Privacy Policy

Summary

We, the Open Home Foundation, Grabenstrasse 25, 6340 Baar, Switzerland, are the operator of the ticket store at events.openhomefoundation.org and are responsible for the data processing described in this privacy policy, unless stated otherwise below. Privacy is one of the Open Home Foundation's three fundamental principles that are at the core of everything we do – including this ticket store.

To fulfill ticket store orders we do need to collect some personal data from you, such as your name (for identification) and email (for delivery).

However, the Open Home Foundation will never use this data for anything else than order fulfillment and accounting purposes.

As we operate from Switzerland, we comply with the Swiss Federal Act on Data Protection (FADP) as well as the EU General Data Protection Regulation (GDPR) for our website visitors and customers in the European Economic Area.

This ticket shop is operated on the platform of pretix GmbH, Berthold-Mogel-Strasse 1, 69126 Heidelberg, Germany. They set cookies for platform functionality. While the Open Home Foundation minimizes data collection where possible, these cookies are inherent to the platform.

Data Processing Activities

Contacting us

If you contact us through our contact addresses and channels (e.g., by email, phone, or contact form on our website), your personal data will be processed. We process the data you provide us with, such as your name, email address, order number and your request. Additionally, the time of receipt of the request will be documented. Mandatory fields are marked in contact forms as "(required)". We process this data to address your request (e.g., providing information about our products and services, assisting with contract processing, incorporating your feedback into the improvement of our products and services, etc.).

For handling contact requests through the website contact form, we use a software application provided by pretix. Therefore, your data may be stored in a database of pretix, which may allow pretix to access your data if this is necessary for providing the software and supporting its use.

Ordering on our website

When you order something on this website, we collect personal information from you to enter into a contract and to fulfill your order. We may collect information like:

Details relating to your order (for example, the title and date of the event you participate in)
Email address
Name

We store this information together with the relevant order details (time, order number) and information regarding the fulfilment of the contract (delivery mails, request for withdrawal) in the database provided by pretix so that we can ensure correct order processing and fulfilment. This information is also shared with pretix, our online ticket store hosting provider, so that they can provide platform services to us.

For website users in the EEA, the legal basis for this data processing is the performance of a contract with you within the meaning of Article 6(1)(b) of the GDPR.

Payments

When you pay for an event via this website, we use the payment solution provided by Stripe. This is a fully integrated, native payment solution integrated into our ticket shop through our platform provider pretix.

For website users in the EEA, the legal basis for this data processing is the performance of a contract with you within the meaning of Article 6(1)(b) of the GDPR.

The following third party payment providers will receive your personal information and process it in accordance with their privacy policies:

Stripe - payment processing services. You can read Stripe's privacy policy at https://stripe.com/privacy.
Sift - fraud monitoring and detection services. You can read Sift's privacy policy at https://sift.com/service-privacy.

Order emails

We may email you with messages about your order. For example, we may email you to:

confirm that you have placed an order
send you the ticket you ordered.

It's not possible to unsubscribe from these messages. We share your contact information with pretix, our platform provider, so they can send these emails to you on our behalf.

For website users in the EEA, the legal basis for this data processing is the performance of a contract with you within the meaning of Article 6(1)(b) of the GDPR.

Event participation

When you participate in an event (online or onsite), we process personal data in order to enable your participation in the event, to ensure its proper technical delivery. For events offering online participation, this may include transmitting a live video stream over the internet, making the event accessible to participants worldwide. Please also refer to the following section regarding the processing of photo and video materials for other purposes.

In this context, we may process in particular the following categories of personal data:

Information required to access and participate in the event (e.g. name, email address, access credentials or identifiers)
Technical data generated in the course of online participation (e.g. IP address, device and connection data, log data)
Content and information voluntarily submitted by you when actively participating in the event, for example when asking questions, posting comments, participating in polls or using chat or interaction functions
Audio, video and image data, where you enable your camera or microphone or otherwise actively contribute to an event offering online participation.

The events are conducted using software and platforms provided by third-party service providers. For this purpose, the above-mentioned data may be transferred to and processed by the respective providers of the software used to conduct the online event, acting as processors on our behalf, in order to make the event technically available and to ensure its functionality.

The legal basis for the processing of personal data in connection with participation in events is the performance of the contract with you pursuant to Article 6(1)(b) GDPR.

Event photos and videos

We process photos and videos in order to document and market our events. When you participate in an event (online or on site), you might be recognizable in the photos and videos of the event.

This includes in particular:

the recording of main stage presentations (e.g. talks, panels, demos),
wide crowd shots in the auditorium,
impressions from networking moments (e.g. reception),
interviews.

These materials may be used, in whole or in part, for the global livestream of the event, for the promotion on social media and on our websites (including the Open Home Foundation website and the State of the Open Home website).

The legal basis for this processing of personal data is our legitimate interest in documenting and disseminating the event pursuant to Article 6(1)(f) GDPR. In case of interviews, the legal basis is your consent pursuant to Article 6(1)(a) GDPR. You may withdraw your consent at any time.

Analytics

This website is hosted by Pretix. Pretix collects personal data when you visit this website, including:

Information about your browser, network and device
Web pages you visited prior to coming to this website
Web pages you view while on this website
Your IP address

This information may also include details about your use of this website, including:

Clicks
Internal links
Scrolling
Searches
Timestamps

This data enables you to use our website (establishing a connection) and allows us to ensure the long-term security and stability of the system and carry out error and performance analysis and optimisation of the website. For more information, see the Pretix privacy statement here: https://pretix.eu/about/en/privacy

For website visitors from the EEA, the legal basis for this data processing is our legitimate interest within the meaning of Article 6(1)(f) of the GDPR in the purposes described above.

Cookies

This website uses cookies, which are small files or pieces of text that download to a device when a visitor accesses a website or app, and similar technologies. For information about viewing the cookies dropped on your device, visit https://pretix.eu/about/en/privacy and https://stripe.com/gb/legal/cookies-policy.

We use cookies for various purposes that are technically necessary for the use of the website. For example, the provision of ordering functions relies on the use of cookies. These necessary and required cookies are always used: https://docs.pretix.eu/trust/privacy/cookies/.

For a full breakdown of cookie usage, please visit https://docs.pretix.eu/trust/privacy/cookies/.

For website users in the EEA, the legal basis for this data processing is our legitimate interest within the meaning of Article 6(1)(f) of the GDPR in providing a user-friendly and up-to-date website.

You may also be able to configure your browser to prevent cookies from being stored on your computer or receive a notification whenever a new cookie is being sent. Via the following links, you will find instructions on how to configure cookie settings for selected browsers.

Disabling cookies may prevent you from using all the features of our website.

Social Media

Our website contains links to our profiles on the social networks of the following providers:

Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, Privacy Policy;
X Internet Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland, X Privacy Policy;

If you click on the icons of the social networks, you will be automatically redirected to our profile on the respective network. This establishes a direct connection between your browser and the server of the respective social network. As a result, the social network receives information that you have visited our website with your IP address and clicked on the link. This may also involve the transfer of data to servers abroad, e.g., in the USA (for information on the absence of an adequate level of data protection and the proposed safeguards, see the Section below on International Data Transfers).

If you click on a link to a social network while you are logged into your user account on that social network, the content of our website can be associated with your profile, allowing the social network to directly link your visit to our website to your account. If you want to prevent this, please log out of your account before clicking on the respective links. A connection between your access to our website and your user account will always be established if you log in to the respective social network after clicking on the link. The data processing associated with this is the responsibility of the respective provider in terms of data protection. Therefore, please refer to the privacy notices on the social network's website.

Use of Service Providers

To operate and manage our infrastructure and to carry out internal administrative tasks, we rely on external service providers. As a result, additional third parties may gain access to your personal data to the extent necessary for the provision of their services. These may include, for example:

providers of software solutions (e.g., for text processing or email delivery),
IT service providers (e.g., hosting providers, telecommunications providers such as internet access services),
agencies (e.g., in the area of marketing),
security service providers.

These data processing activities are based on our legitimate interest within the meaning of Article 6(1)(f) GDPR in relying on third-party services to operate our business efficiently and securely.

International Data Transfers

We operate from Switzerland. Our store uses service providers (like Google and Stripe) located in the United States. Consequently, your personal data may be transferred to and processed in countries outside of Switzerland and the European Economic Area (EEA) that do not provide an adequate level of data protection from a Swiss or EU perspective.

We ensure the transfers of data to the United States rely on legal frameworks recognized by the Swiss Federal Data Protection and Information Commissioner (FDPIC) and the European Commission, such as the Data Privacy Framework (DPF) or Standard Contractual Clauses (SCCs) and will, if necessary, ensure additional appropriate safeguards are in place so that your data is adequately protected at our third-party service providers.

Retention Periods

We only store personal data for as long as it is necessary to carry out the processing described in this privacy policy within the scope of our legitimate interests.

For contractual data, we are required by law to retain business communication, concluded contracts, and accounting documents. According to these regulations, records must be retained for up to 10 years. If we no longer need this data to provide services for you, the data will be blocked. This means that the data may then only be used if this is necessary to fulfil the retention obligations or to defend and enforce our legal interests. The data will be deleted as soon as there is no longer any legal obligation to retain it and no legitimate interest in its retention exists.

Your Rights

Under the GDPR and FADP, you have the right to:

Access: Ask for information at any time and free of charge about your personal data stored by us.
Correction: Ask us to fix incorrect data.
Deletion: Ask us to delete your data. Under certain circumstances this right may not be available, for example where we are legally required to keep data records.
Restriction: Ask us to limit how we use your data.
Portability: Receive your data in a structured, commonly used format.
Withdraw consent: Where the legal basis for processing your data is your consent, you have the right to withdraw that consent at any time. However, processing activities based on your consent in the past will not become unlawful due to your withdrawal.

To exercise any of these rights, please contact us at hello@openhomefoundation.org.

Effective Date

This privacy policy was last updated on 2026-01-22.