Effective Date: 16th August 2025

1. Introduction

EventNX LLC (“EventNX”, “we”, “our”, or “us”) provides a software-as-a-service platform that enables event organizers to manage event registrations, facilitate social sharing, and execute marketing campaigns.

We are committed to processing personal data in compliance with applicable data protection laws, including the EU General Data Protection Regulation (EU GDPR) and the UK General Data Protection Regulation (UK GDPR), along with other applicable privacy laws.

This Privacy Policy explains how personal data is collected, used, disclosed, and safeguarded when individuals access our website, use our platform, or interact with event registration pages and campaigns powered by EventNX. This Policy applies to event organizers (“Clients”) and individuals who register for or engage with events (“End Users”).

2. Scope and Roles of Processing

EventNX acts as either a Data Controller or a Data Processor depending on the context of processing.

EventNX acts as a Data Controller when processing personal data for its own business purposes, including account management, service delivery, analytics, marketing, and security. In this role, EventNX determines the purposes and means of processing in accordance with Article 4 of the GDPR.

EventNX acts as a Data Processor when processing personal data on behalf of event organizers in connection with event registrations, invitations, referral programs, and attendee engagement activities. In such cases, the event organizer is the Data Controller and is responsible for determining the lawful basis of processing and ensuring compliance with applicable data protection laws.

EventNX processes personal data only on documented instructions from the Data Controller and does not use such data for its own independent purposes unless required by law. EventNX shall not be held liable for any breach of privacy policies or agreements of the event organizer unless it is caused by violation of this Policy or the Data Processing Agreement made by EventNX.

3. Categories and Sources of Personal Data

EventNX collects personal data directly from users, automatically through system interactions, and from third parties where applicable and authorized by the user. When you use your social account in connection with the Services, you and/or the Social Partner are in control of the personal information which is released to us.

Data provided directly by users or received from their social media accounts, may include identifiers such as name, email address, phone number, company name, job title, and event-related details. Technical data is collected automatically and may include IP address, device identifiers, browser type, operating system, and usage patterns.

Personal data may also be received from event organizers or integrated third-party services, such as CRM systems or social media platforms, where users have authorized such sharing.

EventNX does not collect special categories of personal data (as defined under Article 9 GDPR) as part of its standard operations. Where such data is processed for specific events, it is done solely under the instructions of the Data Controller, who is responsible for establishing a lawful basis under Articles 6 and 9 GDPR.

4. Purposes of Processing and Legal Bases

EventNX processes personal data in accordance with the lawful bases defined under Article 6 of the GDPR.

Processing is carried out where necessary for the performance of a contract, including providing access to the platform, managing user accounts, and facilitating event registrations and social media marketing. Processing is also carried out on the basis of legitimate interests, such as improving platform functionality, ensuring system security, preventing fraud, and analyzing usage, provided that such interests are not overridden by the rights and freedoms of individuals.

Where required, EventNX relies on consent, particularly for sending marketing communications and placing non-essential cookies. Individuals have the right to withdraw consent at any time.

Processing may also be necessary to comply with legal obligations, including responding to lawful requests from regulatory authorities.

When acting as a Data Processor, EventNX processes personal data solely in accordance with the lawful basis determined by the Data Controller.

5. Processor Obligations (Article 28 GDPR Compliance):

When acting as a Data Processor, EventNX complies with the obligations set out under Article 28 of the GDPR.

EventNX processes personal data only on documented instructions from the Data Controller unless required to do so by law. EventNX ensures that all personnel authorized to process personal data are subject to confidentiality obligations.

EventNX implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 GDPR. EventNX assists Data Controllers, where reasonably required, in fulfilling their obligations related to data subject rights, data protection impact assessments, and breach notifications under Articles 33 and 34 GDPR.

EventNX may engage sub-processors to support service delivery and ensures that such sub-processors are subject to contractual obligations consistent with GDPR requirements. EventNX remains responsible for the performance of its sub-processors.

6. Data Sharing and Disclosure

EventNX shares personal data only where necessary to provide its Services or comply with legal obligations. This includes sharing with service providers such as cloud hosting providers, analytics services, and communication platforms, all of whom are contractually bound to process personal data in accordance with applicable laws.

If you're concerned about the personal details a Social Partner shares with us, you should check out the privacy settings on their site or look over the privacy policy for the social account you're using to sign up through our Services. EventNX can't be held accountable for what a Social Partner does or doesn't do, or if they don't follow their own privacy rules or the law.

Personal data collected through event registrations is shared with the relevant event organizer, who acts as the Data Controller for that data.

EventNX may disclose personal data where required by law, legal process, or to protect the rights, safety, and security of EventNX or others.

EventNX does not sell or share personal data for cross-context behavioral advertising purposes.

7. International Data Transfers (EU and UK GDPR)

Personal data may be transferred outside the European Economic Area (EEA) and the United Kingdom. Where such transfers occur, EventNX ensures that appropriate safeguards are in place in accordance with Chapter V of the GDPR.

These safeguards may include the use of Standard Contractual Clauses (SCCs) approved by the European Commission and the UK Information Commissioner’s Office (ICO), as well as supplementary measures where required.

8. Data Retention

EventNX retains personal data only for as long as necessary to fulfill the purposes for which it was collected, including providing services, complying with legal obligations, and resolving disputes.

When acting as a Data Processor, EventNX retains and deletes personal data in accordance with the instructions of the Data Controller. Upon termination of services, EventNX will delete or return personal data unless retention is required by law.

9. Data Security

EventNX implements appropriate technical and organizational measures in accordance with Article 32 GDPR. These measures include encryption of data in transit and at rest, role-based access controls, authentication mechanisms, secure infrastructure, and continuous monitoring for vulnerabilities.

EventNX follows industry best practices and aligns its security program with recognized standards such as SOC 2 and ISO 27001 frameworks where applicable. Despite these safeguards, no system can guarantee absolute security.

10. Data Subject Rights (EU and UK GDPR)

Individuals located in the EEA or the United Kingdom have specific rights under applicable data protection laws. These include the right to access personal data, request rectification of inaccurate data, request erasure of personal data, restrict processing, object to processing (including for direct marketing), and request data portability.

Individuals also have the right to withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.

Requests to exercise these rights may be submitted to [email protected]. EventNX will verify the identity of the requester and respond within one month, as required under GDPR, subject to permitted extensions.

Where EventNX acts as a Data Processor, requests may be forwarded to the relevant Data Controller.

Individuals also have the right to lodge a complaint with a supervisory authority in their country of residence, place of work, or place of alleged infringement. For UK users, this includes the Information Commissioner’s Office (ICO).

11. California Privacy Rights

California residents have rights under the CCPA/CPRA, including the right to access, correct, or delete personal data and to opt out of the sale or sharing of personal data. EventNX does not sell or share personal data as defined under these laws.

12. Third-Party Services

The platform may include integrations with third-party services. These services operate independently and are governed by their own privacy policies. EventNX is not responsible for their practices.

13. Cookies On The Website

EventNX services are not intended for individuals under the age of 16, and EventNX does not knowingly collect personal data from children.

14. Limitation of Liability

To the fullest extent permitted by law, EventNX disclaims liability for the actions or omissions of event organizers, including their handling of personal data and compliance obligations. EventNX processes personal data strictly in accordance with controller instructions when acting as a processor.

EventNX shall not be liable for indirect, incidental, or consequential damages, or for unauthorized access to personal data that occurs despite reasonable safeguards. The limitations of liability set forth in this section shall not apply to the extent that any of the following are directly attributable to EventNX: (i) a breach of confidentiality; (ii) gross negligence or willful misconduct; or (iii) any regulatory fines or penalties imposed on the Client resulting from a security breach of the EventNX platform.

15. Changes to This Privacy Policy

EventNX may update this Privacy Policy from time to time. Updated versions will be posted with a revised effective date, and material changes will be communicated as required by law.

16. Contact Information:

EventNX LLC

2055 Limestone Road

Wilmington, DE 19808, USA

[email protected]