invytly

Notice on the Use of Guests’ Contact Data for Event‑Related Communications

Last updated: January 12, 2026

In accordance with Regulation (EU) 2016/679 (“GDPR”) and the policies applicable to the messaging services used (including the WhatsApp Business Policies), Invytly requires that, for each Project activated on the platform, the Customer has duly complied with all obligations set forth under applicable data protection laws.

The Customer, acting as Data Controller with respect to the personal data of guests entered into the Project, hereby declares and warrants that they:

  1. have lawfully collected guests’ contact data (including email addresses and phone numbers) in compliance with applicable laws, on the basis of an appropriate legal basis (for example, consent, where required);

  2. have informed the data subjects that their contact details will be used to send communications strictly related to the event (such as invitations, updates, attendance confirmations, and reminders) through the contact channels provided, including, by way of example, email and messaging services such as WhatsApp;

  3. have informed the data subjects that such communications will be sent through the Invytly platform, which acts as Data Processor pursuant to Article 28 GDPR on behalf of the Customer;

  4. have provided the data subjects with an adequate privacy notice, consistent with the processing activities carried out through the Invytly platform, and have enabled them to exercise the rights provided under Articles 15–22 of the GDPR;

  5. retain appropriate documentation supporting the legal basis relied upon (including consent, where required);

  6. assume full responsibility for any complaints, claims, or requests raised by data subjects in relation to the use of their contact data, and agree to indemnify and hold Invytly harmless from any costs, liabilities, or consequences arising from unlawful use or from a legal basis that has not been validly obtained.

Invytly shall process the personal data entered by the Customer exclusively for the purposes specified by the Customer and in accordance with the instructions received, adopting appropriate technical and organizational measures to ensure the security of personal data, acting as Data Processor pursuant to Article 28 of the GDPR.

Such processing shall be carried out in accordance with the Customer’s instructions, the Invytly Privacy Policy (as applicable to Customers and to the operational aspects of the platform), and the relevant Data Processing Agreement.