CE corporateevents.at

GDPR + UK GDPR Notice

Last updated: · Effective: · Version 1.0

This Notice supplements our Privacy Policy and applies to visitors located in the European Economic Area (EEA), the United Kingdom, or Switzerland.

1. Data controller

The data controller is the operator of corporateevents.at (US-based, FL). We do not currently maintain an EU representative because we do not target or systematically monitor EU residents at scale; we accept inquiries from EU/UK visitors without restriction. If our processing of EU/UK data grows materially, we will appoint an Article 27 representative and update this Notice.

2. Categories of personal data

See Privacy Policy §1 and CCPA Notice §1.

3. Legal bases for processing (Article 6)

ActivityLegal basis
Render the public SiteLegitimate interests (operating the service)
Process your lead inquiry and forward to selected venuesContract (the service you requested) + your consent (TCPA checkbox)
Spam prevention, security (Turnstile, rate limiting)Legitimate interests (Site integrity)
Analytics + advertising cookiesConsent (cookie banner; off by default)
Marketing communicationsConsent (separate opt-in)
Tax/regulatory record-keepingLegal obligation
TCPA consent records (US visitors)Legal obligation (US TCPA)

4. Your rights (Articles 15–22)

  • Access — confirm we hold data about you and obtain a copy.
  • Rectification — correct inaccurate data.
  • Erasure ("right to be forgotten") — delete data, subject to lawful exceptions.
  • Restriction — limit processing while a request is verified.
  • Portability — receive your data in a structured, machine-readable format and transmit it to another controller.
  • Object — to processing based on legitimate interests, including profiling.
  • Withdraw consent — at any time, without affecting the lawfulness of prior processing.
  • Not be subject to automated decisions with legal or significant effect — we don't currently make any.
  • Lodge a complaint with your local supervisory authority (in the UK, the ICO; for EEA, see your country's DPA).

5. Exercising your rights

Submit a request via the Privacy Requests portal or email book@corporateevents.at with subject "GDPR Request". We respond within 30 days; we may extend by up to 60 additional days for complex requests, with notice to you. Verification: email magic link plus one additional identifier (last 4 of phone, recent inquiry ID, etc.).

6. International transfers (Article 44+)

Our infrastructure (Cloudflare) processes data globally. Transfers from the EEA/UK to the US rely on:

  • Standard Contractual Clauses (SCCs) under EU Commission Decision 2021/914.
  • Cloudflare's adherence to the EU–US Data Privacy Framework (DPF) where applicable.
  • UK International Data Transfer Addendum to the SCCs for UK transfers.

Copies of the relevant SCCs are available on request from book@corporateevents.at.

7. Retention

See Privacy Policy §6.

8. Automated decision-making + profiling

We do not subject EU/UK visitors to fully automated decisions producing legal or similarly significant effects. Lead-routing matching is rule-based (category × city × advertiser availability), not individualized profiling.

9. Cookies + ePrivacy

See Cookie Preferences. Strict mode by default — no analytics or advertising cookies set without your consent. Reject-All has equal prominence to Accept-All.

10. Children

The Site is not intended for individuals under 16 in the EEA/UK. We do not knowingly collect data from minors.

11. Contact

For all GDPR-related matters: book@corporateevents.at (subject "GDPR").

12. UK-specific notes

UK GDPR (post-Brexit) confers substantially the same rights as EU GDPR. UK residents should direct complaints to the Information Commissioner's Office (ICO).

Our network

We value your privacy

We use cookies to make this site work, measure performance, and (with your consent) personalize content and ads. You can choose what you're comfortable with. See our Privacy Policy.