Effective Date: 01/08/2025
@works S.r.l. (VAT: IT02511630986) is the data controller for TribeVenue, with headquarters in Viale Artigiani, Desenzano del Garda (Brescia), Italy.

1. Data We Collect
Personal Data: Name, email, role, profile photo.
Usage Data: Device info, IP address, access logs.
Behavioral Data: Interactions with venues and opportunities.

2. Legal Basis for Processing
Consent
Contractual necessity
Legal obligation
Legitimate interest

3. Purpose of Processing
Platform functionality
User authentication
Security and fraud prevention
Communication
Analytics
Subscription billing via Paddle

4. Profiling and Scoring
We apply automated scoring based on user participation, reliability, and feedback. This constitutes automated profiling. While users cannot opt out, they may contest specific scores applied in relation to opportunities.

5. International Data Transfers
Some data may be transferred outside the EU (e.g., via Firebase or Paddle). Standard Contractual Clauses and appropriate safeguards are in place.

6. Data Retention
Personal data is stored for the period necessary to provide the service or as required by law. Inactive accounts may be deleted after a maximum of 6 months.

7. Marketing
We send promotional messages only with prior consent collected during registration.

8. Security
We use encryption, firewalls, and access controls to protect data.

9. Data Breach
In the event of a breach:
Users will be notified within 72 hours if risks are high.
Authorities will be informed per GDPR.

10. Your Rights
Under GDPR you have rights to:
Access
Rectify
Erase
Object
Port data
To exercise your rights, contact: privacy@tribevenue.net

11. No DPO Appointed
We have not appointed a Data Protection Officer (DPO).