We Event
Home Vendors Podcasts & Talkshows Inspirations Marketplace Ticketing Become a vendor Contact
Log In Sign Up Free
Home/Privacy Policy

Privacy policy.

We collect the minimum necessary, are transparent about our actions, and you retain control.

Last updated: May 4, 2026
In brief We Event collects your data to connect Clients and Providers. Data is kept for the strictly necessary time. You can at any time access, rectify or delete your data by writing to support@we-event.eu.

1. Data Controller

  • Company Name: We Event
  • Legal form: Limited Liability Company (New Mexico, USA)
  • Address: 1209 Mountain Road PL NE, Ste R, Albuquerque, NM 87110, United States
  • GDPR Contact: support@we-event.eu
  • EU Representative under Art. 27 GDPR: Robin Roger Vito Dubois, 93 Avenue du Général de Gaulle, 83300 Draguignan, France — support@we-event.eu
EU Representative In accordance with Article 27 of the GDPR, We Event, a company established outside the European Union processing data of EU residents, has appointed a representative established in France: Robin Roger Vito Dubois. This representative is the point of contact for supervisory authorities (CNIL) and for any person wishing to exercise their GDPR rights.

2. Data Collected

2.1 Data you provide us

  • Account: last name, first name, email, password (encrypted), phone (optional)
  • Providers: SIRET, SIREN, company name, VAT, Professional Liability Insurance
  • Quote requests: event type, date, number of guests, budget, message
  • Content: photos, videos, published descriptions

2.2 Automatically collected data

  • Technical: IP address, browser type, pages visited, session duration
  • Cookies: see Cookie Policy

3. Purposes and Legal Bases

Purpose Legal basis (art. 6 GDPR)
Account creation and managementContract execution (Art. 6.1.b)
Client / Vendor ConnectionContract execution (Art. 6.1.b)
Provider Subscription BillingLegal obligation (art. 6.1.c)
Commercial communicationsConsent (Art. 6.1.a)
Fraud prevention and securityLegitimate interest (art. 6.1.f)
Anonymized statistical analysisLegitimate interest (art. 6.1.f)
Response to GDPR requests (Art. 15-22)Legal obligation (art. 6.1.c)

4. Retention Periods

DataDuration
Active accountFor the entire duration of use + 3 years after last login
Unsuccessful quote request24 months from the request
Invoices and Accounting Documents10 years (French legal obligation)
Analytical cookies13 months maximum
Security Logs12 months

5. Recipients

Your data may be shared with:

  • Providers relevant to your quote requests (only pertinent info)
  • Our technical subcontractors (hosting, emailing, Stripe payment, analytics), governed by contracts compliant with Art. 28 GDPR
  • Authorities in case of legal judicial request

We never sell your data to third parties.

6. Data transfers outside the European Union

As We Event is established in the United States, some data may be processed outside the EU (notably by our teams). These transfers are governed by:

  • The standard contractual clauses (SCCs) adopted by the European Commission (Implementing Decision EU 2021/914 of 4 June 2021)
  • Additional technical measures: encryption in transit (TLS 1.3) and at rest (AES-256), strict access controls, pseudonymization when relevant

US subcontractors benefit, where applicable, from Data Privacy Framework certification between the EU and the USA.

A copy of the applicable guarantees is available upon request at support@we-event.eu.

7. Your GDPR rights

You have the following rights (Art. 15 to 22 GDPR):

  • Right of access to your personal data
  • Right to rectification of inaccurate data
  • Right to erasure (“right to be forgotten”)
  • Right to restriction of processing
  • Right to object, notably to direct marketing
  • Right to data portability in a structured format
  • Right to withdraw your consent at any time
  • Right to define post-mortem directives regarding your data

To exercise these rights, write to support@we-event.eu attaching an ID if necessary to verify your identity.

We respond within a maximum of 30 days in accordance with Art. 12 GDPR (extendable by 2 months in case of complex request).

8. Security

Technical and organizational measures implemented:

  • Password encryption (bcrypt)
  • HTTPS required (TLS 1.3)
  • Database encryption at rest (AES-256)
  • Restricted internal access (principle of least privilege)
  • Regular encrypted backups
  • Periodic Security Audits

In case of a data breach likely to result in a high risk to your rights, we will notify you without undue delay in accordance with Art. 34 GDPR.

9. Cookies and trackers

Details of cookies used, their duration, and management procedures are specified in our Cookie Policy.

10. Minors

The Platform is not intended for individuals under 15 years of age. We do not knowingly collect data concerning minors. If you believe a minor has provided us with information, please contact us so we can delete this data.

11. Appeal to the CNIL

If you believe, after contacting us, that your GDPR rights are not respected, you can file a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL) :

  • Website: www.cnil.fr
  • Address: 3 place de Fontenoy, TSA 80715, 75334 Paris Cedex 07
Back to top