Privacy policy.

Last updated: 12/08/2025

1) Controller

MQ FESTIVAL, S.L.

Registered address: Urbanización Zahara de Istan, Casa 25, 29611, Istan, Málaga

Email: team@mqtribe.com

Website: www.mqtribe.com

If you act as a joint controller with an event ticketing platform (e.g., Eventbrite) for specific processing activities, we explain this below.

2) What data we collect

We collect the following categories of personal data:

  • Identification & contact data: name, email address, phone number.

  • Order & ticket data: event, ticket type, quantity, order ID, billing details, country.

  • Payment data: last four digits, payment status, payment method (processed securely by our providers; we do not store full card numbers).

  • Marketing preferences: newsletter opt‑in, topics of interest, consent records.

  • Technical data & cookies: IP address, device/browser information, referral URLs, pages viewed, session data, cookies and similar technologies.

  • User‑generated content / messages: inquiries sent via forms, comments, survey responses.

We do not intentionally collect special categories of data unless you voluntarily provide them (e.g., accessibility or dietary requirements for events). Please avoid sharing sensitive information in free‑text fields.

3) How we collect your data

  • Directly from you when you purchase a ticket, complete a form, subscribe to our newsletter, contact us, or participate in our events.

  • Automatically via cookies and similar technologies when you browse our website.

  • From third parties (e.g., when you buy a ticket via Eventbrite, your attendee details are shared with us; or when you pay via Stripe, payment confirmations are shared with us).

4) Why we process your data (Purposes) and legal bases

We use your data for the following purposes and legal bases under the GDPR:

  • To sell and deliver tickets and services (contract performance, Art. 6(1)(b)).

  • To operate our website, ensure security, and prevent fraud (legitimate interests, Art. 6(1)(f)).

  • To send transactional messages (order confirmations, event updates) (contract performance/legitimate interests).

  • To provide customer support (contract performance/legitimate interests).

  • To send marketing communications where you consented (consent, Art. 6(1)(a)); or where permitted by law to existing customers (legitimate interests, with opt‑out).

  • To comply with legal obligations (tax, accounting, consumer protection) (legal obligation, Art. 6(1)(c)).

You can withdraw consent at any time (see Section 10).

5) Cookies and tracking technologies

We use cookies and similar technologies to run the site, remember preferences, measure performance, and (if enabled) for marketing/analytics such as Meta Pixel or Google Analytics.

Where EU/EEA law applies, we request consent before setting non‑essential cookies and provide controls to manage your choices. See our Cookie Policy for full details of each cookie.

6) Our service providers (Processors) & independent controllers

We use trusted providers to run our site and services. These providers process personal data on our behalf (processors) or act as independent controllers for their own purposes. Key providers include:

  • Squarespace (hosting & forms): We host our website on Squarespace. Squarespace processes End‑User data to provide and secure its services under its Privacy Policy and Data Processing Addendum.

  • Eventbrite (ticketing & checkout if embedded or linked): When you complete an order via Eventbrite, Eventbrite acts as an independent controller for the checkout and attendee management and shares relevant attendee/order details with us.

  • Mailchimp (email marketing): We use Mailchimp to collect newsletter signups and send campaigns. Mailchimp processes subscriber data under its Data Processing Addendum and international transfer safeguards.

  • Payment processors: Depending on the flow, payments are processed by Stripe (and/or by Eventbrite as merchant of record). We do not store card details.

  • Email & productivity: Google Workspace for business email and documents.

  • Security/anti‑spam: Google reCAPTCHA may be used on forms to prevent abuse.

  • Analytics/ads (if used): Google Analytics, Meta Pixel, and similar tools.

Links to each provider’s privacy or processing terms are listed in Section 16.

7) International data transfers

Some providers are based outside the EEA/UK or store data internationally. When transfers occur, we rely on appropriate safeguards such as Standard Contractual Clauses and, where applicable, frameworks like the EU–US Data Privacy Framework (for certified participants). See provider links in Section 16 for details of their transfer mechanisms.

8) How long we keep your data (Retention)

We keep personal data only as long as necessary for the purposes described above:

  • Orders/tickets & invoicing: up to 10 years to meet tax/accounting obligations (jurisdiction‑dependent).

  • Customer support messages: up to 3 years after last interaction.

  • Marketing subscribers: until you unsubscribe or after 24 months of inactivity, whichever comes first.

  • Cookie identifiers/analytics: per our Cookie Policy (varies by tool). We may retain limited data to establish, exercise, or defend legal claims.

9) Who we share data with

We share data with:

  • Our processors listed above, bound by contracts to protect your data.

  • Event partners or venue operators where necessary to run an event (e.g., attendee lists for check‑in and safety).

  • Authorities where required by law or to protect rights and safety.

  • Professional advisors (legal, accounting) under confidentiality. We do not sell your personal data.

10) Your rights under the GDPR (EU/EEA/UK)

Subject to legal limits, you have the right to:

  • Access your data and obtain a copy.

  • Rectify inaccurate or incomplete data.

  • Erase your data (right to be forgotten).

  • Restrict processing in certain cases.

  • Object to processing based on legitimate interests or to direct marketing.

  • Data portability of data you provided to us.

  • Withdraw consent at any time (without affecting prior processing).

  • Lodge a complaint with your local supervisory authority.

To exercise rights, contact us at {{privacy@yourdomain.com}}. For Eventbrite orders, you may also contact Eventbrite directly for rights affecting data they control.

11) Children

Our services are not directed to children under 16, and we do not knowingly collect data from them. If you believe a child provided personal data, contact us to delete it.

12) Security

We implement appropriate technical and organizational measures to protect personal data, including HTTPS encryption, access controls, and staff training. However, no system can be 100% secure.

13) Links to third‑party sites

Our website may link to third‑party sites. Their privacy practices are governed by their own policies.

14) Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify you by posting the new version on this page and updating the date at the top.

15) Contact

For any privacy questions or requests:

Email: team@mqtribe.com

16) Key third‑party privacy/processing terms

  • Squarespace Privacy Policy & DPA: https://www.squarespace.com/privacy — https://www.squarespace.com/dpa

  • Eventbrite Privacy & Data Transfers: https://www.eventbrite.com/help/en-us/articles/460838/eventbrite-privacy-policy/ — https://www.eventbrite.com/help/en-us/articles/415689/data-privacy-framework/

  • Mailchimp GDPR & DPA: https://mailchimp.com/gdpr/ — https://mailchimp.com/legal/data-processing-addendum/ — https://mailchimp.com/help/mailchimp-european-data-transfers/

  • Stripe Privacy & DPA: https://stripe.com/privacy — https://stripe.com/legal/dpa

  • Google Workspace DPA: https://workspace.google.com/terms/09242021/dpa_terms/

  • Google Cloud/Workspace DPA (general): https://cloud.google.com/terms/data-processing-addendum

  • Meta Pixel terms & privacy (if used): https://developers.facebook.com/docs/meta-pixel/guides/terms-and-policies/ — https://www.facebook.com/privacy/policy/

  • GDPR rights overview (reference): https://gdpr-info.eu/chapter-3/

17) Cookie Policy (summary)

For details on cookie categories, purposes, storage durations, and third‑party providers (e.g., Squarespace, Google Analytics, Meta, Eventbrite cookies on embedded widgets), see our separate Cookie Policy. Where required, we request your consent before setting non‑essential cookies and provide a way to withdraw consent at any time.