Help Center

Eventbrite & Canada Data Protection

Eventbrite takes data privacy and security very seriously. We take steps to make sure that we comply with our data privacy law obligations under Canadian federal and provincial privacy laws, and our goal is to make it easy for our Organizers to comply with their respective obligations. At Eventbrite, we have tailored our data privacy program in light of the requirements under Canadian data privacy law. Here are a few highlights.

In this article

1. Eventbrite's processing obligations.
2. A Data Processing Addendum for Organizers and Sub-Processors.
3. Email Tools.
4. Individual Rights.
5. Data Incident Notifications.
6. Cross-border Transfers.
7. How does Eventbrite secure personal information?
8. What else is Eventbrite doing as a result of Canadian data privacy laws?
Additional data privacy information.

TIP: To learn more about Eventbrite's Legal Terms, take a look here.

PRO TIP: We may translate this information into other languages for your convenience. If there is a conflict between the English version and a translated version, the English version will control.

NOTE: Capitalized terms in this article are defined in our Terms of Service.

1. Eventbrite's processing obligations.

Eventbrite is subject to Canadian federal and provincial data privacy laws with respect to various personal information collection and processing activities. These arise in the course of providing Services to Organizers, managing direct relationships with account-holding Consumers, and processing the personal information of non-account-holding Consumers, including those in which:

An Organizer creates an account with Eventbrite to organize and ticket events and provides us with personal information about him or herself as part of the account creation process;
A Consumer provides Eventbrite with personal information in the course of creating an account;
Eventbrite obtains personal information in the course of an Organizer’s or Consumer's use of our Services, which we may then use, for example, to conduct research and analysis, improve our products and features, and provide targeted recommendations; or
Eventbrite obtains a Consumer’s personal information as a result of providing its core ticketing services to our Organizers. For example, we may process Consumers’ personal information on behalf of Organizers to allow Organizers to learn more about their attendees during the ticket purchase, facilitate the transmission of emails to Consumers at the request of the Organizer, process payments, or provide event reports and tools so Organizers can gain insights into the effectiveness of various sales channels.

2. A Data Processing Addendum for Organizers and Sub-Processors.

When Eventbrite processes personal information on behalf of the Organizer, Eventbrite will be subject to a Data Processing Addendum to our Terms of Service with our Organizer. Our Data Processing Addendum (DPA) for Organizers, incorporated in our Terms of Service, includes Eventbrite's legal obligations as a processor consistent with Canadian data privacy law.

Eventbrite also published a public facing list of Eventbrite's Sub-Processors as referenced in the DPA for Organizers.

3. Email Tools.

We offer the ability for Organizers to email Consumers directly through our platform. This functionality was built to send service related emails specific to an Organizer's event attended by the recipient of such email. If an Organizer wants to use this function for marketing its products or events, the Organizer needs to secure its own compliant consents or ensure that it has the right to send marketing emails to individuals. Eventbrite does not do this on an Organizer's behalf.

4. Individual Rights.

Eventbrite will honor account-holding Consumers’ requests with respect to the processing of their personal information, consistent with applicable law. For instance, account-holding Consumers can request access to their personal information that we process. They can also ask us to correct such personal information.

Access. Eventbrite will honor an account-holding Consumer’s request that Eventbrite confirm the existence of the processing of the Consumer’s personal information, if applicable, and grant the Consumer access to that information, consistent with applicable law. You can request your personal data in the Personal Data section of your Eventbrite account.
Correction. Eventbrite will honor a Consumer’s request that Eventbrite correct or delete the Consumer’s inaccurate or incomplete personal information that we process, consistent with applicable law. You can update your personal data in the Contact Info section of your Eventbrite account.

For more information on how individuals can request to access, update, or correct their personal information, please see Eventbrite's Privacy Policy.

5. Data Incident Notifications.

In cases in which personal information of Organizers, or of Consumers who have created an Eventbrite account in the course of a ticket purchase, are impacted by a data security incident requiring notification to affected individuals, we will notify the affected individuals directly, rather than notifying the Organizer of each event associated with an affected Consumer.

In cases in which Eventbrite processes the personal information of a Consumer who purchased tickets on Eventbrite without creating an account with Eventbrite directly, we will notify the Organizer(s) we determine to be most likely in contact with that Consumer whose personal information has been impacted by a data security incident requiring notification.

6. Cross-border Transfers.

Eventbrite physically stores personal information in the United States, and we take legally required steps to make sure that appropriate safeguards are in place to protect individuals’ personal information in the course of cross-border transfers to our U.S.-based servers. Please refer to Eventbrite's Privacy Policy. for additional information regarding cross-border transfers.

7. How does Eventbrite secure personal information?

Eventbrite is committed to protecting personal information. In this effort, Eventbrite has implemented and continues to monitor a range of security measures. You can find out more about the security and privacy measures Eventbrite has implemented in the "Eventbrite Security and Safety Guide," available at www.eventbrite.ca/security.

8. What else is Eventbrite doing as a result of Canadian data privacy laws?

Accountability and Training. We’ve created internal data privacy guidelines and we're making sure that employees are appropriately trained on them. This means that everyone at Eventbrite is expected to handle personal information in a legitimate and fair way.
Data Retention and Destruction. We take reasonable steps to destroy or de-identify personal information as required by applicable law. As a result, there may be a time when your Organizer dashboard will show anonymized personal information for a particular attendee, however the financial data associated with that attendee should remain as part of the event.In the event an Organizer's data retention needs require that Eventbrite no longer provide such Organizer with access to the personal information of its former attendees, the Organizer can accomplish this by removing the event from its dashboard. Should the Organizer still need access to the non-personal event data, it should first download the event to a .csv or text file and manipulate that file as it sees fit.
Our Privacy Policy and Programme. We regularly update our privacy policy as an additional step towards our commitment to transparency about what we do with personal information provided to Eventbrite. We have designated an individual responsible for our privacy compliance and provided contact information in our privacy policy.
Vendors. We review our vendor and sub-processor contracts to make sure that they meet the requirements of Canadian federal and provincial data privacy laws and are compliant with rules on international data transfers.