Privacy Policy

Evencia – Event Management System

Effective date: December 25, 2025

Company & Product

Product: Evencia (event management system)

Company: Unitred Systema QFZ LLC ("we", "us", "our")

Address: Qatar Free Zone, Doha, Qatar

Email: info[at]united-systema.com

Mobile:

Overview

This Privacy Policy explains how Unitred Systema QFZ LLC collects, uses, discloses, and protects personal data when you use Evencia (the "Service").

The Service includes event management, registration forms, guest management, RSVP workflows, ticketing/orders, payment integrations, badge generation, scanners/scan logs, meetings/workshops scheduling, chat, SMS, certificates, and reporting/statistics.

We are GDPR compliant and implement appropriate technical and organizational measures to protect personal data.

1) Roles under GDPR (Controller / Processor)

  • Event Organizers / Customers: Typically act as the Data Controller for attendee/guest data they collect and manage in the Service.
  • Unitred Systema QFZ LLC: Typically acts as a Data Processor, processing personal data on the organizer’s behalf and under their instructions to provide the Service.
  • For limited data we process for our own business purposes (e.g., account administration, billing, security, legal compliance), we may act as an independent Data Controller.

2) Personal data we process

A) Account data (platform users)

  • Name, email, phone, organization, role/permissions
  • Authentication and security data (login timestamps, access logs)

B) Event attendee / guest data

  • Name, email, phone, company, job title, country
  • Registration and custom form responses (fields defined by the organizer)
  • RSVP status and invitation/communication records
  • Ticket and order details (ticket type, order identifiers, status)

C) Payments data (integrations)

  • Evencia integrates with payment providers including SkipCash, Dibsy, Stripe, and PayPal (and other providers where enabled).
  • We generally do not store full payment card details; payment providers process payment credentials directly.
  • We may process transaction metadata such as payment status, transaction reference, amount, currency, and linkage to an order/ticket.

D) On-site operations

  • Badge identifiers (QR/barcode), badge print info
  • Scan/check-in logs (time, gate/location, scanner user)

E) Communications data

  • Message content and metadata (recipient, timestamps, delivery status), depending on enabled channels and organizer configuration

F) Scheduling & participation

  • Meeting and workshop enrollment/attendance records
  • Certificates issued and verification data (e.g., QR/verification link metadata)

G) Technical data

  • IP address, device and browser data, usage logs, audit/security logs

3) How we use personal data

  1. Provide and operate the Service (registration, ticketing, check-in, scheduling, messaging, analytics).
  2. Process orders and reconcile payment outcomes via integrated payment providers (SkipCash, Dibsy, Stripe, PayPal).
  3. Send service and event communications as configured by organizers.
  4. Provide customer support and troubleshooting.
  5. Secure the Service (monitoring, access control, audit logs, fraud prevention).
  6. Improve performance and functionality.
  7. Comply with applicable legal obligations.

4) Legal bases (GDPR)

Where GDPR applies, processing is based on one or more of:

  • Contract: Providing the Service and fulfilling platform functions.
  • Legitimate interests: Security, fraud prevention, service improvement—balanced against individual rights.
  • Consent: Where required, e.g., certain communications or optional data collection.
  • Legal obligation: e.g., tax/accounting, lawful requests.

For attendee/guest data processed for events, the organizer (controller) determines the legal basis and is responsible for providing appropriate notices and collecting required consents.

5) Hosting, data residency, and subprocessors

Primary hosting: OVH

Regional / in-country hosting: Where a customer requires region-based or in-country data hosting, Evencia can be deployed/hosted using Google Cloud in a specified region (subject to technical feasibility and contractual terms). Evencia instances are also hosted in Google Cloud me-central-1 (Doha) datacenter.

Payment providers: SkipCash, Dibsy, Stripe, and/or PayPal (and any other enabled payment provider). Payment credentials are handled by the payment provider.

We may also use additional service providers (subprocessors) for hosting, storage, messaging delivery, monitoring, and support. We require subprocessors to apply appropriate security and confidentiality protections.

6) Sharing and disclosure

  • The event organizer/customer who administers the event/workspace.
  • Authorized service providers/subprocessors supporting the Service (including OVH and Google Cloud where applicable).
  • Payment processors (SkipCash, Dibsy, Stripe, PayPal) when payments are used.
  • Authorities or third parties when required by law or valid legal process.
  • Parties involved in a corporate transaction (merger/acquisition/asset sale), subject to safeguards.

We do not sell personal data.

7) International transfers

If personal data is transferred internationally (including outside the EEA/UK), we apply appropriate safeguards as required under GDPR (e.g., Standard Contractual Clauses or other lawful mechanisms) and take steps to ensure adequate protection.

8) Retention

We retain personal data only as long as necessary for:

  • Providing the Service and fulfilling contracts
  • Security/audit requirements
  • Legal, accounting, and dispute-resolution obligations

Organizers can typically manage retention and deletion of event data in their workspace, subject to backups and legal requirements.

9) Security

We implement technical and organizational measures designed to protect personal data, including (as appropriate):

  • Role-based access control
  • Encryption in transit
  • Logging and monitoring
  • Segmentation and least-privilege practices
  • Incident response processes

No system can be guaranteed fully secure, but we continuously improve our controls.

10) Your rights (GDPR)

Where GDPR applies, you may have rights to:

  • Access, correction, deletion
  • Restriction or objection
  • Data portability (where applicable)
  • Withdraw consent (where processing is based on consent)

If your data was collected for an event, contact the event organizer first. You can also contact us at info[at]united-systema.com.

You may also lodge a complaint with your data protection authority.

11) Children's privacy

Evencia is not intended for children under 16 (or higher age as required by local law) unless the organizer has a lawful basis and obtains appropriate consent where required.

12) Special category data

Evencia does not require special category data by default. If an organizer configures forms to collect sensitive data, the organizer is responsible for ensuring a lawful basis and applying additional protections required by GDPR.

13) Changes to this policy

We may update this policy periodically. The updated policy will be posted with a revised effective date. Material changes may be communicated through the Service or by email where appropriate.

14) Contact

Unitred Systema QFZ LLC

Qatar Free Zone, Doha, Qatar

Email: info[at]united-systema.com

Mobile: