Eventleaf Security Guide
The Payment Card Industry (PCI) Data Security Standards (DSS) is a global information security standard designed to prevent fraud by protecting the way credit card data is processed and stored. Organizations that process credit card payments must follow PCI DSS standards.
Eventleaf is certified PCI DSS 3.2 compliant. The service is audited on a regular basis by SecurityMetrics, a PCI qualified auditor. In order to achieve PCI certification, Eventleaf maintains rigorous data security standards to ensure that its customer's credit card information remains safe and secure. Further information is available upon request.
EU-U.S. Data Privacy Framework and UK Extension Commitment
In May 2018, the EU General Data Protection Regulation (GDPR) went into effect. This law requires that Eventleaf and event organizers using the service provide users with details of how their personal data will be processed.
How will Eventleaf use your personal data
Your personal data will be collected and processed by Eventleaf when:
- We have your consent
- It is necessary for use of the Eventleaf site and services
- We are required by law to provide it for legal or regulatory obligations
Transfer of personal data
Eventleaf is a global service provider and your data may be stored outside of the country where it was provided. If your personal data is ever transferred from one of our systems to another, we take steps to ensure that appropriate safeguards are in-place to protect your data. Your data is further protected by our participation in the EU-U.S. DPF, as described above.
Personal data retention
Your personal data is retained as long as necessary to provide you with the ability to use Eventleaf products and services as well as for other important purposes such as resolving transaction disputes and other legal obligations.
Typically your personal data can be deleted immediately, either by managing your account or upon request, barring any pending or recent transactions.
Eventleaf as a data controller
Eventleaf acts as a data controller, per the EU data protection laws, when someone creates an account on Eventleaf.com. For example, if you organizing an event, Eventleaf will be a data controller in regards to your personal data.
Eventleaf as a data processor
Eventleaf acts as a data processor, per the EU data protection laws, in regards to the use and collection of personal data when someone registers for an event and to assist organizers in regards to administering events (e.g. sending invitation emails, reminders, surveys, payment processing, etc). Eventleaf does not control what personal data is collected during the registration process or entered by an organizer, nor does it manage the validity of the collected data.
If you have any questions regarding your personal data related to an event, please contact the event organizer as they are the data controller in this case.
It is your right to request information on what personal data Eventleaf maintains about you as well as to correct or delete your personal data. For assistance, please contact us.
Eventleaf is hosted on the Microsoft Azure platform. Microsoft Azure is PCI DSS 3.1 certified. For more information, visit the Microsoft Trust Center.
Eventleaf encrypts sensitive information such as passwords and credit card numbers using the strong, industry-standard cryptographic protocol, AES-256. Data is maintained in Microsoft Azure and all data communications are encrypted using 256-bit SSL certificates.
Employee Data Access
Eventleaf is developed and maintained by Jolly Technologies Inc, a California-based corporation. All employees must pass rigorous background checks. Employee access to customer data is strictly limited to a need-to-know basis.
If you have any questions or would like more information, please contact us.