Privacy Policy

Vihaya Events ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our event management platform and services. Please read this policy carefully to understand our practices regarding your personal data and how we will treat it.

This Privacy Policy is designed to comply with the Digital Personal Data Protection Act, 2023 (DPDP Act) of India and incorporates principles from international privacy frameworks including GDPR.

1. Information We Collect

1.1 Information You Provide to Us

We collect information that you voluntarily provide when you:

• Create an Account: Name, email address, phone number, password, and profile information
• Register for Events: Attendee details, ticket preferences, dietary requirements, accessibility needs
• Process Payments: Billing information, payment card details (processed securely through Razorpay - we do not store complete card details)
• Organise Events: Event details, organisation information, bank account details for payouts
• Contact Support: Communication history, support tickets, feedback

1.2 Information Collected Automatically

When you access our platform, we automatically collect:

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages visited, time spent, click patterns, search queries, event views
• Location Data: Approximate geographic location based on IP address
• Cookies and Tracking: Session data, preferences, analytics information (see Section 8)

2. How We Use Your Information

We process your personal data for the following purposes:

2.1 Service Delivery

• Create and manage your account
• Process event registrations and ticket purchases
• Facilitate communication between organisers and attendees
• Generate and deliver tickets, confirmations, and receipts
• Process payments and refunds

2.2 Platform Improvement

• Analyse usage patterns to improve user experience
• Develop new features and services
• Conduct research and analytics
• Troubleshoot technical issues

2.3 Communication

• Send transactional emails (tickets, confirmations, updates)
• Provide customer support
• Send event reminders and notifications
• Share platform updates and announcements (with your consent)

2.4 Security and Compliance

• Prevent fraud and unauthorised access
• Enforce our Terms of Service
• Comply with legal obligations
• Protect rights, property, and safety of users

3. Legal Basis for Processing (DPDP Act Compliance)

We process your personal data based on:

• Consent: You have given clear consent for specific processing activities
• Contractual Necessity: Processing is necessary to fulfil our service agreement with you
• Legal Obligation: We must process data to comply with Indian laws and regulations
• Legitimate Interests: Processing is necessary for our legitimate business interests (fraud prevention, platform improvement)

4. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information.

We may share your information with:

4.1 Event Organisers

When you register for an event, we share necessary attendee information (name, email, phone, registration details) with the event organiser to facilitate event management.

4.2 Service Providers

We work with trusted third-party service providers who process data on our behalf:

• Payment Processing: Razorpay (for secure payment transactions)
• Cloud Hosting: Vercel, AWS, or similar providers (for platform infrastructure)
• Email Services: Transactional email providers (for ticket delivery and notifications)
• Analytics: Analytics platforms (for usage insights and improvements)
• Customer Support: Support and communication tools

4.3 Legal Requirements

We may disclose your information if required by law, court order, or government authority, or to:

• Comply with legal processes
• Enforce our Terms of Service
• Protect against fraud or security threats
• Protect rights, property, or safety of Vihaya Events, users, or the public

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5. Your Rights as a Data Principal (DPDP Act)

Under the Digital Personal Data Protection Act, 2023, you have the following rights:

5.1 Right to Access

You can request a copy of the personal data we hold about you.

5.2 Right to Correction

You can update or correct inaccurate or incomplete personal data through your account settings or by contacting us.

5.3 Right to Erasure

You can request deletion of your personal data, subject to legal retention requirements and legitimate business needs.

5.4 Right to Data Portability

You can request your data in a structured, commonly used format for transfer to another service.

5.5 Right to Withdraw Consent

You can withdraw consent for processing activities at any time (this may affect service availability).

5.6 Right to Grievance Redressal

You can file a complaint regarding data processing practices by contacting us at vihaya.app@gmail.com.

To exercise any of these rights, please contact us using the details in Section 14.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy:

• Account Data: Retained while your account is active and for 3 years after account closure
• Transaction Records: Retained for 7 years to comply with tax and financial regulations
• Event Registration Data: Retained for 2 years after event completion
• Support Communications: Retained for 3 years
• Analytics Data: Aggregated and anonymized after 2 years

After the retention period, we securely delete or anonymize your data unless longer retention is required by law.

7. Data Security

We implement industry-standard security measures to protect your personal information:

• Encryption: Data is encrypted in transit (TLS/SSL) and at rest
• Access Controls: Strict access controls and authentication mechanisms
• Regular Audits: Security assessments and vulnerability testing
• Secure Payment Processing: PCI-DSS compliant payment processing through Razorpay
• Employee Training: Staff trained on data protection practices
• Incident Response: Procedures for detecting and responding to security breaches

While we strive to protect your data, no method of transmission over the internet is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

8.1 Types of Cookies

• Essential Cookies: Required for platform functionality (authentication, security)
• Performance Cookies: Analyse usage and improve performance
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Understand user behaviour and platform usage

8.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may affect platform functionality.

9. International Data Transfers

Your data may be transferred to and processed in countries outside India, including the United States and European Union, where our service providers operate. We ensure appropriate safeguards are in place through:

• Standard contractual clauses
• Service provider certifications and compliance frameworks
• Adequate data protection measures

10. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will delete such information.

11. Third-Party Links

Our platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

12. Data Breach Notification

In the event of a data breach that may compromise your personal information, we will:

• Notify affected users within 72 hours of becoming aware of the breach
• Inform relevant authorities as required by law
• Take immediate steps to mitigate the breach and prevent future incidents
• Provide guidance on protective measures you can take

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will:

• Update the "Last updated" date at the top of this policy
• Notify you of material changes via email or prominent platform notice
• Obtain your consent for significant changes that affect your rights

Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

15. Governing Law

This Privacy Policy is governed by the laws of India. Any disputes arising from this policy shall be subject to the exclusive jurisdiction of the courts in Kollam, Kerala, India.