ENTRROPromoter
How it worksEarningsFeaturesPricingFAQ
PromoterBusiness
Join waitlist
Business · Legal

Data Processing Addendum

GDPR / UK GDPR processor terms for ENTRRO customers.

All documents
Core
Terms of ServicePrivacy PolicyCookie PolicyAcceptable Use PolicyCode of ConductAccount Deletion
For promoters
Promoter Agreement
For businesses
Business TermsMerchant Services AgreementData Processing AddendumSubprocessorsRefund & Billing Policy
Trust, safety & IP
Trust & SafetyDMCA & IP Policy
Transparency
Imprint / Legal NoticeAccessibility Statement

Effective: June 16, 2026 · Version 2.0

This Addendum applies where ENTRRO processes personal data on behalf of a business Customer (a venue) in connection with the Services and EU/UK data protection law (GDPR and UK GDPR apply). It forms part of the Merchant Agreement / Business Terms.

1. Roles

  • For guest data a venue obtains through the Services, the Customer is the controller and ENTRRO is the processor.
  • For promoters' own account data and platform operation, ENTRRO is the controller under its Privacy Policy.

2. Subject matter, duration, nature and purpose

ENTRRO processes personal data to provide the customer-acquisition marketplace: issuing and validating guest passes, attribution, billing, and support. Processing lasts for the term of the agreement plus any legally required retention.

Categories of data subjects: venue guests, venue staff/managers, and (where relevant) promoters. Categories of personal data: identifiers and contact details, pass/redemption records, validation events, and transaction metadata. ENTRRO does not receive or store raw card or bank numbers.

3. Processor obligations

ENTRRO will:

  • Process personal data only on the Customer's documented instructions (this Addendum and the Services being one such instruction).
  • Ensure personnel are bound by confidentiality.
  • Implement appropriate technical and organizational security measures (Art. 32).
  • Assist the Customer with data subject requests (DSARs) and with breach notification and DPIAs, taking into account the nature of processing.
  • Notify the Customer without undue delay after becoming aware of a personal data breach.
  • On termination, delete or return personal data at the Customer's choice, subject to legally required retention.
  • Make available information needed to demonstrate compliance and allow audits on reasonable notice.

4. Sub-processors

The Customer authorizes ENTRRO to engage the sub-processors listed on the Subprocessors page (currently Stripe, AWS, Twilio, Apple APNs, Google FCM). ENTRRO gives 30 days' notice before adding a sub-processor; the Customer may object on reasonable grounds within that window. ENTRRO imposes equivalent data protection obligations on each sub-processor and remains responsible for their performance.

5. International transfers

Where personal data is transferred out of the EEA or UK, the parties rely on the EU Standard Contractual Clauses (2021/914) and, for UK transfers, the UK International Data Transfer Addendum / IDTA, together with any required supplementary measures.

6. Order of precedence

If this Addendum conflicts with the agreement on data protection matters, this Addendum controls.

Contact

dpo@entrro.com / privacy@entrro.com

Join the waitlist.

Tell us where you're based and what you do. We'll let you in as your city opens.

You're in.

We'll be in touch when your city opens. Keep an eye on your inbox.

ENTRRO

The customer acquisition layer for entertainment, hospitality, and service. Pay people, not platforms.

Apps launching soon
Download on the App Store GET IT ON Google Play

For promoters

How it worksEarningsFAQJoin waitlist

For business

OverviewPricingBook a call

Company & legal

AboutSupportAll legal documents PrivacyTermsAccount deletion
© 2026 ENTRRO · Wyola LLC d/b/a ENTRRO. All rights reserved. Made for the people who fill the room. · Payments by Stripe