This article describes what Confetti has done to satisfy the requirements of GDPR.

Jonny Strömberg avatar
Written by Jonny Strömberg
Updated over a week ago

Confetti have always taken privacy very seriously and we’ve been working hard to ensure that we fulfil the General Data Protection Regulation (GDPR) obligations and maintain our transparency about how we use data. 

Actions taken by Confetti

  • Updated our privacy policy documents in collaboration with Synch Law to comply with the new GDPR regulations.

  • Created a Data Processing Addendum (DPA).

  • Added product features to make GDPR compliance easier for our organizers and their attendees (see list below).

  • Made sure that all our sub-processors are GDPR compliant and signed Data Processing Addendums with all of them.

  • Updated the data security routines for all employees.

New features added to make GDPR compliance easier

  • Attendees can export all their data associated with a specific organizer.

  • Attendees can request to remove their data associated with a specific event or organizer. The organizer will then have 30 days before the attendee data is removed automatically.

  • Organizers can enable to automatically delete all attendee data 30 days after an event's end date.

  • Organizers can export all data associated from their Confetti account. 

  • Organizers can request removal of all of their Confetti account data together with all of their attendees data.

  • Require all attendees to agree to Terms of Service & Privacy policy.

  • Updated the way we store the terms & privacy policy consent from attendees. 

  • Organizers can now add their own terms and conditions in addition to the general terms provided by Confetti.

List of Confetti Sub-processors and DPA

Here is a list of all sub-processors.

Did this answer your question?