ToneDen Privacy Policy

This Agreement was last modified on December 22, 2020.

Welcome to ToneDen, a member of the Eventbrite family!  We’re providing this Privacy Policy to explain how we collect, use, and disclose your information that we collect through our Services. This Privacy Policy does not apply to any third-party websites, services or applications, even if they are accessible through our Services. Also, please note that, unless we define a term in this Privacy Policy, all capitalized terms used in this Privacy Policy have the same meanings as in our Terms of Service. Please make sure that you have read and understand our Terms of Service.

1. Revisions to the Privacy Policy

Any information that we collect via our Services is covered by the Privacy Policy in effect at the time such information is collected. We may revise this Privacy Policy from time to time. If we make any material changes to this Privacy Policy, we’ll notify you of those changes by posting them on the Services or by sending you an email or other notification, and we’ll update the “Last Updated” date above to indicate when those changes will become effective.

2. Information We Collect

We collect information about you when you use our Services. The types of information we collect depends on the services and the features you use on the Services. Please note that we need certain types of information to provide the Services to you. If you do not provide us with such information, or if you ask us to delete that information, you may no longer be able to access or use certain Services.

a. Information We Collect or Receive from You Directly

We collect information you provide directly to us. For example, we collect information when you participate in any interactive features of our Services (including public features such as blogs, messaging and community forums), fill out a form, request customer support, provide any contact or identifying information, or otherwise communicate with us. The types of information we may collect include your name, email address, postal address, credit card information, gender, zip code and other contact or identifying information you choose to provide.

b. Registered User Information  

If you create an Account, we’ll extract from your Third Party Account (as applicable) certain personal information that can be used to identify you, such as your name and email address (“Personally Identifiable Information” or “PII”), that the privacy settings that you have established on your Third Party Account permit us to access. In addition, if after you create an Account, you connect it with one of your Third Party Accounts, we’ll be able to access and collect certain information, including your PII, that your privacy settings on such Third Party Account permit us to access.

We will also use End User Data from the Third Party Accounts to which you provide us access and that you submit to us and we will use such End User Data in connection with provision of the Services to you. For example, when you use our Advertising Service, you may choose to provide us with End User Data through use of the application programming interface (API) of one of your Third Party Accounts such as MailChimp or Eventbrite in order to provide you with our Services. End User Data provided through use of the application programming interface (API) is not physically stored or retained on our Service.

We may also collect your gender, zip code and other information, such as business segment, that is not considered PII because it cannot be used by itself to identify you.

c. Financial Information 

When you enter into a Transaction to pay for the Select Services, we may collect your Payment Information.

d. Visitor Information 

If you don’t register for an Account, but join our waitlist for future features or subscribe to our mailing list for receiving updates from our blog, we’ll collect information such as your name and email address. We may use that information to contact you by email any time we release a new feature or update our blog.

e. Information We Collect Automatically When You Use the Services

Like many website owners and operators, we may use automated data collection tools such as Cookies, Web Beacons, and Social Media Widgets to collect certain information.

Cookies.  "Cookies" are small text files that are placed on your hard drive by a Web server when you access our Services. We may use both session Cookies and persistent Cookies to identify that you’ve logged in to the Services and to tell us how and when you interact with our Services. We may also use Cookies to monitor aggregate usage and web traffic routing on our Services and to customize and improve our Services. We may also use third party cookies from Google, Facebook, and Twitter to measure conversions and engagement for our own advertising purposes. Unlike persistent Cookies, session Cookies are deleted when you log off from the Services and close your browser. Although most browsers automatically accept Cookies, you can change your browser options to stop automatically accepting Cookies or to prompt you before accepting Cookies. Please note, however, that if you don’t accept Cookies, you may not be able to access all portions or features of the Services. Some other third-party services providers that we engage may also place their own Cookies on your device. Note that this Privacy Policy covers only our use of Cookies and does not include use of Cookies by such third parties.

Web Beacons. "Web Beacons" (also known as web bugs, pixel tags or clear GIFs) are tiny graphics with a unique identifier that may be included on our Services for several purposes, including to deliver or communicate with Cookies, to track and measure the performance of our Services and to monitor how many visitors view our Services. Unlike Cookies, which are stored on the user’s hard drive, Web Beacons are typically embedded invisibly on web pages.

Social Media Widgets.  “Social Media Widgets” are social media features such as Facebook Share, Twitter Follow, YouTube Subscribe, Spotify Stream, SoundCloud Follow, Facebook Messenger Subscribe, and Pinterest Pin. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. These social media features are either hosted by a third party or hosted directly on our Services. Your interactions with these features are governed by the privacy policy of the company providing it.

f. Log Data & Analytics  

Our servers may automatically record certain information about how a person uses our Services (we refer to this information as “Log Data”), including both Registered Users and non-Registered Users (either, a “User”). Log Data may include information such as a User’s Internet Protocol (IP) address, browser type, operating system, mobile advertising identifiers, MAC address, IMEI, Advertiser ID, other device identifiers, the pages or features of our Services to which a User browsed and the time spent on those pages or features, search terms, the links on our Services that a User clicked on, and other statistics. We use Log Data to administer the Services and we analyze (and may engage third parties to analyze) Log Data to improve, customize and enhance our Services by expanding their features and functionality and tailoring them to our Users’ needs and preferences. 

g. Location Information  

When you create your Account using a Third Party Account (as applicable) and when you connect your Account with your other Third Party Accounts, we may collect and store information about your location if your privacy settings on such Third Party Account permit us to access such information. We may use location information to improve and personalize our Services for you.

3. Information That We Receive From Third Parties

We may also collect information about you from third parties, such as marketing partners, social networks, identity verification services, anti-fraud services and other service providers. 

4. How We Use Information 

We may use your PII to:

  • provide, customize, and improve Services, communicate with you and provide customer support in relation to the Services.
  • enable your Third Party Accounts to communicate with our servers in order to provide you Services.
  • resolve disputes, collect fees (if any) and troubleshoot problems.
  • customize your experience and otherwise develop, measure and improve our Services.
  • tailor content, advertisements, and offers.
  • administrative purposes such as measuring interest in our Services, developing new products, ensuring internal quality control, verifying individual identity, verifying Account information, and processing payments.
  • run Ad Campaigns on your behalf.
  • send you relevant emails and communications (including keeping you informed about our products, offerings and any promotional offers) that might be of interest to you.
  • comply with our legal obligations or as permitted by law.
  • protect the safety and/or integrity of our users, employees, third parties, members of the public, and/or our Services.
  • enforce our agreements, terms, conditions, and policies, try to prevent potentially prohibited and illegal activities, and send you notices and alerts regarding the Services or your Account.
  • for any other purpose not already disclosed in this Privacy Policy, with your consent.

We may combine information that we collect from you through the Services with information that we obtain from affiliated and nonaffiliated third parties, and information derived from any other products or Services we provide.

We may aggregate and/or de-identify information that we collect, after which we cannot use it to personally identify an individual user. We may use de-identified and/or aggregated data for any purpose, including without limitation for research and marketing purposes, and may also share such data with any third parties, including our business partners, affiliates, and others.

5. How We Share Information

We may share your information in the following situations:

Affiliates and Partners.  We may share information with our affiliates and partners.

Vendors.  We may share any information we receive with vendors that perform services on our behalf, including (i) provision of IT and related services; (ii) provision of information and services you have requested; (iii) payment processing (i.e., Stripe (www.stripe.com) and Braintree (www.braintreepayments.com)); (iv) customer service activities; and (v) otherwise in connection with the provision of the Services. 

End Users or other Registered Users.  If you create a Page using the Services, End Users will be able to view your username and photo uploaded by you on your Page and other Registered Users may be able to access information you make available on your Page via the Services, such as your name and photo.

Business Transactions.  We may share or transfer information in connection with, or during negotiations of, any merger, sale of our assets, financing, or acquisition of all or a portion of our business to another company.

Protection of Use and the Protection of Others.  We may access, retain, and disclose the information we collect and maintain about you if required to do so by law or in a good faith belief that such access, retention or disclosure is reasonably necessary to: (a) comply with legal process or a regulatory investigation (e.g., a subpoena or court order); (b) enforce our Terms of Service and this Privacy Policy, including investigation of potential violations; (c) respond to claims that any content violates the rights of third parties; and/or (d) protect our rights, property or personal safety, or that of our agents and affiliates, our users and/or the public. This includes exchanging information with other companies and organizations for information security, fraud protection, spam/malware prevention, and similar purposes.

Otherwise with Your Consent or at Your Direction.  In addition to the sharing described in this Policy, we may share information about you whenever you consent to or direct such sharing.

6. Online Analytics and Advertising

a. Analytics

We may use third-party web analytics services on the Services, such as those of Google Analytics. These service providers use the sort of technology described in the “Information we collect automatically” section above to help us analyze how users use the Service, including by noting the third-party website from which you arrive. The information collected by the technology will be disclosed to or collected directly by these service providers, who use the information to evaluate your use of the Service. Such service providers include analytics service providers, such as Google and Intercom. We may also use Google Analytics for certain purposes related to advertising, as described in the following section.  For more information about Google Analytics, please visit www.google.com/policies/privacy/partners/. You can opt out of Google’s collection and Processing of data generated by your use of the Services by going to http://tools.google.com/dlpage/gaoptout

b. Tailored Advertising

We may allow certain third parties (e.g., ad networks and ad servers such as Google Analytics) to serve tailored marketing to you and to access their own cookies or other tracking technologies on your computer, mobile phone, or other device you use to access the Service. We neither have access to, nor does this Privacy Policy govern, the use of cookies or other tracking technologies that may be placed on your computer, mobile phone, or other device you use to access the Service by non-affiliated, third-party ad technologies, ad servers, ad networks or any other non-affiliated third parties. Those parties that use these technologies may offer you a way to opt out of targeted advertising as described below. You may receive tailored advertising on your computer through a web browser. Cookies may be associated with de-identified data linked to or derived from data you voluntarily have submitted to us (e.g., your email address) that we may share with a service provider in hashed, non-human-readable form.

If you are interested in more information about tailored browser advertising and how you can generally control cookies from being put on your computer to deliver tailored marketing, you may visit the Network Advertising Initiative's (“NAI”) Consumer Opt-Out Link and/or the Digital Advertising Alliance's (“DAA”) Consumer Opt-Out Link to opt-out of receiving tailored advertising from companies that participate in those programs. To opt out of Google Analytics for Display Advertising or customize Google Display Network ads, you can visit the Google Ads Settings page. Please note that to the extent advertising technology is integrated into the Service, you may still receive advertising content even if you opt out of tailored advertising. In that case, the advertising content will just not be tailored to your interests. Also, we do not control any of the above opt-out links and are not responsible for any choices you make using these mechanisms or the continued availability or accuracy of these mechanisms. If your browsers are configured to reject cookies when you visit this opt-out page, or you subsequently erase your cookies, use a different computer or change web browsers, your NAI or DAA opt-out may no longer be effective. Additional information is available on NAI's and DAA's websites, accessible by the above links.

7. Your Choices

We offer you choices regarding the collection, use and sharing of your PII and we’ll respect the choices you make. Please note that if you decide not to provide us with the PII that we request, you may not be able to access all of the features of the Services.

a. Opting Out

Email Communications.  We may periodically send you free e-mails that directly promote our Services. When you receive such promotional communications from us you will have the opportunity to “opt-out” by following the unsubscribe instructions provided in the e-mail you receive. We do need to send you transactional or  service communications regarding the Services and you will not be able to opt out of those communications (e.g., communications regarding updates to our Terms of Service or this Privacy Policy, or information about billing).

PII Collection.  Where you have consented to the collection of PII, you may rescind such consent by following one of the following two links:

  • Global Opt-out and deletion of all of your PII: Opt Out
  • Marketing communication only: Opt Out
b. Accessing, Modifying, or Deleting Your Information

You can access or modify your PII in your account settings. You can also inquire as to how we use your PII, request access to PII, and ask that we correct, amend or delete your Personal Information where it is inaccurate. Where otherwise permitted by applicable law, you may send an e-mail to support@toneden.io or use any of the methods set out in this Privacy Policy to request access to, receive (port), seek rectification, or request erasure of PII held about you by us. Please include your full name, email address associated with your Account, and a detailed description of your data request. Such requests will be processed in line with local laws.

Although we make good faith efforts to provide a User access to their PII, there may be circumstances in which we are unable to provide access, including but not limited to: where the information contains legal privilege, would compromise others’ privacy or other legitimate rights, where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question or where it is commercially proprietary. If we determine that access should be restricted in any particular instance, we will provide you with an explanation of why that determination has been made and a contact point for any further inquiries. To protect your privacy, we will take commercially reasonable steps to verify your identity before granting access to or making any changes to your PII.

c. Responding to Do Not Track Signals

We do not recognize or respond to browser-initiated Do Not Track signals, as the Internet industry is currently still working on Do Not Track standards, implementations, and solutions.

8. Information Security

We use administrative and electronic measures designed to protect the information that we collect from or about you (including your PII) from unauthorized access, use or disclosure. When you enter credit card data  on our forms, we encrypt this data using SSL or other technologies. Please be aware, however, that no method of transmitting information over the Internet or storing information is completely secure. Accordingly, we cannot guarantee the absolute security of any information.

9. Links To Other Sites

Our Services may contain links to websites and services that are owned or operated by third parties (each, a “Third-Party Service”). Any information that you provide on or to a Third-Party Service or that is collected by a Third-Party Service is provided directly to the owner or operator of the Third-Party Service and is subject to the owner’s or operator’s privacy policy. We’re not responsible for the content, privacy or security practices and policies of any Third-Party Service. We recommend that you carefully review the privacy policies of all Third-Party Services that you access.

10. Data Retention

We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements). The length of time for which we retain information depends on the purposes for which we collected and use it and/or as required to comply with applicable laws.

11. International Transfer

Your PII may be transferred to, and maintained on, computers located outside of your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you’re located outside the United States and choose to provide your PII to us, we may transfer your PII to the United States and process it there.  By using the Services, you understand and agree to the transfer of all such information to the United States.

Where required, we will use appropriate safeguards for transferring data outside of the EEA, Switzerland, and the UK. This includes signing Standard Contractual Clauses that govern the transfers of such data, which may be used in conjunction with additional safeguards. For more information about these transfer mechanisms, please contact us as detailed in the “Questions?” section below.

12. Children’s Privacy

Our Services are not directed to children under 13 and we do not knowingly collect personal information (as defined by the United States Children’s Online Privacy Protection Act) from children under 13.  In addition, where we process EU personal information data on the basis of consent, we do not knowingly process data of EU residents under the age of 16 without parental consent.  In addition, you are not permitted to use our Services if you do not meet the minimum age requirement applicable to our Services in your jurisdiction. 

If you learn that your child has provided us with personal information without your consent, you may alert us at support@toneden.io. If we learn that we have collected personal information of a child under 13 (or under 16 in certain circumstances) we will take steps to delete such information from our files as soon as possible.

13. California Residents Only

a. Summary of Information We Collect

If you are a California resident, California law requires us to provide you with some additional information regarding how we collect, use, and share your “personal information” (as defined in the California Consumer Privacy Act (“CCPA”)). 

Throughout this Privacy Policy, we describe the specific pieces of personal information we collect, the sources of that information, and how we share it. Under the CCPA, we also have to provide you with the "categories" of personal information we collect and disclose for “business purposes” (as those terms are defined by applicable law).  Those categories are identifiers (such as your name and contact information, IP address, and mobile device identifiers); device information (such as platform type, device operating system, and language preferences); internet or other electronic network activity information (such as use of and interaction with the Services); commercial information (such as records of products or services purchased); financial Information (such as credit card payment information); geolocation information; sensory information (such as customer service call recordings); physical characteristics or description (such as when you voluntarily submit a photo); legally protected classifications (such as gender); inference data about you; and other information that identifies or can be reasonably associated with you.

This information is used and disclosed for the various business purposes described in Section 4 (“How We Use Information”).  We describe our information sharing practices throughout our Privacy Policy.  We may share certain categories of personal information with third parties for business purposes.  For example, we may share identifiers, device identifiers, and geolocation data with advertising partners.

b. Rights

If you are a California resident, the CCPA may permit you to request that we:

  • Provide you with the categories of personal information we have collected or disclosed about you in the last twelve months; the categories of sources of such information; the business or commercial purpose for collecting or selling your personal information; and the categories of third parties with whom we shared personal information.
  • Provide you with access to and/or a copy of certain personal information we hold about you.
  • Delete certain personal information we have about you.

You may have the right to receive information about the financial incentives that we offer to you for your personal information (if any). You also have the right not to be discriminated against (as provided for in applicable law) for exercising your rights. Please note that certain information may be exempt from such requests under California law. For example, we may need certain information to provide services to you or for compliance with applicable law. If you ask us to delete certain information, you may no longer be able to access or use some of our services.

You can delete your account at any time by going to https://www.toneden.io/privacy-portal and following the instructions.  You can also exercise your rights by sending an email to us as privacy@toneden.io. You will need to provide additional information to verify your identity before we fulfill your request. You can also designate an authorized agent to make a request on your behalf. To do so, you must provide us with written authorization for the agent to act on your behalf and verify your identity directly with us.

Please note that the CCPA sets forth certain obligations for businesses that “sell” personal information to third parties.  Based on the definition of “sell” under the CCPA and under current regulatory guidance, we do not believe we engage in such activity. We do share certain information as set forth in Section 5 (“How We Share Information”) above, and allow third parties to collect certain information about your activity, for example through cookies. For more information on how you can control or opt out of these cookies, please see our Cookie Policy.

c. Shine the Light Disclosure 

California residents may request and obtain from us, once a year, free of charge, a list of third parties, if any, to which we disclosed their PII for direct marketing purposes during the preceding calendar year and the categories of PII shared with those third parties. We do not share your personal information with third parties for their own direct marketing purposes. 

14. Nevada Residents Only

Under Nevada law, certain Nevada consumers may opt out of the sale of “personally identifiable information” for monetary consideration to a person for that person to license or sell such information to additional persons. “Personally identifiable information” includes first and last name, address, email address, phone number, Social Security Number, or an identifier that allows a specific person to be contacted either physically or online.  

We do not engage in such activity; however, if you are a Nevada resident who has purchased or leased goods or services from us, you may submit a request to opt out of any potential future sales under Nevada law by contacting us at privacy@toneden.io.   Please note we will take reasonable steps to verify your identity and the authenticity of the request.  Once verified, we will maintain your request in the event our practices change.  

15. EEA, Switzerland, and UK Only

EEA, Swiss, and UK law requires us to provide you with more information about the processing of their personal information.  

For purposes of these laws, Eventbrite Inc. (located at 155 5th Street, Floor 7, San Francisco, CA 94103) is the controller of your personal information. Eventbrite's representative for European data protection law purposes is Eventbrite NL B.V., located at Silodam 402, 1013AW, Amsterdam, The Netherlands.

Legal grounds for processing your personal information

We describe how we process personal information through this Privacy Policy.  The legal grounds for this processing will typically be because:

  • it is necessary for our contractual relationship;
  • the processing is necessary for us to comply with our legal or regulatory obligations; and/or
  • the processing is in our legitimate interest (for example, to protect the security and integrity of our systems and to provide you with customer service, etc.); or 
  • you provided your consent.

Your rights

Applicable data protection law may provide you with the right to request that we:

  • provide access to and/or a copy of certain information we hold about you
  • prevent the processing of your information for direct-marketing purposes (including any direct marketing processing based on profiling)
  • update information which is out of date or incorrect
  • delete certain information which we are holding about you
  • restrict the way that we process and disclose certain of your information
  • transfer your information to a third party provider of services
  • revoke your consent for the processing of your information

You can delete your account at any time by going to https://www.toneden.io/privacy-portal and following the instructions. You can also exercise your rights by sending an email to us at support@toneden.io.  Please note that requests to exercise data protection rights will be assessed by us on a case-by-case basis. There may be circumstances where we are not legally required to comply with your request because of the laws in your jurisdiction or because of exemptions provided for in data protection legislation.  If you have a complaint about how we handle your personal information, please get in touch with us at support@toneden.io to explain. If you are not happy with how we have attempted to resolve your complaint, you may contact the relevant data protection authority.

16. Brazil Only

This Brazil Only section applies to personal data processing activities under Brazilian law.

If you use ToneDen in Brazil, you may have certain rights. Brazilian law may permit you to request that we:

  • confirm whether we process your data;
  • provide access to and/or a copy of certain information we hold about you;
  • correct incomplete, inaccurate and outdated data;
  • anonymize, block or delete data that is unnecessary, excessive or not being processed in accordance with Brazilian data protection law;
  • port your personal data to another service or product vendor;
  • delete personal data processed with your consent, when applicable;
  • provide you with information regarding the public and private entities with which we share data;
  • provide you with information about the possibility of withdrawing consent and the consequences of such withdrawal, where applicable;
  • withdraw your consent.   

You can delete your account at any time by going to https://www.toneden.io/privacy-portal and following the instructions.  You can also exercise your rights by sending an email to us as privacy@toneden.io. You may need to provide additional information to verify your identity before we fulfill your request. 

Questions?

Please contact us at support@toneden.io if you have any questions about our Privacy Policy.