Privacy Policy

EventAlbania ("we", "us", or "our") operates the website https://www.eventalbania.com(the "Service"). This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights as a data subject. We are committed to protecting your privacy in accordance with applicable data protection law, including the Albanian Law No. 9887 on Personal Data Protection and principles derived from the General Data Protection Regulation (GDPR).

By using our Service, you acknowledge that you have read and understood this Privacy Policy.

1. Data Controller

The data controller responsible for your personal data is EventAlbania, reachable at privacy@eventalbania.com. All data protection enquiries should be directed to this address.

2. Data We Collect

We collect the following categories of personal data:

• Account data: full name, email address, password (hashed), and optional phone number provided when creating an account.
• Booking data: name, email address, and phone number of each ticket attendee; ticket type and quantity; total amount paid.
• Payment data: payment is processed by Stripe. We receive only a payment confirmation reference and the last four digits of the card used. We never store full card numbers, CVV codes, or bank account details.
• Usage data: IP address, browser type, operating system, pages visited, and timestamps, collected via server logs and analytics tools.
• Communications: the content of any support emails you send to us.

3. Legal Basis for Processing

We process your personal data on the following legal bases:

• Contract performance: processing necessary to provide the ticketing and booking services you requested.
• Legal obligation: processing required to comply with tax, financial, or other regulatory requirements.
• Legitimate interests: processing to improve our platform, prevent fraud, ensure security, and respond to support requests.
• Consent: where you have explicitly opted in, for example to receive marketing communications.

4. How We Use Your Data

• To process ticket bookings and send confirmation emails with PDF tickets and QR codes.
• To manage your account and allow you to view and cancel bookings.
• To process payments and issue refunds through Stripe.
• To communicate with you about your bookings, changes to events, and our policies.
• To detect and prevent fraudulent transactions and abuse of the platform.
• To comply with legal and tax obligations.
• To improve and personalise the Service based on aggregated analytics.

5. Data Sharing

We do not sell your personal data. We share it only in the following circumstances:

• Event organisers: we share the name, email, and phone number of attendees with the organiser of the event you have booked, for the purpose of event management and check-in.
• Stripe: payment data is shared with Stripe, Inc. for payment processing. Stripe operates under its own privacy policy and is certified to PCI DSS Level 1 standards.
• Supabase: our hosting and database infrastructure provider processes data on our behalf under a data processing agreement.
• Legal authorities: we may disclose data when required by law, court order, or to protect the rights and safety of EventAlbania or others.

6. Data Retention

We retain account data for as long as your account remains active. Booking and transaction data is retained for a minimum of seven years to comply with financial and tax record-keeping obligations. Usage logs are retained for up to 12 months. You may request deletion of your account at any time (see Section 8); however, data subject to legal retention obligations cannot be erased until those periods expire.

7. Cookies and Tracking

We use strictly necessary cookies to maintain your authenticated session and to protect against cross-site request forgery. We do not use third-party advertising cookies. We may use first-party analytics to understand aggregate usage patterns; these analytics are processed without identifying individual users. You can control cookie behaviour through your browser settings; disabling session cookies will prevent you from signing in.

8. Your Rights

You have the following rights in relation to your personal data:

• Right of access: you may request a copy of the personal data we hold about you.
• Right to rectification: you may request correction of inaccurate or incomplete data.
• Right to erasure: you may request deletion of your personal data, subject to legal retention obligations.
• Right to restriction: you may request that we limit processing of your data in certain circumstances.
• Right to data portability: you may request your data in a structured, machine-readable format.
• Right to object: you may object to processing based on our legitimate interests.
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@eventalbania.com. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Albanian Information and Data Protection Commissioner.

9. Security

We implement appropriate technical and organisational security measures including HTTPS encryption for all data in transit, hashed password storage using industry-standard algorithms, row-level security policies on our database, and restricted access to production systems. Despite these measures, no internet transmission is entirely secure and we cannot guarantee absolute security.

10. International Data Transfers

Your data may be processed in countries outside Albania, including within the European Economic Area and the United States (for Stripe and Supabase). Where data is transferred outside the EEA, we rely on adequacy decisions or standard contractual clauses to ensure adequate protection.

11. Minors

Our Service is not directed at children under the age of 16. We do not knowingly collect personal data from persons under 16. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date above and, where appropriate, notify registered users by email. Continued use of the Service after changes are published constitutes acceptance of the revised policy.

13. Contact

For any questions or concerns about this Privacy Policy or your personal data, please contact us at privacy@eventalbania.com.