🔒 Legal

Privacy Policy

Last updated: 29 April 2026

🇪🇺

GDPR Compliant

We comply with the General Data Protection Regulation (GDPR). You have the right to access, correct, or delete your personal data at any time.

1. Data Controller

is the data controller responsible for your personal data. If you have questions about this Privacy Policy, please contact us at the address provided below.

2. Data We Collect

We collect the following categories of personal data:

  • Account data: Name, email address, password (hashed), role.
  • Profile data: Profile photo, date of birth, phone number, bio.
  • Transaction data: Orders, ticket purchases, payment references (not card data).
  • Usage data: Log-in times, pages visited, search queries.
  • Communication data: Messages sent via our contact form.

3. How We Use Your Data

We use your personal data to:

  • Provide and improve our platform services.
  • Process your orders and ticket purchases.
  • Send transactional emails (order confirmations, receipts).
  • Send newsletters if you have opted in (you can unsubscribe at any time).
  • Comply with legal obligations.
  • Prevent fraud and ensure platform security.

4. Legal Basis

We process your data on the legal basis of (a) contract performance when processing your orders; (b) legitimate interests for platform security and fraud prevention; (c) your consent for marketing communications; and (d) legal obligation where required by law.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. Transaction data is retained for 7 years for tax and legal purposes. You may request deletion of your account data at any time.

6. Data Sharing

We do not sell your personal data. We may share data with:

  • Stripe: Payment processing. Stripe's privacy policy applies to payment data.
  • Email providers: For transactional emails only.
  • Legal authorities: When required by law or court order.

7. Your Rights (GDPR)

Under GDPR, you have the following rights:

  • Right of access — Request a copy of your personal data.
  • Right to rectification — Correct inaccurate data.
  • Right to erasure — Request deletion of your data ('right to be forgotten').
  • Right to restrict processing — Ask us to limit how we use your data.
  • Right to data portability — Receive your data in a structured, machine-readable format.
  • Right to object — Object to processing based on legitimate interests.

To exercise any of these rights, contact us at our contact form.

8. Cookies

We use essential cookies for session management, language preference, and security (CSRF protection). No third-party tracking cookies are used. You can disable cookies in your browser settings, but this may affect platform functionality.

9. Security

We implement appropriate technical and organisational measures to protect your personal data, including HTTPS encryption, hashed passwords, and regular security reviews. However, no transmission over the internet is 100% secure.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by a prominent notice on the platform.

11. Contact

For privacy-related queries or to exercise your rights: