PaySeats.

Legal Center

Official legal documentation for the PaySeats platform. This section outlines our policies, user agreements, and commitment to regulatory compliance and data protection.

Last Updated: July 27, 2025

1. General Information

In accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR), this Privacy Policy describes how your personal data is processed by PaySeats.

Data Controller:

  • Company Name: PaySeats Europe, S.L.
  • VAT ID: B22704407
  • Registered Address: Calle Camí d'es Castell 261, 2º 3ª, 07702 Mahón, Balearic Islands, Spain
  • Contact Email: info@payseats.com
  • Data Protection Officer (DPO): dpo@payseats.com

2. Categories of Personal Data We Process

2.1. For Event Organizers

  • Identity Data: Full name or business name, fiscal address, country of residence, and VAT ID (if applicable).
  • Contact Data: Email address and phone number.
  • Payment Data: Bank account information for payouts, managed via our payment provider (Stripe Connect).
  • Technical Data: IP addresses, logs, activity metadata, and platform usage data to ensure security and improve our service.

2.2. For Event Attendees

  • Identity Data: Full name.
  • Contact Data: Email address.
  • Transaction Data: Purchase information (event, date, ticket type) and any data voluntarily shared by the user during checkout.

An Attendee's email address is used exclusively for sending the ticket and operational communications about the purchased event (e.g., changes, cancellations), unless they provide explicit consent to receive other communications.

3. Purposes for Processing Your Data

We use your data for the following purposes:

3.1. Service Provision

To create and manage Organizer accounts, process ticket sales, facilitate event management, and send operational communications essential for the service.

3.2. Legal Compliance

To comply with our legal obligations regarding taxation, accounting, fraud prevention, and to respond to requests from competent authorities.

3.3. Marketing Communications

Only with your explicit consent, we will send you information about our products, news, or promotions. These campaigns are managed via third-party providers acting as data processors, who cannot use your data for their own purposes.

3.4. Service Improvement

To perform aggregated and anonymous usage analysis, gather statistics, and conduct satisfaction surveys that help us develop new features and improve the platform.

3.5. Account Management Experience

To provide a seamless user experience, we process data from Guest Checkouts to allow users to later create a full account and access their past order history without creating duplicate records.

4. Legal Basis for Processing

We process your data based on the following legal grounds:

  • The performance of a contract with you (Art. 6.1.b GDPR).
  • Compliance with a legal obligation (Art. 6.1.c GDPR).
  • Your explicit consent for specific purposes, such as marketing communications (Art. 6.1.a GDPR).
  • Our legitimate interest in ensuring the security of our platform, improving our services, and providing a streamlined account management experience for users (Art. 6.1.f GDPR).

5. Data Retention Period

We will retain your data as long as you maintain an active Attendee Account with us. Data related to Guest Checkouts will be retained for the period necessary to fulfill the service (i.e., until the event has concluded) and to comply with our subsequent legal obligations (e.g., for tax and accounting regulations).

If you convert a guest record into a full Attendee Account, your data will then be subject to the retention policy for active accounts. Once an account is closed, the data will be blocked and kept only for the periods required by law before its final deletion.

6. Recipients and Data Processors

We do not sell your data. We only share it with service providers who help us operate, under strict data processing agreements:

  • Payment Processors (Stripe): To handle payments and payouts. Stripe may act as an independent controller for its own regulatory compliance purposes (KYC/AML).
  • Infrastructure Providers (Google Cloud, AWS): To host our platform.
  • Communication and Support Tools: For sending emails and managing support tickets.

Some of these providers may be located outside the European Economic Area (EEA). In such cases, we ensure that international data transfers are carried out using the European Commission's Standard Contractual Clauses (SCCs) or other appropriate safeguards.

7. Your Rights

You may at any time exercise your rights of access, rectification, erasure ("right to be forgotten"), restriction of processing, data portability, and objection, and you have the right not to be subject to automated individual decision-making.

You can exercise your rights by sending an email to our Data Protection Officer at dpo@payseats.com. We will respond within a 30-day period.

8. Data Security

We implement technical and organizational measures to protect your data, such as encryption of information in transit and at rest, strict access controls, backup protocols, and business continuity plans. In the event of a security breach, we will notify affected users and the competent supervisory authority within 72 hours.

9. Minors

Our services are not intended for children under the age of 16. If we become aware that we have collected data from a minor without parental consent, we will take steps to delete that information.

10. Changes to this Policy

We may amend this policy in the future. We will notify you of any substantial changes at least 30 days in advance via the platform or by email.

11. Supervisory Authority

If you believe your rights have not been adequately addressed, you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es or the data protection authority in your EU country of residence.