Our commitment to protecting your data in accordance with GDPR
This Data Processing Agreement (DPA) governs the processing of personal data by Entrello Ticket & Service GmbH on behalf of the client (Data Controller) in accordance with the EU General Data Protection Regulation (GDPR).
The Data Controller is the event organizer who uses Entrello's services to manage events and sell tickets. The Controller determines the purposes and means of processing personal data.
Entrello Ticket & Service GmbH acts as the Data Processor, processing personal data only on documented instructions from the Data Controller and in compliance with GDPR requirements.
Entrello implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encryption, pseudonymization, and regular security assessments. All data is stored on secure servers located in Frankfurt, Germany.
Entrello may engage sub-processors to assist in providing services. Current sub-processors include payment providers (Stripe, Viveum), email services (Mailgun), and infrastructure providers. All sub-processors are contractually bound to GDPR compliance.
Entrello assists the Data Controller in fulfilling data subject rights requests, including rights of access, rectification, erasure, restriction, data portability, and objection to processing.
In the event of a personal data breach, Entrello will notify the Data Controller without undue delay and no later than 72 hours after becoming aware of the breach, providing all necessary information to enable the Controller to meet their own notification obligations.
We employ industry-leading security measures including 256-bit SSL encryption, ISO-certified data centers, and regular security audits to protect your data.
If you have any questions about our data processing practices or this agreement, please contact our Data Protection Officer at support@entrello.app or +43 1 43 50 280.