Organiser Data Access Policy
This Organiser Data Access Policy ("Policy") explains how Organisers may access and use personal data belonging to Traders through the Evnto platform, and the obligations that come with that access. It forms part of the agreement between Evnto and all Organisers and should be read alongside the Terms of Service and Privacy Policy.
Contents
1 Who controls Trader data
All personal data held on the Evnto platform — including data provided by Traders and Organisers — is collected and controlled by Evnto. Evnto is the data controller for all personal data processed through the Service, as described in the Privacy Policy.
Organisers do not own or control Trader data. When an Organiser views Trader information through the platform, they are being granted a limited, purpose-specific right of access to data that remains under Evnto's control at all times. This access is provided as a feature of the Service to enable Organisers to manage their events effectively.
2 What data Organisers can access
When a Trader applies to one of your Events, you will be able to view the following information about that Trader through your Organiser dashboard:
- Full name and business or trading name
- Contact details (email address, phone number)
- Business address
- Profile photo or logo
- Business description and product or service categories
- Compliance documents uploaded by the Trader (such as public liability insurance certificates and food hygiene certificates)
- Application details and any questionnaire responses submitted for your Event
- Trade agreement acceptance records
You will only be able to access data for Traders who have applied to your Events. You will not have access to data relating to Traders who have not applied to your Events, or to data from other Organisers' events.
3 How Organisers may use Trader data
Access to Trader data through the platform is granted solely for the purpose of managing your Events. Permitted uses include:
- reviewing and assessing Trader applications to your Events;
- communicating with Traders about their applications, bookings or event logistics;
- verifying compliance documents as part of your event management obligations; and
- generating and sending invoices to Traders through the platform's invoicing tool.
4 How Organisers must not use Trader data
As a condition of your access to Trader data, you must not:
- use Trader data for any purpose other than managing your Evnto events;
- copy, export, store or otherwise retain Trader personal data outside the Evnto platform, except where this is strictly necessary for your own event administration and you have a lawful basis to do so;
- share Trader data with any third party without a lawful basis and, where required, the Trader's explicit consent;
- use Trader contact details to send unsolicited marketing communications;
- use Trader data to discriminate unlawfully against any individual; or
- attempt to circumvent any access controls or data protections built into the platform.
5 Organiser obligations under data protection law
While Evnto is the data controller for Trader data held on the platform, Organisers who access that data through the Service should be aware of their own responsibilities where they retain or further process Trader information outside of the platform.
If you export or otherwise handle Trader personal data outside the Evnto platform (for example, maintaining your own attendance records or contact lists), you become an independent data controller for that data and are solely responsible for ensuring your use complies with the UK GDPR and the Data Protection Act 2018. This includes:
- having a lawful basis for that processing;
- providing Traders with appropriate privacy information about any additional processing you carry out; and
- keeping any data you hold securely and only for as long as necessary.
Evnto accepts no responsibility for how Organisers handle Trader data outside the platform.
6 Data subject rights
Traders have rights under UK GDPR to access, correct or request deletion of their personal data. These rights are exercised against Evnto as data controller, not against individual Organisers.
Organisers have read-only access to Trader data through the platform. You cannot edit or delete Trader personal data — this is by design, and ensures that data subject rights can only be exercised through Evnto as the data controller. You may export a limited subset of Trader data through the platform's reporting and export features (such as trader lists for your events), solely for the purpose of managing those events. Any data exported in this way must be handled in accordance with section 5 of this Policy.
If a Trader contacts you directly to exercise a data subject right (for example, requesting that you delete their information), you must direct them to contact Evnto at support@evnto.co.uk. You should not attempt to action such requests yourself within the platform, and if you hold any exported Trader data you are responsible for handling requests in relation to that data as an independent controller.
Where you hold Trader data outside the platform (see section 5), you are responsible for handling data subject requests in relation to that data in your capacity as an independent controller.
7 Security
Evnto implements appropriate technical and organisational measures to protect Trader data within the platform. As an Organiser, you are responsible for maintaining the security of your own account, including:
- keeping your login credentials secure and not sharing them;
- ensuring that any team members added to your account only have access appropriate to their role; and
- notifying Evnto immediately at support@evnto.co.uk if you suspect your account has been compromised.
8 Breach reporting
If you become aware of or suspect any unauthorised access to, disclosure of, or misuse of Trader data — whether through the platform or as a result of data you hold outside it — you must notify Evnto without delay at support@evnto.co.uk.
Where you are an independent controller for Trader data held outside the platform and a breach occurs, you are responsible for assessing your own notification obligations to the ICO and affected individuals under UK GDPR.
9 Termination and data access
When your Organiser account is closed or terminated, your access to Trader data through the platform ends immediately. Evnto will retain personal data for 12 months following closure or termination before anonymising it, in accordance with the Privacy Policy.
You are not entitled to a copy or export of Trader data held within the platform on termination of your account. If you require records for your own legal or accounting purposes, you should maintain these independently during the period of your use of the Service.
10 Governing law
This Policy is governed by and construed in accordance with the laws of England and Wales. Any disputes arising out of or in connection with it shall be subject to the exclusive jurisdiction of the courts of England and Wales.
11 Contact
For any questions about this Policy or data protection matters, please contact us: