TODOEVENT PRIVACY POLICY

1. GENERAL PROVISIONS

1.1 About this policy

This Privacy Policy describes how TodoEvent ("we", "our company", "Platform") collects, uses, stores and protects your personal data when using our classified platform for event organization services.

1.2 Our role

TodoEvent is a data controller under the General Data Protection Regulation (GDPR) and personal data protection legislation.

1.3 Consent to processing

By using our Platform, you consent to the processing of your personal data in accordance with this Policy.

2. PERSONAL DATA WE COLLECT

2.1 Registration data

What we collect:

• First and last name
• Email address
• Phone number
• Password (encrypted)
• Date of birth (for age verification)
• Country/city location

Purpose: Creating and managing account, ensuring Platform functionality

2.2 Profile and listing data

What we collect:

• Information about your services (description, photos, videos)
• Information about you as individual and company
• Contact information for clients
• Portfolio and work examples
• Prices and service terms
• Schedule and availability
• Licenses and certificates

Purpose: Posting listings on Platform, providing information to potential clients

2.3 Communication data

What we collect:

• Messages between users through Platform
• Support requests and inquiries
• Reviews and ratings

Purpose: Ensuring communication, resolving disputes, improving service

2.4 Technical data

What we automatically collect:

• IP address
• Browser type and operating system
• Page visit times
• Referral links
• Cookies and similar technologies
• Device information

Purpose: Analytics, security, technical support, Platform improvement

2.5 Financial data

What we collect:

• Platform commission payment information
• System transaction history
• Tax information (when necessary)

3. HOW WE USE YOUR DATA

3.1 Main purposes

• Platform operation: providing access to services, posting listings
• Communication: connection between users, support service
• Security: fraud detection, spam protection
• Service improvement: usage analysis, new feature development
• Legal obligations: compliance with legislation, cooperation with authorities

3.2 Marketing and advertising

With your consent we may:

• Send informational newsletters about Platform
• Offer new features and services
• Show personalized advertising
• Conduct surveys and research

You can always opt out of marketing communications in profile settings or via link in email.

4. WHO WE SHARE YOUR DATA WITH

4.1 Public information

Automatically published:

• Information in your listings (name, services, photos, contacts)
• Reviews and ratings
• Public part of profile

You control what to make public in profile settings.

4.2 Other Platform users

We share with users:

• Contact information when requesting services
• Messages through internal system
• Interaction history (for dispute resolution)

4.3 Third-party services

We share data with partners:

• Payment systems (Stripe, PayPal) - for payment processing
• Email delivery services (SendGrid) - for sending messages
• Cloud storage (AWS, Azure) - for data storage
• Analytics services (Google Analytics) - for analysis

All partners sign confidentiality agreements and GDPR compliance.

5. DATA SECURITY

5.1 Technical security measures

• SSL/TLS encryption of all data transfers
• Password encryption in database
• Regular encrypted backups
• 24/7 security monitoring
• Limited employee access to data
• Two-factor authentication for administrators

6. YOUR DATA RIGHTS

6.1 Right of access

You have the right to:

• Know what data we process
• Get a copy of all your personal data
• Learn about purpose and legal basis of processing
• Get information about third parties to whom data is transferred

How to exercise: send request to [email protected]

6.2 Right to rectification

You have the right to:

• Correct inaccurate personal data
• Complete incomplete data
• Update outdated information

6.3 Right to erasure ("right to be forgotten")

You have the right to request data deletion if:

• Data no longer needed for original purposes
• You withdraw consent for processing
• Data is processed unlawfully
• You object to processing

6.4 Right to data portability

You have the right to:

• Receive your data in structured format (JSON, CSV)
• Transfer data to another controller
• Request direct transfer (technically possible)

7. COOKIES AND SIMILAR TECHNOLOGIES

7.1 What are cookies

Cookies are small files stored in your browser to improve website functionality.

7.2 Types of cookies we use

7.2.1 Necessary cookies

• Session cookies - for maintaining login
• Security - protection from attacks and fraud
• Functionality - saving your settings

7.2.2 Analytical cookies

• Google Analytics - website usage analysis
• Internal analytics - service improvement
• Testing - A/B tests of new features

8. DATA RETENTION

8.1 Retention principles

We retain personal data only as long as necessary to achieve processing purposes.

8.2 Retention periods

• Profile data: until account deletion
• Messages: 2 years from last activity
• Access logs: 12 months
• Backups: up to 90 days (technical necessity)

9. POLICY CHANGES

9.1 Right to change

We reserve the right to change this Policy to comply with new legislation, implement new features, or improve data protection.

9.2 Change procedure

For significant changes we will:

• Notify you 30 days before taking effect
• Post notification on Platform
• Send email to all registered users
• Request new consent if necessary

10. COMPLAINTS AND QUESTIONS

10.1 Privacy contacts

11. FINAL PROVISIONS

11.1 Applicable law

This Policy is governed by:

• GDPR - for EU users
• Ukrainian "Personal Data Protection Law" - for Ukrainian users
• Local legislation - for other jurisdictions

11.2 Effective date

This Policy takes effect from 2025/09/01 and replaces all previous versions.