Privacy Notice for Eventbrite bookings

This Privacy Notice explains who we are, what personal data we collect and use about indivusals registering and making booking for Eventbrite events offered by the University, how we use your personal data, our lawful basis for processing, our relevant retention periods, and how you can exercise your data subject rights. This notice provides information that is in addition to information contained within the University’s privacy notice which was provided to you at the point of data collection as part of your Eventbrite registration. Please do read this notice to understand our practices and if you have any questions please contact us using the contact details provided below.


Who we are

Throughout this notice, “University”, “we”, “our” and “us” refer to the Manchester Metropolitan University, a higher education instution and exempt charity under Schedule 2 of the Charities Act 1993 (amended by the Charities Act 2011). As a higher education institution we provide teaching, education, research and all necessary support services. The University is the Data Controller in respect of any personal data held about you from your Eventbrite registration. The University is registered as a Controller with the Information Commissioner’s Office (ICO). We manage personal data in accordance with the General Data Protection Regulation (GDPR) and the University’s Data Protection Policy.


The personal data we process

We collect personal data about individuals registering for our Eventbrite events directly from you. The exact personal data we hold will depend on the type of event you register to attend, and will be determined on a case-by-case basis to ensure that we only collect and hold information which is adequate, relevant and limited to what is necessary for the event which you wish to attend, but is likely to include the following:


The purposes and lawful basis of the processing

Your information will enable us to:

Purpose - administer your booking and facilitate your attendance at our event. 

Lawful basis - We process your personal data to fulfil your request in ways you would reasonably expect and which has a minimal privacy impact to you. As such, we rely upon the ‘legitimate interest’ lawful basis.

If this involves the processing of special categories of personal data such as allergy information or accessibility reasonable adjustments, we will process this information using the substantial public interest lawful basis. Specifically to comply with statutory obligations in relation to equality of opportunity or treatment, and health and safety legilsation. 

Purpose - To conduct promotional and marketing activity. This is likely to include sending you targeted promotional marketing communications about the University, its services, events courses, and benefits of studying with us which we think you will be interested in. (If you provided us with your consent).

Lawful basis - You have given us your consent. You provided us with your consent to send you promotional and marketing related communications.

Purpose - To conduct post event evaluation, quality review and survey activities. Wherever possible this will be conducted anonymoulsy and without the use of identifying personal data. However, on occasion it may be appropriate to use personal data or you as the data subject may wish to specifically identiy yourself. 

Lawful basis - We will process any post event evaluation information in ways which you would reasonably expect and which has a minimal privacy impact to you. As such, we rely upon the ‘legitimate interest’ lawful basis.



The University use the services of Eventbrite as a data processor to assist us with the registration of individuals for our event. Accordingly if you have registered for an university Eventbrite event your personal data will be accessible to Eventbrite. For further information about how Eventbrite use your personal data please see: 


We also use the services of processors to assist us to deliver our promotional communications to you. Those third party providers include, but are not limited to, NetNatives, Gecko Labs Limited and Campaign Monitor. Your personal data will only be accessible to these processors if you have provided us with your consent to send you our promotional communications.

This data processing activity will take place under the strict terms of a data processing agreement. Such agreements will restrict the use of your personal data to the defined purposes stated above and incorporate important confidentiality and information security requirements.

The University may also share limited personal data with social media providers such as Facebook so that we may communicate our advertising to you on their platforms. You have the option of these adverts by amending your setting or preferences on the relevant social media platform.


The right to withdraw consent

You can withdraw your consent for us to process your personal data for our promotional activities and to receive any or all of our promotional related communications using the contact information, which was provided in the original privacy notice at the point of data collection, by using unsubscribe links within our communications or by contacting:

Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data which relies on lawful processing grounds other than consent.


Data retention

Your personal data will only be retained in an identifiable form for no longer than it is necessary to fulfil your specific request of the University. Specifically, we will retain your personal data as follows:

 For further information about the University’s Retention and Disposal procedures please refer to our Retention and Disposal Schedule.


Your rights in respect of the processing

 The GDPR provides data subjects with the following data subject rights:

The right to be informed – the original privacy notice used at the point of data collection, combined with this additional privacy notice information assists with fulfilling these obligations.

The right of access - You have the right to be told whether we are processing your personal data and, if so, to be given a copy of it. This is known as the right of subject access. The right of access to personal data held about you exists in order to be aware of, and verify, the lawfulness of the processing. You can find out more about this right on the University’s Subject Access Page.

The right to rectification - If you believe that personal data we hold about you is inaccurate, please contact us and we will investigate. You can also request that we complete any incomplete data. Once we have determined what we are going to do, we will contact you to let you know.

The right to erasure and right to object - You can ask us to erase your personal data in any of the following circumstances: we no longer need the personal data for the purpose it was originally collected; you withdraw your consent and there is no other legal basis for the processing; you object to the processing and there are no overriding legitimate grounds for the processing etc. Once we have determined whether we will erase the personal data, we will contact you to let you know.

The right to restrict processing - You can ask us to restrict the processing of your personal data in the following circumstances: you believe that the data is inaccurate and you want us to restrict processing until we determine whether it is indeed inaccurate, the processing is unlawful and you want us to restrict processing rather than erase it, we no longer need the data for the purpose we originally collected it but you need it in order to establish, exercise or defend a legal claim and you have objected to the processing and you want us to restrict processing until we determine whether our legitimate interests in processing the data override your objection. Once we have determined how we propose to restrict processing of the data, we will contact you to discuss and, where possible, agree this with you.

Please use the contact information below to exercise these rights.


Contacting us

For questions or concerns about this Privacy Notice, or our use of your personal information, please use the contact information provided within the privacy notice provided at the point of data collection or the: e-mail address in the first instance.

Our Data Protection Officer can also be contacted using, by calling 0161 247 3884 or in writing to: Data Protection Officer, Legal Services, All Saints Building, Manchester Metropolitan University, Manchester, M15 6BH.


Right to lodge a complaint with the supervisory authority

You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) as the supervisory authority in respect of the processing of your personal data. We would encourage you to expend our internal complaints procedure through our initial contact and the University Data Protection Officer, prior to contacting the ICO. Please contact: or telephone: 0303 123 1113. For any further contact information please see:


Updates to this privacy notice

We may update this privacy notice from time to time in response to changing legal, technical or business developments. When we update our privacy notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. This notice was last updated on the 18.11.19. 

Privacy Notices