Last updated: June 19, 2026
This Data Processing Agreement ("DPA") applies when you, the event organizer (the "data controller"), use RealEvents (the "data processor") to collect and manage personal data of your attendees. It forms part of our terms and reflects Article 28 of the GDPR.
You are the data controller of the attendee data you collect (names, email addresses, and any optional fields you configure). RealEvents is the data processor and processes that data only on your documented instructions, which are given by your use of the service.
RealEvents processes attendee personal data solely to provide the event-management service: displaying your event page, recording registrations, sending confirmations and reminders you trigger, and showing you who is coming. We do not use attendee data for our own purposes, advertising, or profiling.
We use the subprocessors listed in our privacy policy (EU hosting, analytics, error monitoring, email delivery). We remain responsible for their compliance, and we will inform you of any intended change to this list so you can object before it takes effect.
We apply appropriate technical and organizational measures: encrypted transport (HTTPS), access controls, EU data residency, and a documented retention and deletion policy.
Attendee data follows the retention schedule in our privacy policy: it is anonymized and then permanently deleted on a fixed timeline. You can delete an event and its registrations at any time, and each attendee can view, export, or delete their own data through the link in their confirmation email.
We help you meet your obligations to attendees (access, rectification, erasure, portability) by providing self-service tools and, where needed, support through our contact page.
Attendee data is stored within the European Union. Any transfer outside the EU by a subprocessor relies on an approved transfer mechanism.
You can accept this DPA when you create an event by checking the box on the creation form. Acceptance is optional for casual use, and recommended if you collect attendee data on behalf of a company in the EU.