22 February 2026

1. Data Controller

The data controller for personal data collected on the Platform www.oniloo.com is:

ONILOO EVENT SOLUTIONS — Société par Actions Simplifiée (SAS) with share capital of €1,000, registered with the Évry Commercial Court (SIREN 979 048 964). Registered office: 10 Rue Ernest Luisetti, 91200 Athis-Mons, France. Contact: contact@oniloo.com.

2. Data We Collect

We collect only the data strictly necessary to provide our services, organised by category:

Account data

First name, last name, email address, password (hashed and salted).

Purpose: account creation and authentication.

Event data

Event names, dates, venues, programmes, budgets, tasks.

Purpose: delivery of the event management service.

Team data

Names, email addresses and roles of invited team members.

Purpose: collaboration features.

Financial data

Budget amounts, transaction details and categories.

Purpose: internal budget tracking. No payment card data is stored by ONILOO — such data is processed exclusively by Stripe.

Analytics data

IP address, browser type, pages visited, device information.

Purpose: site improvement and audience measurement via Google Analytics (subject to your consent).

Cookies

Session cookies and analytics cookies (Google Analytics).

Purpose: Platform operation and audience measurement.

3. Legal Basis for Processing

ONILOO's data processing activities are based on the following legal grounds:

4. Data Recipients

Your personal data may be shared with the following recipients:

Your personal data is never sold or transferred to third parties for commercial purposes.

5. International Transfers

Your data is primarily processed within the European Union.

Google LLC and Stripe Payments Europe, Ltd. operate under adequacy frameworks recognised by the European Commission and use Standard Contractual Clauses (SCCs) for any transfers outside the European Economic Area.

Any transfer of data to a third country is subject to appropriate safeguards in accordance with Articles 46 et seq. of the GDPR.

6. Retention Periods

Your data is retained for the following periods:

7. Your Rights

Under the GDPR, you have the following rights over your personal data:

Right of access: obtain a copy of the data we hold about you.
Right of rectification: correct inaccurate or incomplete data.
Right to erasure ("right to be forgotten"): request deletion of your data.
Right to restriction of processing: temporarily suspend a processing activity.
Right to data portability: receive your data in a machine-readable format.
Right to object: object to processing based on legitimate interests.
Right to withdraw consent: revoke your consent at any time.
Right to define post-mortem instructions regarding your data.

To exercise these rights, send your request by email to contact@oniloo.com. We will respond within one month, extendable by two months for complex requests.

You also have the right to lodge a complaint with the CNIL (French Data Protection Authority): 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07 — www.cnil.fr.

8. Cookies

The site uses three categories of cookies:

A consent banner is displayed on your first visit. Analytics cookies are only placed after your express agreement.

Analytics cookies are retained for a maximum of 13 months.

You can refuse or delete cookies at any time via your browser settings:

Refusing certain cookies may affect the proper functioning of some site features.

9. Data Security

ONILOO EVENT SOLUTIONS implements appropriate technical and organisational measures to protect your data against unauthorised access, loss, alteration or disclosure: HTTPS encryption, access controls, infrastructure monitoring on Google Cloud Platform.

Payment data is processed exclusively by Stripe Payments Europe, Ltd., certified at PCI-DSS level 1. ONILOO EVENT SOLUTIONS never stores payment card numbers.

In the event of a data breach likely to pose a risk to your rights and freedoms, ONILOO EVENT SOLUTIONS will notify the CNIL within 72 hours and inform you without undue delay if the risk is high.

10. Policy Updates

ONILOO EVENT SOLUTIONS reserves the right to update this Privacy Policy at any time to reflect legal, regulatory or technical changes.

In the event of a material change, users will be notified by email and/or via a visible notice on the Platform at least 15 days before the new version takes effect.

Continued use of the Platform after notification constitutes acceptance of the updated Privacy Policy.

11. Contact

For any questions about this Privacy Policy or to exercise your rights, contact us: