Evenda

Official version of the document — in Serbian.

Translations into other languages are provided for convenience only. If there is any discrepancy between a translation and the Serbian version, the Serbian version prevails.

Privacy Policy

Effective date: 01.03.2026
Last updated: 01.03.2026

This Privacy Policy (“Policy”) explains how ZURKA CE BITI DOO (“Evenda,” “we,” “us”) collects, uses, stores, transfers, and otherwise processes personal data when you use the evenda.io website, related subdomains, your personal account, event pages, checkout pages, APIs, integrations, email notifications, and other Evenda services.

Please read this Policy carefully before using the website and the service.

1. About Us

The operator of the Evenda website and service is:

ZURKA CE BITI DOO
Tax ID: 114432064
Mobile: 22023195
Belgrade, Kraljice Natalije 11, Serbia
Email: [email protected]

For the purposes of applicable data protection laws, Evenda may act as:

  • Data controller—when we determine the purposes and means of data processing;
  • Data processor acting on behalf of the controller—when we process data of customers, participants, or other individuals on behalf of the controller;
  • as a separate controller with respect to certain categories of data related, in particular, to security, fraud prevention, subscription billing, analytics, event logs, support, compliance with legal obligations, and the protection of Evenda’s rights.

2. An important note about Evenda’s role

Evenda is a SaaS platform for event organizers.

If an organizer uses Evenda to publish events, sell tickets, collect orders, and manage participants, then:

  • Evenda is not a ticket seller unless otherwise expressly stated;
  • the ticket purchase agreement is concluded between the buyer and the organizer;
  • payment for the ticket is made to the organizer, to their bank account, their payment system account, or other payment details belonging to them;
  • depending on the specific data processing scenario, the organizer may act as the independent data controller for the buyers and participants of their event.

This means that, with regard to certain data, Evenda acts as a technical infrastructure provider rather than as a party to the ticket sale transaction.

3. What information we may collect

Depending on how you interact with Evenda, we may process the following categories of data.

3.1. Data on visitors to the website

  • IP address;
  • browser, device, operating system, and language data;
  • cookies, session identifiers, and similar technical data;
  • data on pages visited, clicks, referral sources, visit duration, and interaction with the website;
  • data you enter into feedback, subscription, or inquiry forms.

3.2. Organizer Information

  • First and last name;
  • Email, phone number, and other contact information;
  • Account and login credentials;
  • Company name, registration and tax information, address, and bank details;
  • Information about the organizer’s team and assigned roles;
  • billing information, details about the plan, subscription status, and payments for using Evenda;
  • data provided during verification, review, support, or onboarding.

3.3. Customer and Member Data

If a customer or participant interacts with an event page, checkout page, registration form, or ticket, the following may be processed through the Evenda infrastructure:

  • First and last name;
  • Email;
  • phone number;
  • order and ticket details;
  • details regarding the event, session, ticket category, seat, price, promo code, and order status;
  • additional information requested by the organizer in the order or registration form;
  • information necessary for sending notifications, tickets, QR codes, confirmations, and service messages;
  • history of interactions with the order, ticket, or event.

3.4. Payment Information

In the standard service model, Evenda does not accept payment for tickets into its accounts.

Payment information related to tickets, including credit card details, e-wallet information, or other payment details, is typically processed by the relevant payment provider, bank, or organizer within their own systems.

Evenda may receive limited payment metadata, such as:

  • payment status;
  • transaction ID;
  • payment method type;
  • amount;
  • transaction date and time;
  • technical statuses required to display the payment result in the interface.

To process payments for your Evenda subscription, we may process data necessary for billing, invoicing, payment confirmation, accounting, and support.

3.5. Support and Contact Information

  • the content of support requests;
  • attachments and documents you submit;
  • correspondence via email, forms, chat, or other communication channels;
  • records of the progress of your request.

3.6. Security and Fraud Prevention Data

  • access and event logs;
  • data regarding suspicious activity;
  • technical alerts used to protect the website, accounts, and infrastructure;
  • information necessary to investigate violations, complaints, fraud, abuse, or other incidents.

4. Data sources

We may receive personal data from:

  • directly from you;
  • from the organizer, if you interact with their event through Evenda;
  • from your team or colleagues, if they invite you to the organizer’s account;
  • from payment providers, banks, email providers, and other partners, when necessary for the service to function;
  • automatically when using the website and service;
  • from publicly available sources, if necessary for verification, security, legal compliance, or the protection of Evenda’s rights.

5. Purposes of data processing

We may process personal data for the following purposes:

  • providing access to the website and service;
  • account registration and management;
  • providing platform features to event organizers;
  • setting up, managing, and publishing events;
  • processing orders, tickets, registrations, notifications, and service communications;
  • user support;
  • performance of the contract with the user or organizer;
  • processing of subscriptions, billing, invoicing, and payment tracking for the use of Evenda;
  • ensuring the operation of the website, hosting, API, integrations, and applications;
  • ensuring security, preventing fraud, spam, abuse, and other misuse;
  • logging and auditing of actions;
  • analytics, improving interfaces, functionality, and service quality;
  • compliance with legal obligations;
  • establishing, exercising, and defending legal claims;
  • sending mandatory service notifications;
  • sending marketing messages, if permitted by law and where there is a valid basis.

6. Legal Basis for Processing

Depending on the situation, we process data on one or more of the following grounds:

  • performance of a contract or actions taken prior to entering into a contract;
  • compliance with a legal obligation;
  • the legitimate interests of Evenda or a third party, provided that such interests are not overridden by your rights and freedoms;
  • consent, where required by law;
  • other grounds permitted by applicable law.

6.1. When we typically rely on the performance of the contract

  • creating and maintaining an account;
  • providing access to service features;
  • sending service notifications;
  • processing requests related to the use of Evenda;
  • managing subscriptions and billing.

6.2. When we typically rely on legitimate interest

  • site and infrastructure security;
  • prevention of fraud, abuse, and violations;
  • service support and improvement;
  • internal administration;
  • protection of Evenda’s rights in disputes, claims, and investigations;
  • limited analytics necessary for service development.

6.3. When We Typically Rely on Consent

  • non-essential cookies and similar technologies, where consent is required by law;
  • certain marketing communications;
  • other instances where it is expressly required by law.

7. When is Evenda the controller, and when is it the processor?

The role of Evenda depends on the specific context of the processing.

7.1. Evenda as a controller

Evenda typically acts as a standalone controller when processing data:

  • organizers and their team members;
  • subscriptions, pricing plans, invoices, and payments for SaaS;
  • support and user communications;
  • security, logs, anti-fraud, and abuse prevention;
  • analytics on the use of the Evenda service itself;
  • legal compliance and protection of Evenda’s rights.

7.2. Evenda as a processor acting on behalf of the organizer

Evenda may act as a data processor when an organizer uses the platform to process data:

  • ticket buyers;
  • event participants;
  • guests, visitors, and registered users;
  • individuals who fill out additional forms created by the organizer;
  • recipients of tickets, QR codes, registrations, and notifications for a specific event.

In such cases, the organizer determines the essential purposes of the processing, such as holding the event, selling tickets, registering participants, communicating with them, handling refunds, and providing customer service.

7.3. A separate role for the organizer

The organizer may act as the independent data controller for customer and participant data in connection with its event, including:

  • description of the purposes of data collection;
  • content of the order or registration form;
  • admission policies;
  • returns;
  • event-related communications;
  • tax and other legal obligations related to ticket sales.

If your question concerns a specific event, booking, or ticket, in some cases you will need to contact the organizer directly, as they are responsible for handling your inquiry.

8. Who we may share data with

We may disclose personal data to the following categories of recipients:

  • event organizers;
  • members of the organizer’s team, within the scope of their assigned access rights;
  • hosting providers, cloud providers, CDNs, and infrastructure contractors;
  • email, SMS, and communication providers;
  • analytics and monitoring providers;
  • payment providers, banks, and financial intermediaries—to the extent necessary for subscription billing or technical status synchronization;
  • support, CRM, and helpdesk tool providers;
  • security, anti-fraud, logging, and audit contractors;
  • lawyers, auditors, accountants, and other consultants;
  • government agencies, courts, law enforcement agencies, regulators, and supervisory authorities, if we are required to do so by law or to protect the rights of Evenda, users, or third parties;
  • the buyer or organizer—when necessary to fulfill a request, resolve a dispute, confirm an order, process a return, or address a complaint or claim.

We do not sell personal data as a separate commercial product.

9. International data transfer

Depending on the infrastructure and contractors used, personal data may be processed or transferred outside the country from which you are accessing the service, including to countries where Evenda’s servers, contractors, or technical providers are located.

If a specific data transfer requires the use of specific legal mechanisms, we will rely on the legal grounds provided by law, including:

  • a decision on an adequate level of protection, if applicable;
  • standard contractual clauses;
  • other mechanisms permitted under applicable law.

10. Data Retention Periods

We retain personal data only for as long as is necessary for the purposes for which it was collected, unless a longer retention period is required or permitted by law.

The retention period depends on the data category and the context of processing. For example:

  • Account data — for the duration of the account and a reasonable period after its closure;
  • contractual and billing data — for the time necessary to fulfill the contract, for accounting and tax purposes, and to comply with legal requirements;
  • support data — for the period necessary to process inquiries, for internal quality control, to protect rights, and to fulfill legal obligations;
  • technical logs and security data — for the period reasonably necessary for security, incident investigation, and service protection;
  • customer and participant data processed on behalf of the organizer — in accordance with the organizer’s instructions, the terms of service, and applicable legal requirements.

Once the applicable retention period has expired, the data will be deleted, anonymized, or otherwise rendered unidentifiable, unless further storage is required by law.

11. Cookies and Similar Technologies

Evenda uses cookies, web beacons, local storage, and similar technologies to:

  • to ensure the website functions properly and for user authentication;
  • to save user settings;
  • to ensure the security and stability of the service;
  • for analytics and to improve functionality;
  • for marketing and performance measurement, where permitted by law and where there is a valid legal basis.

Detailed information about the technologies used, their purposes, and available settings can be found in our Cookie Policy and, where applicable, in the cookie settings interface.

12. Your Rights

Depending on applicable law and the specific context of the processing, you may have the right to:

  • request access to your data;
  • request the correction of inaccurate or incomplete data;
  • request the erasure of your data;
  • request the restriction of processing;
  • object to processing if it is based on a legitimate interest;
  • withdraw consent if processing is based on consent;
  • request data portability, if applicable;
  • not be subject to a decision based solely on automated processing, if such a right applies;
  • lodge a complaint with the competent supervisory authority.

If Evenda processes your data as a processor on behalf of the organizer, we may forward your request to the organizer or involve them in processing your request, if necessary.

13. How to exercise your rights

You can send a request regarding your personal data to: [email protected]

We may ask you to verify your identity if necessary to protect your data and prevent unauthorized disclosure.

We will review your request within the timeframe and in accordance with the procedures set forth in applicable law.

14. Complaints to the supervisory authority

If you believe that the processing of your personal data violates applicable law, you have the right to file a complaint with the competent supervisory authority.

For the Republic of Serbia, this body is:

Commissioner for Information of Public Importance and Personal Data Protection
15 King Alexander Boulevard, 11120 Belgrade, Serbia
Website: poverenik.rs
Email: [email protected]

If the laws of another country or jurisdiction apply to your situation, you may also contact the relevant competent supervisory authority in the place where you habitually reside, work, or where the alleged infringement occurred, provided that such a right is provided for by applicable law.

15. Data Security

Evenda implements reasonable technical and organizational measures to protect personal data, taking into account the nature of the data, the risks associated with processing, and available technologies.

Such measures may include:

  • access control;
  • authentication and account management;
  • event logging;
  • backup;
  • encryption and data transmission protection where appropriate;
  • security monitoring;
  • internal incident response procedures.

However, no method of data transmission or storage can guarantee absolute security.

16. Children's data

The Evenda service is not intended for use by children on their own in violation of applicable laws.

If you believe that a child has provided us with personal data in violation of the law, please contact us at [email protected], and we will consider deleting the data or taking other appropriate action.

Organizers using Evenda for events aimed at children are solely responsible for complying with applicable laws regarding the processing of minors’ data, including obtaining the necessary consents and informing legal guardians where required.

17. Third-party websites and services

The Evenda website and service may contain links to third-party websites, services, applications, and platforms.

This Policy does not apply to such third-party resources. We recommend that you review their own terms and privacy policies before using them.

18. Changes to the Policy

Evenda reserves the right to amend this Policy from time to time.

The latest version is always posted on the website. If the changes are significant, we will make every effort to notify users in a reasonable manner, such as via the website, email, or your account dashboard.

By continuing to use the website or service after the new version takes effect, you acknowledge that you have read the updated Policy.

19. Contact Information

If you have any questions about this Policy or the processing of personal data, please contact us at:

ZURKA CE BITI DOO
Tax ID: 114432064
Mobile: 22023195
Belgrade, Kraljice Natalije 11, Serbia
[email protected]