πŸ”‘ GDPR, data & access

GDPR

Let's Get Digital is fully GDPR compliant. The privacy statement can be found on: https://www.eventinsight.io/en/privacy-policy. All the data is only saved strictly within the European Union. All data is removed from our servers within 3 months after the event. If an event manager wishes to remove this data earlier, this is also possible.

Overview all data

This section gives a short overview of the type of data which can be saved into the Let's Get Digital environment.

Users

By default email-address + first/last name is used, but this can be extended by any custom fields.

Custom fields which are enabled by default and can be completed by the user: - User image - Company name / company role - Phonenumber - Description - Birth date - Gender - LinkedIN Profile Note: Birthdate & Gender input can be turned off. Example's of fields which can be enabled: - Favourite meal - Political interest - Address - Twitter Profile Note: Event managers can choose the privacy settings of the users and users, themselves, can decide which other users they will share their data with. If two people make connections with each other within the platform, then their information will be shared between them.

Presentations

During virtual presentations the presenter can use different materials for their presentation: - Audio/Video input - Powerpoint presentations or other PDF's - Youtube video's or MP4 files - Files If the presenter(s) choose so, the aforementioned material will be shared with others users who are present in the given room. Event managers can limit the room-access of different users to ensure that only the right, or appropriate users may access a given room.

The presentations can be recorded by the event manager or speaker. The recordings can be downloaded later by the event manager(s). It's also possible that event managers choose to activate the Video On Demand module, which enables all users to access the recordings after the event.

One2One Video chats

One2One video chats are possible within the platform and cannot be recorded within the platform.

Note: A One2One video chat can be recorded by the user themselves, if the user has video recording software on her/his computer.

Access

The Let's Get Digital platform recognizes 3 types of users; Administrators, Hosts and Users. This section describes the rights of each usertype and how they log in.

Administrators

Administrators can control the whole system. They choose who gets access, which content the event consists of, and can see the activity of users within the platform. There is only one exception to this - the content of the private one-to-one chats. This content is not shared with the event manager(s). Administrators can control the whole system. The choose who gets access, which content the event has and can litterly see everything what is beeing done in the platform. There is only 1 exception on this one; the content of the private one-to-one chats. This content is not beeing shared.

Administrators get access by using a hashed password.

Users

Users can't control any content in the system and can only have access to data that the administrator(s) have given them access to. Users can share data which eachother if they make a mutual connection.

Users get access by an accesslink which is sent at a specified time pre-event. This accesslink can theoretically be shared with other people, but only one person at a given time can enter the Lets Get Digital platform using this information.

Hosts

Hosts have the same rights as Users. However, they additionally have speaker rights in their respective presentation rooms. This means that they are allowed to upload their presentations/start recordings, etc.

Hosts have the same access method to the platform as Users.

Technical / organizationale measures

All EventInsight servers are located in the Netherlands. All our software is in-house, and only our own employees can access it. If they want to access it, access is always given for a maximum of 24 hours and we keep track of who has been there at what time (Logging).

All our systems communicate through a secure connection.

Our apps use certificate pinning and certificate chain validation to prevent other third parties from acting as EventInsight.

Our software is designed using the by design principle. Apart from human adjustments, the privacy of the software is therefore guaranteed.

Our platform is daily exposed to hackers via the Hacker1 platform. The moment our system contains a data breach and this is detected by one of the hackers of Hacker1, we are aware of this without abuse.

Our employees get access to the data of a specific event per 24 hours and only when this is necessary to help our events with the correct functioning of the application.

Our data is stored strictly separated per event. At the moment of a leak, this is limited to a single event.

All data will be rendered unusable within three months after the event. This means that all data is overwritten and made anonymous, so that it cannot be traced back in any way, neither for EventInsight employees, nor for the organization of events, nor for external parties.

We have a firewall on the entire system. From the outside, only port 80/443 is accessible.

Subcontractors

We use the following subcontractors:

Name

Service

SambaLive

In platform webinar Software

TransIP

Hosting

Digital Ocean

Hosting

Daily.co

One-To-One Video chatting

Firebase

Messaging

What for information do the subcontractors receive?

SambaLive receive the first and last name of the users. Daily.co and Firebase don't receive any personal data of the users at all.

All personal data is stored at TransIP and Digital Ocean in server located in the Netherlands. The servers are only accesible by Let's Get Digital.

​