Last Updated: [Month Day, 2026]
1. Definitions
For the purposes of this DPA:
Controller
The customer or event organizer who determines the purposes and means of processing personal data.
Processor
Plexevent, which processes personal data on behalf of the Controller.
Personal Data
Any information relating to an identified or identifiable individual.
Processing
Any operation performed on personal data, including collection, storage, transmission, or deletion.
2. Scope of Processing
Plexevent provides software infrastructure that allows customers to manage event-related information.
Processing activities may include:
- storing guest lists
- sending invitations
- managing RSVP responses
- recording poll responses
- collecting Q&A questions
- managing event interaction data
Processing occurs only to provide the Plexevent platform services.
3. Categories of Personal Data
The personal data processed may include:
Guest Data:
- name
- email address
- phone number (optional)
User Account Data:
- name
- email address
- company name (optional)
- phone number (optional)
Event Interaction Data:
- RSVP responses
- poll answers
- Q&A submissions
Technical Data:
- IP address
- device information
- session data
4. Categories of Data Subjects
Personal data processed through Plexevent may relate to:
- event organizers
- event participants
- invited guests
- platform users
5. Instructions from the Controller
Plexevent processes personal data only:
- to provide the Plexevent platform
- according to customer instructions
- in accordance with the Terms of Service
Customers are responsible for ensuring they have a lawful basis for collecting and processing guest data.
6. Security Measures
Plexevent implements appropriate technical and organizational measures to protect personal data.
Security measures may include:
- encrypted HTTPS connections
- password hashing
- role-based access control
- server infrastructure security
- database backups
- restricted administrative access
These measures aim to protect personal data against:
- unauthorized access
- loss
- alteration
- disclosure
7. Confidentiality
Plexevent personnel who may access personal data are subject to confidentiality obligations.
Access to personal data is limited to personnel who require it to operate or support the platform.
8. Subprocessors
Plexevent may use trusted third-party service providers ("Subprocessors") to operate the platform.
These may include providers for:
Infrastructure Hosting
- AWS (Amazon Web Services)
- Hostinger
Email Services
- Hostinger Email Hosting
Payment Processing
- Stripe
Analytics
- Google Analytics
- Meta Pixel
- Hotjar or Microsoft Clarity
These providers process data according to their own privacy policies and applicable data protection laws.
A current list of subprocessors may be published on the Plexevent website.
9. International Data Transfers
Where personal data is transferred outside the European Economic Area (EEA), Plexevent ensures appropriate safeguards are applied in accordance with GDPR requirements.
Such safeguards may include standard contractual clauses or equivalent protections.
10. Data Subject Rights
Plexevent will assist customers in responding to requests from individuals exercising their rights under GDPR, including:
- access to personal data
- correction of inaccurate data
- deletion requests
- data portability requests
- processing restrictions
Customers remain responsible for responding to such requests.
11. Data Breach Notification
If Plexevent becomes aware of a personal data breach affecting customer data, Plexevent will notify the customer without undue delay.
Notification will include relevant information necessary to investigate and address the incident.
12. Data Retention and Deletion
Personal data is retained only as long as necessary to provide the Plexevent service.
Inactive accounts may be deleted after 365 days of inactivity.
Following account cancellation:
- data export may be available for 1 day
- data may then be permanently deleted from active systems
13. Audits
Customers may request reasonable information demonstrating Plexevent's compliance with this DPA.
Requests must not interfere with the normal operation of the platform.
14. Governing Law
This DPA shall be governed by the laws of the Republic of Cyprus.
15. Relationship to Terms of Service
This Data Processing Addendum forms part of the Plexevent Terms of Service.
If there is any conflict between this DPA and the Terms, this DPA shall prevail regarding data protection matters.
