Legal
PRIVACY POLICY
1. Who We Are
REE (operated by NeonHeads Portugal, Unipessoal LDA, rebranding to REE Sales Platform LDA) is an online marketplace platform for booking event entertainment and services, including performers, shows, workshops, costumes, and props.
Data Controller: NeonHeads Portugal, Unipessoal LDA Rua Alcolena 43, 1400-004, Lisbon, Portugal Tax ID: PT515114618
Contact for data protection matters: Email: alex@ree.global, Address: Belem Gardens Condominium, Calcada da Ajuda 33, 1300-322, unit B1B, Lisbon, Portugal
2. What This Policy Covers
This Privacy Policy explains how we collect, use, share, and protect your personal data when you:
Visit our website at ree.global
Create an account on our platform
Browse, search for, or book event entertainment services
Subscribe to our newsletter
Contact our support team
This Privacy Policy is separate from our Terms and Conditions. It applies to all users of our platform, including event organisers (customers) and visitors.
3. What Personal Data We Collect and Why
3.1 Account Registration
Detail
Description
Data collected
Name, email address, phone number; company details if invoicing to a business
Purpose
To create and manage your account, enable you to use our platform
Legal basis
Performance of a contract (Art. 6(1)(b) GDPR)
Retention
For the duration of your account plus: 3 years after account deletion (to cover the statute of limitations for contractual claims under Portuguese law)
3.2 Orders and Payments
Detail
Description
Data collected
Order details (selected services, dates, location, artists, packages, add-ons); billing details (if invoicing to a business); payment confirmation
Purpose
To process your booking, deliver the service, issue invoices, and handle payment
Legal basis
Performance of a contract (Art. 6(1)(b) GDPR); legal obligation for invoicing and tax records (Art. 6(1)(c) GDPR)
Retention
Order and invoice records: 10 years (required under Portuguese tax law - Codigo do IRC, Art. 123)
Note on payment data: We do not store your credit card details. Payments are processed securely by Stripe. If you choose to pay by bank transfer, your banking details are processed by Revolut. We only receive payment confirmation, not your full payment credentials.
3.3 Event Configuration
Detail
Description
Data collected
Event city and country (before purchase); full venue address (after purchase, collected during a REE manager call)
Purpose
To match you with available entertainment in your area and deliver the booked service
Legal basis
Performance of a contract (Art. 6(1)(b) GDPR)
Retention
Same as order records
3.4 Wishlist
Detail
Description
Data collected
Products/services you save to your wishlist
Purpose
To let you save and revisit services you are interested in
Legal basis
Performance of a contract (Art. 6(1)(b) GDPR) - part of the platform functionality you use
Retention
For the duration of your account
3.5 Search
Detail
Description
Data collected
Search queries, filters applied, browsing behaviour
Purpose
To provide search results for entertainment services
Legal basis
Legitimate interest (Art. 6(1)(f) GDPR) - to improve the relevance of search results
Service provider
Algolia Inc. (United States)
Retention
Search logs: 90 days; recommendation profiles: for the duration of your account
Our legitimate interest: Providing relevant search results is essential for the functioning of our marketplace. We have assessed that this does not override your rights, as search functionality is a core expectation of any e-commerce platform.
3.6 Location Services
Detail
Description
Data collected
Country and city you select for your event
Purpose
To show available entertainment in your selected area
Legal basis
Performance of a contract (Art. 6(1)(b) GDPR)
Service provider
Google Maps Platform (United States)
Retention
For the duration of your session; saved locations linked to your orders
3.7 Website Analytics
Detail
Description
Data collected
Pages visited, time on page, click behaviour, device type, browser, approximate location (from IP address), session recordings and heatmaps (Hotjar)
Purpose
To understand how visitors use our website and improve the user experience
Legal basis
Consent (Art. 6(1)(a) GDPR)
Service provider
Google Tag Manager / Google Analytics (United States); Hotjar Ltd (Malta, EU)
Retention
Google Analytics: 14 months (default in GA4, recommended minimum); Hotjar: 365 days
We only activate analytics and behaviour tracking cookies after you give your consent via our cookie banner. Hotjar may record anonymised user sessions (mouse movements, clicks, scrolls) and generate heatmaps to help us identify usability issues.
3.8 Newsletter
Detail
Description
Data collected
Email address
Purpose
To send you marketing communications about our services, promotions, and event inspiration
Legal basis
Consent (Art. 6(1)(a) GDPR)
Service provider
MailerSend (Mailerlite UAB, Lithuania, EU)
Retention
Until you unsubscribe; we delete your data within 30 days of unsubscription
You can unsubscribe at any time by clicking the “unsubscribe” link in any of our emails.
3.9 Customer Support
Detail
Description
Data collected
Your name, email address, phone number, and the content of your messages
Purpose
To respond to your enquiries and provide support
Legal basis
Legitimate interest (Art. 6(1)(f) GDPR) - to provide customer service
Service provider
Crisp IM SAS (France, EU) - live chat on our website; WhatsApp (Meta Platforms Inc., United States) - messaging support
Retention
Support conversations: 2 years (covers warranty and complaint resolution periods)
Our legitimate interest: Responding to customer enquiries is necessary for the operation of our business. We have assessed that using live chat and messaging tools, which are widely expected by our customers, does not override your rights.
Live chat (Crisp): When you use the chat widget on our website, your conversation and any personal data you provide are processed by Crisp IM SAS (France) as our data processor.
WhatsApp: When you contact us via WhatsApp, Meta Platforms Inc. processes your data as an independent data controller under its own privacy policy. We encourage you to review WhatsApp’s privacy policy at https://www.whatsapp.com/legal/privacy-policy
3.10 Server Logs
Detail
Description
Data collected
IP address, browser type, access times, pages requested
Purpose
To ensure IT security, prevent fraud, and maintain the functionality of our website
Legal basis
Legitimate interest (Art. 6(1)(f) GDPR)
Retention
90 days (industry standard for security incident investigation)
3.11 Currency and Language Preferences
Detail
Description
Data collected
Your selected currency (EUR/USD) and language (English, Arabic, Chinese)
Purpose
To display the platform in your preferred language and currency
Legal basis
Legitimate interest (Art. 6(1)(f) GDPR) - technically necessary for platform functionality
Retention
Stored locally in your browser; not transmitted to third parties
4. Who We Share Your Data With
We share your personal data with the following recipients:
Service Providers (Data Processors)
Independent Data Controller
Other Recipients
Event fulfilment partner: We share the necessary event details (event location, date, selected services) with our external fulfilment partner who coordinates the delivery of entertainment services, including verifying and managing performers. This partner acts as a data processor under a Data Processing Agreement.
Performers/artists: After you book a service, certain details about your event (location, date, event type) may be shared with the performers delivering the service. Only the information necessary for service delivery is shared.
Tax and regulatory authorities: We may share data with Portuguese tax authorities or other regulatory bodies when required by law.
5. International Data Transfers
Several of our service providers are based in the European Union (VS Hosting, Hotjar, MailerSend, Crisp) and your data remains within the EEA when processed by them.
Your personal data may also be transferred to countries outside the European Economic Area (EEA), specifically to the United States. We ensure that such transfers are protected by appropriate safeguards:
EU-US Data Privacy Framework (DPF): Several of our service providers (Google, Algolia, Stripe, Meta) are certified under the EU-US Data Privacy Framework, which the European Commission has recognised as providing adequate protection for personal data (Adequacy Decision of 10 July 2023).
Standard Contractual Clauses (SCCs): Where a service provider is not certified under the DPF, we use Standard Contractual Clauses approved by the European Commission to ensure your data is protected.
UK Adequacy Decision: For transfers to the United Kingdom (Revolut), the European Commission has issued an adequacy decision recognising the UK’s level of data protection.
Israel adequacy decision: (Monday.com), For transfers to Israel (Monday.com), the European Commission has issued an adequacy decision recognising Israel's level of data protection.
Other third countries: Our services may involve the transfer of personal data to countries outside the EEA that do not benefit from an adequacy decision. In such cases, we ensure appropriate safeguards are in place, including:
Standard Contractual Clauses (SCCs) approved by the European Commission
A Transfer Impact Assessment evaluating the level of data protection in the recipient country
Additional technical and organisational measures where necessary
This may apply in particular where our fulfilment partners, performers, or other service providers are located in such countries.
6. Cookies and Tracking Technologies
When you visit our website, we use cookies and similar technologies. Cookies are small text files stored on your device.
Categories of Cookies
Strictly Necessary Cookies These cookies are essential for the website to function. They enable basic features such as logging in, adding items to your cart, and remembering your language and currency settings. These cookies do not require your consent.
Analytics Cookies These cookies help us understand how visitors interact with our website by collecting information about pages visited, time spent, and user behaviour. We use Google Analytics and Hotjar for this purpose. Hotjar may also use cookies to support session recordings and heatmaps. These cookies are only activated with your consent.
Marketing Cookies We do not currently use any marketing or remarketing cookies (such as Facebook Pixel or LinkedIn Insight Tag). If this changes in the future, we will update this Privacy Policy and request your consent before activating any marketing cookies.
You can also configure your browser to block or delete cookies. Please note that blocking essential cookies may affect the functionality of our website.
Managing Your Cookie Preferences
When you first visit our website, a cookie banner will allow you to accept or reject non-essential cookies. You can change your preferences at any time by clicking “Cookie Settings” in the footer.
You can also configure your browser to block or delete cookies. Please note that blocking essential cookies may affect the functionality of our website.
7. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
Access (Art. 15)
You can request a copy of the personal data we hold about you
Rectification (Art. 16)
You can ask us to correct inaccurate or incomplete data
Erasure (Art. 17)
You can ask us to delete your data (subject to legal retention obligations)
Restriction (Art. 18)
You can ask us to temporarily stop processing your data
Data portability (Art. 20)
You can request your data in a structured, machine-readable format
Objection (Art. 21)
You can object to processing based on legitimate interest, including profiling
Withdraw consent
Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing
How to Exercise Your Rights
You can exercise any of these rights by contacting us at:
Email: alex@ree.global
Post: NeonHeads Portugal, Unipessoal LDA, Belem Gardens Condominium, Calcada da Ajuda 33, 1300-322, unit B1B, Lisbon, Portugal
We will respond to your request within one month. If your request is complex, we may extend this period by a further two months, in which case we will inform you.
Right to Lodge a Complaint
If you believe that we have not handled your personal data properly, you have the right to lodge a complaint with a supervisory authority. The competent authority for REE is:
Comissao Nacional de Protecao de Dados (CNPD) Rua de Sao Bento 148, 3rd floor 1200-821 Lisbon, Portugal
Website: https://www.cnpd.pt
Email: geral@cnpd.pt
You also have the right to lodge a complaint with the supervisory authority in your country of residence if different from Portugal.
8. Automated Decision-Making and Profiling
We do not use automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you (Art. 22 GDPR).
Our search functionality (powered by Algolia) returns results based on your search queries and filters, but does not build user profiles or provide personalised recommendations based on browsing behaviour.
9. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:
Encrypted data transmission (HTTPS/TLS)
Access controls limiting data access to authorised personnel
Regular security reviews of our platform and infrastructure
Data Processing Agreements with all service providers
10. Children’s Data
Our platform is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe that we have collected data from a child, please contact us at alex@ree.global and we will promptly delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will notify you by email notification or other mechanism.
12. Contact Us
If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:
Email: alex@ree.global
Address: NeonHeads Portugal, Unipessoal LDA, Belem Gardens Condominium, Calcada da Ajuda 33, 1300-322, unit B1B, Lisbon, Portugal.
Get early access to new Acts and platform updates
We only email when it matters.
© 2026 Ready Event Entertainment
English
العربية
中文(简体)