GDPR and Data Privacy

Last update: Saturday, 2 May 2026.

At EventReception, we apply data protection practices in line with the EU General Data Protection Regulation (GDPR), which took effect on May 25, 2018, replacing Directive 95/46/EC.

This section provides a clear overview of the essential concepts of GDPR and how they relate to the use of our solutions.

The information provided here is for informational purposes only and should not replace professional legal advice. If you’re unsure about how GDPR affects your operations, we encourage you to consult a qualified legal advisor.

Data Hosting and Security

To support GDPR compliance, the core personal data stored by EventReception is securely hosted within the European Union. Our web servers are hosted in the Digital Realty Datacenter in Greece. EventReception also cooperates with Dataways to safely store data in tier-3 data centers applying a secure Information Security Management System (ISMS) certified by ISO/IEC 27001:2022.

We implement appropriate technical and organizational measures to protect personal data. For more detailed information about storage locations, trusted partners, retention and data protection rights, please refer to our Privacy Policy.

Understanding GDPR Roles

GDPR distinguishes between key roles in handling personal data:

  • Data Controllers: Entities or individuals who determine the purposes and means of processing personal data. They must comply with GDPR and ensure that any processors or sub-processors they engage also meet the law’s requirements.
  • Data Processors: Entities who process personal data on behalf of data controllers. They are responsible for implementing safeguards to protect the data and must comply with GDPR obligations relevant to processors.
  • Sub-Processors: Entities engaged by data processors to assist in processing personal data on behalf of the data controller. They carry the same responsibilities and obligations as data processors.

EventReception's Main Solutions

EventReception provides different event software solutions under the same overall Services. For clarity, e-Planner refers to our online event planning and management platform, including event diagrams, floor plans, table plans, seating, guest management, SMS seating, navigation maps, event/client management, collaboration features, Invited Users and View-Only Links. e-GuestList Check-in App refers to our guest reception and check-in solution, including native iPad and Android check-ins, Web Check-ins, guest-list imports, check-in synchronization, check-in reports, Online Guest List sharing, event credits, packages and related payment or invoicing features.

Invited Users are part of the e-Planner collaboration flow. Web Check-ins and Online Guest Lists are part of the e-GuestList Check-in App and should not be confused with e-Planner Invited Users. For detailed information about how data is processed through each Service, please refer to our Privacy Policy and Terms of Service.

EventReception's Role and Compliance

In the context of GDPR, EventReception may act as a Data Processor, a Sub-Processor, or a Data Controller, depending on the relationship with the user and the type of data involved:

  1. When corporate clients use our solutions for event and guest data, EventReception generally acts as a Data Processor.
  2. When corporate clients engage another company (e.g., an event planner) who uses our solutions, EventReception generally acts as a Sub-Processor.
  3. When individual users (e.g., couples) use our solutions directly for personal or household events, EventReception acts as a Data Controller for the relevant processing carried out through our platform.

In addition, EventReception may act as a Data Controller for data we process for our own business purposes, such as account administration, billing, support, website operation, security, legal compliance and communications, as described in our Privacy Policy.

EventReception is committed to meeting its GDPR obligations, including:

  • Ensuring confidentiality agreements are in place for staff handling personal data.
  • Implementing appropriate technical and organizational security measures to protect data.
  • Processing personal data only for the purposes required to provide, secure, support and improve our Services, or as otherwise described in our Privacy Policy.
  • Where we act as Data Processor or Sub-Processor, processing personal data in accordance with the relevant Data Controller's documented instructions and applicable contractual terms.
  • Responding to requests for data deletion, updates or access where we are responsible for doing so, and assisting Data Controllers where applicable.
  • Notifying relevant users or Data Controllers of personal data breaches within the GDPR's required timeframes, where notification is required.
  • Supporting compliance with GDPR through regular reviews and appropriate internal controls.

For more detailed information, including cases where EventReception acts as the Data Controller, please refer to our detailed Privacy Policy.

Examples of GDPR Roles in Practice

To illustrate how these roles apply, let's consider three examples:

  • Example 1:

    A Company Uses EventReception's Solutions to Invite Attendees to a Conference

    • Data Controller: The Company
    • Data Processor: EventReception

    Explanation: The company determines the purposes and means of processing personal data, such as collecting attendee information, managing seating or performing guest check-ins. EventReception processes this data on behalf of the company, making us the Data Processor.

  • Example 2:

    A Company Engages a Planner Who Uses EventReception's Solutions for an Employee Event

    • Data Controller: The Company
    • Data Processor: The Planner
    • Sub-Processor: EventReception

    Explanation: The company decides to hold the event and collect employee data, making it the Data Controller. The planner processes this data on behalf of the company, acting as the Data Processor. EventReception provides services to the planner, thus acting as a Sub-Processor.

  • Example 3:

    A Couple Uses EventReception's Solutions Directly for Their Wedding

    • Data Controller: EventReception
    • Exempt Party: The Couple (not subject to GDPR obligations)

    Explanation: The couple is generally exempt from GDPR obligations under the household exemption provided by Article 2(2)(c) and Recital 18, as they are natural persons processing personal data for a purely personal or household activity. In this case, EventReception acts as the Data Controller for the relevant processing carried out through our platform.

Responsibilities of EventReception Users

For Corporate Users

To support compliance, our corporate users must:

  • Collect and process personal data from EU citizens in compliance with GDPR by ensuring they have a valid lawful basis, such as consent, contract necessity, legal obligation, vital interests, public task or legitimate interests.
  • Adhere to GDPR rules and other relevant privacy laws.
  • Accept EventReception's role as a Data Processor or Sub-Processor, where applicable.
  • Ensure that any required Data Processing Agreement or equivalent contractual terms are in place where EventReception acts as Data Processor or Sub-Processor.
  • Inform attendees, guests, staff, partners or clients about the processing of their personal data where required by law.
  • Configure user access, collaboration features and shared links in a way that limits access to personal data to what is necessary for the relevant event purpose.

For Individual Users (EU Citizens)

When individual users from the EU, such as couples planning personal events, use our solutions directly, they should:

  • Use our solutions in accordance with our Terms of Service and Privacy Policy.
  • Handle personal data responsibly and ethically, respecting the privacy of others.
  • Acknowledge that while they are generally exempt from GDPR obligations under the household exemption when processing personal data for purely personal or household activities, EventReception acts as the Data Controller under GDPR and will process personal data in compliance with GDPR requirements.
  • Use collaboration features, check-in tools and shared links responsibly, sharing access only with people who need it for the relevant event purpose.

Note: Even though individual users are generally exempt under GDPR when processing personal data for purely personal or household activities, we encourage them to inform their guests about the processing of their personal data when possible, respecting their privacy and preferences.

Data Subject Requests

Users and other data subjects may have rights under GDPR, including rights of access, rectification, deletion, restriction of processing, objection to processing, data portability and rights relating to automated decision-making, subject to the conditions and limitations of applicable law.

Where EventReception acts as Data Controller, requests may be sent directly to EventReception. Where EventReception acts as Data Processor or Sub-Processor, we may need to refer the request to the relevant Data Controller or assist the Data Controller in responding to the request.

For more information about available rights and how to contact us, please refer to our Privacy Policy.

Moving Forward Together

By understanding these roles and responsibilities, both corporate and individual users can work effectively with EventReception while supporting compliance with GDPR. We are committed to protecting personal data and supporting our users in meeting their data protection obligations.