GDPR Compliance

Last updated: August 2, 2025Effective immediately

Compliance Statement

StageWay is fully committed to GDPR compliance and implements Privacy by Design & by Default.

We adhere to all GDPR requirements including lawful processing, data minimization, purpose limitation, storage limitation, and accountability principles.

Privacy by Design & by Default

Data Minimization

We collect only the personal data necessary for providing our tour planning services.

Purpose Limitation

Data is processed only for the specific purposes for which it was collected.

Storage Limitation

Personal data is retained only as long as necessary for the processing purposes.

Transparency

Clear and understandable information about data processing in plain language.

Technical & Organizational Measures

Data Security

  • AES-256 encryption for data at rest
  • TLS 1.3 for data in transit
  • Hashed and salted password storage
  • Regular security audits and penetration testing

Access Controls

  • Role-based access control (RBAC)
  • Multi-factor authentication for staff
  • Regular access reviews and deprovisioning
  • Principle of least privilege

Monitoring & Logging

  • Comprehensive audit logs
  • Real-time security monitoring
  • Automated breach detection
  • Incident response procedures

Data Subject Request Procedures

We respond to all valid data subject requests within 72 hours (acknowledgment) and provide a complete response within one month.

Request Types

  • Right of access (Art. 15)
  • Right to rectification (Art. 16)
  • Right to erasure (Art. 17)
  • Right to restriction (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object (Art. 21)

Process

  1. Submit request to dpo@stageway.com
  2. Identity verification (if required)
  3. 72-hour acknowledgment
  4. Investigation and response
  5. Implementation of request

Data Protection Impact Assessments

We conduct DPIAs for high-risk processing activities and regularly review our data processing:

Current Status

  • ✅ DPIA completed for user profiling and analytics
  • ✅ DPIA completed for automated venue matching
  • ✅ Regular reviews scheduled quarterly
  • ✅ External DPO oversight and validation

Data Protection Officer

External DPO

DataProtect GmbH

Datenschutzstraße 456

10115 Berlin, Germany

Email: dpo@stageway.com

Phone: +49 30 987654321

Supervisory Authority

Berliner Beauftragte für Datenschutz und Informationsfreiheit

Friedrichstr. 219, 10969 Berlin

www.datenschutz-berlin.de