Privacy Policy

How we collect, use, and protect your data

Effective Date: 13.8.2025 | Last Updated: 18.9.2025

Eventso OÜ (“Eventso”, “we”, “our”, “us”) is committed to protecting the privacy of both our vendors and customers. This Privacy Policy explains how we collect, use, store and protect your personal data when you use our website, platform and services.

1. Who We Are

Eventso OÜ operates an online platform connecting customers with event service vendors in Estonia and the EU.

Data Controller: Eventso OÜ, Harju maakond, Tallinn, Kesklinna linnaosa, Tartu mnt 67/1-13b, 10115.

Contact for privacy requests: info@eventso.com

2. What Data We Collect

We may collect the following types of data:

From Vendors:

  • Name and business name
  • Contact details (email, phone, address)
  • Identification documents (if required for verification or anti‑fraud checks)
  • VAT registration information
  • Stripe account ID and limited payout status information returned by Stripe (we do not store full bank account or card details)
  • Profile images, service descriptions and availability
  • Communication history with customers and Eventso

From Customers:

  • Name and contact details
  • Booking details (services, dates, preferences)
  • Payment information processed securely by Stripe; we receive only limited transaction data and do not store full payment card details
  • Communication history with vendors and Eventso
  • Profile images if provided

Automatically Collected:

  • IP address, browser type, device type
  • Cookies and usage data (see our Cookie Policy)

3. How We Use Your Data

We use your data to:

  • Provide and manage our services
  • Facilitate bookings between customers and vendors
  • Process payments securely via third‑party processors such as Stripe
  • Verify vendor identities and maintain service quality
  • Respond to inquiries and provide customer support
  • Send service updates or promotional content (if consent is given)
  • Comply with legal obligations (tax, accounting, regulatory)

4. Legal Bases for Processing

We process personal data under the following GDPR legal bases:

  • Contract performance (fulfilling bookings and vendor agreements)
  • Consent (marketing communications, certain cookies)
  • Legal obligations (tax, accounting, regulatory requirements)
  • Legitimate interests (fraud prevention, improving services)

5. Data Sharing

We share personal data only when necessary:

  • Between Vendors and Customers when a booking is confirmed
  • With third‑party processors (payment providers such as Stripe, hosting services, analytics providers)
  • With legal authorities when required by law

Stripe and some other providers may transfer data outside the EEA. We ensure that such transfers are protected by appropriate safeguards such as EU Standard Contractual Clauses.

6. Data Retention

We retain personal data only as long as necessary to:

  • Fulfil bookings and contractual obligations
  • Comply with legal and tax requirements (for example, retaining invoices for 7 years as required under Estonian law)
  • Resolve disputes and enforce agreements

After these periods, personal data is securely deleted or anonymised.

7. Your GDPR Rights

You have the right to:

  • Access, correct or delete your personal data
  • Withdraw consent at any time (where processing is based on consent)
  • Request data portability
  • Restrict or object to processing
  • Lodge a complaint with the Estonian Data Protection Inspectorate (aki.ee)

To exercise your rights, contact us at privacy@eventso.com.

8. Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss or alteration. Payment data is processed securely by Stripe and never stored in full on our systems.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be posted on our website with the “Last Updated” date changed.