Festivio

Privacy Policy

Last updated: 6 March 2026

This Privacy Policy explains how Festivio collects, uses, shares, and protects your personal data when you browse our site, create an account, or purchase tickets and consumables from event organizers using our platform.

Controller and Processor Roles

Festivio operates as a platform provider for event organizers. For purchases and event operations, organizers typically act as controllers of your data. Festivio may act as a processor on behalf of organizers for core platform services, and as an independent controller for security, fraud prevention, analytics, and product improvement.

Categories of Data We Process

We may process: identification and contact details (email, first name, last name); billing and fiscal data (billing address, Italian Codice Fiscale, Partita IVA, PEC email, SDI code — collected only when needed for invoicing); purchase and order details (items, amounts, Stripe payment identifiers); attendee data (first name, last name, age confirmation — only when required by the organizer for the specific event); device and session data (IP address, browser, locale, last login timestamp); and limited usage data needed to provide secure, reliable services.

Purposes of Processing

We use data to provide the platform, fulfill purchases, enable entry and redemption, support organizers, prevent fraud and abuse, secure our services, measure performance, improve user experience, and comply with legal obligations.

Legal Bases

Where required, our processing relies on one or more lawful bases: contract performance (e.g., fulfilling your order), legitimate interests (e.g., security, fraud prevention, service improvement), legal obligations, and, where applicable, your consent (e.g., certain cookies or marketing).

Service Providers and Sub‑processors

We use vetted service providers including: Stripe (payment processing on behalf of organizers, US-based, covered by SCCs); Vercel (hosting and page-view analytics, US-based, covered by SCCs); ipapi.co (IP-based EU geo-detection used solely to determine whether to show the cookie consent banner — no data is stored). These providers process data under contractual safeguards consistent with this Policy.

International Data Transfers

Where data is transferred across borders, we implement appropriate safeguards such as standard contractual clauses and technical measures designed to protect your information according to applicable law.

Data Retention

We retain personal data only as long as necessary for the purposes described above, including providing services, complying with legal requirements, resolving disputes, and enforcing agreements.

Your Rights

Subject to applicable law, you may have rights to access, correct, delete, restrict, or object to processing, and to data portability. Submit requests through the Contact page.

Cookies and Similar Technologies

We use cookies and similar technologies for essential functionality, preferences, analytics, and security. See Cookie Policy.

Contact

Questions or requests about privacy can be submitted via the Contact page.

Governing Law

Unless required otherwise by local law, this Policy is governed by Italian law and disputes are subject to the courts of Padova, Italy.