Privacy Policy
Last updated: March 2026
1. Data Controller
[COMPANY_LEGAL_NAME], located in Barcelona, Spain. Contact: [CONTACT_EMAIL]
2. Data We Collect
Account Data
- Name, email address (from Google sign-in or manual input)
- Birthday, phone number, English level (optional, collected progressively)
Transaction Data
- Ticket purchases, order history, payment amounts
- Attendee information (name, email) for tickets purchased for others
Event Data
- Event registrations, check-in timestamps, event ratings and feedback
Technical Data
- UTM parameters (how you found us)
- Referral source
- Browser type, IP address (server logs)
Cookies
- Language preference (essential)
- Analytics cookies (only with your consent — see Cookie Policy)
3. Why We Process Your Data
| Purpose | Legal Basis (GDPR) |
|---|
| Account creation and authentication | Contract performance |
| Ticket purchases and event registration | Contract performance |
| Event check-in | Legitimate interest |
| Sending event confirmations and reminders | Contract performance |
| Analytics and service improvement | Consent (via cookie banner) |
| Marketing communications | Consent |
| Fraud prevention | Legitimate interest |
4. Data Sharing
We do not sell your personal data. We may share data with:
- Event organizers — attendee lists for events you register for
- Service providers — hosting, email delivery (when implemented)
- Analytics — Google Tag Manager (only with your consent)
- Legal authorities — when required by law
5. Data Retention
- Account data: retained while your account is active, deleted within 30 days of account deletion request
- Transaction data: retained for 5 years for legal/accounting purposes
- Analytics data: retained for 26 months
6. Your Rights (GDPR / Ley 1581)
You have the right to:
- Access — request a copy of your personal data
- Rectification — correct inaccurate data
- Erasure — request deletion of your data ("right to be forgotten")
- Portability — receive your data in a machine-readable format
- Restriction — limit how we process your data
- Object — object to processing based on legitimate interest
- Withdraw consent — at any time for consent-based processing
To exercise these rights, contact us at [CONTACT_EMAIL].
7. International Transfers
Your data may be processed in the EU and Colombia. We ensure appropriate safeguards are in place for any international transfers.
8. Security
We implement appropriate technical and organizational measures to protect your data, including encryption, access controls, and regular security reviews.
9. Children
The Service is not intended for persons under 18 years of age. We do not knowingly collect data from minors.
10. Changes
We may update this policy. We will notify you of significant changes via email or the Service.
11. Contact & Complaints
Contact: [CONTACT_EMAIL]
You may also file a complaint with the Spanish Data Protection Agency (AEPD) or the Colombian Superintendencia de Industria y Comercio (SIC).