Data Protection Impact Assessment

Data Protection Impact Assessment (DPIA) under Article 35 GDPR.

Version 1.0 — 3 July 2026. This document is reviewed periodically and whenever the processing activities change materially.

1. Introduction and rationale

This Data Protection Impact Assessment (DPIA) describes the processing of personal data within the MijnEvent platform, assesses the risks to the rights and freedoms of data subjects, and sets out the measures that mitigate those risks. It has been prepared in accordance with Article 35 of the General Data Protection Regulation (GDPR). Because MijnEvent processes personal data at scale in a ticketing environment involving payments, resale and access control, a DPIA is appropriate and also supports organisers in meeting their own accountability obligations.

2. Responsibilities and roles

Depending on the processing activity, MijnEvent acts in two roles:

  • For visitors' personal data (ticket purchase, payment, resale, check-in), the organiser is the controller and MijnEvent acts as processor, in line with the data processing agreement (Article 28 GDPR).
  • For the platform's own processing — organiser accounts, authentication and security, billing and platform-wide statistics — MijnEvent is itself the controller.
  • This DPIA covers both roles at platform level and enables organisers to meet their own DPIA obligations.

3. Systematic description of the processing

The register below describes, for each processing activity, the purpose, the legal basis, the data subjects, the categories of personal data and the retention period.

Processing Purpose Legal basis (Art. 6 GDPR) Data subjects Personal data Retention
Ticket sales and orders Processing ticket purchases and delivering tickets. Performance of the contract (Art. 6.1.b). Visitors/buyers. Name, email address, city of residence, order and ticket data. Duration of the event; financial data falls under the organiser's statutory retention obligation.
Payment processing (Mollie Connect) Settling payments and the platform fee. Performance of the contract (Art. 6.1.b); legal obligation (Art. 6.1.c). Visitors/buyers. Payment status and transaction references. Card and bank details are processed solely by Mollie and never reach MijnEvent's servers. In line with Mollie and the statutory retention obligation.
Organiser accounts and Mollie connection Managing the organisation, billing/acceptance and connecting the organiser's own Mollie account. Performance of the contract (Art. 6.1.b); legal obligation (Art. 6.1.c); legitimate interest (Art. 6.1.f). Organisers and team members. Name, business email address, company details (Chamber of Commerce, VAT) entered by the organiser in MijnEvent, and encrypted Mollie OAuth tokens. Duration of the account, plus statutory retention periods.
Authentication and email masking Secure, passwordless access and masking of visitor email addresses in management environments. Legitimate interest: security (Art. 6.1.f). Organisers, team members and visitors. Email address, hashed magic-link and OTP tokens, device tokens, and an audit log when a masked address is revealed. Tokens are short-lived (minutes to days); audit logs are retained longer for accountability.
Resale Peer-to-peer resale of tickets between visitors. Performance of the contract (Art. 6.1.b). Buyers and sellers. Ticket ownership, asking price and the old and new ticket tokens. Duration of the event.
Check-in via QR codes Access control at the event. Performance of the contract (Art. 6.1.b); legitimate interest of the organiser (Art. 6.1.f). Visitors and inspectors. Unique ticket token, check-in timestamp, inspector identification and optionally the scan location. Duration of the event with a short follow-up period.
Multi-tenancy (subdomain per organiser) Logical and, where applicable, physical separation of each organiser's data. Organisational and technical measure supporting the other processing activities (no separate legal basis). Not applicable (isolation measure). Not applicable. Not applicable.
Statistics per organiser Providing insight into sales and attendance figures. Legitimate interest of the organiser (Art. 6.1.f). Visitors (aggregated only). Cookieless, aggregated visit statistics and sales figures; no individual visitor profiles. As long as the statistics remain relevant to the organiser.
Privacy requests (access/erasure) Facilitating data subject rights (access, portability, erasure). Legal obligation (Art. 6.1.c; Art. 15–17 GDPR). Visitors and organisers. Identification and request data needed to handle the request. As long as needed to handle the request and to evidence correct execution.

Note: creating and verifying (KYC) the Mollie account takes place directly between the organiser and Mollie, outside MijnEvent. Mollie acts as an independent controller in that respect; MijnEvent only receives the OAuth tokens (encrypted) to initiate payments on the organiser's behalf, and does not process any identity or KYC documents itself.

An up-to-date overview of all engaged sub-processors (including Mollie, Amazon Web Services, Cloudflare and the email and statistics services), with their purpose and location, is available on our security page. View the current sub-processor overview

4. Necessity and proportionality

The processing activities are necessary to sell tickets, settle payments and control access. MijnEvent applies the following principles:

  • Data minimisation: only name, email address and city of residence are requested from visitors; no special categories of personal data are processed.
  • Purpose limitation: data is used only for the ticketing service and never for MijnEvent's own advertising or sale to third parties.
  • Storage limitation: data is not kept longer than necessary, with self-service erasure and arrangements for return or destruction afterwards.
  • Privacy by design and by default: passwordless authentication, email masking, cookieless statistics and encryption are built in by default.

5. Risk assessment and residual risks

For each identified risk to the rights and freedoms of data subjects, the mitigating measures and the remaining (residual) risk have been assessed.

Risk Mitigating measures Residual risk
Unauthorised access to visitor data.
  • Passwordless magic-link login with unknown-device verification (OTP) and optional two-factor authentication.
  • Role-based access within the organiser team.
  • Masking of visitor email addresses in management, with an auditable log when revealed.
  • Encrypted connections (HTTPS) and encryption of sensitive data.
Low
Compromise of payment data.
  • Payment data is processed solely by Mollie (PCI-DSS certified) and never reaches MijnEvent's servers.
  • Mollie OAuth tokens are stored encrypted and refreshed automatically.
Low
Data leak between organisers (cross-tenant).
  • Separation of data per organiser through the multi-tenancy architecture.
  • Subdomain-based identification and per-organiser session scoping.
Low
Misuse or duplication of tickets via QR codes or resale.
  • Unique, unguessable ticket tokens (ULID/UUID) and a validity check at every check-in.
  • A unique check-in record per ticket, preventing a ticket from being used twice.
  • On resale, the original ticket is invalidated and a new token is issued to the buyer.
Low to medium
Undesired profiling through statistics.
  • Cookieless, privacy-friendly and aggregated-only statistics.
  • No individual visitor profiles and no tracking cookies.
Low
Excessive or overly long retention of data.
  • Data minimisation and purpose limitation.
  • Self-service erasure and processor arrangements for return or destruction after the event.
Medium
Data subjects unable to exercise their rights.
  • Self-service access, download (portability) and erasure in the account environment.
  • Handling of privacy requests and assistance to the organiser under the data processing agreement.
Low
Transfer of data outside the EEA.
  • Hosting within the European Union.
  • Sub-processors within the EU or with appropriate safeguards; an up-to-date sub-processor overview is available.
Low
Unauthorised or untraceable administrative actions.
  • An append-only, hash-chained audit log for sensitive administrative actions.
  • Mandatory two-factor authentication for the super-admin.
Low
Unwanted linking of identities during resale.
  • Minimal data exchange between buyer and seller.
  • The new ticket is issued in the buyer's name; the refund is made to the seller's original payment method.
Low

6. Conclusion and control

After implementing the described measures, a low residual risk remains for the majority of the processing activities. For retention periods and ticket integrity, a low-to-medium residual risk applies, controlled through data minimisation, storage limitation and unique, auditable ticket tokens. The processing is therefore assessed as proportionate and manageable.

  • The processing is necessary, proportionate and surrounded by appropriate safeguards.
  • No special categories of personal data are processed and no automated decision-making with legal effect takes place.
  • This DPIA is reviewed on new processing activities, new sub-processors or changed risks.

7. Review and updates

This DPIA is reassessed at least annually and whenever the processing changes materially. Where a high residual risk cannot be reduced by reasonable measures, the Dutch Data Protection Authority is consulted prior to processing (Article 36 GDPR).

Questions about this DPIA?

For questions about this impact assessment or about data protection at MijnEvent, please contact us.

privacy@mijnevent.nl