consent during online registration. However, if you are importing a list of contacts and emailing them prior to registration, this is a useful option for collecting Consent or Withdrawal of Consent.
Attendee App and OnAIR Visibility
A powerful feature of the Data Protection Toolkit is to allow attendees to Opt In or Opt Out of having their contact details visible in the Attendee App and the OnAIR Virtual Event Portal.
This allows attendees to attend an onsite or virtual event and select how their details are shared:
First Name Plus Initial
Full Details
Their name is displayed in one of these two formats in both the Attendee App and the OnAIR Virtual Event Portal.
Once the attendee logs into the app or the portal, they will be presented the option to select what specific contact details they wish to be shared in any Meeting Hub connection.
Where do you ask for Attendee App Opt-In and Opt-Out?
You can ask for Attendee App Opt In and Opt Out in three places:
- Interactive Sites
- Merge Docs
- In the Attendee App
Can an Attendee change their mind?
Absolutely! It is conceivable that an attendee would initially choose First Name and Last Initial, but when they see the Attendee App in use and how useful it is exchanging contact details, could change their mind and change their status to showing their full name.
Use the Data Protection Widget
The Data Protection Widget provides event planners with a snapshot of their Data Protection status across these categories:
- Data Processing Consent
- Attendee App Visibility
- Compliance
For each category, statistics are displayed, with most of the items having a link that lets yous view attendee details or links to Interactive Sites, Apps, Reports and Exports for easy follow up and checking.
What the symbols mean
For a quick visual reference, each status alert in the Data Protection Widget can display different warning icons:
|
|
Status indicates full compliance and no further action is needed |
|
|
Status is reported and action to be determined by planner |
|
|
Status indicates non compliance and action should be taken |
Data Processing Consent
This section will display two possible status scenarios:
|
|
All contacts have consented to Data Processing |
|
|
This is displayed ONLY when all contact records have consented to |
|
|
1 contact has Withdrawn Data Processing Consent |
|
|
This indicates that one or more contacts have withdrawn consent and the meeting planner needs to follow up and delete or anonymize the contact record |
|
|
4 contacts have not indicated Data Processing Consent |
|
|
This indicates that one or more contacts have not indicated their Consent or Withdrawal of Consent and the meeting planner needs to follow up to obtain a correct status for each record |
It is important to note that the goal for this section is to show ONLY a green indicator. Red Alert indicators will always require further action to resolve the Consent Status.
Clicking on the underlined text will display a list of contacts that you can click on to view the details for each.
Attendee App Visibility
This section will indicate the status of all contacts in event database for Attendee App Visibility (have they opted-in or opted-out of having their contact details shown in the Attendee App). You will see up to three status indicators for this section:
|
|
5 attendees have Opted In (Contact Details Shared) |
|
|
3 attendees have Opted Out (Contact Details hidden) |
|
|
7 attendees have no visibility option recorded |
This section does not show red alerts as this is for informational use only. You can click on the underlined words to view a list of attendees for each category. The Attendee App will automatically ask for Opt-in or Opt-Out the first time it is opened by each attendee.
Compliance
This section displays several different status alerts on Compliance:
|
|
Data Processing Consent Policy Active |
|
|
This is displayed if you have entered Data Processing Consent Policies at the Event level |
|
|
4 Interactive Sites do not include Data Processing Consent |
|
|
This warning lets you know which Interactive Sites are not requesting Data Processing Consent |
|
|
1 Attendee App do not include Attendee App Visibility Consent |
|
|
This warning lets you know which Attendee Apps are not requesting Opt In or Opt Out for Visibility Consent |
|
|
No Public Quick Reports |
|
|
This will display green if no Quick Reports are marked as public, and blue if one or more Quick Reports are marked as public. All public Quick Reports can be viewed by clicking on the underlined text. |
|
|
2 Public Quick Exports |
|
|
This will display green if no Quick Exports are marked as public, and blue if one or more Quick Exports are marked as public. All public Quick Exports can be viewed by clicking on the underlined text. |
Removing and anonymizing Contact Records
Another important function in the Data Protection Toolkit is the ability to Remove and Anonymize Contact Records.
The difference between these two functions is important to review:
- Removing a contact record will completely remove that record from the EventsAir database. EventsAir will only allow a complete deletion of a contact record if there are no outstanding or unresolved financial transactions. It is also a common practice by many meeting planners NEVER to delete any record that has financial transactions present, whether they are fully paid or not.
- Anonymizing a contact record allows you to keep all the non-personal data about an attendee. All the module information (eg hotel booking, function tickets etc) is retained. When you anonymize a record, EventsAir removes all personal fields including name, email, address, photo, social media accounts etc, and all fields marked as “Contains Personal Data”. The contact is renamed Attendee + ID (eg Attendee5632). As all the module information is retained, you can still run statistical reports (eg number of tickets sold) and any list, although anonymized records will appear as “Attendee5632” for example. When a contact is anonymized, their name, email, and phone number are stored in an encrypted field that is only available for Data Administrators to search and only from the Attendee Panel. This is used to access historical financial information which must be kept for many years, while respecting the contact's right to be forgotten.
You can Delete or Anonymize a contact record by selecting the Delete Tool in the Attendee Panel.
IMPORTANT NOTE: Once you Anonymize or Delete a contact record, the process is permanent and cannot be undone.
Advising Third Parties to delete Personal Data
Another powerful function of the Data Protection Toolkit is its ability to monitor all third parties that are accessing personal data from EventsAir. These parties may be hotel partners, service vendors (such as caterers or tour operators), e-commerce providers and individuals such as your clients or other external parties.
Any time a third party accesses a Quick Report or Quick Export that has been marked as private, that instance is logged in the Data Processing Log.
If an attendee requests that you anonymize or delete their contact record in EventsAir, you can optionally choose to notify all third parties that had accessed reports or exports containing that contact’s personal data.
That communication can request that they delete or anonymize any data they have received from EventsAir. These instructions strictly rely on your organizations data privacy processes, and you are able to write the text for this email in Application Setup: Offices: Data Consent.
Managing Inquiries about Personal Data
Many jurisdictions allow attendees and contacts to request information about what personal data you have as well as how long you plan to use their personal data and what third parties are accessing their information.
The Data Protection Toolkit includes a powerful tool called the Contact Locator Tool that allows you to search for attendee records across multiple events and generate a detailed Data Processing Statement to send to the requesting party.
This statement displays:
- Name of the Event
- Data Consent Policies in Effect for that Event
- Personal Data Contained in the Event
- Third Parties that have Accessed their Personal Data
Using the Contact Locator Tool
The Contact Locator Tool is a search option that lets you find contacts by name, phone number, email, contact custom fields and by payment authorization number or invoice number.
You can access the Contact Locator Tool from any screen by selecting the Contact Locator Tool icon in the top right hand corner of EventsAir next to the AIR Drive icon. Simply enter all known name details to search across all of your events.
You can also search using the search filter, which includes options to search by:
- Organization
- Phone
- Contact Custom Fields
- Payment Authorization Number
- Invoice Number
- Event Type (All Events, Past Events or Current Events)
While the tool can be used by any user, only authorized Data Administrators can generate Data Processing Statements as described in the previous section.
Data Administrators can also select contact records to fully delete across multiple events.
CAUTION: It is important to note that the Contact Locator Tool will find every instance of the name you search on. You may see multiple instances returned in the search, and they may not all be the same contact. You should review the results of a Contact Locator Tool search and ONLY select the appropriate records to take further action with. You should also verify the identity of the individual requesting the Data Processing Statement.
Archiving Events
Another important feature of the Data Protection Toolkit is the ability to archive an event once your event has concluded and you have finalized all financial and reporting transactions.
When an event is archived, all attendees are Anonymized and all personal data in the event will be permanently deleted. The attendee’s name, email and phone number is also encrypted, allowing for a record search only by an authorized Data Administrator.
It is good practice to archive an event once you have finished with the event. You can still create statistical reports, clone from an archived event and Data Administrators can search for Attendees in the Attendee Panel to access invoices and financial records.
Searching for an Archived Event
An event that is archived will be removed from the display and search functions in the Event Selection screen, with the exception that you can opt to include an archived event when using the event filter option in the search window.
Please note the following: Once an event is archived, the process cannot be reversed – this is a permanent process
Event archiving is an overnight process. Until archived, the event display will show a gray “Archiving” label. When completed, the event display will show a gray “Archived” label
Appendix A – Sample Data Consent Policies
IMPORTANT NOTE: The following examples are suggestions for Data Consent Policies and should serve only as an example for you to review. You are welcome to use these samples as a starting point for developing and formalizing your own organizations data protection policies and procedures.
Data Processing Consent
|
Introduction |
|
|
Heading |
Why we ask for your consent |
|
Text |
We are committed to protecting the privacy of all personal data you provide us for this event registration. The following statements describe what we are doing with your data, how long we store it so you are fully informed prior to you submitting your personal information for event registration |
|
Identify the contact details of the Data Controller (usually your organization) | |
|
Heading |
Data Controller Contact |
|
Text |
Organization Name and Address
|
|
Contact Details for the Data Protection Officer | |
|
Heading |
Nominated Data Protection Officer |
|
Text |
Name and Title
|
|
Describe the Purpose for Processing Personal Data | |
|
Heading |
Why are we processing your personal data? |
|
Text |
We ask for your personal data to facilitate your registration for this event. |
|
Describe the recipients or categories of recipients who will receive personal data (e.g. exhibitors, hotel partners, service providers and international organizations) | |
|
Heading |
Other third parties that will have access to your personal data |
|
Text |
Your data will be shared with other organizations and third parties in order to process your registration. These will include: Microsoft Azure
|
|
Describe how long personal data will be stored | |
|
Heading |
How long will we store your personal data? |
|
Text |
Your personal data will be retained by us for up to 12 months after the conclusion of this event. |
|
Additional Information (e.g. right to request information, withdraw consent and more) | |
|
Heading |
Personal data about your children |
|
Text |
We ask for your children’s personal data if they are attending this event with you |
|
Heading |
The right to inquire about your personal data |
|
Text |
You retain the right to ask us about your personal data at any time. Please contact us at (email address) with any inquiries you may have. |
|
Heading |
The right to withdraw your consent |
|
Text |
You retain the right to withdraw consent use your personal data at any time. Please be aware that a withdrawal of consent before the start of this event will incur a full event cancelation and cancelation fees as noted in your initial registration. Please contact us at (email address) with any inquiries you may have. |
|
Heading |
The right to forget or anonymize your personal details |
|
Text |
You retain the right to request that we forget or anonymize your personal data. If you have attended any event with us, we will retain any financial, tax or event attendance records for reporting reasons, but will remove all personal data from our database, leaving an “anonymized” record for reporting reasons. |
|
Consent Withdrawn Warning Message | |
|
Heading |
Request to Withdraw Consent |
|
Text |
By withdrawing your consent your registration will not be submitted or processed. Are you sure? |
|
Consent Withdrawn Interactive Site Thank You Page | |
|
Heading |
Your Consent Has Been Withdrawn |
|
Text |
Your contact details have been updated to reflect your withdrawal of consent to process your personal data. Please contact us at (email address) if you wish to change this consent withdrawal. |
Attendee App Visibility
|
Introduction |
|
|
Heading |
Why We Ask to Opt In or Opt Out of Attendee App Visibility |
|
Text |
We are committed to protecting the privacy of all personal data you provide us for this event registration, and this includes your visibility in the Attendee App. You are able to change your Opt In or Opt Out selection at any time directly in the Attendee App. |
|
What Personal Data will be Visible in the Attendee App | |
|
Heading |
Personal Data Visible in the Attendee App |
|
Text |
During the course of this event you can consent to have your personal details shared with other attendees. This includes your photo, name, position, organization, state and country. If you choose to withdraw your consent, you are still able to use the attendee app however your details will not be shown in the attendee search, you will not be able to contribute to the Event Stream and your details will not be available in the dinner table seating option. |
|
Opt Out (Contact Details Hidden) Warning Message | |
|
Heading |
Withdraw Consent |
|
Text |
We respect your right to privacy. Your personal details will not be displayed in the Attendee App and you will not be able to contribute to the EventStream or dinner table allocation. |
Quick Export/Quick Report
|
Terms of Use Heading |
Terms of Use for Using this Data |
|
Terms of Use Text |
All use of this export or report is limited to your business relationship with ABC Meeting Management and for providing services to the 2021 Environmental Impact Summit. You are required to permanently delete all personal data you receive no later than 30 days after the end of the event. If notified to do so, you will also agree to fully delete or Anonymize any personal data immediately on receipt of the notification. |
Advice Email to Third Party Data Processors
|
Email Subject |
Request to Delete Personal Data |
|
Email Body |
Dear Partner, The event attendee indicated in this email has requested that we delete or anonymize their contact record. As an event partner to the 2021 Impact Conference, you have received reports and/or exports of data that contain the personal details of this attendee. Per their instructions, you are also requested to delete all instances of the attendee as indicated below. Thank you for your cooperation! Sincerely,
|