As of November 5, 2025, our Data Processing Agreement has been modified and updated.
For the Old Data Processing Agreement (May 24, 2018 to November 5, 2025), click here.
This GDPR Data Processing Agreement Addendum forms part of the Terms of Use: available here. The purpose of this DPA is to reflect the parties’ agreement with regard to the processing of personal data in accordance with the requirements of Data Protection Legislation as defined below. Without limiting Event Temple’s obligations under the Terms of Use, to the extent that Licensee stores, transmits, collects, or otherwise uses EU Personal Data (as defined below) Event Temple will comply with the following additional provisions. As used herein, “Agreement” means, collectively, the Terms of Use, this Addenda, and any other agreements entered into by the parties with respect to Licensee’s use of the Event Temple Platform.
To the extent that Event Temple Processes any Customer Personal Data (each as defined below) and (i) the Customer Personal Data relates to individuals located in the EEA; or (ii) Customer is established in the EEA or UK, the provisions of this Data Processing Addendum (“DPA”) shall apply to the processing of such Customer Personal Data. In the event of any conflict between the remainder of the Agreement and the DPA, the DPA will prevail.
1. Definitions
1.1. The following capitalized terms used in this DPA shall be defined as follows:
(a) “Controller” has the meaning given in the GDPR.
(b) “Data Protection Laws” means the EU General Data Protection Regulation 2016/679 (“GDPR“) or the UK General Data Protection Regulation (“UK GDPR”), tailored by the Data Protection Act 2018, any applicable national implementing legislation in each case as amended, replaced or superseded from time to time, and all applicable legislation protecting the fundamental rights and freedoms of persons and their right to privacy with regard to the Processing of Customer Personal Data.
(c) “Data Subject” has the meaning given in the GDPR.
(d) “European Economic Area” or “EEA” means the Member States of the European Union together with Iceland, Norway, and Liechtenstein.
(e) “Processing” has the meaning given in the GDPR, and “Process” will be interpreted accordingly.
(f) “Processor” has the meaning given in the GDPR.
(g) “Security Incident” means any confirmed accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, any Customer Personal Data.
(h) “Standard Contractual Clauses” means the Standard Contractual Clauses (processors) approved by European Commission Decision (EU) 2021/914 of 4 June 2021 or any subsequent version thereof released by the European Commission (which will automatically apply).
The Standard Contractual Clauses are applicable to the extent they reference Module Two (Controller-to-Processor).
When (i) the Customer Personal Data relates to individuals located in the UK; or (ii) Customer is established in the UK, the parties agree to the Mandatory Clauses of the Approved Addendum, being the template Addendum B.1.0 issued by the ICO and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under Section18 of those Mandatory Clauses.
(i) “Subprocessor” means any Processor engaged by Event Temple who agrees to receive from Event Temple Customer Personal Data.
(j) “Customer Personal Data” means the “personal data” (as defined in the GDPR) described in the Annex and any other personal data contained in the Content or that Event Temple processes on Customer’s behalf in connection with the provision of the Service.
(k) “Supervisory Authority” has the meaning given in the GDPR.
(l) “United Kingdom” or “UK” means the country of the United Kingdom.
2. Data Processing
2.1. The Parties acknowledge and agree that for the purpose of the Data Protection Laws, the Customer is the Controller and Event Temple is the Processor.
2.2 Instructions for Data Processing. Event Temple will only Process Customer Personal Data in accordance with Customer’s written instructions. The parties acknowledge and agree that the Agreement (subject to any changes to the Service agreed between the parties) and this DPA shall be Customer’s complete and final instructions to Event Temple in relation to the processing of Customer Personal Data.
2.3. Processing outside the scope of this DPA or the Agreement will require prior written agreement between Customer and Event Temple on additional instructions for Processing.
2.4. Required consents. Where required by applicable Data Protection Laws, Customer will ensure that it has obtained/will obtain all necessary consents and complies with all applicable requirements under Data Protection Laws for the Processing of Customer Personal Data by Event Temple in accordance with the Agreement.
3. Transfer of Personal Data
3.1. Authorized Subprocessors. Customer agrees that Event Temple may use Subprocessors listed to Process Customer Personal Data. The current list of Subprocessors may be accessed here: SCHEDULE 1 – APPROVED SUB-PROCESSORS
3.2. As per Clause 9(a), Module 2, OPTION 2 of the Standard Contractual Clauses, Customer agrees that Event Temple may use subcontractors to fulfill its contractual obligations under the Agreement. Event Temple shall notify Customer from time to time of the identity of any Subprocessors engaged. If Customer (acting reasonably) objects to a new Subprocessor on grounds related to the protection of Customer Personal Data only, then without prejudice to any right to terminate the Agreement, Customer may request that Event Temple move the Customer Personal Data to another Subprocessor and Event Temple shall, within a reasonable time following receipt of such request, use reasonable endeavors to ensure that the original Subprocessor does not Process any of the Customer Personal Data. If it is not reasonably possible to use another Subprocessor, and Customer continues to object for a legitimate reason, either party may terminate the Agreement on thirty (30) days written notice. If Customer does not object within thirty (30) days of receipt of the notice, Customer is deemed to have accepted the new Subprocessor.
3.3. Save as set out in clauses 3.1 and 3.2, Event Temple shall not permit, allow or otherwise facilitate Subprocessors to Process Customer Personal Data without Customer’s prior written consent and unless Event Temple:
(a) enters into a written agreement with the Subprocessor which imposes equivalent obligations on the Subprocessor with regard to their Processing of Customer Personal Data, as are imposed on Event Temple under this DPA; and
(b) shall at all times remain responsible for compliance with its obligations under the DPA and will be liable to Customer for the acts and omissions of any Subprocessor as if they were Event Temple’s acts and omissions.
3.4 International Transfers of Customer Personal Data
To the extent that the Processing of Customer Personal Data by Event Temple involves the transfer of such Customer Personal Data to a third country outside the European Economic Area (EEA) that does not have an adequacy decision under Article 45 of the GDPR, such transfer shall be:
(a) to a country or territory that the European Commission has determined ensures an adequate level of protection for the rights and freedoms of data subjects; or
(b) to a recipient that is a member of a compliance framework recognised by the European Commission as providing adequate protection; or
(c) governed by the European Commission’s Standard Contractual Clauses for the transfer of personal data to third countries adopted on 4 June 2021, applying:
- Module Two (Controller to Processor) for transfers from the Customer (as data exporter) to Event Temple (as data importer); and
- Module Three (Processor to Processor) for onward transfers from Event Temple to sub-processors in third countries without an adequacy decision.
Event Temple shall ensure that any sub-processor it engages in such a third country enters into the applicable Module of the Standard Contractual Clauses with Event Temple.
The Customer acknowledges and agrees that Customer Personal Data may be processed by Sub-processors outside the European Economic Area or the country where the Customer is located in order to carry out the Services and Event Temple’s other obligations under the Terms of Use. Wherever Personal Data is transferred outside its country of origin, each party will ensure such transfers are made in compliance with the requirements of Data Protection Laws.
4. Data Security, Audits, and Security Notifications
4.1 Event Temple Security Obligations. Event Temple will implement and maintain appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including the measures referred to in Article 32(1) of the GDPR, taking into account the nature of the processing and the risks to the rights and freedoms of natural persons. The current Technical and Organizational Measures (TOMS) can be accessed here.
4.2 Upon Customer’s reasonable request, Event Temple will make available all information reasonably necessary to demonstrate compliance with this DPA.
4.3 Security Incident Notification.If Event Temple becomes aware of a Security Incident, Event Temple will (a) notify Customer without undue delay and, in any event, within 72 hours after becoming aware of the Security Incident, and (b) investigate the Security Incident and provide Customer (and any law enforcement or regulatory official) with assistance as required to investigate and address the Security Incident.
4.4 Event Temple Employees and Personnel. Event Temple will treat the Customer Personal Data as confidential, and shall ensure that any employees or other personnel have agreed in writing to protect the confidentiality and security of Customer Personal Data.
4.5 Audits. Event Temple will, upon Customer’s reasonable request and at Customer’s expense, allow for and contribute to audits, including inspections, conducted by Customer (or a third party auditor on Customer’s behalf and mandated by Customer) provided (i) such audits or inspections are not conducted more than once per year (unless requested by a Supervisory Authority); (ii) are conducted only during business hours; (iii) are conducted in a manner that causes minimal disruption to Event Temple’s operations and business; and (iv) Following completion of the audit, upon request, Customer will promptly provide Event Temple with a complete copy of the results of that audit.
5. Access Requests and Data Subject Rights
5.1 Data Subject Rights. Where applicable, and taking into account the nature of the Processing, Event Temple will use reasonable endeavors to assist Customer by implementing appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of Customer’s obligation to respond to requests for exercising Data Subject rights laid down in the Data Protection Laws.
6. Data Protection Impact Assessment and Prior Consultation
6.1 To the extent required under applicable Data Protection Laws, Event Temple will provide Customer with reasonably requested information regarding its Service to enable Customer to carry out data protection impact assessments or prior consultations with any Supervisory Authority, in each case solely in relation to Processing of Customer Personal Data and taking into account the nature of the Processing and information available to Event Temple.
7. Termination
7.1 Deletion or return of data. Subject to 7.2 below, Event Temple will, at Customer’s election and within 90 (ninety) days of the date of termination of the Agreement:
(a) make available for retrieval all Customer Personal Data Processed by Event Temple (and delete all other copies of Customer Personal Data Processed by Event Temple following such retrieval); or
(b) delete the Customer Personal Data Processed by us.
7.2 Event Temple and its Subprocessors may retain Customer Personal Data to the extent required by applicable laws and only to the extent and for such period as required by applicable laws and always provided that Event Temple ensures the confidentiality of all such Customer Personal Data and shall ensure that such Customer Personal Data is only Processed as necessary for the purpose(s) specified in the applicable laws requiring its storage and for no other purpose.
8. Governing law
8.1 This Data Processing Agreement shall be governed by and construed in accordance with the same laws as specified in the governing law clause of the main Agreement between the parties, to which this DPA is supplementary.
9. Conflict
Except as amended by this DPA, the Terms of Use will remain in full force and effect. If there is a conflict between the Terms of Use and this DPA, the terms of this DPA will control.
10. Changes to the Terms of Use and the Service
Event Temple reserves the right to update this DPA from time to time, at our discretion and without notice. Each new version will be made available on our Website and it is your responsibility to regularly check our Website for new versions. Your continued use of the Services following the publishing of an updated DPA means that you accept and agree to the changes.
Annex
Details of the Processing of Customer Personal Data
This Annex includes certain details of the processing of Customer Personal Data as required by Article 28(3) of the GDPR.
Subject matter and duration of the Processing of Customer Personal Data
The subject matter and duration of the Processing of the Customer Personal Data are set out in the Agreement and this DPA.
The nature and purpose of the Processing of Customer Personal Data
The Customer Personal Data will be subject to the following basic processing activities: transmitting, collecting, storing and analyzing data in order to provide the Service to the Customer, and any other activities related to the provision of the Service or specified in the Agreement.
The types of Customer Personal Data to be processed
The Customer Personal Data concern the following categories of data: names; email addresses; personal and professional information; and any other personal data provided by the Customer in connection with its use of the Service.
The categories of data subject to whom the Customer Personal Data relates
Any categories of individuals whose data the Customer extracts, transfers, and/or loads onto the Service, which may include but is not limited to:
- Past, present and prospective clients, business relationship contacts, and outside contacts of the Customer.
The obligations and rights of the Customer
The obligations and rights of the Customer are as set out in this DPA.
