Data Processing Agreement

Effective: March 2026

This Data Processing Agreement ("DPA") forms part of the Event Promoter Agreement between: E Labs Ventures Ltd (company number 17050248), trading as "Hypecircle" ("we", "us", the "Platform Provider"); and the Event Promoter ("you", the "Promoter").

By completing the Hypecircle Promoter onboarding process, you confirm that you have read, understood and agree to be bound by this DPA.

1. Definitions

Terms defined in UK GDPR have the same meaning in this DPA.

In this DPA:

  • "Buyer Data" means personal data relating to Buyers collected via the Platform;
  • "Data Protection Laws" means UK GDPR, the Data Protection Act 2018 and PECR;
  • "Personal Data Breach" has the meaning given in UK GDPR;
  • "Sub-Processor" means any third party processing personal data on behalf of a party.

2. Roles of the Parties

2.1 Independent Controllers

The parties acknowledge that, for the majority of processing activities, each acts as an independent data controller.

2.2 Platform Provider Role

We act as controller for:

  • Platform operation;
  • user accounts;
  • analytics and security processing.

2.3 Promoter Role

You act as controller for:

  • Event administration;
  • attendee management; and
  • any direct marketing (where lawful).

2.4 Data Sharing

Buyer Data is shared on a controller-to-controller basis solely for the purpose of enabling Event administration.

3. Categories of Data

We may share the following categories of Buyer Data:

  • identity data (name, date of birth);
  • contact data (email address, phone number);
  • transaction data (order details, ticket type);
  • ambassador-related data (where applicable).

4. Promoter Obligations

You shall:

  • process Buyer Data only for Event administration unless valid consent is obtained for additional uses;
  • not sell, rent or commercially exploit Buyer Data;
  • implement appropriate technical and organisational measures in accordance with Article 32 UK GDPR;
  • ensure staff handling data are subject to confidentiality obligations;
  • maintain records of processing activities where required;
  • not transfer data outside the UK without appropriate safeguards; and
  • delete or anonymise Buyer Data within 30 days after the Event unless legally required to retain it.

5. Data Subject Rights

5.1 Each party is responsible for responding to data subject requests relating to data it controls.

5.2 Where a request affects both parties, the parties shall cooperate in good faith.

6. Personal Data Breaches

6.1 Each party shall notify the other without undue delay (and in any event within 72 hours) upon becoming aware of a Personal Data Breach affecting shared data.

6.2 The notifying party shall provide sufficient information to allow the other party to comply with its legal obligations.

7. Sub-Processors

7.1 Each party may appoint Sub-Processors, provided that:

  • a written agreement is in place;
  • appropriate safeguards are applied; and
  • the appointing party remains liable.

7.2 The Platform Provider's Sub-Processors include Stripe, Supabase and Resend.

8. International Transfers

Neither party shall transfer personal data outside the UK or EEA without appropriate safeguards, including:

  • adequacy decisions;
  • UK IDTA; or
  • Standard Contractual Clauses with UK Addendum.

9. Security

Both parties shall implement appropriate technical and organisational measures, including:

  • encryption in transit and at rest;
  • access controls;
  • regular testing of systems; and
  • incident response procedures.

10. Audit

Each party may request reasonable information to demonstrate compliance, no more than once per year, without causing disruption.

11. Term and Termination

This DPA remains in force for the duration of the Event Promoter Agreement.

Upon termination, each party shall delete or return personal data unless required by law to retain it.

12. Liability

12.1 Each party is responsible for its own compliance with Data Protection Laws.

12.2 Nothing in this DPA limits liability for breaches of Data Protection Laws where such limitation would be unlawful.

12.3 The liability provisions in the Event Promoter Agreement apply to this DPA.

13. Governing Law

This DPA is governed by the laws of England and Wales.

The Information Commissioner's Office (ICO) is the supervisory authority.

14. Contact

E Labs Ventures Ltd (trading as Hypecircle)
Email: hello@hypecircle.vip

© 2026 E Labs Ventures Ltd. All rights reserved. hypecircle is a trading name of E Labs Ventures Ltd.