• GDPR
• Info for ticket buyers
• Terms and conditions
• Website Terms of use
• Security
• Third party sub-processors
• Privacy Policy
• Cookie Policy
• Acceptable Use Policy

GDPR

Last updated: 8th Apr 2025

At Booking Momentum, we take data privacy seriously. We're fully committed to compliance with the General Data Protection Regulation (GDPR) and protecting the rights of individuals whose data we process.

How Booking Momentum complies with GDPR

We have implemented appropriate legal, technical, and organisational measures to comply with the GDPR and to ensure your data — and that of your attendees — remains secure and under your control. Our relevant documents include:

• Privacy Policy
• Terms and Conditions

You own your attendee data

When you use Booking Momentum to sell tickets or manage registrations, you are the “data controller” for the information you collect from attendees. This means:

• You control what data you collect
• You decide how long you retain it
• You are responsible for responding to data access, correction, and deletion requests

Booking Momentum acts as a “data processor”. We will only process attendee data on your behalf and under your instructions. We will never:

• Send marketing to your attendees
• Sell or share your attendee data
• Use the data for any purpose other than delivering our service to you

Data Hosting & Security

Booking Momentum is hosted on Microsoft Azure in the UK South region (London). We use enterprise-grade security controls to protect your data, including:

• End-to-end encryption (TLS 1.2+ in transit, AES-256 at rest)
• Role-based access controls and 2FA for internal systems
• Real-time monitoring and audit logging via Datadog
• Daily encrypted backups and disaster recovery systems

Third-Party Processors

We work with a small number of sub-processors (e.g. Stripe for payments, Microsoft Azure for hosting). All third parties are subject to GDPR-compliant agreements, including Standard Contractual Clauses (SCCs) where data is transferred outside the UK or EU.

Add Your Privacy Policy

If you're collecting attendee data, GDPR requires you to tell attendees what you're collecting and why. The easiest way to do this is by linking your privacy policy to your event pages and communications.

Collecting Marketing Consent

If you want to send marketing emails to attendees, you must collect explicit consent. We make it easy to include custom opt-in checkboxes on your registration forms.

Have Questions?

If you have questions about how we handle data or need help with GDPR-related responsibilities, reach out to us at [email protected].