Privacy PolicyLast updated: 23 September 20251) Data ControllerController: Rajko Stijakovic d/b/a StageSpace
Address: Des Cubells 33, 07800 Ibiza, Spain
Email: [email protected]2) What data we collectContact data: email address, first name, last nameMarketing attribution: UTM parameters you submit or that arrive with your visitTechnical data: IP address, device and browser information, pages visited, timestamps, and server logsCookies and similar technologies: strictly necessary cookies plus optional analytics or marketing cookies only after consent. See the Cookie Policy below3) Purposes and legal bases
Purpose Data Legal basis
Manage the StageSpace waitlist and send confirmation or update emails Contact data Consent under GDPR Article 6(1)(a) given when you submit the form and confirm your email
Measure marketing campaign performance and improve our site UTM data and analytics cookies Consent under Article 6(1)(a) via the cookie banner
Keep the service secure, prevent abuse, diagnose errors, ensure delivery Technical data and logs Legitimate interests under Article 6(1)(f) in operating a secure service
Meet legal obligations where applicable Any data necessary Legal obligation under Article 6(1)(c)You can withdraw consent any time by clicking Unsubscribe in any email or by writing to [email protected]
. The information in this policy fulfils GDPR Article 13.
GDPR4) Where data comes fromDirectly from you when you submit forms or interact with our emailsAutomatically from your device through cookies or similar technologies, after consent for non-essential cookies5) Recipients and processorsWe use providers that act under our instructions:Website hosting and builder: Carrd, which may process technical and log data needed to serve the siteEmail, forms, list management: MailerLite, which stores contact data, manages double opt-in, and sends emailsWe disclose data if required by law or to protect rights and safety. We have processor terms or DPAs with providers under Article 28 and ensure safeguards for any transfers outside the EEA through the EU Standard Contractual Clauses.
European Commission6) International data transfersSome providers may process data outside the EEA. When this occurs, we rely on the European Commission’s Standard Contractual Clauses and appropriate measures to ensure an adequate level of protection.
European Commission7) RetentionMarketing and waitlist data: kept until you unsubscribe or ask us to delete. We periodically remove inactive contactsTechnical logs: typically up to 12 months unless needed longer for security or legal reasonsBackups and archives: retained for limited periods then deleted or anonymised8) Your rightsYou can request access, rectification, erasure, restriction, portability, and objection, and you can withdraw consent at any time by emailing [email protected]
. We respond within one month. You also have the right to complain to the Agencia Española de Protección de Datos (AEPD).9) Cookies and similar technologies <a id="cookies"></a>We display a cookie banner that blocks non-essential cookies until you choose Accept. Accept and Reject are shown at the same level and you can change your choice at any time via the banner or your browser settings, in line with AEPD guidance. If we enable analytics or marketing tools, their cookies and links to their policies will appear in the banner’s list.
AEPD
+1Google AnalyticsWe use Google Analytics 4 to understand how visitors use our website. Google Analytics collects information such as pages visited, browser type, and interactions. These cookies are only set after you provide consent through our CookieYes banner.Data collected by Google Analytics may be transferred to servers in the United States. We rely on the European Commission’s Standard Contractual Clauses as safeguards for these transfers.You can withdraw consent at any time via the Manage cookies link in the footer or by changing your browser settings. For more details, see Google’s privacy policy
.10) Children’s privacyStageSpace is not directed to children. In Spain, children under 14 cannot lawfully give consent for online services without parental authorisation. If we learn we collected data from a child under 14 without proper authorisation, we will delete it.
AEPD
+111) SecurityWe apply industry-standard technical and organisational measures, including TLS encryption in transit, access controls, least-privilege access, and periodic vendor security reviews.12) Automated decision-makingWe do not use automated decision-making that produces legal or similarly significant effects for our waitlist and marketing operations.13) Changes to this policyIf we make material changes, we will update the “Last updated” date and, where appropriate, notify you by email or an in-site notice.