EventElephant has been built and tested with best practice and top class performance, security and infrastructure as a priority. As a result we are confident of assuring you that in using Eventelephant, either as an event organiser, or as an event attendee, your personal data whether financial or otherwise, will never be compromised, passed to a third party (unless expressly permitted by yourself) or used for any purposes other than that explicitly stated when collected.

Database
The database server is hidden behind the firewall and cannot be accessed from the public internet. This prevents outside intruders from accessing the EventElephant database and any contacts databases you upload.

All communications between the web servers and database servers are encrypted using a 512K encryption key. All incoming connections to the database server are verified as having come from the web application layer in the web Server, which ensures that communications are coming from our website software.

Internal Data Security Policy
There is restricted security clearance to client databases stored on EventElephant. Any personnel (either within EventElephant or employed by our development partner companies), with such access are named on a register which is regularly maintained and monitored by EventElephant. Our database employs logging which allows us to monitor who is accessing it on a regular basis.

The databases an event organiser uploads to the system are therefore extremely secure both due to the system’s robust infrastructural security and from internal breach, due to strict data access and security procedures which mean access is limited and is only ever made for retrieval or system maintenance purposes.

Back Up
Data recovery and re-deployment of a server, given a hardware fault, is five minutes. This is due to our fall over recovery program, which grants us a virtually hosted environment to run the system on, until the hardware fault has been resolved.

Internal Controls
EventElephant has a comprehensive internal financial controls manual in place which is subject to annual sign off by our auditors and the company Directors. The Directors meet on a quarterly basis to discuss the company’s performance and to ensure that all internal controls and Director’s responsibilities are adhered to.

The finance department consists of the company Chief Executive Officer (CEO), Financial Controller (FC) and Accounts Administrators. The CEO and the FC, who are both qualified accountants, are the only personnel to have access to client (event organiser) banking details, payments and transfers.

Attendee Payment
An invoice is issued automatically on an attendee registering for an event. In the case of an attendee paying by credit card or debit card, an email is sent to them automatically, detailing the transaction and the invoice total. If the person is booking but chooses to pay offline (i.e. they will pay the invoice at a later date) the event organiser has sole responsibility for the collection of these funds.

EventElephant does not collect or hold any credit card or debit card details at all, as the payment process takes place through our secure payment gateway.

Adyen - Secure Payment Gateway
Adyen, the European market leaders in secure online payment systems, are our payment provider and as such EventElephant does not collect or retain any credit card details on the system.

Attendees paying for an event online are verified through Adyen who screen all incoming card details. They take these details, including the unique IP address of the attendee, the card number, expiry date and the CVV number and once correctly verified, process the payment. 3-D Secure (Verified by Visa) enrolled credit cards will be passed through the 3-D verification process for all payments. All cards will automatically be scrutinized against Adyen’s international ‘Credit Card Black List’ and rejected if positively matched. Weighted values have been assigned to; transaction events, customer locales and card details. These weighed values are held in Adyen’s risk assessment module, which evaluates every transaction and assigns it a potential risk value. Any risk score reaching 100 or more will automatically be refused.

Organiser Payment
In order for EventElephant to transfer funds collected from attendees, to the event organiser - it is necessary to hold the event organiser’s bank name, address, account number, sort code, iban and swift code on the system. These details are however kept encrypted and sit behind our secure firewall. EventElephant finance department does have access to these details in order to authorise and instruct AIB to transfer funds. The funds transferred will exactly match with the ‘Online Funds Transaction Report’, which is available in their Event Control Area 24/7. The Event Control Area is located on the event organiser’s dashboard, access to which is over a secure https connection.

Funds being transferred are reconciled and require 2 unique signatures and these signatures are the Financial Controller and the Joint CEO’s of the company. Therefore only senior members of the organisation can transfer funds to an event organiser’s bank account.

All attendee funds collected on behalf of the event organiser are held in the EventElephant Client Current Account. This is like a solicitor's or auctioneer's client account. All funds are kept separate from any other EventElephant bank accounts.

EventElephant Financial Insurance
EventElephant have an insurance policy against fraud. This policy is with ACE European Group Ltd and protects event organiser’s funds against internal and external fraud, subject to insurance policy terms and conditions. Additionally the Irish Government have guaranteed all funds on deposit in Irish Banks which AIB have signed up to.

Event Cancellation
Should an event be cancelled, EventElephant (who retain funds collected for up to five days after the event has finished) simply pays these funds back to the attendees. As the event hasn’t taken place they are not liable for our attendee management fee and hence there will be no EventElephant deductions

EventElephant has taken every step to ensure that vital issues such as the security of your data and the performance and speed of the portal have been expertly addressed.

We use leading firewall technology that provides a high degree of security against any external virus attacks on our portal. Not only is our firewall monitored by experts 24 hours a day and 365 days a year but we regularly receive new security upgrades

All the EventElephant databases sit behind the firewall and cannot be accessed publically. All passing of information and data between all our servers is heavily encrypted and verified so that all data is extremely well protected

We host all our servers and portal with a specialist hosting provider called Datapipe. Not only are they the most highly rated provider in the UK but they have one of the world’s most secure hosting facilities including live 24x7x365 video surveillance, biometric security and pass cards, and data recovery backups.