Whilst our Privacy/Terms covers all aspects of GDPR we wanted to provide a clear document detailing the 12 points of GDPR.

For the purposes of this document SERVICE means EventsTag/CrowdReactive Ltd. WE means the company providing the SERVICE as per point 12.

EventsTag's data is stored in the European Union, in situations where it is transferred and stored in the USA sub-processors are on the certified EU-US Privacy Shield framework.


We use a number of sub-processors all of which have confirmed their GDPR compliance or intention to be compliant by 25 May 2018. Each sub-processor is listed in our privacy policy, but for clarity we have included the current list of sub-processors.

Sub-processor: SendGrid | Office Location: USA | Purpose: Email Notifications

Sub-processor: Twilio | Location: USA | Purpose: SMS/MMS Notifications

Sub-processor: Amazon | Office Location: USA | Purpose: Hosting Provider

Sub-processor: Xero | Office Location: USA | Purpose: Accounting Software

Sub-processor: Mailchimp | Office Location: USA | Purpose: Newsletter Marketing

Sub-processor: Google Analytics | Office Location: USA | Purpose: Website usage tracking

1. Awareness

Our employees, responsible for infrastructure, software development and support are fully aware of the concepts and principles of GDPR.

2. Information we hold

2.1 Customer Data (our users)

  • Email address and name
  • Event Details
  • Payment details - held by our payment processor: Xero

2.1 User Data (the users of our products)

This can change on a case-by-case basis but our basic product collects the following information

  • Email address
  • Phone number

This data is kept for the minimum amount of time possible before being deleted from our system (mostly within 8 weeks, depending on needs). It is only used for the purposes for which the user has given consent. We cannot use the data or pass it on to anyone without the explicit consent from the user.

3. Communicating Privacy Information

Our privacy and terms are clearly communicated on our website .

4. Individual's rights

  • the right to be informed; we clearly inform our customers how we use their data via our clear Privacy Policy and messaging on our products.
  • the right of access; our customers can access all of their data through our web application.
  • the right to rectification; our customers may Contact Us with any rectification queries.
  • the right to erasure; our customers may Contact Us with any erasure queries.
  • the right to restrict processing; our customers have the right, under certain circumstances, to restrict the processing of their data. In this case, we will not process their data for any purpose other than storing it.
  • the right to data portability; our customers may Contact Us to request a copy of their data in a common format.
  • the right to object; our customers may Contact Us with any objections.
  • the right not to be subject to automated decision-making including profiling; we don't do this and have no plans to do this.

5. subject access requests

We reply to all access requests within 4 weeks (the legal limit from GDPR is 1 month).

All access requests are free of charge.

6. Lawful basis for processing personal data

User Content is the lawful basis for any processing.

7. Consent

7.1 Our customers

Consent is provided by our customers when signing up for the service and logged by us.

7.2 Users of our products

Consent is provided by our users when using the products.

8. children

8.1 Our customers

This service is not available to Children (under the age of 16). Our product is strictly B2B (business-to-business)

8.2 Our users

Photos and data of under 16s will only be processed with the express consent of their parent or guardian.

9. Data breaches

You can read more on our security here .

We will notify customers and the relevant supervisory authority within 24 hours of a breach.

10. Data Protection by Design and Data Protection Impact Assessments

Security and Data Privacy always comes first when implementing new features, our Data Protection Officer is in involved at every stage of development.

11. Data protection officers

For the purposes of EventsTag/CrowdReactive Ltd and related services our Data Protection Officer is:

Ollie Harridge



12. International

We operate and are established in the UK (England), our supervisory authority is the ICO (Information Commisioner's Office) based in the UK.

Address: 103 Gaunt Street, London, SE1 6DP, United Kingdom

Company No: 08504555 (registered in England & Wales)

Companies using EventsTag's platform and handling European user data may need to sign a Data Processing Agreement (DPA). If we need this from you then we notify you via email or phone.

Let's talk

Have an idea? Or want us to come up with one? Get in touch and we’ll help you imagine the possibilities.

Thank you! Your message has been received and we will be in touch shortly.
Oops! Something went wrong while submitting your message. Please check your details and try again.