Privacy Policy

Effective Date: 16 July 2025

1. Introduction

Brewing Minds (“Brewing Minds”, “we”, “us”, “our”) is a German-based organisation providing events and ticketing through the website https://brewing-minds.com/ (the “Site”) and our Eventbrite storefront (together, the “Services”). We respect your privacy and process personal data strictly in accordance with the General Data Protection Regulation (“GDPR”) and other applicable laws.

2. Data Controller Contact Details

  • Data Controller: Brewing Minds, Germany

  • Postal Address: Heinrich-Heine-Platz 12 C, 10179 Berlin

  • Email: team@brewing-minds.com

Our operations do not currently require a statutory Data Protection Officer (Art. 37 GDPR). Nevertheless, any privacy enquiry will be handled promptly via the contact details above.

3. Personal Data We Process

3.1 Data you provide voluntarily

  • Identification & contact details (name, email address, postal address, telephone number)

  • Transaction data (ticket orders, billing details, event preferences)

  • Communications (messages or feedback submitted via contact forms or email)

  • Marketing preferences (your explicit opt-in/opt-out choices)

3.2 Data collected automatically

  • Technical data (IP address, browser type and version, operating system, device identifiers)

  • Usage data (pages visited, date/time stamps, referring URLs, error logs)

These log files are required to operate and secure the Site.

3.3 Cookies & similar technologies

  • Essential cookies deployed by Squarespace to deliver the Site, remember session settings, and prevent fraud

  • Eventbrite checkout cookies required to process your ticket purchase

We do not set any analytics, advertising, or social-media cookies.

4. Purposes and Legal Bases for Processing

We process your personal data for the purposes listed below, relying on the corresponding legal bases under Art. 6 GDPR:

  • Execute and manage ticket purchases — Contractual necessity (Art. 6 (1)(b))

  • Respond to enquiries or support requests — Legitimate interests (Art. 6 (1)(f)) — efficient customer service

  • Send newsletters or marketing — Consent (Art. 6 (1)(a)); double opt-in employed

  • Maintain Site security and prevent fraud — Legitimate interests (Art. 6 (1)(f))

  • Comply with accounting and tax obligations — Legal obligation (Art. 6 (1)(c))

We do not carry out automated decision-making or profiling producing legal or similarly significant effects (Art. 22 GDPR).

5. Disclosure to Third Parties

We share personal data only with trusted processors acting on our documented instructions:

  • Eventbrite, Inc. (USA) — ticket sales & payment processing (protected by 2021 Standard Contractual Clauses)

  • Squarespace Ireland Ltd. (EU) — website hosting & form processing (data stored in EU/EEA)

We do not sell, rent, or otherwise disclose your personal information to unaffiliated third parties for their own marketing purposes.

6. International Transfers

Where data is transferred outside the European Economic Area (e.g., to Eventbrite’s US servers), it is protected by approved transfer mechanisms such as Standard Contractual Clauses combined with additional technical and organisational safeguards.

7. Data Retention

  • Ticketing & invoicing records — retained 10 years (German Commercial & Tax Codes)

  • Contact form correspondence — retained 2 years after last interaction

  • Marketing mailing list — retained until you unsubscribe or your address bounces

We delete or anonymise data once the applicable retention period expires.

8. Your Rights

You may exercise the following rights under the GDPR:

  • Access — obtain a copy of your personal data

  • Rectification — correct inaccurate or incomplete data

  • Erasure — request deletion where legally permissible

  • Restriction — limit processing in certain circumstances

  • Portability — receive data in a structured, machine-readable format

  • Objection — object to processing based on legitimate interests or direct marketing

  • Withdraw consent — at any time, without affecting prior processing

To exercise any of these rights, contact team@brewing-minds.com. You may also lodge a complaint with the German supervisory authority (BfDI — https://www.bfdi.bund.de/) or with your local EU regulator.

9. Security Measures

We implement industry-standard safeguards, including HTTPS/TLS encryption, firewalls, password-protected access controls, and regular software updates. Access to personal data is restricted to authorised personnel on a need-to-know basis.

10. Children

Our Services are not intended for children under 16. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us so we can delete it.

11. Changes to This Policy

We may modify this Privacy Policy from time to time. Material changes will be announced via a notice on the Site or by email. The “Effective Date” at the top indicates the latest revision.

12. Contact

For any questions about this Policy or our data practices, email team@brewing-minds.com