GDPR Compliance
Last updated: 12/7/2025
Connecty is committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR). This page explains how we meet GDPR requirements and outlines your rights as a data subject.
Our GDPR Commitment
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that applies to organizations processing personal data of individuals in the European Union (EU) and European Economic Area (EEA).
Connecty complies with GDPR requirements through:
- Lawful, fair, and transparent data processing
- Purpose limitation - collecting data only for specified purposes
- Data minimization - collecting only necessary data
- Accuracy - keeping personal data accurate and up to date
- Storage limitation - retaining data only as long as necessary
- Integrity and confidentiality - implementing appropriate security measures
- Accountability - demonstrating compliance with GDPR principles
Legal Basis for Processing
We process personal data only when we have a valid legal basis. Our legal bases include:
Contractual Necessity
Processing necessary to fulfill our contract with you:
- Creating and managing your account
- Processing ticket purchases and venue bookings
- Facilitating event registrations
- Processing payments and issuing refunds
- Providing customer support
- Delivering services you requested
Legal Obligation
Processing required to comply with legal obligations:
- Maintaining financial records for tax purposes
- Complying with anti-money laundering regulations
- Responding to legal requests and court orders
- Maintaining records for regulatory compliance
Legitimate Interests
Processing necessary for our legitimate interests (where not overridden by your rights):
- Improving our platform and services
- Detecting and preventing fraud and security threats
- Conducting analytics to understand user behavior
- Marketing our services to existing customers
- Managing business operations
Consent
Processing based on your explicit consent:
- Marketing communications to non-customers
- Certain cookies and tracking technologies
- Processing special category data (when applicable)
- Sharing data with third parties beyond what's necessary for services
You can withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.
Your GDPR Rights
Under GDPR, you have the following rights regarding your personal data:
Right to Access
You have the right to request:
- Confirmation that we process your personal data
- Access to your personal data
- Information about how we use your data
- Details of who we share your data with
- How long we retain your data
You can access much of your personal data directly through your account settings. For a complete copy, contact us at gdpr@connecty.com
Right to Rectification
You have the right to:
- Correct inaccurate personal data
- Complete incomplete personal data
You can update most information through your account settings. For other corrections, contact our support team.
Right to Erasure ("Right to be Forgotten")
You have the right to request deletion of your personal data when:
- The data is no longer necessary for its original purpose
- You withdraw consent (where processing was based on consent)
- You object to processing and there are no overriding legitimate grounds
- The data was unlawfully processed
- Deletion is required to comply with a legal obligation
Note: We may retain certain data if required by law or for legitimate purposes (e.g., financial records, fraud prevention, dispute resolution).
Right to Restriction of Processing
You have the right to restrict processing when:
- You contest the accuracy of your personal data
- Processing is unlawful but you don't want erasure
- We no longer need the data but you need it for legal claims
- You've objected to processing pending verification of legitimate grounds
Right to Data Portability
You have the right to:
- Receive your personal data in a structured, commonly used format
- Transmit your data to another controller
- Have your data transmitted directly to another controller (where technically feasible)
This right applies to data you provided based on consent or contract, and processed by automated means.
Right to Object
You have the right to object to:
- Processing based on legitimate interests or public interest
- Direct marketing (including profiling)
- Processing for scientific, historical, or statistical purposes
Rights Related to Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing (including profiling) that produces legal effects or significantly affects you.
Connecty uses limited automated decision-making for:
- Fraud detection and prevention
- Event recommendations
- Pricing optimization for organizers
You can request human intervention, express your point of view, and contest automated decisions.
How to Exercise Your Rights
To exercise your GDPR rights, you can:
1. Use Your Account Settings
Access, update, or download your personal data directly through your Connecty account dashboard.
2. Contact Our Data Protection Team
Email: gdpr@connecty.com
Include: Your name, email address, description of your request, and proof of identity
3. Submit a Written Request
Mail to: Connecty Data Protection Officer, [Your Business Address]
Response Time
We will respond to your request within one month of receipt. This may be extended by two additional months for complex requests, and we'll inform you of any extension within the first month.
International Data Transfers
As a global platform, Connecty may transfer personal data outside the EU/EEA. We ensure adequate protection through:
- Standard Contractual Clauses (SCCs): EU Commission-approved contractual terms with data recipients
- Adequacy Decisions: Transfers to countries deemed to have adequate data protection
- Binding Corporate Rules: Internal policies for intra-group transfers
- Appropriate Safeguards: Technical and organizational measures to protect transferred data
Data Protection Officer (DPO)
We have appointed a Data Protection Officer to oversee our GDPR compliance:
Email: dpo@connecty.com
Mail: Data Protection Officer, Connecty, [Your Business Address]
Responsibilities: Monitoring compliance, advising on data protection, serving as contact point for supervisory authorities and data subjects
Data Security Measures
We implement appropriate technical and organizational measures to ensure data security:
- Encryption of data in transit (TLS/SSL) and at rest
- Pseudonymization and anonymization where appropriate
- Access controls and authentication mechanisms
- Regular security testing and vulnerability assessments
- Employee training on data protection
- Incident response and breach notification procedures
- Regular backups and disaster recovery planning
For more details, see our Security Policy.
Data Breach Notification
In the event of a personal data breach that poses a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours of becoming aware
- Notify affected individuals without undue delay if there's a high risk
- Provide clear information about the breach and our response
- Take measures to mitigate the breach and prevent future incidents
Privacy by Design and Default
We implement privacy by design and default principles:
- Privacy considerations integrated into product development
- Data protection impact assessments (DPIAs) for high-risk processing
- Privacy-friendly default settings
- Minimal data collection by default
- Pseudonymization and anonymization where possible
- Regular reviews of data processing activities
Third-Party Processors
We work with carefully selected third-party processors who comply with GDPR:
- Written data processing agreements with all processors
- Regular audits and assessments of processor compliance
- Ensuring processors implement appropriate security measures
- Processors only process data on our documented instructions
See our Privacy Policy for a list of our key data processors.
Children's Data
Connecty is not directed to children under 16. We do not knowingly process data of children without parental consent. If we become aware of such processing, we will delete the data promptly.
Right to Lodge a Complaint
If you believe we have not complied with GDPR, you have the right to lodge a complaint with a supervisory authority. We encourage you to contact us first so we can address your concerns.
You can find your local supervisory authority at:
Record of Processing Activities
We maintain records of our processing activities as required by GDPR Article 30. These records include:
- Purposes of processing
- Categories of data subjects and personal data
- Categories of recipients
- International transfers
- Retention periods
- Security measures
These records are available to supervisory authorities upon request.
Updates to GDPR Practices
We regularly review and update our GDPR compliance practices. Material changes will be communicated through:
- Updates to this page with a new "Last updated" date
- Email notifications to registered users
- Prominent notices on our platform
Contact Information
For questions about our GDPR compliance or to exercise your rights:
GDPR Requests: gdpr@connecty.com
Data Protection Officer: dpo@connecty.com
Data Controller: Connecty [Legal Entity Name]
Address: [Your Business Address]
Related Policies and Information