Last updated: 28 May 2026
This page explains how Attenda, operated by E&L Asia Pacific Limited, complies with the General Data Protection Regulation (GDPR) for users and event participants located in the European Economic Area (EEA).
Note: GDPR applies to the processing of personal data of individuals in the EEA regardless of where the data controller is established. As Attenda serves customers and processes participant data in the EEA, we take GDPR compliance seriously.
E&L Asia Pacific Limited acts as the data controller for organiser account data. For event participant data, the organiser (our customer) acts as the data controller and Attenda acts as the data processor on their behalf.
Contact: info@getattenda.com
We process personal data under the following legal bases:
| Data type | Legal basis | Explanation |
|---|---|---|
| Organiser account data | Contract | Necessary to provide the Attenda service you signed up for |
| Billing data | Contract | Necessary to process payments and manage subscriptions |
| Participant attendance data | Legitimate interest / Legal obligation | Collected by organisers to manage event attendance, often required for legal or governance purposes such as members meeting quorum verification |
| Digital signatures | Consent / Legal obligation | Participants are informed at the point of signing that their signature is being captured. Organisers may have a legal obligation to collect signatures for formal meetings. |
We collect only the data necessary for the purpose of event attendance management. Organisers are responsible for ensuring they collect only data appropriate for their event.
Data is automatically deleted after short retention periods:
Organisers receive an automated reminder before deletion and can export all data at any time.
EEA residents have the following rights under GDPR:
To exercise any of these rights contact us at info@getattenda.com. We will respond within 30 days. If you are an event participant, we may need to direct your request to the event organiser who acts as data controller for your data.
E&L Asia Pacific Limited is incorporated in Hong Kong. Personal data processed through Attenda may be transferred to and stored on infrastructure outside the EEA. We ensure appropriate safeguards are in place for such transfers including:
We use the following subprocessors to deliver the Attenda service:
| Subprocessor | Purpose | Location |
|---|---|---|
| Lovable | Hosting and infrastructure | EU / US (varies by region) |
| Stripe | Payment processing | United States |
Customers who process personal data of EEA residents using Attenda may require a Data Processing Agreement (DPA) with E&L Asia Pacific Limited. To request a DPA contact us at info@getattenda.com.
When participants sign in using the Attenda kiosk, they are informed that their attendance and signature is being recorded. Organisers are responsible for ensuring appropriate consent or legal basis exists for collecting participant data at their events.
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach where required by GDPR. Affected individuals will be notified without undue delay where the breach is likely to result in a high risk.
If you are located in the EEA and believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with your local data protection supervisory authority.
For all GDPR-related enquiries:
E&L Asia Pacific Limited
Hong Kong SAR, China
Email: info@getattenda.com