Privacy Policy

1. About This Policy

1.1 Definitions

"Personal Data" - information collected from Users that is associated with or can be used to identify a person.

"Services" - PartyEntry's services made available online and through mobile applications.

"Organiser" - event organisers using PartyEntry to create and promote events.

"Consumer" - anyone using PartyEntry to purchase tickets or attend events.

1.2 PartyEntry Entity

2. Types of Personal Data Collected

2.1 Data on All Users

Information Provided by Users:

• Name (first and last)
• Email address
• Phone number
• Account credentials

Information Collected Automatically:

• IP address
• Device identifiers and characteristics
• Browser type and version
• Activity statistics (pages viewed, time spent)
• Approximate location (country/city level)

2.2 Data on Organisers

Organisers provide additional information for Stripe Connect onboarding and payouts:

• Business name and registration number
• Stripe Connect account details
• Contact information and business address
• Identity verification (as required by Stripe)

2.3 Data on Consumers

Consumers provide payment and order information:

• Payment information (processed by Stripe, not stored by PartyEntry)
• Billing name and address
• Order information (tickets purchased, prices paid)
• Custom registration fields (if requested by Organiser)

3. How Personal Data Is Used

Personal Data may be used for the following purposes:

• Provide access to Services and process ticket purchases
• Deliver tickets via email
• Send order confirmations and receipts
• Provide customer support
• Verify identity and prevent fraud
• Facilitate Stripe Connect payments to Organisers
• Improve Content and functionality
• Send marketing communications (with your consent)

4. Disclosure & Transfer of Personal Data

4.1 No Sale of Personal Data

PartyEntry does not sell Personal Data to any third party, including advertisers.

4.4 Service Providers (Categories of Recipients)

PartyEntry shares Personal Data with the following categories of service providers who process data on our behalf:

• Payment Processing Services (Stripe) - Secure payment processing, fraud detection (EU/Ireland and US)
• Database and Hosting Services - Data storage, authentication, and application hosting (EU)
• Email Delivery Services - Transactional email delivery (EU)
• Analytics and Maps Services (Google) - Website analytics with consent and venue location display (US/Global)

Core user data is processed entirely within the EU. For services outside the EU, we use Standard Contractual Clauses and other GDPR safeguards. See our Service Providers page for complete information about categories of service providers we work with.

4.5 Organisers

When Consumers purchase tickets, PartyEntry shares Consumer data with the Organiser. Organisers are independent Data Controllers for this data and responsible for their own privacy practices.

5. Storage and Handling of Personal Data

Your Personal Data is stored securely using:

• Database and hosting services - Data storage and authentication (European Union)
• Payment processing services (Stripe) - Payment data (Ireland/EU and US)
• Email delivery services - Transactional email delivery (European Union)
• Application hosting services - Infrastructure and content delivery (European Union)

Core personal data is processed and stored exclusively within EU data centers. For complete details on our service providers, see our Service Providers page.

Security Measures

• All data transmitted over HTTPS/TLS (encryption in transit)
• Database encryption at rest
• Role-based access controls
• Secure authentication with email verification
• Password hashing using industry-standard algorithms
• Regular security audits

6. Your Control Over Your Personal Data

6.1 Data Subject Rights

Under GDPR and Norwegian law, you have the following rights:

• Right to Access (Article 15): Request a copy of all Personal Data we hold
• Right to Rectification (Article 16): Request correction of inaccurate data
• Right to Erasure (Article 17): Request deletion of your data
• Right to Data Portability (Article 20): Receive your data in machine-readable format
• Right to Object (Article 21): Object to processing or direct marketing

6.2 How to Exercise Your Rights

Registered Users: Log in and visit "Account Settings" or "My Data" page for self-service tools.

All Users: Email privacy@partyentry.com with subject "GDPR Data Subject Request - [Your Request Type]"

We will respond to all valid requests within 30 days as required by GDPR.

7. Retention of Personal Data

PartyEntry retains Personal Data as long as you use the Services. After account closure:

• Financial/Transaction Data: 7 years (Norwegian accounting law - bokføringsloven)
• Legal Claims: 3 years (Norwegian statute of limitations - foreldelsesloven)
• Fraud Prevention: 5 years for platform security
• Anonymized Data: Indefinitely (cannot identify individuals)

8. Cookies & Tracking Technologies

Please refer to our Cookie Statement to learn about our use of cookies and tracking technologies.

9. User Choice

9.2.1 Marketing Communications

You can opt out of marketing communications at any time by:

• Using the "Unsubscribe" link at the bottom of any marketing email
• Adjusting email preferences in Account Settings
• Emailing support@partyentry.com with subject "Unsubscribe from Marketing"

Note: You will still receive transactional emails (tickets, receipts, account notifications) as these are necessary for the Services.

11. Users Under 18

12. Changes to Privacy Policy

PartyEntry reserves the right to update this Privacy Policy. Material changes will be communicated via email and platform notifications at least 30 days before taking effect.

13. Resolving Disputes

If you have a complaint about PartyEntry's privacy practices, please contact:

• Email: privacy@partyentry.com
• Subject: "Privacy Complaint"

We will take reasonable steps to work with you to resolve your complaint within 30 days.

Supervisory Authority

You also have the right to lodge a complaint with the Norwegian Data Protection Authority:

14. International Data Transfers

Core data stays in EU: Most sub-processors operate in Sweden and Ireland, keeping your account data, orders, and events entirely within the EU.

Data Processing Locations:

• Norway: Primary operations, PartyEntry AS entity
• European Union: Core data processing (primary storage)
• United States: Google services (Maps, Analytics) with proper GDPR safeguards including Standard Contractual Clauses and user consent

15. Data Controller vs Data Processor

PartyEntry as Data Controller

For the following activities, PartyEntry decides why and how to process:

• Your user account information
• Platform usage analytics
• Marketing communications
• Service improvement and research

PartyEntry as Data Processor

For the following activities, PartyEntry processes on behalf of Organisers:

• Consumer data collected during ticket purchase
• Custom registration fields requested by Organiser
• Attendee lists and check-in data

When PartyEntry acts as Data Processor, the Organiser is the Data Controller and is responsible for having lawful basis, providing privacy notices, and honouring data subject rights.

16. Your Rights Summary

Response Time: 30 days from valid request | Cost: Free