Data Protection Agreement: Event Solutions
1. Parties & Purpose
This Agreement is between [Max Events, DBA Event Solutions] (the “Processor”) and [Client (the “Controller”). Its purpose is to ensure that all personal data processed during event registration, management, and execution is handled securely and legally.
2. Scope of Processing
The Processor agrees to handle data only for the following event-related purposes:
- Registration Management: Collecting attendee names, emails, job titles, and dietary preferences.
- Logistics: Managing travel, visa information, and hotel bookings.
- Communications: Sending event updates, ticketing, and post-event surveys.
3. Data Security Measures
The Processor must implement technical and organizational safeguards, including:
- Encryption: Protecting data in transit and at rest.
- Access Control: Limiting data access to authorized personnel only.
- Audit Rights: Allowing the Client to audit systems to verify compliance.
4. Data Breach Protocol
In the event of a security breach, the Processor must notify the Client without undue delay (typically within 48–72 hours). The notification must include the nature of the breach and steps taken to mitigate it.
5. Sub-Processors
The Processor shall not engage third-party vendors (e.g., email platforms or badge printers) without prior written consent from the Client. All sub-processors must be bound by the same data protection standards.
6. Data Subject Rights
The Processor will assist the Client in responding to attendee requests to access, correct, or delete their personal data (“Right to be Forgotten”).
7. Termination & Deletion
Upon completion of the event services, the Processor will securely delete or return all personal data to the Client, unless otherwise required by law.
