Privacy Policy

GUEST PASS LTD ("GuestPass", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our event management platform and services.

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, phone number, password, and organization details
• Registration Data: Guest information including names, contact details, dietary requirements, accessibility needs
• Payment Information: Payment card details, billing address, and transaction history
• Event Information: Event details, preferences, schedules, and custom registration fields
• Communications: Messages, support requests, and feedback you send to us
• Documents: Files and documents you upload or share through our platform

1.2 Information Collected Automatically

• Usage Data: Pages viewed, features used, time spent, and interaction patterns
• Device Information: IP address, browser type, operating system, device identifiers
• Location Data: Approximate location based on IP address
• Cookies and Tracking: Session data, preferences, and analytics information
• QR Code Scans: Check-in times, locations, and verification data
• Wristband Data: Access control events, activation interactions, and usage patterns

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain our event management services
• Process registrations, tickets, and payments
• Send event notifications, updates, and communications
• Manage check-ins, access control, and wristband activations
• Provide guest dashboards and document distribution
• Customize and personalize your experience
• Analyze usage and improve our services
• Detect, prevent, and address technical issues or fraud
• Comply with legal obligations and enforce our terms
• Send marketing communications (with your consent)

3. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on:

• Contract Performance: Processing necessary to provide services you've requested
• Legitimate Interests: Operating and improving our platform, fraud prevention, security
• Legal Obligations: Compliance with applicable laws and regulations
• Consent: Marketing communications and optional features (withdrawable at any time)

4. Information Sharing and Disclosure

4.1 Event Organizers

Guest information is shared with the event organizers who create and manage events. Event organizers are independent data controllers responsible for their use of guest data.

4.2 Service Providers

We share information with trusted third-party service providers who assist us in:

• Cloud hosting and infrastructure services
• Payment processing and fraud prevention
• Email and communication delivery
• Analytics and performance monitoring
• Customer support and ticketing systems

4.3 Legal Requirements

We may disclose information when required by law, legal process, or to:

• Comply with legal obligations
• Protect our rights, property, or safety
• Prevent fraud or security issues
• Respond to government requests

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5. International Data Transfers

As we operate globally, your information may be transferred to and processed in countries outside your country of residence, including countries that may not have the same data protection laws. We implement appropriate safeguards, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions for certain countries
• Privacy Shield frameworks where applicable
• Strong technical and organizational security measures

6. Data Retention

We retain your information for different periods depending on the type of data:

• Account Data: Retained while your account is active, plus a reasonable period for legal compliance
• Event Data: Retained as long as needed for the event and post-event purposes, typically 1-3 years
• Payment Records: Retained for 7 years for tax and accounting purposes
• Guest Registration Data: Retained as determined by event organizers, with deletion options available
• Analytics Data: Aggregated and anonymized data may be retained indefinitely
• Legal Records: Retained as required by applicable laws and regulations

You may request deletion of your data subject to legal retention requirements. Event organizers control retention of guest data for their events.

7. Your Rights and Choices

7.1 GDPR Rights (EU/UK Residents)

• Right of Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restriction: Limit how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for marketing
• Right to Withdraw Consent: Withdraw consent for processing at any time
• Right to Lodge a Complaint: Contact your local data protection authority

7.2 CCPA Rights (California Residents)

• Right to Know: Request disclosure of personal information collected, used, and shared
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of sale of personal information (we do not sell personal data)
• Right to Non-Discrimination: Equal service and pricing regardless of privacy choices

7.3 General Rights

• Account Settings: Update your account information and preferences
• Communication Preferences: Opt-out of marketing emails via unsubscribe links
• Cookie Settings: Manage cookies through your browser settings
• Account Deletion: Request deletion of your account and associated data

To exercise your rights, contact us using the information at the end of this policy. We will respond to your request within 30 days (or as required by applicable law).

8. Data Security

We implement enterprise-grade security measures to protect your information, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Regular security audits and vulnerability assessments
• Access controls and authentication mechanisms
• Secure payment processing through certified providers
• Employee training on data protection and security
• Incident response and breach notification procedures

However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain your session and authentication state
• Remember your preferences and settings
• Analyze usage and improve our services
• Provide personalized content and features

You can control cookies through your browser settings. Disabling cookies may limit functionality of certain features.

10. Children's Privacy

Our services are not directed to children under 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will delete such information.

For events involving minors, event organizers are responsible for obtaining appropriate parental consent and complying with applicable children's privacy laws.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last Updated" date. For significant changes, we will provide additional notice (such as email notification).

Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For GDPR-related inquiries, you may also contact your local data protection authority.