How EVENTORY Lab e.U. uses data

This page was last updated on 27 February 2023.

Privacy Policy

Who we are:

EVENTORY Lab is a strategic design and development lab working to making participatory approaches the norm in the way events and communities are designed. We work with several actors who are, in turn, working to further the SDGs. We run this website - https://www.eventorylab.com/.

This privacy policy applies to EVENTORY Lab, a company registered at Bauernfeldgasse 4/5/4, 1190 Vienna, Austria.

At EVENTORY Lab, we want every individual to know what personal data we collect, why we are collecting it, and for you to know what we do with it. We firmly believe in the right for every individual as a data subject to know how their personal data is being used by a data controller such as EVENTORY Lab, so please get familiar with our Privacy Policy and if you have any questions at all you can reach out to contact@eventorylab.com

This Privacy Policy is divided into sections based on the way you are interacting with EVENTORY Lab. You are a Site Visitor, or Partner. Please determine what type of user you are and we have explained what information we collect, how we use it, how we store it, and how we may share that information. All of our practices are compliant with the General Data Protection Regulation (GDPR) which is a legal framework that sets guidelines for the collection and processing of personal information for individuals that live in the UK & European Union.  

To find out more about your rights, you can find useful information under the website of the Austrian Data Protection Authority (Datenschütz Behörde) here.

User Type:

  • Site Visitor: You are a site visitor when you visit and interact with our web sites, web pages, and content on eventorylab.com.

  • Attendees: You attended one of the events that EVENTORY Lab consulted on designing or were a member of a community for which EVENTORY Lab was providing consultancy services.

  • Partner: You are an existing Partner once you have engaged with EVENTORY Lab in a contract.

Principles:

Firstly, we want to make you aware of six principles for which all personal data must be processed according to Article 5 of the GDPR. These principles outline what any company that has a digital presence need to keep accountable towards:

  1. Lawfulness, fairness, and transparency: Obey the law, only process personal data in a way that people would reasonably expect, and always be open about your data protection practices.

  2. Purpose limitation: You must normally only process personal data for the specific reason you collected it and nothing else.

  3. Data minimization: don't process any more data than you need.

  4. Accuracy: Make sure that any personal data you hold is adequate and accurate.

  5. Storage limitation: Don't store personal data for longer than you need to.

  6. Integrity and confidentiality: Always process personal data securely.

These principles build the foundation for why data is being collected and all of the data that DML is collecting has to fall in line with one of these six principles.

Site Visitor

What data we collect

We use Squarespace analytics and it collects the following personal information about visitors to our website https://www.eventorylab.com/

  • IP address (first two bytes)

  • Timestamp of visit

  • Amount of visits

  • Country of visit

  • Page views by source

  • Referrer

  • Operating system

  • Browsers

  • Device type

  • Paths

We share this information with Squarespace, our website analytics provider, to learn about site traffic and activity.

Why we collect website data

Our website analytics allows us to see how people are using our sites and improve their experience. We also run cookies on our website.

Where website data is processed and stored

We use an analytics software run through Squarespace.

When you submit information to this website via webform, we collect the data requested in the webform in order to track and respond to your submissions. We share this information with Squarespace, our online hosting provider, so that they can provide website services to us. We also share this information with Google Cloud for storage.

Opt-out of collection

You can opt out of our analytics by turning on Do Not Track in your browser. Find out how to do this for Google Chrome, Firefox, Safari, Internet Explorer and Microsoft Edge. If you do not opt-out, clicking any link on our website is taken as implied consent to our analytics run through Squarespace on your device, unless you have disabled them in your browser as described above.

Third-party services

We also use third-party services to host and deliver website content. You can find out more about each of these services below:

Partners

What data we collect

We may collect the following information about our potential and existing clients:

  • Name

  • Company

Why we collect this data

We may process your personal data because it is necessary for the performance of a contract, or to take steps at your request prior to entering into a contract (for example, to enter into grant agreements with you).

Testimonials may be used on our website for promotional purposes.

How long we keep this data

We keep information about potential clients for 2 years from last contact, and information about existing clients for 5 years from last contact.

Where data about potential and existing partners is processed

We use the following services to store and process this data:

  • Google Workplace, including Gmail and Drive

    • Our servers for google are in the EU

  • Dropbox for archive file storage

  • Our workspace on Slack

  • Notion

Attendees

One of our main services is providing consultancy on the process design for highly participatory event formats.

We do not organise these events, and the T&C as well as the Privacy Policy of the event organisers regulates the collection of your data and information.

However, depending on the agreement with our partners, we might receive the following information about event attendees:

Attendee Registration

  • Full name

  • Telephone number

  • Email address

  • Job title and Company

During or after the event

  • Video and audio of the event (audio or video)

  • Quotes

  • Feedback

What data we collect

Depending on the type of contract, we are also responsible for the invitation management or event evaluation through a survey. We always run our surveys through Typeform.

Invitation management:

Through our invitation management, we collect the following data:

  • Full name

  • Telephone number

  • Email address

  • Job title and Company

Event evaluation:

Through our surveys, we collect the following data after the event:

  • Video and audio of the event (audio or video)

  • Quotes

  • Feedback

Why we collect this data

If we are responsible for organising the attendee management (invitation) for an event organised by one of our clients, we collect attendee information to send the event invitation, provide help should there be any issues joining the event and to reach out for feedback.

We may use comments we receive in the event itself to promote on the “Past Projects” Section of our website. In the case of an online event, all Attendees are told that the event will be recorded prior to the event starting.

We collect feedback to improve these events for Attendees as well as to give visibility to our work.

How long we keep Attendee data

Attendee Registration data is deleted after 4 years after the event.

Videos of the events and the feedback we receive is kept indefinitely unless we are asked to remove it.

Where Attendee is processed and stored

All Attendee data is stored on Google Drive and is only accessed by EVENTORY Lab team members.

We may use feedback materials like quotes, photos, audio or video clips, in presentations to clients. We will only do this if we have consent from Attendees. We may connect this information to Attendees’ names, but only if explicitly and directly allowed to do so by the attendee (in writing).

Sometimes we may publish quotes from the events we design. We only do this if we have specific consent from the Attendee. We will only publish audio, photos and video from an event if an Attendee has given consent.

Third-party services

We also use third-party services to plan, deliver and host event content. You can find out more about each of these services below:

  • Typeform Privacy Policy

Opt Out Option

Attendees are able to withdraw their information at any time. To do this, write to contact@eventorylab.com

Keeping data secure

We carefully choose our services and tools at EVENTORY Lab. It’s important that they follow good security practices, like HTTPS, two-factor authentication and the ability to set a strong password.

When a new team member joins EVENTORY Lab, we explain best practices for keeping their devices secure, maintaining the security of their online accounts and working outside our offices.

Data breaches

In the event of an unlawful data breach of this website’s database or the database(s) of any of our third-party data processors, it will be assessed and if appropriate reported to any and all affected persons and relevant authorities without undue delay, and if feasible, within 72 hours of the discovery of the breach.

Reviewing how we use data and changes to the Privacy Policy

Every year, we review our documentation of the data we handle and third party services we use. This helps us continuously improve our processes and hold ourselves to account. This process will help us to make sure our Privacy Policy is up to date with our latest discoveries!

This Privacy Policy is subject to change and may be updated by EVENTORY Lab, at its sole discretion, from time to time. We will notify you of any changes by posting the new policy on the Website and/or by any other method of notice we see fit, including by email. Please do review this Privacy Policy periodically for any changes.

Your rights and getting in touch

The Data Protection Act 2000 provides Data Subjects with the following rights:

  • Right to Secrecy (Sect.1 para. 1 DSG)

  • Right to Information to (Art. 13 and 14 GDPR)

  • Right of access (Art. 15 GDPR)

  • Right to rectification (Art. 16 GDPR)

  • Right to erasure (Art. 17 GDPR)

  • Right to restriction of processing (Art. 18 GDPR)

  • Right to data portability (Art. 20 GDPR)

  • Right to object (Art. 21 GDPR)

  • Right not to be subject to automated individual decision-making(Art. 22 GDPR)

You can find more information on the Austrian Data Protection Authority’s Website.

Credits

Thanks to Dark Matter Labs for publishing their Privacy Policy which we were able to fork and add to.