Privacy Policy

Last updated: April 14, 2026

This Privacy Policy explains how Eventopia (operated by Laraben BV) collects, uses, and protects your personal data when you use our event-management platform at eventopia.be. This policy is written in English; Dutch (Nederlands) and French (Français) versions are coming soon.

1. Data Controller

Laraben BV
Belgium
KBO / BTW: BE 0756.758.069
Email: [email protected]

Laraben BV is the data controller for all personal data processed through the Eventopia platform, except where another organizer acts as an independent controller for their own event (e.g. attendee lists, private event communications).

2. What Data We Collect

• Account data: name, email address, password hash, phone number (optional).
• Profile data: organization, role (organizer, customer, provider, venue, agency), profile picture.
• Payment data: billing address, invoice details, payment method metadata. Card numbers are never stored on our servers — they are processed directly by Stripe and Mollie.
• Event attendance data: tickets purchased, entry/scan timestamps, check-in status.
• Cashless wallet / RFID data: top-up transactions, bar purchases, refund history, wristband token identifiers.
• Communication data: messages exchanged between organizers, artists, venues, and customers through in-platform messaging.
• Technical data: IP address, browser type, device identifiers, pages visited, referrer.
• Cookies: see section 8.

3. Legal Basis for Processing

• Contract (art. 6.1.b GDPR): creating your account, processing ticket orders, delivering tickets, running cashless payments at events.
• Legal obligation (art. 6.1.c): invoicing, VAT compliance, anti-fraud checks, retention of financial records.
• Consent (art. 6.1.a): marketing communications, non-essential cookies, analytics. You may withdraw consent at any time.
• Legitimate interest (art. 6.1.f): platform security, abuse prevention, service improvement.

4. Retention Periods

• Account data: kept while your account is active. Deleted within 90 days after account closure, unless retention is required for legal reasons.
• Order, invoice and payment records: 7 years (Belgian accounting law).
• Ticket and scan logs: 24 months after the event.
• RFID / wallet transactions: 24 months (for refund support and dispute handling).
• Marketing consent data: until you unsubscribe, plus 24 months for proof of consent.
• Server logs and security events: 12 months.

5. Third-Party Processors

We share personal data only with processors bound by a data-processing agreement:

• Stripe Payments Europe, Ltd. — card payments. Stripe privacy policy
• Mollie B.V. — iDEAL, Bancontact and European payment methods. Mollie privacy policy
• Cloudflare, Inc. — CDN, DDoS protection, DNS. Cloudflare privacy policy
• Hetzner Online GmbH — server hosting (EU-based). Hetzner privacy policy

We do not sell personal data. We do not transfer personal data outside the EEA except where covered by Standard Contractual Clauses or an adequacy decision.

6. Your Rights Under GDPR

You have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate or incomplete data.
• Erasure ("right to be forgotten") — subject to legal retention obligations.
• Restriction of processing in certain circumstances.
• Data portability — receive your data in a structured, machine-readable format.
• Object to processing based on legitimate interest or for direct marketing.
• Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, email [email protected]. We respond within 30 days.

7. Cookie Policy

Eventopia uses cookies and similar technologies for three purposes:

• Essential / session cookies: required for login, checkout, CSRF protection. These cannot be disabled.
• Analytics cookies: anonymized visit statistics. Loaded only after consent.
• Payment provider scripts: Stripe and Mollie may set cookies on checkout pages for fraud prevention. These are covered by their respective privacy policies.

You can manage your preferences via the cookie consent banner at the bottom of the page or by clearing your browser storage.

8. Contact & Data Protection Officer

For privacy questions, data access requests, or complaints:
[email protected]

9. Supervisory Authority

If you believe your privacy rights have been violated, you can lodge a complaint with the Belgian Data Protection Authority:

Gegevensbeschermingsautoriteit (GBA / APD)
Drukpersstraat 35, 1000 Brussel
Email: [email protected]
Website: gegevensbeschermingsautoriteit.be

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or an in-platform notice. The "Last updated" date at the top of this page always reflects the current version.