Eventify Transfer Impact Assessment Factsheet

Purpose

Eventify has completed Transfer Impact Assessments (TIAs) for relevant data transfers, following GDPR requirements and the updated 2021 Standard Contractual Clauses (SCCs) for EU and non-EU transfers. Eventify’s TIAs include legal evaluations from internal and reputable external advisors. Therefore, full TIAs aren’t shared publicly. This factsheet provides sufficient information to confirm Eventify's positive TIA results, supporting customer obligations regarding supplier oversight.

General Information

  • Service Provider: Eventify powered by Teks Mobile Australia Pty Limited
  • Address: 12 Boyle Street, NSW 2322 , Australia
  • Service Overview: Eventify provides a cloud-based platform for event management, including real-time attendee analytics, engagement, and automation.
  • Privacy Contact: Eventify Privacy Team; compliance@eventify.io

Service Provider Affiliates

Entity Name : Eventify EU & UK ( Teknowledge Software Limited )

Registered Office : International House, 12 Constance Street, London, United Kingdom, E16 2DQ 

Role: Operation & Support

-----------------

Entity Name :  Eventify Australia ( Teks Mobile Australia Pty Limited )

Registered Office : 12 Boyle Street, NSW 2322 , Australia

Role: Operation & Support

-----------------

Entity Name :  Eventify India ( Teknowledge Software )

Registered Office : 54/1 Rafi Ahmed Kidwai Road. Kolkata 700016

Role: Support

-----------------

Scope of Processing

Eventify processes the following data types and categories as directed by the customer:

  • Processing Purpose: Eventify’s solutions monitor and improve event experience by collecting and analyzing attendee data.
  • Personal Data Categories: Identifiers, login data, user roles, IP addresses, device usage stats, and other fields such as name and contact information.
  • Special Data Categories: None.
  • Data Subjects: Attendees and end-users of the customer.

Data Transfers

Eventify utilizes cloud hosting services across multiple regions, allowing customers to select data storage regions. Eventify Support and Operations Teams may access customer data solely for support purposes, following stringent access control measures, including MFA and IP whitelisting. Data access is logged, justified, and time-bound.

Eventify works with selected sub-processors, each aligned with strict security and compliance standards, to enhance service delivery.

Regulatory Framework

Eventify evaluated the following laws for data transfer compliance per Clause 14 of the SCCs:

  • Australia: Telecommunications (Interception and Access) Act 1979 (TIA Act), Privacy Act 1988 (Cth), Surveillance Legislation Amendment (Identify and Disrupt) Act 2021.
  • United Kingdom: Data Protection Act 2018 (DPA 2018), Investigatory Powers Act 2016 (IPA), Security Services Act 1989.
  • India: Information Technology Act, 2000, and related rules.

Some foreign regulations may permit governmental data access requests, which Eventify addresses through robust technical measures to secure customer data and structured legal procedures to challenge access demands.

Transfer Mechanisms

Eventify adheres to the EU Commission’s adequacy decisions and the updated SCCs for international transfers. Along with legal and operational safeguards, these practices ensure GDPR-aligned protection across all transfer destinations.

Previous Access Requests

To date, Eventify has not received any data access requests from government authorities. Eventify’s Transparency Report is accessible for customer review.

Government Access Procedure

If Eventify receives a disclosure request, it follows an ISO 27701-certified protocol to challenge the request or redirect it to the customer, ensuring the utmost protection for customer data.

Supplementary Measures

Eventify’s Information Security Addendum outlines ISO 27001-2022 compliant security practices. These include encryption (AES-256 for data at rest and TLS 1.2+ for data in transit), multi-layered access controls, and regular SOC 2 Type II audits. Detailed security reports are available under NDA.

Summary

Eventify’s data practices and protections meet GDPR and SCC requirements. Following Schrems II, Eventify ensures that all security measures, legal standards, and access protocols apply uniformly to all data transfers, securing customer data globally.