Data Lifecycle
Collection
- Where data is entered
- Event registration forms
- Data items collected
- Name
- Email address
- Participation fee
- Payment amount
- Form responses as defined by the event organizer
- IP address
- Device information
- Cookies and anonymous IDs
- Credit card information (sent directly to Stripe)
Storage
- Storage location
- AWS Tokyo Region
- Stripe (payment details, email address, name, IP address, device information)
- Encryption measures
- Transmission: Encrypted via SSL/TLS
- Database: Encrypted
- Credit card data is neither processed, stored, nor passed through Payvent; it is managed exclusively by Stripe in compliance with PCI DSS.
Use
- Who accesses/uses the data and for what purposes
- Event organizers and their delegates: Participant management and check-in operations
- Urbs Inc. (the operator): System maintenance, customer support, and use in marketing and R&D
- Who can view/edit the data
- Event organizers and their authorized delegates
- Urbs Inc. (operator of Payvent)
Sharing
- External service providers
- Stripe (for payment processing, PCI DSS compliant)
- Amazon Web Services Japan G.K.
- Sharing with organizer’s delegates
- Shared within the scope of joint use, including name, email address, and registration details
Retention & Deletion
- We and the event organizers retain transaction-related data for a minimum of 7 years in accordance with tax and legal obligations (for example, for receipt retention).
- During this period, the data may be retained for purposes such as event operation, proof of transaction, and legal compliance.
- Upon expiration of the retention period, the data will be deleted or anonymized as appropriate.
Note: Even if a user requests deletion, we may not comply if the data is subject to legal retention obligations (GDPR Article 17(3)(b)).
Access / Correction Request by Users
- Under the GDPR, users have the right to:
- Request access to their personal data
- Correct inaccurate information
- Request restriction or erasure of data processing
- We will respond within a reasonable timeframe after verifying the identity of the requester.
- However, deletion requests may be denied if they conflict with legitimate purposes such as tax or contractual obligations (GDPR Article 17(3)).