Evenda

Official version of the document — in Serbian.

Translations into other languages are provided for convenience only. If there is any discrepancy between a translation and the Serbian version, the Serbian version prevails.

Privacy Policy

Effective date: 01 March 2026
Last updated: 01 March 2026

This Privacy Policy (“Policy”) explains how ZURKA CE BITI DOO (“Evenda”, “we”, “us”) collects, uses, stores, transfers, and otherwise processes personal data when you use the evenda.io website, related subdomains, organizer dashboard, event pages, checkout pages, API, integrations, email notifications, and other Evenda services.

Please read this Policy carefully before using the website and the service.

1. Who we are

The operator of the Evenda website and service is:

ZURKA CE BITI DOO
PIB: 114432064
MB: 22023195
Beograd, Kraljice Natalije 11, Serbia
Email: [email protected]

For the purposes of applicable personal data protection law, Evenda may act as:

  • an independent data controller, where we determine the purposes and means of processing;
  • a data processor acting on behalf of an organizer, where we process data of buyers, attendees, or other persons in the organizer’s name;
  • a separate controller in relation to certain categories of data connected, in particular, with security, abuse prevention, subscription billing, analytics, event logs, support, compliance with legal obligations, and protection of Evenda’s rights.

2. Important clarification about Evenda’s role

Evenda is a SaaS platform for event organizers.

If an organizer uses Evenda to publish an event, sell tickets, collect orders, and manage attendees, then:

  • Evenda is not the ticket seller unless expressly stated otherwise in a separate context;
  • the ticket purchase contract is concluded between the buyer and the organizer;
  • payment for the ticket is made for the benefit of the organizer, to the organizer’s bank account, payment system account, or other payment details belonging to the organizer;
  • depending on the specific data processing scenario, the organizer may act as an independent controller of buyer and attendee data for their event.

This means that, in relation to some data, Evenda acts as a technical infrastructure provider rather than as a party to the ticket sale transaction.

3. What data we may collect

Depending on how you interact with Evenda, we may process the following categories of data.

3.1. Website visitor data

  • IP address;
  • browser, device, operating system, and language data;
  • cookies, session identifiers, and similar technical data;
  • data about visited pages, clicks, traffic source, visit time, and interaction with the website;
  • data that you enter into feedback, subscription, or inquiry forms.

3.2. Organizer data

  • first and last name;
  • email, phone number, and other contact data;
  • account and authentication data;
  • company name, registration and tax details, address, and payment details;
  • information about the organizer’s team and assigned roles;
  • billing data, plan information, subscription status, and payments for the use of Evenda;
  • data provided during verification, review, support, or onboarding.

3.3. Buyer and attendee data

If a buyer or attendee interacts with an event page, checkout, registration form, or ticket, the following data may be processed through Evenda’s infrastructure:

  • first and last name;
  • email;
  • phone number;
  • order and ticket data;
  • event, session, ticket category, seat, price, promo code, and order status data;
  • additional data requested by the organizer in the order or registration form;
  • data required for sending notifications, tickets, QR codes, confirmations, and service messages;
  • history of interaction with the order, ticket, or event.

3.4. Payment data

In the standard service model, Evenda does not receive ticket sale funds into its own accounts.

Payment data relating to tickets, including bank card data, wallet details, or other payment data, is generally processed by the relevant payment provider, bank, or organizer within their own systems.

Evenda may receive limited payment metadata, for example:

  • payment status;
  • transaction identifier;
  • payment method type;
  • amount;
  • date and time of the transaction;
  • technical statuses needed to display the payment result in the interface.

For payments of Evenda subscriptions, we may process the data necessary for billing, invoicing, payment confirmation, accounting, and support.

3.5. Support and communication data

  • content of support requests;
  • attachments and documents you send to us;
  • email correspondence, website forms, chat messages, or other communication channels;
  • records relating to how a request was handled.

3.6. Security and abuse prevention data

  • access and event logs;
  • data about suspicious actions;
  • technical signals used to protect the website, accounts, and infrastructure;
  • information needed to investigate violations, complaints, fraud, abuse, or other incidents.

4. Sources of data

We may obtain personal data:

  • directly from you;
  • from an organizer, if you interact with that organizer’s event through Evenda;
  • from your team or colleagues, if they invite you to an organizer account;
  • from payment providers, banks, email providers, and other partners where necessary for the service;
  • automatically when you use the website and the service;
  • from publicly available sources, where necessary for verification, security, legal compliance, or the protection of Evenda’s rights.

5. Purposes of processing

We may process personal data for the following purposes:

  • providing access to the website and the service;
  • registering and maintaining accounts;
  • providing platform functionality to organizers;
  • configuring, administering, and publishing events;
  • processing orders, tickets, registrations, notifications, and service communications;
  • supporting users;
  • performing a contract with a user or organizer;
  • processing subscriptions, billing, invoicing, and accounting for payments for the use of Evenda;
  • ensuring the operation of the website, hosting, API, integrations, and applications;
  • ensuring security and preventing fraud, spam, abuse, and other misuse;
  • logging and auditing actions;
  • analytics and improvement of interfaces, functionality, and service quality;
  • compliance with legal obligations;
  • establishing, exercising, and defending legal claims;
  • sending mandatory service notifications;
  • sending marketing communications where permitted by law and where an appropriate legal basis exists.

6. Legal bases for processing

Depending on the situation, we process data on one or more of the following legal bases:

  • performance of a contract or steps prior to entering into a contract;
  • compliance with a legal obligation;
  • Evenda’s legitimate interest or the legitimate interest of a third party, where such interest is not overridden by your rights and freedoms;
  • consent, where required by law;
  • other legal bases permitted by applicable law.

6.1. When we usually rely on performance of a contract

  • creation and maintenance of an account;
  • providing access to service functionality;
  • sending service notifications;
  • processing requests related to the use of Evenda;
  • managing subscriptions and billing.

6.2. When we usually rely on legitimate interest

  • protecting the website and infrastructure;
  • preventing fraud, abuse, and violations;
  • supporting and improving the service;
  • internal administration;
  • protecting Evenda’s rights in disputes, claims, and investigations;
  • limited analytics necessary for the development of the service.

6.3. When we usually rely on consent

  • non-essential cookies and similar technologies, where consent is required by law;
  • certain marketing communications;
  • other cases where consent is expressly required by law.

7. When Evenda is a controller and when it is a processor

Evenda’s role depends on the specific processing context.

7.1. Evenda as controller

Evenda usually acts as an independent controller when it processes data relating to:

  • organizers and their team members;
  • subscriptions, plans, invoices, and SaaS payments;
  • support and communications with users;
  • security, logs, anti-fraud, and abuse prevention;
  • analytics relating to the use of the Evenda service itself;
  • legal compliance and protection of Evenda’s rights.

7.2. Evenda as processor acting on behalf of the organizer

Evenda may act as a processor where an organizer uses the platform to process data of:

  • ticket buyers;
  • event attendees;
  • guests, visitors, or registered users;
  • persons who complete additional forms created by the organizer;
  • recipients of tickets, QR codes, registrations, and notifications relating to a specific event.

In such cases, the organizer determines the essential purposes of processing, such as running an event, selling tickets, registering attendees, communicating with them, handling refunds, and servicing the event.

7.3. Separate role of the organizer

The organizer may act as an independent controller of buyer and attendee data in relation to its event, including with respect to:

  • describing the purposes of data collection;
  • the content of the order or registration form;
  • admission rules;
  • refunds;
  • event-related communication;
  • tax and other legal obligations associated with ticket sales.

If your request concerns a specific event, order, or ticket, in some cases you may need to contact the organizer directly as the party determining the relevant processing.

8. To whom we may disclose data

We may disclose personal data to the following categories of recipients:

  • event organizers;
  • members of the organizer’s team within the limits of their access rights;
  • hosting providers, cloud providers, CDN providers, and infrastructure contractors;
  • email, SMS, and communications providers;
  • analytics and monitoring providers;
  • payment providers, banks, and financial intermediaries to the extent necessary for subscription billing or technical synchronization of statuses;
  • support, CRM, and helpdesk tool providers;
  • security, anti-fraud, logging, and audit contractors;
  • lawyers, auditors, accountants, and other advisers;
  • public authorities, courts, law enforcement bodies, regulators, and supervisory authorities, where we are required to do so by law or where necessary to protect the rights of Evenda, users, or third parties;
  • the buyer or the organizer, where necessary to fulfill a request, resolve a dispute, confirm an order, process a refund, or handle a complaint or claim.

We do not sell personal data as a separate commercial product.

9. International data transfers

Depending on the infrastructure and contractors used, personal data may be processed or transferred outside the country from which you use the service, including to countries where Evenda’s servers, contractors, or technical providers are located.

If a specific data transfer requires the use of special legal safeguards, we will rely on the mechanisms provided by law, including:

  • an adequacy decision, where applicable;
  • standard contractual clauses;
  • other mechanisms permitted by applicable law.

10. Data retention periods

We retain personal data no longer than necessary for the purposes for which it was collected, unless a different period is required or permitted by law.

The retention period depends on the category of data and the processing context. For example:

  • account data is retained for the duration of the account and for a reasonable period after its closure;
  • contractual and billing data is retained for the period necessary for contract performance, accounting and tax compliance, and compliance with legal requirements;
  • support data is retained for the period necessary to process the request, perform internal quality control, protect rights, and comply with legal obligations;
  • technical logs and security data are retained for the period reasonably necessary for security, incident investigation, and service protection;
  • buyer and attendee data processed on behalf of an organizer is retained in accordance with the organizer’s instructions, the service terms, and applicable legal requirements.

After the applicable retention period expires, the data is deleted, anonymized, or otherwise converted into a form that does not allow identification, unless further retention is required by law.

11. Cookies and similar technologies

Evenda uses cookies, pixels, local storage, and similar technologies for:

  • ensuring operation of the website and authentication;
  • saving user settings;
  • security and resilience of the service;
  • analytics and improvement of functionality;
  • marketing and measurement of effectiveness, where permitted by law and based on the required legal basis.

Detailed information about the technologies used, the purposes of their use, and available settings is provided in Evenda’s Cookie Policy and, where applicable, in the cookie settings interface.

12. Your rights

Depending on applicable law and the specific processing context, you may have the right to:

  • request access to your data;
  • request correction of inaccurate or incomplete data;
  • request deletion of data;
  • request restriction of processing;
  • object to processing where it is based on legitimate interest;
  • withdraw consent where processing is based on consent;
  • request data portability where applicable;
  • not be subject to a decision based solely on automated processing where such a right applies;
  • lodge a complaint with a competent supervisory authority.

If Evenda processes your data as a processor acting on behalf of an organizer, we may redirect your request to the organizer or involve the organizer in handling the request where necessary.

13. How to exercise your rights

You may send a request relating to personal data to: [email protected]

We may ask you to verify your identity where necessary to protect your data and prevent unauthorized disclosure.

We will review the request within the timeframes and according to the procedure required by applicable law.

14. Complaints to a supervisory authority

If you believe that the processing of your personal data violates applicable law, you have the right to lodge a complaint with a competent supervisory authority.

For the Republic of Serbia, that authority is:

Commissioner for Information of Public Importance and Personal Data Protection
15 Bulevar kralja Aleksandra, 11120 Belgrade, Serbia
Website: poverenik.rs
Email: [email protected]

If the law of another country or jurisdiction applies to your situation, you may also contact the relevant competent supervisory authority at your place of habitual residence, place of work, or place of the alleged infringement, where such a right is provided by applicable law.

15. Data security

Evenda applies reasonable technical and organizational measures to protect personal data, taking into account the nature of the data, processing risks, and available technologies.

Such measures may include:

  • access control;
  • authentication and account management;
  • event logging;
  • backup procedures;
  • encryption and transmission protection where appropriate;
  • security monitoring;
  • internal incident response procedures.

At the same time, no method of transmission or storage can guarantee absolute security.

16. Children’s data

The Evenda service is not intended for independent use by children in violation of applicable law.

If you believe that a child has provided us with personal data in violation of the law, please contact us at [email protected], and we will consider deletion or another appropriate response.

Organizers using Evenda for events intended for children are independently responsible for compliance with the law applicable to the processing of minors’ data, including obtaining any necessary consents and informing legal representatives where required.

17. Third-party websites and services

The Evenda website and service may contain links to third-party websites, services, applications, and platforms.

This Policy does not apply to such third-party resources. We recommend reviewing their own terms and privacy policies before using them.

18. Changes to the Policy

Evenda may amend this Policy from time to time.

The current version is always published on the website. If the changes are material, we will try to notify users in a reasonable manner, for example through the website, email, or the dashboard.

Continued use of the website or service after the new version takes effect means that you have reviewed the updated Policy.

19. Contacts

If you have questions about this Policy or the processing of personal data, you may contact us at:

ZURKA CE BITI DOO
PIB: 114432064
MB: 22023195
Beograd, Kraljice Natalije 11, Serbia
[email protected]