Eventbrite

Help Centre

Eventbrite & Australia Data Protection

Eventbrite takes data privacy and security very seriously. We take steps to make sure that we comply with our data privacy law obligations in Australia (primarily, the Privacy Act 1988 (“the Privacy Act”) and the Australian Privacy Principles (“the APPs”), and our goal is to make it easy for our Organizers to comply with their respective obligations too. At Eventbrite, we have tailored our data privacy program in light of the Privacy Act and the APPs. Here are a few highlights.

In this article

  • 1. Eventbrite's data processing obligations.
  • 2. A Data Processing Addendum for Organisers and Sub-Processors.
  • 3. Email Tools.
  • 4. Individual Rights.
  • 5. Data Incident Notifications.
  • 6. Cross-border Data Transfers.
  • 7. How does Eventbrite secure personal data.
  • 8. What else is Eventbrite doing as a result of the Privacy Act and the APPs?

TIP: To learn more about Eventbrite's Legal Terms, take a look here.

PRO TIP: We may translate this information into other languages for your convenience. If there is a conflict between the English version and a translated version, the English version will control.

NOTE: Capitalized terms in this article are defined in our Terms of Service.

1. Eventbrite's data processing obligations.

Eventbrite is subject to the Privacy Act and the APPs with respect to various personal data collection and processing activities. These arise in the course of providing Services to Organisers, managing direct relationships with account-holding Consumers, and processing personal data of non-account-holding Consumers, including those in which:

  1. An Organiser creates an account with Eventbrite to organise and ticket events and provides us with personal data about him or herself as part of the account creation process;

  2. A Consumer provides Eventbrite with personal data in the course of creating an account;

  3. Eventbrite obtains personal data in the course of an Organiser’s or Consumer's use of our Services, which we may then use, for example, to conduct research and analysis, improve our products and features, and provide targeted recommendations; or

  4. Eventbrite obtains a Consumer's personal data as a result of providing our core ticketing services to our Organisers. For example, we may process Consumers’ personal data on behalf of Organisers to allow Organisers to learn more about their attendees during the ticket purchase, facilitate the transmission of emails to Consumers at the request of the Organiser, process payments, or provide event reports and tools so Organisers can gain insights into the effectiveness of various sales channels.

2. A Data Processing Addendum for Organisers and Sub-Processors.

When Eventbrite processes Personal Data on behalf of the Organiser, we will be subject to a Data Processing Addendum to our Terms of Service with our Organiser. Our Data Processing Addendum (DPA) for Organisers, incorporated in our Terms of Service, includes Eventbrite's legal obligations as a processor consistent with the Privacy Act and APPs.

Eventbrite also published a public facing list of Eventbrite's Sub-Processors as referenced in the DPA for Organisers.

3. Email Tools.

We offer the ability for Organisers to email Consumers directly through our platform. This functionality was built to send service related emails specific to an Organiser's event attended by the recipient of such email. If an Organiser wants to use this function for marketing its products or events, the Organiser needs to secure its own compliant consents or ensure that it has the right to send marketing emails to individuals. Eventbrite does not do this on an Organiser's behalf.

4. Individual Rights.

Eventbrite will honor account-holding Consumers’ requests with respect to the processing of their personal data, consistent with applicable law. For instance, account-holding Consumers can request access to their personal data that we process. They can also ask us to correct such personal data.

  1. Access. Eventbrite will honor a Consumer’s request that Eventbrite confirm the existence of the processing of the Consumer’s personal data, if applicable, and grant the Consumer access to that data, consistent with applicable law. You can request your personal data in the Personal Data section of your Eventbrite account.

  2. Correction. Eventbrite will honor a Consumer’s request that Eventbrite correct the Consumer’s personal data that we process, for example if it is incomplete, inaccurate, outdated, or irrelevant, consistent with applicable law. You can update your personal data in the Contact Info section of your Eventbrite account.

For more information on how individuals can request to access or correct their personal data, please see Eventbrite's Privacy Policy.

5. Data Incident Notifications.

In cases in which the personal data of Organisers, or of Consumers who have created an Eventbrite account in the course of a ticket purchase, are impacted by a data security incident requiring notification to affected individuals, we will notify the affected individuals directly, rather than notifying the Organiser of each event associated with an affected Consumer.

In cases in which Eventbrite processes the personal data of a Consumer who purchased tickets on Eventbrite without creating an account with Eventbrite directly, we will notify the Organiser(s) we determine to be most likely in contact with that Consumer whose personal data has been impacted by a data security incident requiring notification.

6. Cross-border Data Transfers.

Eventbrite physically stores personal data in the United States, and we take legally required steps to make sure that appropriate safeguards are in place to protect individuals’ personal data in the course of cross-border transfers to our U.S.-based servers. Please refer to Eventbrite's Privacy Policy for additional information regarding cross-border transfers.

7. How does Eventbrite secure personal data.

Eventbrite is committed to protecting personal data. In this effort, Eventbrite has implemented and continues to monitor a range of security measures. You can find out more about the security and privacy measures Eventbrite has implemented in the "Eventbrite Security and Safety Guide," available at www.eventbrite.com.au/security.

8. What else is Eventbrite doing as a result of the Privacy Act and the APPs?

  1. Accountability and Training. We’ve created internal data privacy guidelines and we're making sure that employees are appropriately trained on them. This means that everyone at Eventbrite is expected to handle personal data in a legitimate and fair way.

  2. Data Retention and Destruction. We take reasonable steps to destroy or de-identify personal data as required under applicable law. As a result, there may be a time when your Organiser dashboard will show anonymized personal data for a particular attendee, however the financial data associated with that attendee should remain as part of the event.

    In the event an Organiser's data retention needs require that Eventbrite no longer provide such Organiser with access to the personal data of its former attendees, the Organiser can accomplish this by removing the event from its dashboard. Should the Organiser still need access to the non-personal event data, it should first download the event to a .csv or text file and manipulate that file as it sees fit.

  3. Our Privacy Policy. We regularly update our privacy policy as an additional step towards our commitment to transparency about what we do with personal data provided to Eventbrite.

  4. Vendors. We review our vendor and sub-processor contracts to make sure that they meet the requirements under the Privacy Act and the APPs and are compliant with rules on international data transfers.

Additional data privacy information.

Still have questions?