Privacy Policy

Last updated: 2026-05-08

This document describes how the EventPlan.SK platform processes personal data. It has been prepared in accordance with the EU General Data Protection Regulation 2016/679 (GDPR) and Slovak Act No. 18/2018 Coll. on the Protection of Personal Data.

1. Data Controller

The data controller within the meaning of GDPR is:

Company name	Suzys s. r. o.
Registered office	Tehelná 7296/9A, 917 01 Trnava, Slovenská republika
Company ID (IČO)	56 929 269
Tax ID (DIČ)	2122509268
VAT ID	SK2122509268
Registered in	Obchodný register Mestského súdu Trnava, oddiel: Sro, vložka č. 59485/T
Represented by	Michal Ďurica, konateľ
Privacy contact	Michal Ďurica, info@eventplan.sk

2. Nature of the Service

EventPlan.SK is a platform for professional organization of live music events. It serves band managers, musicians, technical crews and event organizers for centralized management of events, contacts, finances and communication. Optional Google Calendar synchronization is included.

3. Personal Data We Process

3.1 User account

First name and surname
E-mail address (login)
Phone number
Password (stored as bcrypt hash)
Role (admin, planner, accountant)
Band membership(s)
IP address upon login and login history

3.2 Data from your Google account (when Google Calendar is connected)

Google account e-mail address
Google account display name
OAuth access token and refresh token (stored in our database)
Identifiers of calendars to which you have granted access
Calendar event data — title, date and time, location, description, attendees — used solely to enable two-way synchronization with events in EventPlan.SK

Google API Services User Data Policy. EventPlan's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

3.3 Operational data

Event data (name, location, date, fees, capacities)
Contacts of musicians, technicians, suppliers and organizers
Communication logs (e-mails, SMS, WhatsApp messages sent by the system)
Application activity logs (who/when/what changed)
Cookies — see Section 9

4. Purposes of Processing

Providing and operating the EventPlan.SK service
Synchronizing events between EventPlan and Google Calendar (only if user activates this feature)
Authentication and access control
User communication (notifications, reminders, organizational messages)
Compliance with legal obligations (accounting, tax records)
Security — detection of suspicious logins, abuse prevention

5. Legal Basis

We process data based on:

Consent of the data subject — particularly when connecting Google Calendar (Art. 6(1)(a) GDPR)
Performance of a contract or pre-contractual measures — creation and operation of a user account (Art. 6(1)(b) GDPR)
Legitimate interest of the controller — security, abuse prevention, log retention (Art. 6(1)(f) GDPR)
Legal obligation — accounting and tax laws (Art. 6(1)(c) GDPR)

6. Retention Periods

Active user account data — for the duration of the account
After deactivation (disconnection from EventPlan.SK) — at most 30 days, then anonymized or deleted
Google OAuth tokens — immediately revoked via Google and deleted from our database upon disconnection
Accounting and tax documents — retained for the legally required period (10 years)
Security logs — 1 year

7. Recipients (Sub-processors)

Personal data may be made available to the following sub-processors for service operation:

Sub-processor	Country	Purpose
Google LLC	USA	OAuth authentication, Google Calendar API (only if user activates)
Websupport, s. r. o.	Slovakia	SMTP gateway for sending system e-mails
EuroSMS a. s.	Slovakia	Gateway for sending SMS notifications

For displaying event maps and weather forecasts, we use third-party services (TomTom, Open-Meteo) but do not provide them with any user personal data — only event addresses, which are public information.

8. International Data Transfers

By connecting Google Calendar, your data is transferred to the USA where Google LLC operates its infrastructure. The transfer is secured by EU Standard Contractual Clauses (SCC) and additional technical and organizational safeguards in accordance with Art. 46 GDPR.

9. Cookies

EventPlan.SK uses only essential (functional) cookies:

PHPSESSID — login session identifier
CSRF token — protection against Cross-Site Request Forgery attacks

We do not use any analytics, advertising or marketing cookies. No third party places cookies through our website.

10. Security

All browser-server communication is encrypted with HTTPS / TLS 1.2+
Passwords are stored only as bcrypt hashes — never as plaintext
Server administration access is limited to the controller's authorized personnel
Logins, failed attempts, and critical changes are logged
Failed login attempts are rate-limited to protect against brute-force attacks

11. Your Rights

Under GDPR you have the following rights:

Right of access to personal data (Art. 15)
Right to rectification of inaccurate data (Art. 16)
Right to erasure ("right to be forgotten" — Art. 17)
Right to restriction of processing (Art. 18)
Right to data portability (Art. 20)
Right to object to processing (Art. 21)
Right to withdraw consent at any time — particularly the Google Calendar connection: you may disconnect directly in the app or at Google Account → Security → Third-party access
Right to lodge a complaint with the supervisory authority — Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava, dataprotection.gov.sk

Send requests to info@eventplan.sk. We respond within 30 days.

12. Disconnecting Your Account

You can disconnect from EventPlan.SK in two ways:

Disconnect Google Calendar — directly in the app at Settings → Google Calendar → Disconnect. Tokens are immediately revoked via Google and deleted from our database.
Account deletion request — send an e-mail to info@eventplan.sk. The account will be deactivated within 7 days and personal data deleted within 30 days (except data legally required to retain).

13. CCPA (For California Residents)

If you are a California resident, you have rights under the California Consumer Privacy Act:

Right to know what information we collect about you and the purposes of collection
Right to deletion
Right to opt out of the sale of personal information — we do not sell personal data to any third party
Right to non-discrimination when exercising your rights

EventPlan.SK does not sell or share personal information as defined by the California Consumer Privacy Act (CCPA/CPRA). We do not display a "Do Not Sell My Personal Information" link on our website because we do not engage in such sales or sharing. We do not provide personal data for advertising purposes, cross-context behavioral advertising, or any other form of "sale" or "sharing" as defined under CCPA/CPRA.

14. Changes to this Policy

We may update this policy from time to time. The current version is published on this page with a "last updated" date. For substantial changes, we will notify users by e-mail.

15. Contact

If you have any questions regarding personal data protection, please contact:

Suzys s. r. o.
Tehelná 7296/9A, 917 01 Trnava, Slovenská republika
E-mail: info@eventplan.sk