1. Data controller
The operator of Passreserve.com is Leonardo Fiori, VAT IT02639600465, with registered office at Via Nicola Raffaelli 2, 55020 Fosciandora (LU), Italia.
For the purposes described in this notice, Passreserve.com acts as controller for the operation, security, administration, and support of the platform. Organizers using Passreserve may separately act as independent controllers for their own event management, attendee operations, tax, accounting, venue, and customer-care obligations.
2. Scope of this notice
This notice applies to visitors, attendees, organizer applicants, organizer admins, and platform admins who interact with Passreserve.com.
It covers processing carried out through the website, organizer admin dashboard, platform admin dashboard, registration flows, operational emails, and connected support workflows.
3. Categories of personal data
- Identification and contact data, such as name, email address, phone number, postal address, organizer name, and venue details.
- Registration data, such as selected event, selected occurrence, ticket mix, attendee details, dietary restrictions, booking language, and operational notes.
- Organizer application data, such as launch window, payment model, city, event focus, and onboarding notes.
- Authentication and security data, such as password hashes, password-reset tokens, session identifiers, IP-based anti-abuse controls, and audit logs.
- Transaction bridge data, such as Stripe session identifiers, payment-intent identifiers, refund state, and payment ledger status.
- Communications data, such as transactional email delivery logs, organizer outreach, support correspondence, and template-render metadata.
4. Purposes and legal bases
- To provide the public site, the organizer pages, and the booking flow: performance of a contract or pre-contractual steps, and legitimate interest in operating the platform.
- To create, confirm, update, and reconcile registrations: performance of a contract and legitimate interest in keeping an auditable booking ledger.
- To process and reconcile payments handled through Stripe connected accounts: performance of a contract and legitimate interest in fraud prevention, accounting consistency, and dispute handling.
- To onboard organizers and manage organizer-access requests: pre-contractual measures and legitimate interest in screening and provisioning platform accounts.
- To authenticate organizer and platform admins, maintain sessions, prevent abuse, and protect infrastructure: legitimate interest and legal obligations relating to security and accountability.
- To send mandatory service emails such as access emails, confirmation emails, payment emails, and reminder emails: performance of a contract and legitimate interest in service continuity.
- To comply with legal obligations, respond to lawful requests, and preserve evidence where necessary: legal obligation and legitimate interest.
5. Payments and Stripe
Paid events are processed through Stripe technology and through the connected Stripe account of the organizer where the event is hosted. Passreserve does not present itself as the seller or event operator unless expressly stated otherwise on the relevant page.
Passreserve does not store full card numbers, CVC codes, or complete payment instrument data on its own servers. Passreserve stores only limited payment-reference data strictly necessary to create, resume, reconcile, or audit the booking and refund flow.
Stripe acts under its own privacy and security terms for the payment infrastructure it provides. Organizers remain responsible for the commercial, tax, refund, and consumer-facing consequences of the events they publish, subject to applicable law.
6. Organizers and role allocation
Organizers are responsible for the legality, accuracy, and performance of their events, for their own event policies, for attendee communications relating to the event itself, for tax and accounting obligations, and for the lawfulness of any personal data they request through Passreserve.
Depending on the situation, Passreserve and the relevant organizer may each process attendee data as independent controllers for their respective purposes. Passreserve does not assume general responsibility for the organizer’s own compliance obligations merely because the organizer uses the platform.
7. Recipients and service providers
Passreserve may share personal data with carefully selected service providers and infrastructure vendors strictly to operate the service, including hosting and deployment providers, database providers, email-delivery providers, payment infrastructure providers, and professional advisers where necessary.
As of this version, the core service stack may involve providers such as Vercel for hosting and deployment, PostgreSQL-based database infrastructure configured by Passreserve, Resend for email delivery, and Stripe for payment infrastructure and connected-account processing.
8. International transfers
Some service providers used to operate Passreserve may process data outside the EEA. Where that happens, Passreserve relies on a valid transfer mechanism under applicable law, such as an adequacy decision or standard contractual clauses together with supplementary measures where appropriate.
9. Retention
- Organizer applications: for the time necessary to evaluate, provision, archive, and evidence the onboarding process.
- Organizer and platform admin account data: for the lifetime of the account and for a reasonable post-closure period required for security, audits, and legal defence.
- Registration and payment-ledger data: for as long as reasonably necessary for event operations, refunds, accounting, audits, and legal claims handling.
- Transactional email logs and audit logs: for as long as reasonably necessary to demonstrate service operation, support, abuse prevention, and legal compliance.
- Cookie and consent records: for the lifetime of the relevant setting and the related compliance window.
10. Data-subject rights
Where applicable, you may request access, rectification, erasure, restriction, portability, or objection, and you may withdraw consent where consent is the legal basis.
Requests may require identity verification and may be limited where Passreserve must keep data to comply with legal obligations, preserve evidence, secure the platform, or defend legal claims.
11. Security
Passreserve uses organizational and technical measures appropriate to the nature of the service, including authenticated admin sessions, password hashing, anti-abuse controls, auditable payment and registration ledgers, hosted checkout through Stripe, and operational monitoring.
No online service can guarantee absolute security. Users and organizers must also adopt reasonable security practices, including protecting their own devices, passwords, inboxes, and Stripe accounts.
12. Children and third-party data
Users must not submit third-party data unless they are authorized to do so and have provided any notices required by law. Organizers are solely responsible for verifying whether their events, questionnaires, and policies are appropriate for minors or sensitive attendance categories.
13. Updates and contact
Passreserve may update this notice to reflect legal, technical, or operational changes. Material changes will be reflected through an updated effective date and, where appropriate, additional notice mechanisms.
For privacy-related requests concerning the platform itself, contact the site operator at Leonardo Fiori, Via Nicola Raffaelli 2, 55020 Fosciandora (LU), Italia, or through the legal/support contact details published on Passreserve.com.