Data Deletion

1. Your right to deletion

Under Article 17 of the EU General Data Protection Regulation (GDPR) — the "right to be forgotten" — you have the right to request the deletion of all personal data we hold about you, subject to the limited exceptions described in section 5.

2. How to request deletion

To request the deletion of your data, send an email to:

contact@galaseating.com

with the subject line "Data deletion request". Please include in your email:

• The email address associated with your Account
• The name of your Venue or Event (if applicable)
• Explicit confirmation that you wish to permanently delete all your data

We may contact you to verify your identity before acting on the request, to ensure that we do not delete another person's data by mistake.

3. What gets deleted

On processing your request, we delete:

• Your Account and all profile data
• All Events you own and their associated data (guest lists, seating arrangements, decorative elements, programmes, menu configurations)
• All files you have uploaded (background images for floor plans, PDF templates)
• All analytics data associated with your Account
• Your email address in our transactional email provider (Brevo)
• Any support correspondence we are not required to retain

Where the Platform has processed Guest personal data under your instructions (as controller), the corresponding records are deleted along with the Event.

4. Process and timing

• We will acknowledge receipt of your request within 5 business days.
• Full deletion will be carried out within 30 calendar days of receipt, in accordance with Art. 12(3) GDPR. Where a request is particularly complex or where we are required by law to verify your identity further, we may extend this period by up to two additional months and will inform you of the extension and the reasons for it.
• You will receive an email confirmation once the deletion has been completed.
• Deletion is carried out both in our primary database and, where technically possible, in our short-term backup snapshots within the following 30 days.

5. Legal retention exceptions

In limited circumstances, we may be legally required to retain certain data even after you request deletion. These exceptions are foreseen by Art. 17(3) GDPR and include:

• Accounting and fiscal records: Spanish Commercial Code (Código de Comercio, Art. 30) requires merchants to retain books, correspondence, and supporting documents for at least 6 years. Tax law may extend this period to the statutory limitation period (currently 4 years from the end of the fiscal year, potentially extended by enquiry).
• Legal claims: where we are defending, establishing, or exercising legal claims, we may retain the minimum data required for that purpose for the duration of the applicable limitation periods.
• Compliance with legal obligations: where a specific law requires us to retain data (for example, in response to a valid court order).
• Security and fraud prevention: we may retain minimal data necessary to prevent fraud or abuse of the Platform, including where you have been banned for breaching our Terms.

Where we retain data under one of these exceptions, we will inform you at the time we respond to your request, explaining which data is retained and for how long. Retained data is stored with restricted access and is used solely for the exempt purpose.

Where possible, we will anonymise data instead of retaining it in identifiable form.

6. Important notes

7. Contact

For any question about the deletion process:

• Email: contact@galaseating.com
• Phone: +40 740 819 034