Bewitt does not sell personal data. We process personal data only where necessary to provide, secure, administer, support, and improve the Service, or where required by law.
Event data is organizer-led
For most event data, the organizer decides what to collect and why. Bewitt processes that data to run the platform on the organizer's instructions.
Real event workflows
The policy covers data used for registrations, participant access, check-ins, agendas, speakers, sponsors, feedback, payments, analytics, and reporting.
Participant rights
Participants usually contact the event organizer for event-specific requests. Bewitt can assist where it acts as processor.
1. Introduction
This Privacy Policy explains how Bewitt processes personal data in connection with its cloud-based event-management platform.
Bewitt enables organizations to create, manage, and operate events. Depending on how an event is configured, the platform may process data relating to event organizers, event staff, participants, sponsors, speakers, guests, and website visitors.
This Policy is intended to explain Bewitt's own privacy practices and to help users understand when Bewitt acts as a data controller and when Bewitt acts as a data processor on behalf of an event organizer.
2. Who We Are
Bewitt is a software-as-a-service provider established in the Netherlands.
For privacy questions, you can contact us at:
BewittNetherlands
Email: [email protected]
3. Scope
This Policy applies to personal data processed through:
- the Bewitt platform;
- Bewitt websites;
- organizer dashboards;
- participant-facing event environments;
- event registration and check-in tools;
- support and account-management communications;
- billing and payment administration; and
- related integrations, APIs, analytics, and reporting tools.
This Policy does not replace the privacy notices of event organizers. Event organizers may have their own privacy policies, registration terms, consent forms, and event-specific notices.
4. Data Controller and Processor Roles
Organizer as controller, Bewitt as processor
In most event-related situations, the event organizer is the data controller and Bewitt acts as the data processor.
This means the organizer decides why and how personal data is processed for the event. For example, the organizer decides:
- which participants are invited;
- which registration fields are collected;
- whether check-ins, quizzes, missions, rewards, feedback, or analytics are enabled;
- what communications are sent to participants;
- how long event data should be retained; and
- which legal basis applies to the organizer's event processing.
In these cases, Bewitt processes personal data on the organizer's documented instructions and in accordance with the applicable Data Processing Agreement.
Participants should normally contact the relevant organizer directly for event-specific privacy requests. If Bewitt receives a request relating to data we process as processor, we may refer the request to the organizer or assist the organizer in responding.
Bewitt as controller
Bewitt acts as an independent data controller for personal data we process for our own platform-level purposes, including:
- account administration;
- organizer onboarding;
- billing and payment administration;
- customer support;
- platform security;
- abuse prevention;
- service monitoring;
- legal compliance;
- product improvement; and
- communications requested by users.
For these platform-level matters, you may contact Bewitt directly.
5. Personal Data We Collect
Depending on your relationship with Bewitt and the configuration of an event, we may process the following categories of personal data.
Account Data
- name;
- email address;
- username;
- password hash;
- phone number;
- organization details;
- role or permissions within an account; and
- account preferences.
Event Data
- registrations;
- attendance records;
- QR code check-ins;
- agenda interactions;
- session participation;
- quiz answers;
- feedback submissions;
- achievement progress;
- mission activity;
- points or gamification records;
- reward redemptions;
- store purchases or reservations;
- speaker, sponsor, or guest profiles; and
- event-related analytics and reports.
Technical Data
- IP addresses;
- device information;
- browser information;
- operating system information;
- session identifiers;
- authentication logs;
- security logs;
- error logs;
- usage timestamps; and
- technical diagnostic information.
Commercial Data
- billing details;
- invoice information;
- transaction history;
- payment status;
- subscription records;
- plan and usage information; and
- payment-provider references.
Communication Data
- emails;
- support requests;
- chat or helpdesk conversations;
- notifications;
- administrative messages; and
- user feedback about the Service.
We ask organizers not to collect unnecessary personal data through Bewitt. If an organizer chooses to collect sensitive data or special categories of personal data, the organizer is responsible for ensuring a valid legal basis and appropriate safeguards.
6. How We Collect Data
We may collect personal data:
- directly from you when you create an account, register for an event, complete a form, contact support, or use the platform;
- from event organizers who upload, import, invite, or register participants, staff, speakers, sponsors, or guests;
- automatically when you use the Service, such as through logs, cookies, and similar technologies;
- from payment providers, email providers, hosting providers, analytics tools, and other integrated services;
- from API integrations configured by an organizer; and
- from communications with customers, users, or suppliers.
7. Why We Process Data
We process personal data for the following purposes:
- providing and operating the Bewitt platform;
- creating and managing user accounts;
- authenticating users and managing access rights;
- enabling organizers to manage events;
- processing registrations, check-ins, agendas, sessions, quizzes, feedback, gamification, rewards, stores, analytics, and reports;
- sending event-related or account-related communications;
- processing payments and maintaining billing records;
- providing customer support;
- monitoring security and preventing fraud, abuse, unauthorized access, and misuse;
- maintaining, troubleshooting, and improving the Service;
- complying with legal, tax, accounting, and regulatory obligations;
- enforcing our terms and protecting legal rights; and
- sending communications requested by users.
8. Legal Bases
Where Bewitt acts as controller, we rely on one or more of the following legal bases under the GDPR:
Contract performance: where processing is necessary to provide the Service, create accounts, authenticate users, process subscriptions, provide support, or perform an agreement.
Legitimate interests: where processing is necessary for platform security, fraud prevention, service improvement, business administration, customer support, analytics, abuse prevention, and protection of legal rights, provided those interests are not overridden by individual rights and freedoms.
Consent: where we ask for consent, such as for certain optional communications, cookies, or event features where consent is required. Consent can be withdrawn at any time.
Legal obligation: where processing is necessary to comply with tax, accounting, corporate, regulatory, court, or other legal obligations.
Where Bewitt acts as processor, the organizer is responsible for determining the applicable legal basis for event-specific processing.
9. Sharing of Data
We may share personal data with:
- event organizers and authorized event staff;
- participants, where event features require visibility, such as agendas, leaderboards, networking, speaker profiles, or sponsor pages;
- hosting, infrastructure, email, support, analytics, security, storage, payment, DNS, and other service providers;
- payment processors and financial institutions;
- API or integration providers configured by the organizer;
- professional advisers, such as lawyers, accountants, auditors, and insurers;
- authorities, courts, regulators, or law enforcement where legally required or necessary to protect rights; and
- a successor or acquirer in connection with a merger, restructuring, financing, acquisition, or sale of business assets.
Bewitt does not sell personal data.
Service providers that process personal data on our behalf are required to protect it and process it only for authorized purposes.
Bewitt maintains a separate Subprocessor List and makes it available to customers.
10. International Transfers
Bewitt is established in the Netherlands. Personal data may be processed in the European Economic Area and, where necessary, in other countries by carefully selected service providers.
Where personal data is transferred outside the EEA, we use appropriate safeguards where required, such as:
- European Commission adequacy decisions;
- Standard Contractual Clauses;
- transfer impact assessments where appropriate;
- contractual, technical, and organizational safeguards; and
- additional measures required by applicable data protection law.
11. Data Retention
We retain personal data only for as long as necessary for the purposes described in this Policy, unless a longer retention period is required or permitted by law.
Typical retention guidance:
- Account data: retained while the account is active and for a reasonable period after closure for administration, dispute handling, security, and legal purposes.
- Event records: retained according to the organizer's instructions, event configuration, contractual arrangements, and the applicable Data Processing Agreement.
- Participant data: retained as instructed by the organizer, unless Bewitt has an independent legal basis to retain limited data.
- Security logs: generally retained for a limited period necessary for security, monitoring, fraud prevention, and incident investigation.
- Billing and transaction records: retained as required for tax and accounting purposes. In the Netherlands, business records are generally retained for at least 7 years.
- Support communications: retained for as long as reasonably necessary to provide support, maintain business records, and resolve disputes.
- Backups: retained for limited backup cycles and deleted or overwritten according to backup schedules, unless retention is required for security, continuity, or legal reasons.
When data is no longer needed, we delete, anonymize, or securely archive it.
12. Security Measures
Bewitt applies appropriate technical and organizational measures designed to protect personal data, including:
- encryption in transit;
- access controls;
- role-based permissions;
- authentication controls;
- logging and monitoring;
- security event review;
- backups;
- infrastructure security measures;
- least-privilege access practices; and
- operational procedures for incident response.
No online service can be guaranteed to be completely secure. Organizers are also responsible for managing their own users, permissions, exported files, devices, passwords, integrations, and event configurations securely.
13. Your GDPR Rights
Subject to applicable conditions and limitations, you may have the following rights:
- Access: request a copy of your personal data.
- Rectification: request correction of inaccurate or incomplete data.
- Erasure: request deletion of personal data.
- Restriction: request temporary restriction of processing.
- Portability: request transfer of data you provided in a structured, commonly used, machine-readable format.
- Objection: object to processing based on legitimate interests.
- Withdrawal of consent: withdraw consent where processing is based on consent.
- Complaint: lodge a complaint with a supervisory authority.
In the Netherlands, the supervisory authority is the Autoriteit Persoonsgegevens.
For event-specific data, participants should normally contact the relevant organizer first because the organizer is usually the controller. For platform-level requests, contact Bewitt at [email protected].
We may need to verify your identity before responding. Under GDPR rules, organizations generally respond within 1 month, with a possible extension of up to 2 additional months for complex or multiple requests.
14. Children's Privacy
Bewitt is not intended for use by children as independent account holders unless this is arranged by an organizer with an appropriate legal basis and safeguards.
Events may involve students, guests, or other younger participants. The organizer is responsible for ensuring that participation by minors complies with applicable law, including any required parental consent or authorization.
Where consent is relied upon for a child under 16 in the Netherlands, consent must be given or authorized by the holder of parental responsibility, unless another lawful basis applies.
15. Third-Party Services
The Service may connect to third-party services, including payment processors, cloud hosting providers, email providers, DNS providers, analytics services, customer support tools, and organizer-selected integrations.
Third-party services may process personal data under their own terms and privacy policies. Organizers are responsible for assessing and configuring third-party integrations they choose to use.
Bewitt is not responsible for the privacy practices of third-party websites, platforms, or services that are not controlled by Bewitt.
16. Cookies
Bewitt uses cookies and similar technologies for purposes such as authentication, security, preferences, analytics, and platform functionality.
A separate Cookie Policy is maintained and explains which cookies are used, why they are used, and how users can manage cookie preferences where applicable.
17. Changes to This Policy
Bewitt may update this Privacy Policy from time to time.
If we make material changes, we will provide reasonable notice, for example through the Service, by email, or by updating the date at the top of this Policy.
The updated Policy applies from the date stated in the updated version.
18. Contact Information
For platform-level privacy questions, requests, or complaints, contact:
BewittNetherlands
Email: [email protected]
For event-specific privacy questions, participants should contact the relevant event organizer. Bewitt may assist organizers with requests where Bewitt acts as processor.
A separate Data Processing Agreement is available for customers where Bewitt processes personal data on behalf of organizers.