Privacy Policy

Last updated: 20th December 2023

This policy is provided to support transparency for users of EventApp by Eventista and for app store listings. It is not legal advice. You should have it reviewed by a qualified solicitor to ensure it matches your organisation’s practices, contracts, and role (controller vs processor) in each context.

1. Who we are

EventApp by Eventista (“we”, “us”, “our”) operates the website and applications available at https://eventapp.eventista.co.uk (the “Service”).

For data protection law purposes in the United Kingdom and the European Economic Area (“EEA”), we act as a data controller in respect of personal data we determine the purposes and means of processing when you use the Service as described in this policy.

Contact: For privacy enquiries, please email admin@eventista.co.uk.

2. Scope and age

This policy applies to visitors, registered users, event organisers, exhibitors, sponsors, staff using on-site tools (for example lead capture or check-in), and anyone whose personal data we process through the Service.

The Service is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe we have done so, please contact us and we will take steps to delete such information. Where local law sets a higher age for valid consent without parental permission, that age applies.

3. Legal bases (UK GDPR & EU GDPR)

We process personal data only where we have a lawful basis, including:

  • Contract — to provide the Service you have asked for (for example account creation, event registration, ticket purchase, exhibitor tools).
  • Legitimate interests — to operate, secure, and improve the Service, prevent abuse, analyse aggregated usage, and support customers, balanced against your rights (you may object where applicable).
  • Legal obligation — to comply with applicable law, regulation, court orders, or tax and accounting requirements.
  • Consent — where required for optional processing (for example certain marketing cookies or non-essential communications), which you may withdraw at any time.

4. Data we may collect

Depending on how you use the Service, we may process:

  • Identity and account data: name, email address, telephone number, job title, company, password hash, role, and profile details you choose to provide.
  • Event and registration data: events you organise or attend, ticket types, registration forms, dietary or accessibility information you submit, check-in and session attendance where applicable, QR or badge identifiers, and related operational records.
  • Payment data: payment transactions are handled by our payment provider (for example Stripe). We typically receive limited payment metadata (such as transaction status and identifiers), not your full card number.
  • Communications: messages you send us, email delivery and engagement metadata where our systems support it, and service notifications.
  • Technical and usage data: IP address, device type, browser type, approximate location derived from IP, timestamps, pages viewed, diagnostic and security logs, cookies and similar technologies, and install-to-home-screen or similar installation-related signals where supported by the platform.
  • Content you submit: posts, comments, networking requests, documents you upload, and other content processed through event features.
  • Third-party integrations: where an organiser connects integrations (for example email or marketing tools), additional categories may be processed as configured by that organiser; such processing may involve us as processor on their instructions.

5. Purposes of processing

  • Providing accounts, authentication, and access control.
  • Running events: registration, ticketing, attendance, networking, schedules, documents, and organiser dashboards.
  • Processing payments and related customer support.
  • Sending transactional and service emails and, where permitted, marketing.
  • Maintaining security, fraud prevention, abuse detection, and backups.
  • Improving reliability and performance (including aggregated analytics).
  • Complying with law and responding to lawful requests.

6. Cookies and similar technologies

We use cookies and similar technologies that are strictly necessary for the Service to function (for example session and security tokens). Where we use optional analytics or marketing cookies, we will rely on consent where required by law. You can control cookies through your browser settings; blocking strictly necessary cookies may affect functionality.

7. Recipients and processors

We may share personal data with:

  • Hosting and infrastructure providers that run the Service (for example cloud hosting, databases, queues, and storage).
  • Payment processors to complete transactions.
  • Email and communications providers to deliver messages.
  • Professional advisers where required (for example lawyers or accountants).
  • Authorities when required by law or to protect rights, safety, and security.

Processors are bound by contractual terms that require them to protect personal data and process it only on our instructions, except where they are required by law to act independently.

8. International transfers

Your data may be processed in the United Kingdom and/or the EEA, and in other countries where our processors operate. Where we transfer personal data from the UK or EEA to countries not recognised as adequate, we use appropriate safeguards such as the UK International Data Transfer Agreement / Addendum and/or the EU Standard Contractual Clauses, supplemented by technical and organisational measures where appropriate.

9. Retention

We retain personal data only as long as necessary for the purposes described in this policy, including to satisfy legal, accounting, or reporting requirements. Retention periods vary by data type and legal obligations. When data is no longer needed, we delete or anonymise it in line with our internal retention practices.

10. Security

We implement appropriate technical and organisational measures designed to protect personal data against unauthorised access, alteration, disclosure, or destruction. No method of transmission over the Internet is completely secure; we encourage you to use strong passwords and protect your account credentials.

11. Your rights (UK & EEA)

Subject to applicable law, you may have the right to:

  • Access your personal data and receive certain information about processing.
  • Rectify inaccurate data or complete incomplete data.
  • Erase data in certain circumstances (“right to be forgotten”).
  • Restrict processing in certain circumstances.
  • Data portability for data you provided where processing is based on contract or consent and is automated.
  • Object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent at any time, where processing is based on consent, without affecting the lawfulness of processing before withdrawal.
  • Lodge a complaint with a supervisory authority.

In the United Kingdom, the supervisory authority is the Information Commissioner’s Office (ICO): ico.org.uk. In the EEA, you may contact your local data protection authority.

To exercise your rights, contact us using the email address above. We may need to verify your identity before responding. We will respond within one month unless applicable law allows a longer period, in which case we will inform you of any extension.

12. Automated decision-making

We do not use solely automated decision-making that produces legal or similarly significant effects on you within the meaning of UK GDPR / EU GDPR Article 22. If that changes in future, we will update this policy and provide information about logic and your rights.

13. Changes to this policy

We may update this policy from time to time. We will post the updated version on this page and adjust the “Last updated” date. Where changes are material, we will provide additional notice where appropriate (for example by email or in-app notice).

14. Google Play and mobile applications

If you install an Android application for EventApp by Eventista that wraps or connects to this Service (for example a Trusted Web Activity), Google may collect information in accordance with Google’s own privacy policy. This policy describes our processing through the Service; it does not control Google’s processing as platform provider.