Privacy & Cookie Policy

1. Who does this policy apply to?

This policy applies to visitors to Bilbaro's websites, organisers, organiser users, ticket buyers and attendees, recipients of tickets, support contacts and other individuals interacting with Bilbaro in connection with the platform, support, marketing or operations.

To make the processing more precise, Bilbaro typically works with the following categories of data subjects: organisers, organiser users, ticket buyers and attendees, recipients of tickets, support and contact persons and website visitors.

Where an organiser uses Bilbaro to collect and manage attendee information, the organiser is the controller for the event-specific processing. Bilbaro is the processor for the processing required to operate the event through the platform. For Bilbaro's own account, security, support, analytics, payment, marketing and website purposes, Bilbaro acts as an independent data controller.

2. Controller and contact details

The controller for Bilbaro's own processing activities is P.C. Service ApS, company registration no. 41636238, Bogfinkevej 6, 8370 Hadsten, Denmark, email: support@bilbaro.com.

You can contact Bilbaro regarding questions about personal data processing at support@bilbaro.com.

Bilbaro has not appointed a Data Protection Officer, but can be contacted via the contact details above.

3. What data we process

Bilbaro may process ordinary personal data such as name, email address, telephone number, company information, login information, account role, communication history, support requests and technical information relating to the use of the platform.

If you are an organiser or organiser user, Bilbaro may also process account information, company information, user roles, configuration data, communication, support history, transaction and settlement data and information necessary for compliance, security and payment purposes.

If you are a ticket buyer, attendee or recipient of a ticket, Bilbaro may also process information such as order number, ticket or registration details, responses in form fields, check-in data, attendee status, communication linked to the event and relevant transaction information.

If you are a website visitor or support contact, Bilbaro may furthermore process information about your device and use of our websites and platform, including IP address, browser type, timestamps, session data, log data, language selection, cookie identifiers and information about the pages and functions you have used.

Card data and other sensitive payment data are generally processed by Bilbaro's connected payment providers. Bilbaro usually only receives the transaction and settlement information necessary to complete the order, record it and handle support, security, refunds and chargebacks.

4. Data sources

Bilbaro collects personal data directly from you, from organisers, from connected payment providers, from your actions on the platform and website and from any integrations or third-party services used in connection with the operation of the platform.

Data may therefore originate from information you enter yourself, information registered by the organiser in connection with the event, technical log and cookie data, transaction data from the payment flow and information from integrations where relevant.

5. Purposes and legal bases

Bilbaro processes personal data in order to provide the platform, create and manage accounts, handle registrations and ticket purchases, send tickets, receipts and operational messages and provide support. This processing is typically necessary for the performance of a contract or to take steps at your request prior to entering into a contract, see GDPR Article 6(1)(b).

Bilbaro also processes personal data to comply with legal obligations, including accounting, security, documentation, handling disputes, requirements from payment providers and authorities and other statutory obligations. This processing takes place under GDPR Article 6(1)(c).

Bilbaro may also process data based on legitimate interests, including to protect the platform against misuse, prevent fraud, improve functionality, analyse usage, document incidents, keep support history and ensure stable operations. This processing takes place under GDPR Article 6(1)(f).

Where Bilbaro uses non-essential cookies, sends marketing communications or carries out other processing that requires consent, the legal basis is your consent under GDPR Article 6(1)(a). You can withdraw consent at any time.

6. Organisers, attendees and processor role

If you register for or purchase a ticket to an event through Bilbaro, the organiser is the controller for the event content, attendee communications, any extra form fields, refund policy and the event-specific processing of attendee data.

Bilbaro is the processor for the processing necessary to provide the platform, manage registrations, handle check-in, reporting, communication and other event operations on behalf of the organiser.

Bilbaro is at the same time an independent controller for its own purposes such as account security, payment flows, operational logging, fraud prevention, analytics, support, marketing and compliance with legal obligations.

Attendees should therefore review both this policy and the information made available on the relevant event page, checkout or by the organiser.

7. Who we share data with

Bilbaro does not sell personal data. We may however share data with relevant recipients where necessary to provide and operate the platform.

This may include hosting and infrastructure providers, payment providers, email and SMS delivery providers, analytics and security tools, support and communication providers, auditors and advisers and public authorities where required by law.

Where Bilbaro processes data on behalf of organisers, data may also be made available to the relevant organiser and its authorised users. Where an attendee contacts Bilbaro regarding a specific event, Bilbaro may where relevant forward the request to the organiser.

8. Transfers outside the EU/EEA

Bilbaro may use suppliers or group-related partners processing data outside the EU/EEA. In such cases Bilbaro seeks to ensure a lawful transfer basis and an adequate level of protection, including by using the European Commission's Standard Contractual Clauses or another valid transfer mechanism.

You may contact Bilbaro for further information about the transfer mechanism used.

9. Retention and deletion

Bilbaro stores personal data for as long as necessary for the purposes for which it was collected and for as long as needed to perform agreements, document actions, handle disputes, prevent misuse and comply with legal requirements.

Accounting and transaction records are generally stored for up to 5 years from the end of the financial year to which the material relates, to the extent required by law.

Support requests and support history are generally retained for up to 24 months after the latest relevant contact unless longer retention is necessary for documentation, disputes or security purposes.

Log, access and security data are generally retained for up to 12 months unless required for fraud investigations, misuse cases, security incidents or requirements from authorities or payment providers.

Account data may after account closure be stored for a limited period, typically up to 24 months, where necessary for reactivation, documentation, security or handling of claims. After that the data is deleted or anonymised unless the law requires longer retention.

Consent logs, unsubscribe records and evidence of marketing choices may be retained for up to 5 years for documentation of consent and opt-out status.

Account, event and attendee data processed by Bilbaro on behalf of organisers are retained in accordance with the relevant agreement, selected solution, organiser instructions and applicable law. Where relevant, data may be exported or deleted according to the agreed retention model.

10. Security

Bilbaro maintains appropriate technical and organisational security measures to protect personal data against unauthorised access, loss, alteration, misuse or unlawful disclosure. Access to personal data is limited to persons with a legitimate need to process it.

No solution can however be guaranteed to be 100% secure, and transmission of information over the internet therefore always involves an inherent level of risk.

11. Marketing

Bilbaro may send its own operational and informational emails and, where there is a lawful basis, its own marketing emails about the platform, features, updates and relevant services. Event or registration-related communications are typically sent on behalf of the organiser or according to the organiser's setup.

You can unsubscribe from marketing emails at any time through the unsubscribe link in the email or by contacting Bilbaro. Unsubscribing does not affect necessary operational messages relating to your account, purchases, tickets or security.

12. Automated decisions and profiling

Bilbaro may use automated checks for fraud detection, risk assessment, abuse prevention, security monitoring and technical segmentation of the use of the platform. These checks may, for example, be used to detect unusual behaviour, protect payments and secure platform operations.

As a rule, Bilbaro does not make automated decisions producing legal effects or similarly significant effects for you without relevant human review.

13. Your rights

Under data protection law you generally have the right of access, rectification, erasure, restriction of processing, data portability and the right to object to certain processing. Where processing is based on consent, you may withdraw consent at any time.

You also have the right to object to processing based on Bilbaro's legitimate interests.

If you wish to exercise your rights, you may contact Bilbaro at support@bilbaro.com. If your request concerns a specific event, Bilbaro may in relevant cases refer you to the organiser or coordinate the response with the organiser.

You also have the right to lodge a complaint with the relevant data protection authority if you believe that the processing of your personal data is not compliant with applicable law. In Denmark, see www.datatilsynet.dk.

14. Cookies

Bilbaro may use necessary cookies, preference cookies, statistics cookies and marketing cookies. More detailed information about the specific cookies, purposes, providers and retention periods is available in Bilbaro's cookie solution, cookie banner or separate cookie overview.

Necessary cookies are used to make the website and platform function, including login, security, session handling, language selection and basic technical functions. These cookies are typically set by Bilbaro or Bilbaro's technical providers and are stored for the current session or for a limited period, typically up to 12 months.

Preference cookies are used to remember your choices, such as language or other user settings. They are typically stored for up to 12 months unless deleted earlier.

Statistics cookies are used to understand the use of the website and platform, measure traffic and improve features. Where these cookies are used, this normally only happens on the basis of your consent, and they are typically stored from the session and up to 24 months depending on the specific cookie and provider.

Marketing cookies are used to measure the effect of campaigns, segment audiences and show more relevant messages. Where such cookies are used, they are typically set by Bilbaro or relevant third-party providers disclosed in the cookie solution or cookie banner, and they may be stored from shorter periods and up to 24 months depending on purpose and provider.

Where Bilbaro uses analytics, functionality or marketing cookies that are not strictly necessary, this is based on your consent where required by law. You can always change cookie settings in your browser and, where relevant, through Bilbaro's cookie solution or cookie banner. Please note that blocking necessary cookies may cause parts of the website or platform not to function properly.

15. Changes to this policy

Bilbaro may update this Privacy & Cookie Policy where necessary due to changes in legislation, practice, platform features, payment infrastructure or the way Bilbaro provides its services. The version currently in force will be published on this page.

16. Contact

If you have questions about this Privacy & Cookie Policy or Bilbaro's processing of personal data, you may contact Bilbaro at support@bilbaro.com.