EventSetup

Legal

Privacy Policy

Last updated: June 13, 2026

This Privacy Policy explains what personal data EventSetup collects, why we collect it, how we use it, and the rights you have under the GDPR and equivalent laws in your country.

1. Data controller

Event Setup is the data controller for personal data processed through this platform. Contact: support@event-setup.com.

2. What we collect

You provide directly

  • Identity: name, date of birth, gender, nationality.
  • Contact: email, phone number, address (when required by an event).
  • Account: password (hashed), profile photo, emergency contact.
  • Event-specific: medical declarations, T-shirt size, dietary needs.

Collected automatically

  • Device, browser, IP address, and approximate location.
  • Usage analytics (pages viewed, features used).
  • Cookies (see section 7).

From third parties

  • Payment confirmations from our payment processor.
  • Timing/results data from the event organizer or timing partner.

3. Why we use your data (legal basis)

  • Performance of contract — to register you for events, process payments, deliver tickets, and provide results.
  • Legitimate interest — to keep the platform secure, prevent fraud, and improve our service.
  • Consent — for marketing emails and non-essential cookies. You can withdraw consent any time.
  • Legal obligation — to keep tax records and respond to lawful requests.

4. Who we share data with

  • Event organizers — for events you register for, so they can manage participation, timing, and results.
  • Payment processors — Blom Bank (via CyberSource) process payments securely. We never receive or store your full card number. All card data is handled directly by our PCI-compliant payment partners.
  • Service providers — email delivery, hosting, error monitoring, customer support, all under data-processing agreements.
  • Infrastructure providers — our platform runs on Cloudflare (security and content delivery) and Supabase (secure database hosting). Both operate under data processing agreements with strict security standards.
  • Authorities — when required by law.

We do not sell your personal data.

5. International transfers

Some of our processors are located outside your country. Where data leaves the EEA or your country of residence, we rely on Standard Contractual Clauses or equivalent safeguards.

6. How long we keep data

  • Account data: while your account is active, plus 24 months.
  • Event registrations and results: 7 years (sport history & accounting).
  • Invoices and tax records: 10 years.
  • Marketing consent and unsubscribe records: until withdrawn, plus 3 years.

7. Cookies

We use strictly necessary cookies to keep you signed in and process payments. Optional analytics and marketing cookies are only set with your consent (via the cookie banner). You can change your preferences any time by clearing your browser cookies for this site.

8. Your rights

You have the right to:

  • Access your data and receive a copy.
  • Correct inaccurate or incomplete data.
  • Delete your data ("right to be forgotten") subject to legal retention.
  • Restrict or object to certain processing.
  • Receive your data in a portable format.
  • Withdraw consent at any time.
  • Lodge a complaint with your local data protection authority.

To exercise these rights, email support@event-setup.com. We respond within 30 days.

9. Security

Data is encrypted in transit (TLS) and at rest. Passwords are hashed. Access is restricted to authorized personnel and audited. We test our systems regularly and have a process to handle breaches in line with GDPR notification rules.

Payment card data is never stored on EventSetup servers. All card processing is handled exclusively by PCI DSS-compliant payment processors. We conduct regular security audits of our platform infrastructure.

10. Children

Athletes under 16 years of age must be registered through a parent or guardian's family profile. We do not knowingly collect data directly from children.

11. Changes

We will notify you of material changes by email or in-app notice. The "Last updated" date at the top of this page always reflects the current version.

Questions about this policy? We're here to help.

Contact support