Privacy Policy
Last updated: 8 July 2026
1. Who We Are
The Venuoro platform (venuoro.gr) is operated by Δημήτριος Σταυρίδης (Dimitrios Stavridis), a sole proprietorship (ατομική επιχείρηση) registered with the Greek General Commercial Registry under Γ.Ε.ΜΗ. No. 178021501000, Α.Φ.Μ. (VAT No.) 181957010, with registered seat at Kapodistriou 24, Chalandri 15233, Athens, Greece ("Venuoro", "we", "us"). You can contact us at hello@venuoro.gr.
This Policy explains how we process personal data in connection with the Venuoro platform, in accordance with Regulation (EU) 2016/679 (the "GDPR") and Greek Law 4624/2019.
2. Controller and Processor: Two Distinct Roles
Venuoro is a business-to-business platform used by organisations ("Organisers") to run their own branded events and sell or issue tickets. We process personal data in two distinct capacities:
- As data controller — for the account, billing and contact data of our customers (Organisers) and their authorised users, for visitors to venuoro.gr, and for our own business records. For this data, Venuoro determines the purposes and means of processing.
- As data processor — for the personal data of attendees ("Attendees") that Organisers collect through the platform, such as registration details, ticket purchases and check-in records. For this data, the Organiser is the data controller and Venuoro processes it only on the Organiser's documented instructions, under a data processing agreement concluded in accordance with Article 28 GDPR.
If you are an Attendee, the Organiser of your event is responsible for the processing of your event data. Please direct requests concerning your personal data to that Organiser in the first instance; we assist Organisers in fulfilling such requests.
3. Categories of Personal Data
- Organiser account data (we are controller): name, business contact details, account credentials, billing and invoicing details, communications with us, and usage and log data relating to the account.
- Attendee data (we are processor): registration details collected by the Organiser (such as name, email address and any additional fields the Organiser configures), ticket and order details, and QR check-in records.
- Payment data: processed by third-party payment providers as described in Section 5. We do not store full payment card details.
- Technical data: IP address, device and browser information, and cookie identifiers, as described in Section 9.
4. Purposes and Legal Bases (Article 6 GDPR)
Where we act as controller, we process personal data for the following purposes and on the following legal bases:
- Providing and operating the Service — performance of a contract (Article 6(1)(b) GDPR): account creation and management, delivery of the platform's features, and customer support.
- Invoicing, tax and accounting compliance — compliance with a legal obligation (Article 6(1)(c) GDPR): issuing invoices and receipts and reporting them to the Greek tax authority platform AADE myDATA, and keeping records required by Greek tax and accounting legislation.
- Security, fraud prevention and service improvement — our legitimate interests (Article 6(1)(f) GDPR) in keeping the platform secure, preventing abuse, and understanding and improving how the Service is used.
- Marketing communications and non-essential cookies — your consent (Article 6(1)(a) GDPR), which you may withdraw at any time.
Where we act as processor for Attendee data, the Organiser is responsible for determining the purposes and legal bases of that processing.
5. Payments
Payments made through the platform are processed by third-party payment providers, which may include Stripe, Viva.com and IRIS. These providers process payment data under their own terms and privacy policies and, depending on the processing in question, may act as independent controllers. Venuoro receives only the information necessary to confirm and administer transactions and does not store full payment card details.
6. Invoicing and myDATA
As a Greek business, we are legally required to issue invoices and receipts and to transmit the relevant data to the AADE myDATA platform. The personal data included in these fiscal documents is processed and retained in accordance with Greek tax legislation and cannot be erased for as long as the applicable retention obligations apply.
7. Data Retention
- Organiser account data: retained for the duration of the contractual relationship and for a reasonable period thereafter to resolve any outstanding matters, unless a longer period is required by law.
- Invoicing and tax records: retained for the period required by Greek tax legislation.
- Attendee data processed on behalf of Organisers: retained in accordance with the Organiser's instructions and the data processing agreement, and deleted or returned at the end of the engagement, subject to any legal retention obligations.
- Technical logs: retained for a limited period proportionate to security and troubleshooting needs.
8. International Transfers
We aim to process personal data within the European Economic Area (EEA). Where a service provider processes personal data outside the EEA, we ensure an adequate level of protection through an adequacy decision of the European Commission or appropriate safeguards such as the European Commission's Standard Contractual Clauses, together with any necessary supplementary measures.
9. Cookies
The platform uses strictly necessary cookies for its operation (for example, session and security cookies). Non-essential cookies, such as analytics or marketing cookies, are used only with your consent, which you may give or withdraw through the cookie settings on the site. Further detail is provided in the cookie notice displayed on the relevant website.
10. Your Rights
Subject to the conditions of the GDPR, you have the right to:
- access the personal data we hold about you (Article 15);
- rectification of inaccurate or incomplete data (Article 16);
- erasure of your data (Article 17);
- restriction of processing (Article 18);
- data portability (Article 20);
- object to processing based on legitimate interests, including profiling, and to direct marketing (Article 21);
- withdraw consent at any time, without affecting the lawfulness of processing carried out before the withdrawal.
To exercise these rights in respect of data for which we are the controller, contact us at hello@venuoro.gr. If your request concerns Attendee data collected by an Organiser, we will refer it to, or coordinate with, the relevant Organiser as controller.
11. Complaints
If you believe that our processing of your personal data infringes data protection law, you have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA / Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα), www.dpa.gr, or with the supervisory authority of your place of habitual residence or work within the EU.
12. Changes to This Policy
We may update this Policy from time to time. Material changes will be announced on the platform or by email. The "Last updated" date at the top of this page indicates the current version.
13. Contact
Data protection enquiries may be addressed to Venuoro at hello@venuoro.gr, or by post to Δημήτριος Σταυρίδης (Dimitrios Stavridis), Kapodistriou 24, Chalandri 15233, Athens, Greece.