Privacy matters 

Event managers have a lot of things to keep control of. One important issue is the participants personal data and how it’s used. Personal data is needed for managing the event and to communicate with participants.

Don’t t let data handling be a headache. By using Invajo we can help you keep track of your and your participants privacy rights. This is not an on or off switch but something that needs to worked on in the daily business. By using tools like Invajo privacy can be managed in a proper and non difficult way.

What's personal data?

Personal data is any type of information or data that can be attributed to an individual person.
  • What's GDRP?

  • Roles

  • Schrems II

  • Invajo and Schrems II

GDPR is the European Unions General Data Protection Regulation, introduced May 25, 2018

The purpose is to increase the individual's rights over their own personal data and set a common standard for data storage throughout the EU. The regulation demands stricter requirements on how personal data is processed.

As an event organizer, it is important that you are aware and know how both you and Invajo handle the participants' data, not only to comply with the GDPR directive, but also to make your participants feel safe and secure.

As a Invajo user you act as the Personal Data Controller while Invajo act as the Personal Data Processor

The Personal Data Controller is responsible for defining the purpose for collecting the specific data. The Controller is also responsible for keeping the data up to date. Data that is no longer needed shall be deleted immediately.

As Personal Data Processor Invajo will provide the needed tools so that the Controller can handle the data. Invajo stores all personal data within the EU and according to best practice in the industry. Data sent between participants and the system is always sent encrypted.

The CJEU made the Privacy Shield invalid, not SCC:s by default

In 2020 the Court of Justice of the European Union (CJEU) ruled that the EU-US Privacy Shield are not a lawful mechanism for transferring personal data outside of the EU.  This became known as the ‘Schrems II’ judgement, based on the initiator Max Schrems. 

The Court also held that the standard contractual clauses (or SCCs) remain a valid data transfer mechanism but clarified that the SCC data transfers need to be analyzed on a case-by-case basis to ensure EU standards of data protection are met.

Invajo quickly moved into adding SCC to its current DPAs with subcontractors

Even though SCC´s are in place for all US-based subcontractors we did not stop there. As there can be new judgements and to make it easier to comply to GDPR for our users we decided to create an alternative platform with subcontractors fully owned by Europeans companies. Now we can offer an alternative platform which is based on subcontractors which are solely European companies. It’s s important to note that the old platform remains and relies on SCC:s, which means it’s also valid.

Things to consider as an event organizer

Only relevant information

Gather and collect only the relevant and most necessary information needed from your participants.

Delete information

Delete or anonymize information that's no longer needed.

Protect your data

Protect sensitive information by avoiding distributing them.


As any modern service we rely on sub-processors in order to deliver our service. Our Privacy Policy and DPA will define in detail the way Invajo works with its sub-processors when it comes to IT-security and compliance.

List of Invajos subprocessors

The only event system you will need. Dont take our word for it, try it yourself. Get an account in less than 30 seconds. No strings attached.