GDPR and Boothclub

Boothclub is ready for the GDPR (General Data Protection Regulation)

Boothclub has always been built with a strong commitment to privacy, security, and protecting personal data.

We fully support our users in complying with the General Data Protection Regulation (GDPR or (EU) 2016/679), which came into force on May 25, 2018. The GDPR replaces the previous EU Data Protection Directive (Directive 95/46/EC).

Please note that this page is provided as a resource to understand the scope of the GDPR in relation to using Boothclub. It does not constitute legal advice, representations, or warranties of Boothclub and we are not responsible for any reliance on the information below. We encourage you to seek professional legal advice if you have questions about how the GDPR may affect your organization and procedures.

How Does GDPR Apply To Boothclub

The GDPR protects personal data of individuals. Personal data is any information relating to an identified or identifiable individual.

The GDPR regulates two types of persons that process personal data:

  1. Controllers are persons that determine the purpose and means of processing of personal data.
  2. Processors are persons who process personal data on behalf of data controllers.

Controllers are primarily responsible for compliance with the GDPR, including in relation to personal data processed by their processors. Processors have some of their own obligations, including implementing appropriate technical and organisational security measures that meet the requirements of the GDPR.

For purposes of the GDPR, Boothclub is a processor, and Boothclub users (e.g. event professionals) are the controllers in respect of personal data of event attendees collected through the Boothclub app.

What Steps Has Boothclub Taken

We believe that all Boothclub services (which can be found on our pricing page) can be used in compliance with the GDPR.

As a processor, we’ve taken various initiatives to ensure Boothclub’s compliance with the GDPR’s requirements (to the extent applicable) with respect to the scope of services stated in our Privacy policy and EULA . These include implementing:

  1. appropriate technical and organizational measures to secure personal data processed through Snappic; and
  2. policies and procedures to notify Boothclub users without undue delay after becoming aware of a personal data breach, so that the users can comply with their own data breach notification obligations.

We have also taken initiatives to assist Boothclub users (e.g. event professionals) to comply with their own obligations as controllers under the GDPR, such as:

  • revising our EULA (see the section on “Data Processing Agreement” below) and Privacy Policy;
  • implementing policies and procedures to assist users to respond in a timely manner to data subject requests for access, rectification, erasure and retrieval of personal data which is being processed by Boothclub;
  • providing tools to assist our users to:
  • obtain consent from guests to process their personal data where required by the GDPR (including for marketing purposes);
  • display information to guests about the handling of their personal data.

See the section on “Tools to assist our users” below. Note however, that adherence to the GDPR requirements in your function as a controller is your own responsibility.

Security

Data security is a core concern in all parts of our systems, infrastructure and processes. From a technical perspective, all our servers are fire-walled and kept updated with the latest security patches.

Security

Data is stored in AWS, a secure Global Cloud Infrastructure, extensive, and reliable cloud , located on their server within the UK. AWS do service globally with data centres located around the world. All data on Boothclub’s systems is processed and stored in the UK.

Data Processing Agreement

The processing activities conducted by a processor (like Boothclub Ltd) on behalf of a controller (Boothclub Ltd users e.g. event professionals) must be governed by a written contract, or other binding legal act, which complies with the GDPR. Our End User License Agreement (EULA) is this contract. All users (e.g. event professionals) must digitally accept the terms of the EULA in order to use the Boothclub Ltd app/backend portal. Changes to the EULA will be displayed to you via a message on your Boothclub Ltd dashboard. We will notify users of changes to our privacy policy in the same way

Tools To Assist Our Users

One of the central themes of the GDPR is openness, including around who is processing personal data and for what purposes.

We enable you to do this by creating a privacy statement. We recommend that you do this, as not doing so places you at risk of non-compliance with the GDPR.

You can use the wording below. We also recommend that you disclose who is processing the personal data (i.e. AWS, the provider of Boothclub Ltd).

Disclaimer (Privacy statement)

This can be found under Edit > Data Capture

We process personal data through AWS. It enables you to take photos and link them to this event. When you take photos with the Boothclub app, AWS collects and stores your personal data on behalf of the organiser of this event. If you want to know more about how your personal data is handled or find out more, please contact us directly at [enter your company details].

You may need to obtain consent to process personal data in certain instances. Our Data capture feature has the ability to add fields that a user must physically tick/check i.e. accept. To ensure GDPR compliance by the user (e.g. event professional) this option should be used. If a guest does not tick/check to accept these terms, then their data must not be distributed or used by you or any other 3rd party and that data must be deleted.

Newsletter Opt In

The [Company or Brand) can include a second opt-in on the photo booth to drive subscribers; If you enable this, you consent to using the contact details you provide for [Company or Brand] to send you information about its products and services. You can opt-out anytime through the unsubscribe link at the bottom of the email.

What Boothclub Ltd Features And Services Support User Compliance With GDPR?

We believe that all Boothclub Ltd services can be used in compliance with the GDPR. Boothclub Ltd takes active measures to support users in protecting personal data and continues to build features and services in line with data protection and information security laws and our focus on strong security and privacy measures. However, adherence to the GDPR requirements in your function as a controller is your own responsibility.