Privacy Policy

Last updated: February 26, 2026

1. Data Controller

iventactive apps GmbH
Urbanstraße 116
10967 Berlin
info@my-iveo.de

Managing Director: Nicolai Alexander Jakobs
Amtsgericht Charlottenburg, HRB 268628 B
VAT ID: DE449843392

2. Purposes of Data Processing

We process personal data exclusively for the purpose of providing, optimizing, and securing our platform and website. This includes in particular:

  • Registration and management of user accounts
  • Planning and organizing events
  • Managing guests and participants
  • Sharing files (e.g. PDFs, presentations, videos)
  • Collaboration with other users
  • Support and communication
  • Security and abuse prevention

3. Data Collected

a) Upon Registration / Usage:

  • First name, last name
  • Email address
  • Password (encrypted)
  • Profile picture (optional)
  • Roles/access permissions

b) Event-Related Data:

  • Title, location, time, and description of events
  • Participant data (e.g. name, email, registration status)
  • Uploaded files (e.g. presentations, videos)
  • Comments or notes

c) Technical Data:

  • IP address
  • Browser type, operating system
  • Usage times and frequency
  • Log data for error analysis

3a. Speaker Data

When our customers add speakers to their events in iveo, we process personal data about these speakers: name, professional position, organisation, short biography, details of previous appearances. Processing is carried out on the basis of legitimate interest pursuant to Art. 6(1)(f) GDPR.

Speaker information is only visible within the respective customer's workspace. Speakers have the right to access, rectify, delete, or anonymize their data at any time.

4. Legal Basis

Processing is based on:

  • Art. 6(1)(b) GDPR (performance of contract)
  • Art. 6(1)(a) GDPR (consent)
  • Art. 6(1)(f) GDPR (legitimate interest)

5. Retention Period

Personal data is deleted once the purpose ceases to apply or users delete their account. After contract termination, customer data is deleted within 30 days, unless statutory retention obligations apply.

6. Disclosure to Third Parties and Processors

Service providers:

  • Amazon Web Services (AWS), Seattle, USA – Hosting, databases – Frankfurt, DE (eu-central-1)
  • Bubble Group, Inc., New York, USA – Technical platform operation – USA (EU SCCs)
  • HubSpot, Inc., Dublin, Ireland – CRM, support chat, newsletter – EU
  • Google Ireland Ltd. (Workspace), Dublin – Email – EU
  • Google Ireland Ltd. (Analytics), Dublin – Web analytics (GA4) – EU / USA (EU SCCs)
  • Twilio SendGrid, San Francisco, USA – Email delivery – USA (EU SCCs)

7. Data Transfers to Third Countries

Transfers to the USA are safeguarded by EU Standard Contractual Clauses pursuant to Art. 46 GDPR.

8. Data Subject Rights

Users have the right to: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), objection (Art. 21), and the right to lodge a complaint with a supervisory authority.

Contact: hello@my-iveo.de

9. Data Security

We employ TLS encryption for data in transit, AES-256 encryption for data at rest, access restrictions, role-based permission management, and regular security audits.

10. Cookies

Our website uses cookies. On your first visit, a cookie banner (Cookiebot) will appear. Your choice is stored and can be revoked at any time.

11. Web Analytics

Our website uses Google Analytics 4 (GA4) with Google Consent Mode and Cookiebot. No processing occurs without explicit consent.

12. Contact Form

Data (name, email, message) is processed to handle your inquiry and deleted after final processing.