GDPR

Data Security is of paramount importance to us, and IO is GDPR compliant.

In terms of what we do with data, we simply hold it, store it and present it to perform the tasks our software does. If you are someone buying tickets from an organiser who uses IO, you can do so safe in the knowledge that we are not doing anything with your data: we don’t share it, we don’t sell it, and we don’t try to claim it as our own.

GDPR aligns with our core philosophy at IO: respect people’s data.

In GDPR terms, for anyone who signs up to our service — event organisers and their teams — we act as a data controller. This means we are responsible for how the data is used, and for getting permission on how we use it.

For anyone who registers a ticket via IO, we are the data processor for their data. Anything we do with this, we do on behalf of our customers, who act as the data controller.

Data processing agreement

You don't need to sign a separate DPA. Our Terms of Service constitute a legally binding GDPR-compliant contract which covers all the bases required by Article 28 of the GDPR.

Data storage

IO's data and operations are located within the EU, in Ireland. All web access is over a secure HTTPS connection.

Your rights

As long as you have an IO account, your data is retained, and we will delete personal data on request by contacting support@io.rsvp.

Our Terms of Service can be found here: https://io.rsvp/terms
Our Privacy Policy can be found here: https://io.rsvp/privacy
Our Security Policy can be found here: https://io.rsvp/privacy#security-policy

Attendee rights

Under GDPR, attendees have rights including access to their data, rectification, erasure, and portability. As the data controller, you are responsible for handling these requests. You can contact us for help processing these requests.

Contact

If you would like to find out more about our data protection policies you can contact us at support@io.rsvp.