GDPR Compliance for event plugins

This statement is for the wordpress plugins amr-events, amr-ical-events-list  and amr events attendees at https://icalevents.com/plugins_downloads/

Briefly: the amr-events plugin creates events as wordpress custom posts. No additional user data is created or stored. The post author (display name and email) is assumed to be the event organiser for purposes of complying with the ics feed RFC5545 standard. The plugins do not send or store data on any other servers.


Collecting & storing of user data:


The amr-events plugin creates events as wordpress posts.  As per standard wp processing the author of the post is recorded.  That is the extent of any collecting any personal user data that is within the plugins control – only as per standard wordpress user functioning.   The plugin does not of itself collect and store user data.  Control of that user data rests with the website owner.


Processing or use of user data (email and display name):

In event feeds (ics feed) as per the RFC5545 standard the event organizer must be included in the RFC 5545 ics file.  Refer https://tools.ietf.org/html/rfc5545#section-3.8.4.3   – see Organizer

This property MUST be specified in an iCalendar object
      that specifies a group-scheduled calendar entity.  This property
      MUST be specified in an iCalendar object that specifies the
      publication of a calendar user's busy time.

To conform to this, the event post author’s data is then included in the ics file as per the example in the specification :

ORGANIZER;CN=John Smith:mailto:jsmith@example.com

The plugin uses the wordpress post authors “display name” if it exists, if not then the wordpress users “userlogin”, and then the wordpress users ‘user_email’ to provide the required ORGANIZER details.  The plugin does not have any means to validate this data and simply uses what has been stored the user records by the website.

A web developer can choose to display (or not) the public ics url.  The web developer can also control whether a real user or a dummy user is recorded as the post author.

The plugins can also list events from external public ics files.  These ics files may contain attendee data.  The ics files are cached and refreshed daily or as requested.  The cache purpose is to continue to be able to list events should there be a disruption in access to source url.   If the web designer chooses to use the addon https://icalevents.com/downloads/amr-events-attendees/  then the web designer can choose to display that attendee data in the event list.  That list may be displayed in a  public or private page as setup by the web designer.  There is currently no provision to add attendee data to the custom events created inside wordpress.  If this becomes available, a link to the user data such as the user id or email address is what would be stored.

GDPR Summary

The plugins use a minimal amount of user data required to provide event functionality in adherence with the ‘purpose’ and ‘data minimisation’ principles.  With respect to the other GDPR principles, the plugins do not control the accuracy, storage, or security of this user data.   The plugin does not pass user data on to any other parties except as required by the RFC5545 ics specification and as configured by the website developer.