Our teams worked hard to ensure we comply with GDPR. We took all necessary measures to do the best things for you and your fans while still letting us move fast, scale and build great products on your behalf.
Please see below the main things we did to ensure we prepared ourselves to meet GDPR obligations:
We built new features
Our teams built the necessary features to enable our customers to easily meet their GDPR obligations.
We built a feature to isolate individual fan data in our system to handle a requests (i.e information, rectification or deletion). The tool also gives us the possibilities to anonymize data if the fan wishes to. This is an important part of the GDPR regulation, also referred to as “the right to be forgotten”. Any fan requests can be forward to our privacy customer service team at email@example.com.
By using the Paylogic system, fan data is securely stored and made available via the Paylogic Client-portal. This information can be adjusted by the client and automatically deleted after a specific amount of time. If you have more questions about (for example) the removal of data, please read the FAQ below or feel free to contact our Client Success Team.
We updated our Data Processing Agreements
Paylogic is the Processor and the event organizers are the Controllers, speaking in GDPR terms. Strong data protection commitments are a key part of GDPR’s requirements. Our updated Data Processing Agreement shares our privacy commitments and set out the terms for Paylogic and you to meet GDPR requirements.
We coordinated with our partners and suppliers
We’re reviewing all our partners and suppliers, finding out about their GDPR plans and arranging similar GDPR-ready (sub-)Data Processing Agreements with them.
We’ve revised our security measures and protocols
Paylogic guarantees that, in accordance with the applicable privacy laws and guidelines from the competent authority, a data breach procedure is in place to adequately assess any (possible) data breaches to personal data. In the case of a data breach, Paylogic will inform the Organizer and - under certain stipulated conditions set by the GDPR - the competent authority and/or fans. This is the case when the breach contains a high risk to the data subject’s fundamental rights to privacy.