HomeAboutPricingEventsContact

Privacy Policy

GDPR & CCPA Compliant - Our commitment to protecting your personal information

Last updated: October 27, 2025 | Effective Date: October 27, 2025
🇪🇺 GDPR Compliant | 🇺🇸 CCPA Compliant | 🌍 International Privacy Standards

🛡️Introduction

Pix Event is committed to protecting your privacy and personal information in accordance with the General Data Protection Regulation (GDPR) for European users, the California Consumer Privacy Act (CCPA) for California residents, and applicable international privacy laws.

This privacy policy explains how we collect, use, store, and protect your information when you use our services. We act as the Data Controller under GDPR and are responsible for ensuring your data rights are respected.

Your Consent: By using our services, you provide explicit consent to the processing of your personal data as described in this policy. You may withdraw your consent at any time.

⚖️Legal Basis for Processing (GDPR Article 6)

Consent (Article 6(1)(a))

  • • Photo processing and facial recognition
  • • Marketing communications
  • • Analytics and personalization
  • • Third-party integrations

Contractual Necessity (Article 6(1)(b))

  • • Account creation and management
  • • Service delivery and support
  • • Payment processing
  • • Event management features

Legitimate Interest (Article 6(1)(f))

  • • Security and fraud prevention
  • • System optimization
  • • Customer support
  • • Business analytics

Legal Obligation (Article 6(1)(c))

  • • Tax and accounting records
  • • Regulatory compliance
  • • Legal proceedings
  • • Data breach notifications

📊Information We Collect

Personal Information

  • Name and email: When you register an account
  • Phone number: For contact and verification
  • Event information: Name, description, date
  • Uploaded photos: Event photos and search images

Automatic Information

  • IP address: For security and analytics
  • Browser information: Type, version, language
  • Usage data: Pages visited, time spent
  • Cookies: To improve experience

Sensitive Information

  • Biometric data: Faces in photos
  • Geographic location: From photo metadata (if any)
  • Financial information: During payment

🔧How We Use Information

Core Services

  • • Provide photo search services
  • • Manage events and albums
  • • Process payments
  • • Customer support

Service Improvement

  • • Analytics and optimization
  • • Develop new features
  • • Enhance user experience
  • • Ensure security

Communication

  • • Send important notifications
  • • Service updates
  • • Promotions and offers
  • • Technology news

Legal & Security

  • • Comply with legal regulations
  • • Prevent fraud
  • • Protect user rights
  • • Investigate security incidents

🤝Data Sharing

Security Commitment

We commit to not selling, renting, or sharing your personal information with third parties for commercial purposes.

⚠️ Information is only shared in the following specific cases:

🏢Service Partners

  • • Payment providers
  • • Cloud storage services
  • • Analytics providers
  • • Email marketing services

*All partners are bound by strict confidentiality agreements

⚖️Legal Requirements

  • • Court orders
  • • Law enforcement requests
  • • Investigation of illegal activities
  • • Protection of rights and property

🔒Data Security

Security Measures

  • SSL/TLS encryption for all data transmission
  • Encryption of sensitive data in database
  • Multi-factor authentication for admin accounts
  • 24/7 monitoring and intrusion detection

Storage & Backup

  • 📁Storage at reputable data centers
  • 💾Regular and automatic backups
  • 🔄Redundancy and disaster recovery
  • Storage according to regulatory timelines

⚖️Your Privacy Rights (GDPR & CCPA)

🇪🇺 GDPR Rights (EU Residents)

Right of Access (Article 15)

Request a copy of your personal data and information about processing

Right to Rectification (Article 16)

Correct inaccurate or incomplete personal data

Right to Erasure (Article 17)

“Right to be forgotten” - request deletion of your data

Right to Restrict Processing (Article 18)

Limit how we process your personal data

Right to Object (Article 21)

Object to processing based on legitimate interests

Right to Deletion

Request deletion of account and personal data

Right to Restriction

Limit how we use your data

Right to Object

Refuse data processing for marketing purposes

Right to Data Portability (Article 20)

Receive your data in a structured, machine-readable format

🇺🇸 CCPA Rights (California Residents)

Right to Know

Know what personal information we collect, use, share, or sell

Right to Delete

Request deletion of personal information we have collected

Right to Opt-Out

Opt out of the sale of personal information (we do not sell data)

Right to Non-Discrimination

Equal service and pricing regardless of privacy choices

📧 How to Exercise Your Rights

To exercise any of these rights, contact us at [email protected] or use our Data Subject Request form.

Response Time:
  • • GDPR: Within 30 days (extendable to 60 days)
  • • CCPA: Within 45 days (extendable to 90 days)
Verification Required:
  • • Identity verification for security
  • • Account ownership confirmation
  • • Additional information may be requested

Data Retention

Data TypeRetention PeriodNotes
Account informationUntil account deletionCan request deletion at any time
Event photosAccording to service plan1-24 months depending on plan
Search data30 daysAutomatically deleted after 30 days
System logs90 daysFor security and analysis
Payment information7 yearsAccording to legal requirements

👶Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children.

If we discover that we have collected information from children, we will delete it immediately and notify parents.

🌍International Data Transfers (GDPR Chapter V)

Cross-Border Data Processing

Your data may be transferred and processed in countries outside the European Economic Area (EEA), including the United States, Singapore, and other locations where our service providers operate.

Primary Locations:

  • • 🇺🇸 United States (AWS, Google Cloud)
  • • 🇸🇬 Singapore (Regional Data Centers)
  • • 🇩🇪 Germany (EU Data Residency Option)
  • • 🇮🇪 Ireland (EU Operations)

Transfer Safeguards:

  • • EU Standard Contractual Clauses (SCCs)
  • • Adequacy Decisions (where applicable)
  • • Binding Corporate Rules (BCRs)
  • • Additional security measures

GDPR Transfer Mechanisms

Standard Contractual Clauses (Article 46(2)(c)):

We use EU-approved Standard Contractual Clauses for transfers to third countries without adequacy decisions.

Adequacy Decisions (Article 45):

For countries with EU adequacy decisions, data flows freely with equivalent protection levels.

Additional Safeguards:

Technical and organizational measures including encryption, access controls, and data minimization.

EU Data Residency Option

Enterprise customers can request EU-only data residency. Contact[email protected]to discuss data localization requirements for your organization.

📝Policy Updates

We may update this privacy policy from time to time to reflect changes in our service or legal requirements.

Any significant changes will be notified via email or website notification. We encourage you to review this policy periodically.

👨‍💼Data Protection Officer & Regulatory Contact

Data Protection Officer (DPO)

Email: [email protected]

Postal Address:
Data Protection Officer
Pix Event
[EU Representative Address]
Dublin, Ireland

Our DPO is available to answer questions about data processing and your privacy rights.

Supervisory Authority Rights

🇪🇺 EU Residents: You have the right to lodge a complaint with your local supervisory authority if you believe your data rights have been violated.

🇺🇸 US Residents: California residents can contact the California Attorney General for CCPA-related concerns.

Find your local authority at:EDPB Members List

🚨Data Breach Procedures

Our Commitment to Breach Response

GDPR Compliance (Article 33-34):

  • • Supervisory authority notification within 72 hours
  • • Individual notification without undue delay if high risk
  • • Detailed breach documentation and impact assessment
  • • Immediate containment and remediation measures

Our Response Process:

  • • 24/7 incident response team activation
  • • Immediate security assessment and containment
  • • Transparent communication with affected users
  • • Regulatory reporting as required by law

Report security concerns immediately to: [email protected]

Contact Information

Privacy Inquiries:
[email protected]
Data Protection Officer:
[email protected]
Security Concerns:
[email protected]

By using our service, you provide explicit consent to this privacy policy. Your consent can be withdrawn at any time by contacting us.

This policy is compliant with GDPR (EU) 2016/679, CCPA, and applicable international privacy laws.