GDPR & data protection
Eventira is built for event teams across Europe, so data protection isn’t an afterthought. Here’s exactly how we handle personal data under the EU GDPR (2016/679) — and India’s DPDPA 2023.
Our role: controller vs. processor
When you run an event on Eventira, you are the data controller for your attendees’ data and Eventira is your processor — we process attendee data only on your documented instructions, solely to operate your event.
Eventira’s data controller (for our own website and account data) is Apoorva Agwan, Chief Executive Officer, Eventira Software Pvt. Ltd., Naupada, Thane, Maharashtra, India (CIN: U62090MH2025PTC461233). Reach us at admin@eventira.com.
Your rights
Under the GDPR you can exercise the following rights at any time — email admin@eventira.com and we’ll respond within one month:
- Access — get a copy of the personal data we hold about you.
- Rectification — correct inaccurate or incomplete data.
- Erasure — delete your account and data (see how to delete your account).
- Restriction & objection — limit or object to certain processing.
- Portability — receive your data in a portable format.
What we process & how long
For events, we process only what’s needed: name and email (required), and optionally phone, job title/organisation, professional interests/bio (for networking), and dietary/accessibility needs. No payment data is collected by Eventira. Attendee data is retained for up to 12 months post-event for networking, and deleted sooner on account deletion, erasure request, or your instruction.
Where your data lives & who we use
Your data is hosted in the EU/EEA. We use a small, vetted set of sub-processors, each bound by equivalent data-protection obligations. We give 30 days’ notice before adding or replacing any sub-processor.
| Sub-processor | Purpose | Location |
|---|---|---|
| DigitalOcean (cloud hosting) | Infrastructure & data storage | Amsterdam, Netherlands (EEA) |
| DigitalOcean | Transactional email delivery | Amsterdam, Netherlands (EEA) |
| Eventira (in-house) | Attendee networking & matching | India |
| Google Analytics | Website analytics (consent-gated) | EU/US (Consent Mode) |
Breach notification & transfers
We maintain a tested breach-response procedure and will notify the controller within 72 hours of a confirmed personal-data breach, with full details. Where data is processed outside the EEA, we rely on appropriate safeguards (e.g. Standard Contractual Clauses) and acknowledge DPDPA obligations for Indian residents’ data.
Data Processing Agreement (DPA)
Running an event with us? We’re happy to sign a DPA. Download our standard template to review, or request a countersigned copy.