Privacy Policy document is missing

[d2s]

As the HelsinkiJS event organisers are collecting event participant data via 3rd party services (such as Meetabit), there should be a clearly written Privacy Policy document from the HelsinkiJS core team itself.

Even while Meetabit has their Terms of Service page, it lacks legally required details about transfer of the user data from EU area to other legal zones. Toughbyte Ltd (2704194-5) operates based from Finland, but they have various employees outside of the EU area. That causes potential legal risks for the event organisers, as the event attendee data is transferred to various other countries. Even while the Meetabit website itself does not directly show a full list of the attendees on individual event pages, those details are available via individual user pages. Even if those would not be visible via the website itself, having that data in the database is enough of concern. While the company itself is trustworthy, question is mainly about legal requirements related to GDPR and local data privacy laws of Finland. As of now, the Terms of Service of Meetabit does not fulfil the requirements of GDPR, as it lacks various legally required sections (including mention about data protection officer).

Toughbyte's own GDPR Privacy Notice is clearly written with more care (and says that "All the personal data we have is stored on our databases in the EU"), but as these are two seperate services, they should update Meetabit's Terms to match the current regulations.

[eemeli]

I think in this case the issue needs to be raised with Toughbyte, as they're the database controller for Meetabit. HelsinkiJS does not have any registry of personally identifying information, so it would not be appropriate for us to have a privacy policy either -- we can't really make promises on others' behalf.

[d2s]

@eemeli Agreed. Mainly have been wondering what has been going on with Meetabit, as almost every other event organiser has stopped using it. Mainly question is what is the future of the service, if there haven't really been any visible development on it since many years ago.

Edit: Checked the list of cities, and noticed that there are only 2 upcoming events listed on the whole service (one in Helsinki and another in Turku). Dropdown list includes a lot of other locations, but no activity visible on any of those. Original plan to pre-populate their service (without asking from organisers of those 3rd party events) kind of didn't go that far.

There were (and are) some good ideas with the service, but at the current state, it still keeps on functioning, but clearly haven't been a priority in a long time.