Effective date: July 1, 2026 · Applies to geteventrix.com and all geteventriX services
geteventriX UAB (“geteventriX”, “we”) provides an event management and ticketing platform. This policy explains what personal data we process, why, and the rights you have over it. It covers two situations: when you use geteventriX directly (as an organizer or attendee with an account) and when your data reaches us because you bought a ticket to an event run by one of our customers.
For account, billing, and website data, geteventriX is the data controller. For attendee data that organizers collect through their events (registration answers, dietary preferences, check-in records), the organizer is the controller and geteventriX acts as a processor on their documented instructions, under a Data Processing Agreement available to all customers.
Account data is kept while your account is active and deleted within 30 days of a deletion request. Ticketing data is retained per the organizer's configured retention policy (default 24 months post-event, after which attendee PII is anonymized in analytics). Financial records are retained for 10 years as required by Lithuanian accounting law.
We never sell personal data. We share it only with sub-processors needed to run the service — hosting (EU region), payment gateways, email/SMS delivery — each bound by data processing terms. The current sub-processor list is available on request and customers are notified 30 days before changes.
Production data is stored in the EU/EEA. Where a sub-processor processes data outside the EEA, transfers rely on adequacy decisions or Standard Contractual Clauses with supplementary measures.
If you attended an event run by an geteventriX customer, we'll route requests to the responsible organizer and assist them in fulfilling your rights.
AES-256 encryption at rest, TLS 1.3 in transit, role-based access control, audit logging of privileged actions, and independent penetration tests twice a year. Details are on our Security page. We notify affected customers of personal data breaches without undue delay and within 72 hours where GDPR requires.
Strictly necessary cookies (session, security) run without consent. Analytics and marketing cookies load only after opt-in via the consent banner, and preferences can be changed at any time from the footer.
Data controller: geteventriX UAB, Vilniaus g. 31, LT-01402 Vilnius, Lithuania. Data protection officer: privacy@geteventrix.com. We answer privacy requests within 30 days.