HOST Transfer Impact Assessment Factsheet

Purpose

HOST has completed Transfer Impact Assessments (TIAs) for relevant data transfers, following GDPR requirements and the updated 2021 Standard Contractual Clauses (SCCs) for EU and non-EU transfers. HOST’s TIAs include legal evaluations from internal and reputable external advisors. Therefore, full TIAs aren’t shared publicly. This factsheet provides sufficient information to confirm HOST's positive TIA results, supporting customer obligations regarding supplier oversight.

General Information

  • Service Provider: HOST
  • Address: United States
  • Service Overview: HOST provides a cloud-based platform for event management, including real-time attendee analytics, engagement, and automation.
  • Privacy Contact: HOST Privacy Team; [email protected]

Scope of Processing

HOST processes the following data types and categories as directed by the customer:

  • Processing Purpose: HOST’s solutions monitor and improve event experience by collecting and analyzing attendee data.
  • Personal Data Categories: Identifiers, login data, user roles, IP addresses, device usage stats, and other fields such as name and contact information.
  • Special Data Categories: None.
  • Data Subjects: Attendees and end-users of the customer.

Data Transfers

HOST utilizes cloud hosting services across multiple regions, allowing customers to select data storage regions. HOST Support and Operations Teams may access customer data solely for support purposes, following stringent access control measures, including MFA and IP whitelisting. Data access is logged, justified, and time-bound.

HOST works with selected sub-processors, each aligned with strict security and compliance standards, to enhance service delivery.

Regulatory Framework

Some foreign regulations may permit governmental data access requests, which HOST addresses through robust technical measures to secure customer data and structured legal procedures to challenge access demands.

Transfer Mechanisms

HOST adheres to the EU Commission’s adequacy decisions and the updated SCCs for international transfers. Along with legal and operational safeguards, these practices ensure GDPR-aligned protection across all transfer destinations.

Previous Access Requests

To date, HOST has not received any data access requests from government authorities. HOST’s Transparency Report is accessible for customer review.

Government Access Procedure

If HOST receives a disclosure request, it follows an ISO 27701-certified protocol to challenge the request or redirect it to the customer, ensuring the utmost protection for customer data.

Supplementary Measures

HOST’s Information Security Addendum outlines ISO 27001-2022 compliant security practices. These include encryption (AES-256 for data at rest and TLS 1.2+ for data in transit), multi-layered access controls, and regular SOC 2 Type II audits. Detailed security reports are available under NDA.

Summary

HOST’s data practices and protections meet GDPR and SCC requirements. Following Schrems II, HOST ensures that all security measures, legal standards, and access protocols apply uniformly to all data transfers, securing customer data globally.