Confetti have always taken privacy very seriously and we’ve been working hard to ensure that we fulfil the GDPR obligations and maintain our transparency about how we use data.
Actions taken by Confetti
- Created a Data Processing Addendum (DPA) which can be made available upon request to firstname.lastname@example.org.
- Added product features to make GDPR compliance easier for our organizers and their attendees (see list below).
- Made sure that all our sub-processors are GDPR compliant and signed Data Processing Addendums with all of them.
- Updated the data security routines for all employees.
New features added to make GDPR compliance easier
- Attendees can export all their data associated with a specific organizer.
- Attendees can request to remove their data associated with a specific event or organizer. The organizer will then have 30 days before the attendee data is removed automatically.
- Organizers can enable to automatically delete all attendee data 30 days after an event's end date.
- Organizers can export all data associated from their Confetti account.
- Organizers can request removal of all of their Confetti account data together with all of their attendees data.
- Organizers can now add their own terms and conditions in addition to the general terms provided by Confetti.
List of Confetti Sub-processors and DPA
Here is a list of all of our sub-processors and information about what they do and where they are located.