VENUED PRIVACY POLICY
Version: 1.0
Effective Date: 06.01.2026
1. INFORMATION REGARDING THE CONTROLLER (ART. 13 GDPR)
The party responsible for the processing of personal data on this application is:
Name: Alara Özdenler
Address: Zschokkestraße 36, 80687, München
Email: alara.oezdenler@venued.eu
Contact Form: https://www.venued.eu/contact
Data Protection Contact: ata.keskin@venued.eu
No data protection officer has been appointed; this email serves as the contact for data protection.
2. SCOPE AND DEFINITIONS
This Privacy Policy applies to the "Venued" mobile application, its website, and all related services (the "Service"). "Personal Data" refers to any information relating to an identified or identifiable natural person (Art. 4 No. 1 GDPR).
3. CATEGORIES OF PERSONAL DATA COLLECTED
We process the following categories of data:
3.1 Account Data: Name, email address, date of birth, and internal User ID (UID).
3.2 Profile Data: Bio, interest tags, gender/identity, and uploaded profile photographs.
3.3 Verification Data: Phone number (processed via one-way cryptographic hash). The hashed values remain personal data and are used exclusively for account security and duplicate prevention.
Note: We do not store clear-text phone numbers; only hashed values are
retained for account security and duplicate prevention.
3.4 Event Interaction Data: Data regarding "liked," "saved," or "dismissed" events; event attendance history.
3.5 RSVP & Ticket Data: Transactional metadata related to event participation (excluding full financial card data).
3.6 Communication Data: Logs and content of in-app messages and match interactions.
3.7 Technical Device Data: IP address (truncated where possible), device model, OS version, unique device identifiers (e.g., IDFA/AAID), and app crash logs.
3.8 Support Communications: Records of correspondence between the user and our support team.
4. SOURCES OF DATA
4.1 Direct Collection: Data provided by the user during registration and profile creation.
4.2 Automated Collection: Technical data collected via SDKs and API interfaces during app usage.
4.3 Third-Party Integrations: Data received from SSO providers (e.g., Apple ID, Google Sign-In) upon user authorization.
4.4 Event Partners: Confirmation of ticket validity or attendance status from event organizers.
5. PURPOSES OF PROCESSING AND LEGAL BASES (ART. 6 GDPR)
We process your data for the following purposes:
5.1 Provision of Services (Art. 6(1)(b) GDPR): Account management, event discovery, matchmaking, and chat functionality.
5.2 Personalization (Art. 6(1)(f) GDPR): Our legitimate interest is to provide a relevant user experience by suggesting events/matches based on user interests.
5.3 Communication (Art. 6(1)(b) GDPR): Sending service-related notifications and match updates.
5.4 Security & Fraud Prevention (Art. 6(1)(f) GDPR): Protecting the platform from bots, harassment, and unauthorized access.
5.5 Compliance (Art. 6(1)(c) GDPR): Fulfilling tax, accounting, and legal disclosure obligations.
5.6 Precise Location Services (Art. 6(1)(a) GDPR): Only processed upon explicit user consent via the OS permission toggle.
6. AUTOMATED DECISION-MAKING AND PROFILING
Venued uses algorithmic sorting to suggest potential matches and events.
6.1 Logic: The algorithm ranks content based on the overlap of user-selected interest tags and historical interaction data.
6.2 No Legal Effect: These automated processes do not produce legal effects or similarly significant impacts on the user (Art. 22 GDPR).
6.3 Right to Object: Users may object to personalized profiling by adjusting their profile settings.
7. DATA SHARING AND RECIPIENTS
Personal data is only shared with the following recipients:
7.1 Cloud Service Providers: GOOGLE CLOUD for data hosting.
7.2 Push Notification Providers: Google (FCM) and Apple (APNs).
7.3 Event Organizers: Minimal data (name/RSVP status) shared only when a user interacts with a specific event.
7.4 Legal Authorities: Only when legally mandated by German or EU law to disclose personal data.
7.5 No Sale of Data: Venued does not sell, rent, or trade personal data to third parties for marketing purposes.
8. INTERNATIONAL DATA TRANSFERS
We process data primarily within the European Economic Area (EEA). If data is transferred to a "third country" (e.g., USA), we ensure compliance via:
Adequacy Decisions (e.g., EU-U.S. Data Privacy Framework including Transfer‑Impact‑Assessments according to Art. 46 DSGVO).
Standard Contractual Clauses (SCCs) as approved by the EU Commission.
Currently we only operate in Germany.
9. DATA RETENTION AND ERASURE
9.1 Account Data: Retained for the duration of the active user relationship.
9.2 Inactivity: Accounts remaining inactive for 24 MONTHS will be deleted unless there is a legitimate interest in longer retention (e.g., fraud prevention).
9.3 Account Deletion: Upon a deletion request, all personal data is erased within 30 days, unless statutory retention periods (e.g., 6-10 years for financial records under the HGB/AO) apply.
10. USER RIGHTS (ART. 15-21 GDPR)
You have the following rights:
Art. 15: Right of access to your stored data.
Art. 16: Right to rectify inaccurate data.
Art. 17: Right to erasure ("Right to be forgotten").
Art. 18: Right to restriction of processing.
Art. 20: Right to data portability.
Art. 21: Right to object to processing based on legitimate interests.
Art. 7(3): Right to withdraw consent at any time with future effect.
To exercise these rights, contact: privacy@venued.eu
11. COOKIES AND TRACKING
The app only uses technical identifiers that are strictly necessary for its core functionality, such as enabling account login and ensuring proper app operation. Currently, the app does not collect additional data for analytics or marketing purposes, so no additional consent is required.
If we introduce optional analytics or marketing tracking in the future, users will be asked to provide explicit consent before any such data is collected, and they will always be able to revoke it in the app settings.
12. PUSH NOTIFICATIONS
If enabled, we use FCM (Google) or APNs (Apple) to send notifications. These services receive a pseudonymized device token. Notifications can be disabled in the system settings of your mobile device.
13. DATA SECURITY
We implement state-of-the-art Technical and Organizational Measures (TOMs), including:
End-to-end encryption for data in transit (TLS/SSL).
Encryption at rest for databases (AES-256).
Strict access control and logging.
Regular security audits and vulnerability assessments.
14. CHILDREN’S PRIVACY
The Service is intended for users aged 18 and older. We do not intentionally collect data from minors. If we become aware of such collection, the data will be deleted immediately.
15. CHANGES TO THIS POLICY
We reserve the right to modify this policy. Users will be notified of material changes via in-app notification or email at least 14 days prior to the effective date.
16. COMPLAINTS AND SUPERVISORY AUTHORITY
You have the right to lodge a complaint with a data protection supervisory authority. The competent authority for Venued is:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) Promenade 18, 91522 Ansbach, Germany Website: www.lda.bayern.de