GDPR compliance¶
Warning
This is not legal advice. Please consult a lawyer for your jurisdiction.
pretalx Hosted¶
If you use pretalx Hosted:
Data processing: You are the data controller, we are the data processor (Art. 28 GDPR). You can sign a Data Protection Agreement (DPA) at Your organiser → Data protection. We cannot accommodate custom DPAs at this time.
Processing location: All data is processed within the EU and stored in Germany – you can find details in your DPA.
Security: We take care of monitoring, backups, and keeping things secure (Art. 32 GDPR).
Data processing¶
Regardless of whether you self-host or use pretalx Hosted:
Records of processing (Art. 30 GDPR): Document why you use pretalx, what data you collect, and who receives it. We cannot provide a template since every event’s data collection needs are different, and pretalx provides you with a lot of settings to modify the kind of information you collect.
Data minimisation (Art. 25 GDPR): By default, pretalx only stores speaker names and email addresses. Additional fields are optional – we recommend that you only collect what you actually need.
Transparent information (Art. 12-13 GDPR): Link your privacy policy at Your event → Settings → Display settings → Footer links.
Rectification, erasure, restriction (Art. 16-18 GDPR): Organisers can modify data through the interface at any time. Users can modify their information depending on organiser settings, and can contact organisers to get their data changed otherwise. Deleting an event scrubs all data. When users delete their account, personal data is removed and only non-identifying data is retained.