Privacy Policy
Last updated: October 21, 2025
PRINTER'S ACADEMY ON LINE LLC. d/b/a dinnerHQ ("dinnerHQ")
This Privacy Policy is provided by PRINTER'S ACADEMY ON LINE LLC., a Florida limited liability company located at 3870 NE 167th St, North Miami Beach, FL 33160, doing business as dinnerHQ ("dinnerHQ").
0. Overview
This Privacy Policy describes the types of personal information Printer's Academy On Line, LLC d/b/a dinnerHQ ("dinnerHQ", "we", "us", or "our") collects from website visitors and people who use our Services, how we use and share that information, and the choices you have. Please read it carefully to understand our practices and how we will treat your information.
Capitalized terms not defined in this Policy have the meaning given in our Terms of Use.
1. Who we are
Printer’s Academy On Line, LLC, d/b/a dinnerHQ (“dinnerHQ,” “we,” “us” or “our”) operates curated B2B networking dinners in the United States.
Postal address: 3870 NE 167th St, North Miami Beach, Florida 33160, USA
Email: [email protected]
We take privacy seriously and align our practices with leading U.S. and international frameworks, including the GDPR and California CCPA/CPRA.
2. Definitions
“Services” means our public website at www.dinnerhq.com (the “Site”) and the curated B2B networking dinners and related features we operate (for example, ticketing and attendee rosters).
“Personal Information” means information about an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to that person’s identity.
“Third‑Party Products/Service Providers” are products or services not owned or controlled by dinnerHQ (for example, Luma for ticketing or Stripe for payments). Their own privacy notices apply to their handling of information.
3. Scope of this Policy
This Policy explains how we collect, use, share and protect personal information when you:
- browse www.dinnerhq.com (the “Site”);
- purchase or manage a ticket via Luma or other ticketing widgets embedded in the Site;
- interact with our emails, SMS messages or social‑media ads; or
- attend a dinnerHQ event;
- network with other professional attendees via dinner‑specific rosters or post‑event follow‑up messages.
This Policy does not cover third‑party websites or services that link to or from us. Their own privacy statements apply.
Controller details: The controller responsible for the processing of personal information is Printer’s Academy On Line, LLC d/b/a dinnerHQ. You can reach us at the address and email listed above.
4. Acceptance of this Policy
By accessing or using the Services, you agree to this Privacy Policy. If you do not agree, do not use the Services. You can contact us at [email protected] with questions about this Policy.
5. Updates to this Policy
We may update this Policy from time to time. When we do, we will post the revised version on this page and update the effective date at the top. Where required, we will provide additional notice (for example, by email or banner). Your continued use after an update constitutes acceptance of the revised Policy.
5a. Legal Basis for Processing Your Data
Under GDPR and similar privacy laws, we must have a legal basis to process your personal information. We rely on the following bases depending on the processing activity:
| Processing Activity | Legal Basis | Explanation |
|---|---|---|
| Account creation, event registration | Contract Performance (GDPR Art. 6(1)(b)) | Necessary to provide services you requested |
| Transactional emails (confirmations, reminders) | Contract Performance | Event confirmations, updates, attendance logistics |
| Sharing professional data with event sponsors | Legitimate Interest (GDPR Art. 6(1)(f)) | Necessary to operate free B2B networking events via sponsor funding |
| Marketing emails/SMS (optional) | Consent (GDPR Art. 6(1)(a)) | You can opt out anytime |
| Security logging, fraud prevention | Legitimate Interest | Protecting our systems and users |
| Tax, accounting, legal compliance | Legal Obligation (GDPR Art. 6(1)(c)) | Required by law |
Legitimate Interest Assessment: Sponsor Data Sharing
Our Legitimate Interest:
dinnerHQ provides free B2B networking events by securing corporate sponsorships. Sponsors fund events in exchange for access to target professional audiences. Without sponsor data access, we cannot secure funding, and events would require $200-400 ticket prices, excluding many professionals. This model enables us to provide free event access to all attendees, creating valuable networking opportunities that would otherwise be financially inaccessible.
Necessity:
Sponsor data sharing is necessary for our business model. We cannot offer free events without it. Alternative funding models would require paid tickets, significantly reducing accessibility for emerging professionals and small business owners.
Balancing Test (Your Rights vs. Our Business Needs):
- Low sensitivity data — We share only professional contact information (business email, company, job title, LinkedIn), not personal/sensitive data
- Reasonable expectations — B2B networking events inherently involve professional contact sharing. Attendees reasonably expect sponsors to have access for networking purposes
- User benefit — Free access to valuable B2B networking events (average value $250/event) that would otherwise require ticket purchases, plus networking opportunities that create professional connections
- Transparency — Full disclosure in Terms of Use and event pages before registration
- Safeguards — Sponsors bound by anti-spam rules (CAN-SPAM, GDPR, CASL); cannot sell data to third parties without consent
- User control — You can choose not to attend if you disagree; you can opt out of sponsor emails individually
Conclusion: Legitimate Interest is the appropriate legal basis. User consent is not required for this processing activity.
Your Right to Object: You can object to sponsor data sharing under GDPR Article 21 by:
- Not attending dinnerHQ events
- Emailing [email protected] to opt out of future sharing
- Contacting sponsors directly to opt out of their communications
We will honor objections for future processing (we cannot retroactively revoke past data sharing).
6. Information we collect
We collect information from the following sources: (a) directly from you; (b) automatically from your device and browser; (c) from event partners and service providers that help us operate dinners (for example, Luma, Stripe); and (d) from publicly available sources or third‑party services, where allowed by law.
| Category | Examples | How we collect it |
|---|---|---|
| Identifiers | Name, business email, phone, postal address, LinkedIn URL, company & job title | Forms you complete, ticket checkout (Luma), voluntary profile updates, business‑card exchange |
| Company information | Company name and domain, company size/headcount, industry | Contact forms, RSVP flows, or optional post‑purchase profile |
| Professional profile data (optional) | Years of experience, skills, languages, seniority level, role focus | Optional profile forms and surveys; never required for ticket purchase |
| Payment references | Last 4 digits of card, card type, Stripe payment ID, purchase metadata (amount, currency, timestamp) | Processed by Stripe; dinnerHQ receives only tokens & receipts, never full card numbers |
| Event‑preference data | Dietary notes, vertical/industry interests, seating requests | Ticket checkout or post‑purchase survey |
| Marketing & engagement data | Email opens/clicks, SMS interactions, ad‑campaign membership | Managed via Beehiv and Meta/Facebook ads pixels |
| Device & usage data | IP address, browser type, pages visited, time on page, referring URL | Cookies, web beacons, Google Analytics, Vercel edge functions |
| Customer‑support records | Messages, attachments, call notes | Zendesk or direct email |
We do not intentionally collect sensitive data such as social‑security numbers, health information or government identifiers.
We also do not seek or require information about legally protected characteristics (for example race, color, religion, national origin, disability, or medical details). Please do not provide such information.
6.1 Data Sharing with Sponsors (All Events)
IMPORTANT: By registering for any dinnerHQ event (sponsored or non-sponsored), you acknowledge that dinnerHQ will share your professional contact information with:
- Current event sponsors (if the event you attend is sponsored)
- Potential future sponsors (for business development and sponsorship opportunities)
What we share:
- Full name
- Business email address
- Company name
- Job title
- Industry/vertical
- LinkedIn profile URL (if provided)
- Event attendance history (which events you attended)
How sponsors use your data:
Sponsors may contact you for:
- Business development outreach
- Product/service information
- Event invitations
- LinkedIn connection requests
Your control:
- You can opt out of future sponsor sharing by emailing [email protected]
- Opt-out does not apply retroactively (sponsors who already received your data keep it)
- To avoid sponsor data sharing entirely, do not register for dinnerHQ events
Visa Gift Card Incentives (Select Events):
Some events offer Visa gift card incentives ($60-$120) for attendance. These are:
- Conditional — dinnerHQ reserves ultimate discretion to deny for any reason
- Not payment for data — You share professional data with sponsors for networking purposes, regardless of gift card availability
- Attendance rewards — Incentive for participating, not compensation or reimbursement
For full gift card terms, see our Terms of Use Section 2.4.
7. How we use your information
We process personal information to:
- Provide our service — issue tickets, confirm restaurant logistics, handle seating and send pre‑/post‑event communications.
- Process payments via Stripe and detect fraud.
- Personalise outreach — recommend dinners aligned with your industry or interests.
- Operate, secure and improve the Site and any future mobile app.
- Facilitate networking — share limited professional contact details (name, company, role, LinkedIn) with other confirmed attendees so you can follow up after the dinner.
- Send marketing emails/SMS you opt into; you may unsubscribe at any time.
- Comply with law — e.g. tax, accounting and lawful requests.
- Defend our rights and prevent misuse of our services.
We rely on one or more of the following legal bases, as applicable: (i) performance of a contract (ticket purchase), (ii) our legitimate interests in running and marketing the business, (iii) your consent (for optional newsletters/texts), and (iv) compliance with legal obligations.
Legal basis for processing (GDPR/UK GDPR)
- Contract — to issue tickets, manage attendance and provide customer support.
- Legitimate interests — to operate, secure and improve our Services and communicate relevant offers; we balance these interests against your rights.
- Consent — for optional marketing emails/SMS and certain cookies; you may withdraw at any time.
- Legal obligation — to comply with tax, accounting and law‑enforcement requests.
8. Cookies & similar technologies
We use first‑ and third‑party cookies, pixel tags and local‑storage objects to recognise your browser, analyse traffic, remember preferences and measure ad performance. You can control cookies through your browser settings. Blocking all cookies may degrade Site functionality.
Key third‑party cookies/pixels:
- Google Analytics 4 — site analytics (IP anonymised)
- PostHog — user behavior analytics and feature flags
- Meta (Facebook) & LinkedIn Insight Tags — conversion tracking & retargeting
- Stripe — checkout session, fraud prevention and payment performance
- Loops — email campaign analytics
Third‑party use of cookies. Some content and features are provided by service providers who may set their own cookies and similar technologies. These providers may associate cookie data with information they have about you from other services and use it for advertising or measurement.
Website Analytics (Google). We use Google Analytics to understand aggregate Site usage. Learn more in Google’s privacy policy and control collection using Google’s opt‑out add‑on.
Google Ads/AdWords. We may use Google Ads remarketing to reach people who previously visited our Site. Manage your preferences at Google Ads Settings or visit the Network Advertising Initiative opt‑out page.
Meta (Facebook) Ads. You can control ad personalization from Meta at Facebook Ad Preferences.
LinkedIn Ads. Manage LinkedIn ad settings at LinkedIn Advertising Preferences.
9. Who we share information with
We disclose information only as needed to run the service:
| Type | Recipient | Purpose |
|---|---|---|
| Database | Neon DB (US data centers only) | PostgreSQL database hosting |
| Cloud hosting & CDN | Vercel Inc., Cloudflare Inc. | Web hosting, edge functions, media delivery |
| Ticketing & event management | Luma Inc. | Ticket sales, attendee roster, check‑in |
| Payment processing | Stripe, Inc. | Secure card processing, fraud screening |
| Email & newsletter | Loops (transactional + marketing emails), Clay Inc., Arcanine Technologies Inc., Hubspot Inc. | Transactional + marketing emails, CRM |
| Email validation & enrichment | LeadMagic Inc. | Email verification, data enrichment |
| SMS & telephony | Cloudtalk Inc., Twilio, Inc. | Event‑reminder SMS |
| Advertising pixels | Meta Platforms, LinkedIn Corp., Google Ads | Ad measurement & retargeting |
| Customer support | Zendesk Inc. | Ticketing and chat |
| Analytics | PostHog (user analytics), Google Analytics (advertising), Meta (advertising), Vercel Inc. (performance metrics) | User behavior analytics, ad performance, site performance |
| CI/CD & code hosting | GitHub, Inc. | Version control, CI/CD workflows |
| Event sponsors | Corporate sponsors of dinnerHQ events (varies by event) | Professional networking, business development outreach, sponsorship ROI assessment |
| Other attendees | Fellow participants in the same dinner | Professional networking & follow‑up |
We require each service provider to keep information confidential and to use it only for the purpose we disclosed it.
Event sponsors: We share your professional contact information (name, business email, company, job title, industry, LinkedIn profile, attendance history) with event sponsors to enable professional networking and business development. This data sharing applies to all dinnerHQ events (both sponsored and non-sponsored community dinners). Sponsors must comply with anti-spam laws (CAN-SPAM, GDPR, CASL) and cannot sell your data to third parties without your consent. See Section 6.1 for full details.
Payment processing: We use Stripe to process payments and do not store full credit‑card numbers. Stripe handles card data in accordance with its own privacy policy and PCI‑DSS requirements. We receive tokens and limited payment metadata (e.g., last four digits, card brand, amount).
We may also share information (i) to comply with law or valid legal process, (ii) to enforce our Terms of Use, (iii) in connection with a business transfer such as a merger or sale, or (iv) with your consent.
We Do NOT Sell Your Data
dinnerHQ does not sell, rent, or trade your personal information to third parties for monetary consideration. We have not sold personal information in the preceding 12 months and have no plans to do so. Professional data shared with sponsors is for networking purposes only, as described in Section 6.1, and sponsors are prohibited from selling your data to others without your explicit consent.
Categories of personal information disclosed for a business purpose (last 12 months)
| Category | Recipient types | Purpose |
|---|---|---|
| Identifiers | Hosting/platform, email & newsletter providers, ticketing, analytics, advertising platforms | Operate Services, communications, analytics, ad measurement |
| Company & professional info | Ticketing, email & CRM tools | Event logistics, attendee networking, targeted communications |
| Payment references | Stripe (payment processor) | Process payments and prevent fraud |
| Device & usage data | Analytics providers, security tools | Site performance, security, usage insights |
| Marketing & engagement data | Email platforms, advertising platforms | Campaign performance, retargeting (where permitted) |
| Customer‑support records | Zendesk | Support ticketing and communications |
10. International transfers
dinnerHQ is based in the United States. When you access our services from the European Economic Area (EEA), United Kingdom, or Switzerland, your personal data is transferred to the US.
We use appropriate safeguards for international data transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission (Decision 2021/914) and the UK International Data Transfer Agreement (IDTA) where applicable. All third-party processors who handle your data have executed Data Processing Agreements (DPAs) with these safeguards.
Request Documentation: For complete details on our data processing practices, Standard Contractual Clauses, and Sub-Processors, see our Data Processing Agreement (DPA). You can also request a copy by emailing [email protected] (GDPR Article 46(2)(c) right to information about safeguards).
If you object to international data transfers, you may choose not to use our services. We cannot provide our services without transferring data to US-based processors. However, where technically feasible, we can accommodate requests to store your data on EU servers — email [email protected] to request EU-based hosting options.
11. Retention
We keep information only as long as necessary to fulfil the purposes in Section 7, to resolve disputes or as required by law (e.g., U.S. tax regulations). When no longer needed, we securely delete or de‑identify it.
12. Your choices & rights
- Email & SMS marketing — click “Unsubscribe” in any message or email [email protected].
- Cookies — use browser controls to block or delete cookies.
- Access / correction / deletion — U.S. residents may request a copy or deletion of personal information by emailing [email protected].
- California residents — you have CCPA rights to know, delete and opt out.
- EEA/UK/Swiss visitors — you have GDPR rights of access, rectification, erasure, restriction, objection and data portability, exercisable via the same email. Because we are not established in the EEA, we process your data on the Article 3(2) GDPR extraterritorial basis.
We will respond within 30 days (or the period required by applicable law). We may ask for identity verification.
Do Not Track. At this time there is no industry standard for recognizing browser “Do Not Track” signals, so we do not respond to them. You can control cookie‑based tracking via your browser settings.
California privacy rights (CCPA/CPRA)
California residents have rights to know, delete, correct, and opt‑out of sale or sharing of personal information, and to limit use of sensitive personal information. We do not sell personal information. We may “share” identifiers and device data with advertising partners for cross‑context behavioral advertising; you can opt out via cookie settings or by emailing [email protected].
Do Not Sell or Share My Personal Information. If you wish to opt out of sale or sharing, contact us at the email above and adjust your cookie preferences. We will honor valid opt‑out signals to the extent required by law.
Shine the Light. We do not disclose personal information to third parties for their own direct marketing purposes. You may request more details at the email above.
EEA/UK/Swiss supplemental notice
Users in the European Economic Area, the United Kingdom, and Switzerland have additional rights under GDPR/UK GDPR:
- Access — request copies of your personal information.
- Rectification — request correction of inaccurate data or completion of incomplete data.
- Erasure — request deletion under certain conditions.
- Restriction — request we limit processing under certain conditions.
- Objection — object to processing based on legitimate interests and to direct marketing.
- Portability — request transfer of your data to you or another provider in a structured, commonly used, machine‑readable format.
- Withdraw consent — when we rely on consent, you may withdraw it at any time.
We may request reasonable information to verify your identity before responding. We do not charge a fee unless a request is manifestly unfounded, repetitive, or excessive.
Complaints: You may lodge a complaint with your local Data Protection Authority at any time.
Controller vs. processor: Where we process information on behalf of event partners or other customers, those entities act as the controller. Please contact the relevant controller to exercise your rights for that data.
International transfers: When we transfer personal information outside the EEA/UK, we use appropriate safeguards such as the European Commission’s Standard Contractual Clauses or their UK equivalents.
13. Security
We implement appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access (GDPR Article 32).
Technical Measures
- Encryption: TLS 1.3 for data in transit; AES-256 encryption at rest (Neon PostgreSQL)
- Access Controls: Database row-level security (RLS), multi-factor authentication (MFA) for all admin accounts, role-based access controls (RBAC)
- Network Security: Transaction pooler with connection limits, IP allowlisting for admin access, DDoS protection via Vercel Edge Network
- Security Testing: Annual penetration testing, quarterly external vulnerability scans, automated dependency scanning
- Patch Management: Automated security patching within 7 days of critical vulnerability disclosure
- Logging & Monitoring: Access logs retained 90 days, real-time intrusion detection, automated alerting for suspicious activity
- Backups: Nightly encrypted database backups with 30-day retention, tested quarterly
Organizational Measures
- Staff Training: Annual security and data protection training for all personnel
- Incident Response: Written incident response plan tested quarterly
- Data Minimization: Unverified accounts deleted after 30 days; inactive accounts reviewed annually
- Vendor Management: All processors undergo risk assessment and execute Data Processing Agreements (DPAs) with Standard Contractual Clauses
- Confidentiality: All employees and contractors sign confidentiality agreements
- Access Reviews: Quarterly review and revocation of unnecessary access permissions
Security Limitations: No internet transmission is ever 100% secure. By using our services, you acknowledge this inherent risk. We cannot guarantee absolute security but commit to implementing industry-standard safeguards appropriate to the risk.
Data Breach Notification
If we become aware of a personal data breach that compromises your information, we will:
- Notify Regulators: Within 72 hours of discovery, we will notify the relevant supervisory authority (GDPR Article 33)
- Notify You: Without undue delay, we will inform affected individuals if the breach is likely to result in a high risk to your rights and freedoms (GDPR Article 34)
- Provide Details: Notification will include the nature of the breach, likely consequences, and mitigation measures taken
- Cooperation: We will cooperate fully with any regulatory investigation and provide necessary documentation
Your Right to Compensation: Under GDPR Article 82, you have the right to receive compensation from us if you suffer material or non-material damage as a result of a data breach caused by our violation of GDPR. This right cannot be contractually limited (see Section 13 of our Terms of Use for liability limitations that do not apply to GDPR violations).
14. Responsible disclosure of security vulnerabilities
If you discover or suspect a security vulnerability in our Services, please notify us immediately at[email protected]. If, during testing, you encounter any sensitive data, stop the test and do not share that data. We will investigate in a reasonable timeframe and may limit access while an issue is assessed.
15. Children’s privacy
Our Services are intended for adults 18 years and older. We do not knowingly collect information from children. If you believe we have done so inadvertently, please contact us for removal.
16. Contact
Data Protection Officer (DPO)
For data protection inquiries, GDPR rights requests, or to exercise your rights under applicable data protection laws, contact our Data Protection Officer:
Email: [email protected]
Subject Line: "GDPR Request" or "Data Protection Inquiry"
General Privacy Inquiries
For general questions about this Policy or your personal information, email [email protected] or write to the Florida address above.