Eventmaster is a ticketing,
fundraising and membership platform, powering some of Ireland’s largest events, charities and sporting
national governing bodies.
The company registration number is 489410 and our address is Unit 27, Tait Business Centre, Dominic
Street, Limerick V94YN60. Eventmaster is the owner of www.eventmaster.ie and we are committed to
protecting your privacy and processing your personal data in accordance with the Data Protection Act
(DPA) 1998 up to 24 May 2018 and the General Data Protection Regulation (GDPR) on and from 25 May 2018
(Data Protection Legislation).
This policy explains how any information we collect about you is used and kept securely. It also
explains your privacy choices when using our website/services as well as your right to access your
information under Data Protection Legislation. Our Privacy Notice has been designed with you in mind.
How the notice applies to you will depend on the way in which you interact with us. If you visit a
website operated by a third party through a link included on this Website, your information might be
used differently by the operator of the linked website.
- Definitions and Interpretation
Data Processer: Eventmaster acts as the data processor for our ticketing,
membership, and fundraising products.
Data Controller: The person(s)/Organisation providing the service you
For example, this could be an event organiser, charity, or membership provider.
- What Information We Have & Where We Get It
When you create an account, or use any of our ticketing, fundraising or membership services,
we will collect your information which depending on service we are providing, may include
your contact and billing information.
When you use our platform services and website, we collect information such as the
browser and device you're using, your IP address, your location, the site you came from,
what you did and didn't use our site for, or the site you visit when you leave us. (See
When you use a social media feature within our website or apps, and you post to social media
platforms, the social media site will provide us with some information about you.
In the few instances where we collect personal information from children, we always seek
parental consent and will only ever collect such information for the purposes specified when
we collect it.
- The type of personal data being processed
All online payments and order forms for the provision of services regarding ticketing,
fundraising and membership. These may include details such as name, email address and other
information as directed by the data controller.
Emails used for Newsletters sent via Eventmaster.
Payment Details for all orders
Permit applications – Details collected for the purpose of providing a permit for an event.
This includes the event information and personal details of the permit applicant/event
Any documents uploaded to the platform as required by the data controller.
- The categories of data subjects whose personal data is being processed
Members, Membership Administration Users, Permit Applicants, Event Organisers, Ticket
Holders, Website visitors, Donors, Fundraisers and Charity Administration Users and any
other account holder within the platform.
- How We Use Your Information & Why
For the performance of our contract with you
We use your information when you enter into a contract with us (for example to buy
membership, make a donation, buy a ticket or register for a sporting event) so we can:
process your order
take payment, and
provide you with customer support.
- For our legitimate business interests
To conduct market research and analysis which helps improve and customise our services.
For our marketing purposes (where consent is given).
To send you customer service emails including booking confirmations and event reminders.
To ensure the security of your and Data Controller operations.
To create an account allowing you to
View/Edit your bookings and events
.Manage your Memberships
Manage your Fundraising/Benefactor Page
Right Of Access
Right To Be Forgotten
- Where you’ve given your consent
For Eventmaster to contact you with information or offers regarding our upcoming events – we
ask your permission during event registration.
You can also opt in by managing your preferences in the ‘My Account’ section of your
Eventmaster account or via external opt in links where applicable.
- Who We Share Your Data With & Why
Our third-party service providers such as cloud computing providers who provide the IT
infrastructure on which our products and systems are built.
As a data processor, we share your information with the data controllers of the specific
events/services that you have registered for so that they can fulfil your order and provide
service. The data controller may then send you marketing or other communications, which may
number, you may receive information messages related to the service in which you’ve
expressed interest. Data controllers such as event organisers and membership providers can
create registration pages to collect virtually any information from Consumers in connection
with registration for their services. Eventmaster does not control this process nor the
Personal Data that they collect. When you register for, or otherwise provide information to
Eventmaster in conjunction with a Data controller’s event or service, whether that
information is yours or a third party’s, in connection with a purchase, registration, or
transfer, that data controller will receive and may use the information you provide. Any
transmission of information or data is at your own risk.
- Your Choices & Rights
Right to Opt-out of Marketing Communications - To stop receiving our marketing emails
you can login to you manage my booking account and choose to “Unsubscribe” in the GDPR
section or by clicking on the unsubscribe button in email newsletters sent via Eventmaster
To remove all your data from Eventmaster services you can login to your account and choose
the “Right To Be Forgotten” in the GDPR section.
To see any personnel data that we have collected for you, login to your manage my
booking account and chose the "Right Of Access"
Right to restriction of processing - You have a right to request that we refrain from
processing your data where you contest its accuracy, or the processing is unlawful and you
have opposed its erasure, or where we do not need to hold your data any longer but you need
us to in order to establish, exercise or defend any legal claims, or we are in dispute about
the legality of our processing your personal data.
Right to Portability - You have a right to receive any personal data that you have
provided to us in order to transfer it onto another data controller where the processing is
based on consent and is carried out by automated means. This is called a data portability
Right to Object - You have a right to object to our processing your personal data where the
basis of the processing is our legitimate interests including but not limited to direct
marketing and profiling.
Right to Withdraw Consent - You have the right to withdraw your consent for the processing
of your personal data where the processing is based on consent.
Right of Complaint - You also have the right to lodge a complaint about any aspect of how we
are handling your data with the
- Data retention period
We will hold information in our data systems only for as long as we need it for the purpose
for which we collected it, which is as follows:
As long as you continue to log into your Eventmaster account or use our services
(including entering events, making purchases or renewing memberships for
example) we will retain and process information about you. In such cases, you will
be considered to be an ‘active’ customer. If you have not been ‘active’ as a
customer for a period of three years, your account will be deactivated, and the data
removed unless otherwise instructed by the data controller of the services you have
To remove all your data from Eventmaster services you can login to your account and choose
the “Right To Be Forgotten” in the GDPR section. However, we may retain Personal Data for an
additional period as is permitted or required under applicable laws for legal, tax or
regulatory reasons or for legitimate and lawful business purposes.
- IP addresses and cookies
We may collect information about your computer, including where available your IP address,
operating system, and browser type, for system administration and to report aggregate
information. This is statistical data about our users' browsing actions and patterns and
does not identify any individual. For the same reason, we may obtain information about your
general internet usage by using a cookie file which is stored on the hard drive of your
computer. Cookies contain information that is transferred to your computer's hard drive.
In addition to the above we use third party cookies and pixels to advertise our products and
services across the internet (for example via Google Ads, Facebook, Instagram and TikTok and
other services). This will display relevant adverts tailored to you based on what events or
webpages you have viewed in Eventmaster by placing a cookie on your machine. This does not
in any way identify you or give access to your computer. These cookies and pixels allow us
to tailor our marketing to better suit your needs and only display adverts that are relevant
You may refuse to accept cookies by activating the setting on your browser which allows
you to refuse the setting of cookies. Unless you have adjusted your browser setting so that
we have no control.
- Email Communications
We allow Data Controllers to use our email tools to contact Consumers for their current and
past events/services, so you may receive emails from our system that originate with such
users that we send on their behalf. If you registered for an event or service, your email
address is available to that data controller. However, data controllers may also import the
email addresses they have from external sources and send communications through to those
email addresses, via Eventmaster. The Data Controller and not Eventmaster is responsible for
sending these emails.
You can unsubscribe from communications sent on behalf of particular data controllers and/or
Eventmaster at any time via the ‘unsubscribe’ option within the newsletter or in the GDPR
preference settings within your account.
- Protecting your information
The data that we collect from you may be transferred to a destination external to
Eventmaster’s own secure network. We will not transfer your data outside of the European
Economic Area. By submitting your personal data, you agree to this transfer, storing or
processing. We will take all reasonable steps to ensure that your data is treated securely
for communication and therefore we cannot guarantee the security of any information you send
to us over the Internet. We use up-to-date industry procedures to protect your personal
Your data will be securely stored on a company owned server based in Dublin and on a secure
data centre and all data is protected with SSL encryption, multi-level password protection
and advanced firewall security.
Physical security is handled by our data centre provider. All data in the system is
transmitted using SSL encryptions. The site is manned by security guards 24x7 and full CCTV
and all available physical security and availability safeguards are in place
All data controllers or platform users with access to personal information are required
to use two-factor authentication when logging in to their account as well as using encrypted
passwords for any downloaded reports where applicable.
We are not responsible for the actions of data controllers, or their counterparts with
respect to your Personal Data. It is important that you review the applicable policies of
the Data Controller before providing Personal Data or other information in connection with
the product or service they are providing.
- Eventmaster Data Processing Agreement for Data Controllers:
This Data Processing Agreement (“Agreement“) forms part of the Contract for
Services (“Principal Agreement“) between Data Controllers (the “Company”) and
Eventmaster (the “Data Processor”) (together as the “Parties”).
The Company acts as a Data Controller.
The Company wishes to subcontract certain Services, which imply the processing of personal
data, to the Data Processor (Eventmaster).
The Parties seek to implement a data processing agreement that complies with the
requirements of the current legal framework in relation to data processing and with the
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on
the protection of natural persons with regard to the processing of personal data and on the
free movement of such data, and repealing Directive 95/46/EC (General Data Protection
The Parties wish to lay down their rights and obligations.
- IT IS AGREED AS FOLLOWS:
Definitions and Interpretation
For the purposes of this policy, “The Company” refers to any person(s)/organisation that is
using the Eventmaster platform for provision of data processing, in the areas of ticketing,
fundraising and/or membership.
Unless otherwise defined herein, capitalized terms and expressions used in this Agreement
shall have the following meaning:
“Agreement” means this Data Processing Agreement and all Schedules;
“Company Personal Data” means any Personal Data Processed by a Contracted Processor on
behalf of Company pursuant to or in connection with the Principal Agreement;
“Contracted Processor” means a Subprocessor;
“Data Protection Laws” means EU Data Protection Laws and, to the extent applicable, the data
protection or privacy laws of any other country;
“EEA” means the European Economic Area;
“EU Data Protection Laws” means EU Directive 95/46/EC, as transposed into domestic
legislation of each Member State and as amended, replaced or superseded from time to time,
including by the GDPR and laws implementing or supplementing the GDPR;
“GDPR” means EU General Data Protection Regulation 2016/679;
“Data Transfer” means:
a transfer of Company Personal Data from the Company to a Contracted Processor; or
an onward transfer of Company Personal Data from a Contracted Processor to a
Subcontracted Processor, or between two establishments of a Contracted Processor, in
each case, where such transfer would be prohibited by Data Protection Laws (or by
the terms of data transfer agreements put in place to address the data transfer
restrictions of Data Protection Laws);
“Subprocessor” means any person appointed by or on behalf of Processor to process Personal
Data on behalf of the Company in connection with the Agreement.
The terms, “Commission”, “Controller”, “Data Subject”, “Member State”, “Personal Data”,
“Personal Data Breach”, “Processing” and “Supervisory Authority” shall have the same meaning
as in the GDPR, and their cognate terms shall be construed accordingly.
- Processing of Company Personal Data
comply with all applicable Data Protection Laws in the Processing of Company
Personal Data; and
not Process Company Personal Data other than on the relevant Company’s documented
The Company instructs Processor to process Company Personal Data.
- Processor Personnel
Processor shall take reasonable steps to ensure the reliability of any employee, agent or contractor
of any Contracted Processor who may have access to the Company Personal Data, ensuring in each case
that access is strictly limited to those individuals who need to know / access the relevant Company
Personal Data, as strictly necessary for the purposes of the Principal Agreement, and to comply with
Applicable Laws in the context of that individual’s duties to the Contracted Processor, ensuring
that all such individuals are subject to confidentiality undertakings or professional or statutory
obligations of confidentiality.
Taking into account the state of the art, the costs of implementation and the nature, scope,
context and purposes of Processing as well as the risk of varying likelihood and severity
for the rights and freedoms of natural persons, Processor shall in relation to the Company
Personal Data implement appropriate technical and organizational measures to ensure a level
of security appropriate to that risk, including, as appropriate, the measures referred to in
Article 32(1) of the GDPR.
In assessing the appropriate level of security, Processor shall take account in particular
of the risks that are presented by Processing, in particular from a Personal Data Breach.
- Sub processing
Processor shall not appoint (or disclose any Company Personal Data to) any Sub processor
unless required or authorized by the Company.
Any sub-processors engaged by the processor are subject to the same data protection
obligations as the processor and that the processor remains directly liable to the
controller for the performance of a sub-processor’s data protection obligations;
- Data Subject Rights
Taking into account the nature of the Processing, Processor shall assist the Company by
implementing appropriate technical and organisational measures, insofar as this is possible,
for the fulfilment of the Company obligations, as reasonably understood by Company, to
respond to requests to exercise Data Subject rights under the Data Protection Laws.
Promptly notify Company if it receives a request from a Data Subject under any Data
Protection Law in respect of Company Personal Data; and
ensure that it does not respond to that request except on the documented
instructions of Company or as required by Applicable Laws to which the Processor is
subject, in which case Processor shall to the extent permitted by Applicable Laws
inform Company of that legal requirement before the Contracted Processor responds to
- Personal Data Breach
Processor shall notify Company without undue delay upon Processor becoming aware of a
Personal Data Breach affecting Company Personal Data, providing Company with sufficient
information to allow the Company to meet any obligations to report or inform Data Subjects
of the Personal Data Breach under the Data Protection Laws.
Processor shall co-operate with the Company and take reasonable commercial steps as are
directed by Company to assist in the investigation, mitigation and remediation of each such
Personal Data Breach.
- Data Protection Impact Assessment and Prior Consultation Processor shall provide
reasonable assistance to the Company with any data protection impact assessments, and prior
consultations with Supervising Authorities or other competent data privacy authorities, which
Company reasonably considers to be required by article 35 or 36 of the GDPR or equivalent provisions
of any other Data Protection Law, in each case solely in relation to Processing of Company Personal
Data by, and taking into account the nature of the Processing and information available to, the
- Deletion or return of Company Personal Data
The Processor shall promptly and in any event within 10 business days of the date of
cessation of any Services involving the Processing of Company Personal Data (the “Cessation
Date”), delete and procure the deletion of all copies of those Company Personal Data.
- Audit rights
Subject to this section 10, Processor shall make available to the Company on request all
information necessary to demonstrate compliance with this Agreement, and shall allow for and
contribute to audits, including inspections, by the Company or an auditor mandated by the
Company in relation to the Processing of the Company Personal Data by the Contracted
Information and audit rights of the Company only arise under section 10.1 to the extent that
the Agreement does not otherwise give them information and audit rights meeting the relevant
requirements of Data Protection Law.
- Data Transfer
The Processor may not transfer or authorize the transfer of Data to countries outside the EU
and/or the European Economic Area (EEA) without the prior written consent of the Company. If
personal data processed under this Agreement is transferred from a country within the
European Economic Area to a country outside the European Economic Area, the Parties shall
ensure that the personal data are adequately protected. To achieve this, the Parties shall,
unless agreed otherwise, rely on EU approved standard contractual clauses for the transfer
of personal data.
- General Terms
Confidentiality. Each Party must keep this Agreement and information it receives about the
other Party and its business in connection with this Agreement (“Confidential Information”)
confidential and must not use or disclose that Confidential Information without the prior
written consent of the other Party except to the extent that:
disclosure is required by law;
the relevant information is already in the public domain.
Notices. All notices and communications given under this Agreement must be in writing and
will be delivered personally, sent by post or sent by email to the address or email address
set out in the heading of this Agreement at such other address as notified from time to time
by the Parties changing address.
- Governing Law and Jurisdiction
This Agreement is governed by the laws of the Republic of Ireland.
If you wish to contact us about your personal data or exercise any of the rights described above, please contact: firstname.lastname@example.org