Convention Master Privacy Notice Template

Effective date: [Insert date] Event: [Insert event name] Event organizer: [Insert legal organization name] Privacy contact: [Insert email/contact person]

This privacy notice explains what personal information may be collected, used, stored, or disclosed through the Convention Master registration and event management system.

Convention Master is a configurable event registration platform. Not every event uses every feature. This notice includes sections for information that Convention Master can support. The event organizer should include only the sections that apply to this event’s actual configuration and practices.

1. Who is responsible for your information

The event organizer is responsible for deciding what information is collected for this event, why it is collected, how long it is kept, and who may access it.

Convention Master may be used by the event organizer, authorized event staff, registration staff, finance staff, volunteers, system administrators, and approved service providers to operate the event.

2. Information we may collect

Depending on the event’s configuration, we may collect or store the following categories of information.

2.1 Account and identity information

Convention Master requires basic account and identity information to create and manage attendee registrations. This may include:

• registration or account number
• legal name
• preferred name
• fan name, badge name, or display name
• date of birth or age-related information, where required for registration, age verification, membership rules, or event policy
• language or locale preference
• account status, duplicate account links, or account merge information

We use this information to create and manage registrations, issue memberships or badges, verify identity or age where required, reduce duplicate records, and administer the event.

2.2 Contact information

We may collect contact information, including:

• email address
• phone number
• mailing or shipping address
• city, province/state, postal/ZIP code, and country
• contact name or alternate contact information where provided

We use this information to communicate with attendees, manage registrations, provide support, send confirmations or receipts, handle shipping or mailing where applicable, and administer event services.

Include this section if the event collects email, phone, mailing address, shipping address, emergency contact information, or other contact details.

2.3 Login and authentication information

Convention Master uses login and authentication information to protect attendee, kiosk, and staff access to the system. This may include:

• username
• salted password hash or other authentication credential
• password reset token or reset request information
• account activation, deactivation, or expiry status
• login, logout, password reset, or authentication timestamps
• IP address associated with login, reset, kiosk, or security activity
• one-time passcodes or email verification codes, if enabled
• security question and answer, if enabled

We use this information to secure accounts, authenticate users, prevent unauthorized access, support account recovery, operate kiosks and staff tools, and investigate suspicious activity.

2.4 Registration, membership, and attendance records

We may collect or generate information about your relationship to the event, including:

• event attendance record
• membership type or registration level
• registration status
• check-in or badge pickup status
• registration creation or update timestamps
• payment hold or registration hold status
• linked memberships or related registrations
• badge display code or badge printing status

We use this information to confirm your registration, issue badges, manage admission, administer memberships, and operate event registration services.

2.5 Payment, purchase, and financial information

We may collect or store information related to event payments and purchases, including:

• products or memberships purchased
• account charges, credits, refunds, and balance information
• payment amount, date, time, method, and status
• payment processor transaction IDs or reference numbers
• cashier or staff member who processed a payment
• payment notes or refund notes
• voucher, coupon, or comp information
• invoice information
• cheque or payout information, where applicable

Where credit card or online payment processing is used, payments may be processed by a third-party payment provider. Convention Master may store payment references, status messages, transaction IDs, and limited card-related details such as card type or last four digits where provided by the payment gateway. Convention Master should not be used to store full credit card numbers unless specifically configured and legally/compliantly authorized.

We use this information to process payments, issue receipts, maintain financial records, reconcile accounts, prevent fraud, process refunds, and support accounting requirements.

2.6 Agreements, waivers, consent records, and signatures

We may collect records showing that you reviewed or agreed to event terms, waivers, policies, or other agreements. This may include:

• agreement version
• agreement text
• name of signatory
• signature image or electronic signature
• contact information included with the agreement
• timestamp of agreement
• witness or staff member
• invalidation or correction notes

We use this information to confirm consent, maintain event records, enforce event policies, administer waivers, and document required acknowledgements.

Include this section if the event uses electronic waivers, signed agreements, parental/guardian consent, artist/dealer agreements, code of conduct acknowledgements, or other consent records.

2.7 Badge, RFID, kiosk, and check-in records

If enabled, we may collect or generate badge and check-in information, including:

• badge print status
• badge printer or workstation information
• badge image or badge design information
• RFID tag or badge identifier
• badge tap or scan timestamp
• kiosk activity
• check-in or pickup activity
• staff member or device involved in the action
• IP address, device identifier, or location associated with kiosks or badge readers

We use this information to issue badges, prevent duplicate badge use, support secure check-in, operate kiosks, manage access control where enabled, troubleshoot devices, and investigate registration or badge issues.

Include this section if the event uses badge printing, RFID badges, badge readers, badge taps, self-serve kiosks, pickup kiosks, check-in tracking, or device-based registration workflows.

2.8 Communications and email history

We may collect or store communication records, including:

• email address
• recipient and sender names
• email subject and body
• attachments
• delivery method and send status
• email template used
• one-time passcodes or email verification codes, if enabled

We use this information to send confirmations, receipts, event updates, registration notices, password resets, one-time codes, and other event-related communications.

Include this section if the event sends emails, stores email history, uses templates, sends receipts, sends mass email, uses OTP login, or attaches documents to email.

2.9 Custom forms, surveys, questions, and event-defined information

Convention Master allows event organizers to create custom fields, forms, surveys, application questions, and data collection tools. These are not all default Convention Master fields. The specific information collected depends on the questions, forms, modules, and workflows enabled by the event organizer.

Event-defined questions may be used for registration, volunteer coordination, accessibility planning, art show applications, dealer or vendor applications, programming, surveys, operational planning, or other event administration purposes.

Depending on the event’s configuration and the questions asked, event-defined information may include:

• custom registration answers
• accessibility or accommodation requests
• dietary information, where requested by the event
• emergency contact information, where requested by the event
• volunteer availability or preferences
• art show, artist, dealer, vendor, or programming application answers
• demographic, preference, or survey responses, where requested by the event
• free-text responses
• uploaded or attached supporting information
• other event-specific information requested by the organizer

We use event-defined information for the purpose stated at the time of collection, for the purpose reasonably implied by the question or form, or as reasonably required to administer the event.

Because these fields are configured by the event organizer, attendees should review the wording of each form or question before submitting information. Event organizers should avoid requesting sensitive personal information unless it is necessary for a defined event purpose.

2.10 Staff notes, support records, and operational logs

Authorized staff may create notes, support records, audit logs, or operational history related to an attendee account. These records may include:

• staff notes
• account comments
• registration issue notes
• payment or refund notes
• support requests
• cashier activity
• changelog entries showing old and new values
• audit logs showing staff actions
• deletion, correction, or invalidation notes
• crash or error logs related to registration activity

We use this information to provide support, correct errors, administer registration, investigate disputes, prevent fraud or abuse, maintain audit trails, and operate the event.

Include this section if the event allows staff notes, registration notes, account comments, cashier logs, support logs, change history, audit logging, or operational troubleshooting.

2.11 Volunteer, programming, schedule, and hosted activity information

If the event uses volunteer, programming, schedule, or activity management features, we may collect or store:

• volunteer status
• volunteer job title or assignment
• arrival and departure times
• volunteer hours
• activity host information
• schedule entries linked to a registrant
• public or private display names for hosts or panelists
• staff member who created or updated the schedule record

We use this information to schedule volunteers, manage staffing, publish event programming, track volunteer work, and administer hosted activities.

Include this section if the event uses volunteer tracking, panels, hosts, event schedule tools, programming systems, or staff scheduling.

2.12 Art show, artist, dealer, vendor, and marketplace information

If the event uses art show, dealer, vendor, or marketplace features, we may collect or store:

• artist, dealer, vendor, or applicant identity
• business name
• tax number or business registration information, where required
• application answers
• application status
• approval or rejection notes
• item descriptions
• artwork titles, media, dimensions, locations, and sale status
• bids, bidder identifiers, and bid amounts
• check-in/check-out records
• payout, cheque, or settlement information
• special requests or operational needs

We use this information to process applications, assign space, manage sales, administer bids, process payouts, communicate decisions, and operate art show, dealer, vendor, or marketplace services.

Include this section if the event uses art show, artist alley, dealer room, vendor applications, marketplace features, bidding, sales tracking, or payout tools.

2.13 Linked accounts and relationship records

We may collect or store relationships between accounts, including:

• linked registrations
• parent/guardian or dependent relationships
• group, household, assistant, agent, or shared account links
• confirmation tokens
• comments related to a link
• staff member who created or confirmed the relationship

We use this information to administer linked memberships, family or guardian workflows, group registrations, art show/dealer agents, shared responsibilities, or other event-specific relationships.

Include this section if the event uses linked accounts, parent/guardian workflows, group registrations, dependent memberships, art show agents, or relationship-based permissions.

2.14 Security, abuse prevention, and technical information

We may collect technical and security-related information, including:

• IP address
• browser or device information where available
• login attempt records
• brute-force prevention records
• timestamps of activity
• kiosk or terminal identifiers
• API access logs
• access tokens or device credentials
• error logs and crash reports

We use this information to secure the system, prevent abuse, troubleshoot errors, investigate suspicious activity, maintain system integrity, and protect attendees, staff, and the event.

Include this section if the event uses online registration, logins, kiosks, payment terminals, badge readers, APIs, access control, or system logging.

3. Why we use personal information

We may use personal information for the following purposes:

• creating and managing registrations
• issuing memberships, badges, and credentials
• verifying identity, age, eligibility, or account status
• processing payments, refunds, vouchers, invoices, or payouts
• communicating with attendees
• operating registration desks, kiosks, badge pickup, and check-in
• managing volunteers, programming, art show, dealers, vendors, or marketplace activity
• documenting consent, waivers, agreements, and policy acknowledgements
• providing attendee support
• maintaining accurate financial and operational records
• preventing fraud, abuse, duplicate registrations, or unauthorized access
• enforcing event policies
• complying with legal, accounting, insurance, or safety obligations
• troubleshooting and improving event operations

4. Who may access personal information

Personal information may be accessed by authorized people only as needed for event operations. This may include:

• registration staff
• cashier or finance staff
• event administrators
• volunteer coordinators
• art show, dealer, vendor, or programming staff
• security or safety staff, where applicable
• system administrators
• approved service providers

Access should be limited based on role, event need, and system permissions.

5. Third-party services

The event may use third-party services to operate registration, payments, email, hosting, badge printing, analytics, or other event functions.

Depending on the event configuration, personal information may be processed by services such as:

• payment processors
• email providers
• web hosting providers
• database or backup providers
• badge printing or hardware vendors
• accounting or financial systems
• other approved event service providers

Third-party providers are expected to use information only for the services they provide to the event, subject to their own terms, privacy policies, and legal obligations.

Event-specific providers: [List providers here]

6. Retention

Personal information is kept only as long as reasonably necessary for event operations, legal obligations, accounting requirements, dispute resolution, safety, fraud prevention, or legitimate administrative purposes.

Some records may be kept longer than others. For example:

• financial records may be retained for accounting and tax purposes
• agreement and waiver records may be retained for legal or insurance purposes
• audit logs may be retained to investigate disputes or security issues
• temporary verification or reset tokens may be retained for a shorter period
• raw or highly sensitive records should be deleted or minimized when no longer required

Event-specific retention rules: [Insert retention schedule]

7. Safeguards

The event organizer and system administrators use reasonable administrative, technical, and physical safeguards to protect personal information against unauthorized access, use, disclosure, alteration, or loss.

Safeguards may include:

• role-based access controls
• password-protected accounts
• logging and audit trails
• encrypted connections where supported
• restricted staff access
• payment gateway separation
• backups and recovery controls
• deletion or minimization of information when no longer required

No system can guarantee absolute security, but reasonable steps should be taken to protect the information under the event organizer’s control.

8. Access, correction, and deletion requests

You may contact the event organizer to request access to personal information associated with your registration, or to request correction of inaccurate information.

Deletion requests may be limited where information must be retained for legal, accounting, insurance, dispute resolution, security, or legitimate event administration purposes.

Privacy requests should be sent to:

Privacy contact: [Insert email/contact person]

9. Children, minors, parents, and guardians

If the event allows minors to register or attend, the event may collect information needed to administer minor registrations, parent or guardian consent, age verification, emergency contact, or related safety requirements.

This may include:

• date of birth or age category
• parent or guardian name
• parent or guardian contact information
• signed consent or waiver records
• linked parent/guardian account information
• notes required to administer the minor’s registration safely

Include this section if the event allows minors, requires parental/guardian consent, collects date of birth, performs age checks, or has youth attendance workflows.

10. Sensitive information and free-text fields

Some event features may allow attendees or staff to enter free-text information. Free-text fields can sometimes contain sensitive personal information, even when the field was not specifically designed for that purpose.

Attendees should avoid providing unnecessary sensitive information unless it is requested and relevant to the event service being used. Staff should only record information that is necessary, appropriate, and related to event administration.

Sensitive or free-text information may include accessibility requests, dietary information, medical or safety notes, incident-related notes, application responses, or support details.

Include this section if the event uses staff notes, custom questions, surveys, application forms, accessibility requests, dealer/art show applications, incident notes, or support records.

11. Changes to this notice

This notice may be updated from time to time. If the event’s collection or use of personal information changes materially, the event organizer should update this notice and make the updated version available.

Current version: [Insert version/date]

12. Contact

Questions, requests, or complaints about this privacy notice or the handling of personal information should be directed to:

Event organizer: [Insert organization name] Privacy contact: [Insert contact name/title] Email: [Insert email] Mailing address: [Insert address, if applicable]