Privacy Policy

Effective Date: June 18, 2026 · Last Updated: June 18, 2026

Pumpkins After Dark (“us”, “we”, or “our”) operates this website (the “Service”). This Privacy Policy informs you of our policies regarding the collection, use, and disclosure of personal data when you use the Service, and the rights and choices you have. We are committed to complying with PIPEDA (Canada) as well as GDPR for users located in the EEA and UK.

Definitions

  • Personal Data — information relating to an identified or identifiable natural person.
  • Usage Data — data collected automatically (e.g., IP address, browser type, visit duration).
  • Cookies — small files stored on your device by your browser.
  • Data Controller — Pumpkins After Dark, which determines the purposes and means of processing personal data.
  • Data Processor — a third party that processes data on behalf of the controller.
  • Data Subject — any individual whose personal data we process.
  • Consent — under GDPR, must be freely given, specific, informed, and unambiguous.

Legal Bases for Processing (GDPR)

For individuals in the EEA/UK, our legal bases include:

  • Your consent — Art. 6(1)(a) GDPR
  • Performance of a contract — Art. 6(1)(b) GDPR
  • Compliance with legal obligations — Art. 6(1)(c) GDPR
  • Legitimate interests, where not overridden by your data protection rights — Art. 6(1)(f) GDPR

Information We Collect

We may collect the following Personal Data:

  • Email address
  • First name and last name
  • Phone number
  • Address, city, province/state, postal code
  • Details when you complete a questionnaire or survey
  • Cookies and Usage Data

You can opt out of marketing communications at any time via the unsubscribe link in any email we send.

How We Use Your Data

  • To provide and maintain the Service
  • To notify you about changes to the Service
  • To allow you to participate in interactive features
  • To provide customer support
  • To gather analysis so we can improve the Service
  • To monitor usage of the Service
  • To detect, prevent, and address technical issues
  • To send news, offers, and event updates where you have opted in

Your Rights Under GDPR

If you are located in the EEA/UK you have the right to:

  • Access — request copies of your personal data
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion under certain conditions
  • Restrict processing
  • Data portability
  • Object to processing (including direct marketing)
  • Withdraw consent at any time, where processing is based on consent

We respond to data subject requests within one month, as required by GDPR. Contact us at info@lanternevents.ca. We may verify your identity before acting on a request.

International Data Transfers

If you access the Service from outside Canada, including from the EEA or UK, your data may be transferred to and stored in countries that may not offer the same level of protection. Where personal data is transferred outside the EEA, we put appropriate safeguards in place, including Standard Contractual Clauses approved by the European Commission.

Data Retention

We retain your personal data only as long as necessary for the purposes described in this policy, or as required by law. You may request deletion at any time, subject to our legal obligations.

Cookies & Tracking

We use cookies and similar tracking technologies. See our Cookies Policy for the full breakdown of categories, providers, and how to manage or withdraw consent. Non-essential cookies are only set after your explicit consent.

Third-Party Service Providers

We rely on the following processors:

  • Google Analytics / Google Tag Manager — legitimate interest, data processed in the US, SCCs in place.
  • Google Ads / Meta (Facebook) Ads — consent, data processed outside the EEA, SCCs adopted.
  • Mailchimp — consent, used for newsletter subscriptions, data processed in the US under SCCs.
  • Showpass — ticketing provider, contractual necessity.
  • Stripe — payment processing, contractual necessity, PCI-DSS compliant.

Automated Decision-Making

We do not use personal data to make decisions based solely on automated processing, including profiling, that have legal or similarly significant effects on individuals.

Security of Data

No method of electronic transmission is 100% secure. We use commercially acceptable safeguards including HTTPS, encrypted storage, and access controls, but cannot guarantee absolute security.

Children

Our Service is not directed to children under 16 and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, contact us and we will delete it.

Data Controller

Pumpkins After Dark Limited
Lavery House, Earlsfort Terrace
Dublin 2, Dublin, Ireland D02 T625
Contact: ireland@lanternevents.ca

Data Protection Officer

Email: info@lanternevents.ca
Subject Line: Data Protection Officer Inquiry

Changes to This Policy

We may update this Privacy Policy from time to time. Changes are effective when posted on this page. Please review periodically.

CALGARY • EDMONTON • MILTON • SASKATOON • MARKHAM • LONDON • PLEASANTON • DES MOINES • DUBLIN • EDINBURGH •