AllEvents Privacy Policy

Effective Date: 25/12/2025

Last Updated on: 15/09/2025

AllEvents Informations Private Limited ("AllEvents", "we", "us" or "our") operates an event discovery and ticketing platform and related services (the "Platform" or the "Services"). This Global Privacy Policy ("Policy") explains how AllEvents collects, uses, discloses, processes, stores, transfers and protects Personal Data in the course of providing and operating the Platform.

This Policy is intended to be read together with our Terms of Service and any other applicable agreements. This Policy is intended to comply with and is drafted having regard to the requirements of the: General Data Protection Regulation (EU) 2016/679 ("GDPR"), UK GDPR and Data Protection Act 2018, the California Consumer Privacy Act of 2018 and the California Privacy Rights Act of 2020 ("CCPA / CPRA"), the Personal Information Protection and Electronic Documents Act ("PIPEDA") (Canada), Lei Geral de Proteção de Dados ("LGPD") (Brazil), and the Digital Personal Data Protection Act, 2023 ("DPDP Act") (India), together with other applicable data protection and privacy laws.

By accessing or using the Platform, you acknowledge that you have read and understood this Policy and consent to the collection, use and processing of Personal Data in accordance with this Policy.

1. SCOPE AND APPLICABILITY

This Policy applies to:

●

All individuals who access, browse or use the Platform (including visitors and non-registered users);

●

Users who register for or purchase tickets to events via the Platform (including attendees and purchasers);

●

Event organizers and promoters using the Platform or AllEvents' organizer tools;

●

Business contacts, sales prospects and other persons who interact with AllEvents in a corporate or commercial context.

This Policy does not apply to Personal Data processed by third-party websites, services, plug-ins, or applications that are linked from the Platform. Such third parties have their own privacy policies and practices.

2. DEFINITIONS

For purposes of this Policy:

●

"Personal Data" means any information relating to an identified or identifiable natural person.

●

"Processing" has the meaning given in Applicable Law and includes collection, storage, access, use, disclosure, transfer, deletion, anonymization and other operations performed on Personal Data.

●

"Controller" (or "Data Fiduciary") means the entity that determines the purposes and means of Processing.

●

"Processor" means an entity that Processes Personal Data on behalf of a Controller.

●

"Applicable Law" means any applicable domestic or foreign data protection, privacy or information security law, regulation, directive, or binding guidance including GDPR, CCPA/CPRA, PIPEDA, LGPD and the DPDP Act.

3. CONTROLLER / PROCESSOR ROLES

AllEvents acts as a Data Controller in respect of Personal Data it collects and processes for its own purposes, including platform operation, analytics, account management, and compliance.

In limited instances, AllEvents acts as a Data Processor where it processes Personal Data on behalf of event Organizers (for example, in managing attendee lists or issuing tickets under Organizer instructions).

We use reputable third-party providers who offer industry-standard security and privacy protections. Our relationship with these providers is governed by their respective terms of service and privacy frameworks.

These third parties operate either under their own privacy frameworks and compliance programs or, where legally required, under contractual terms that ensure appropriate safeguards.

AllEvents does not maintain Data Processing Agreements with every third-party tool or service it integrates with but uses only reputable providers who provide reasonable assurances of compliance with applicable privacy and data-protection laws.

4. CATEGORIES OF PERSONAL DATA COLLECTED

AllEvents collects and processes Personal Data which may include, without limitation, the following categories:

4.1 Information provided directly by you

●

Identity and contact data: full name, email address, telephone number, postal address (if provided).

●

Account credentials and authentication tokens (including Google / Facebook login tokens).

●

User profile information and preferences.

●

Event-related data: event registrations, ticket purchases, attendee names and details, seating, special requirements communicated for events.

●

Billing and invoicing metadata (transaction identifiers, billing name, billing email). (AllEvents does not store card numbers; payment card details are processed by licensed payment processors.)

●

Communications and messages exchanged via the Platform (including organizer–attendee messages).

●

Content you submit (reviews, comments, survey responses).

4.2 Information collected automatically

●

When users access the Platform, AllEvents and its service providers automatically collect technical and usage information, including IP addresses, device identifiers, browser and operating system details, referring URLs, session data, and interaction patterns.

●

Cookies and similar technologies are used to enable essential functions, monitor performance, and analyze Platform usage.

●

While users may manage or block cookies in their browser settings, certain identifiers and analytics data may continue to be collected automatically to ensure system integrity, error detection, and performance optimization.

4.3 Information obtained from third parties

●

Authentication providers: where you sign in via Google or Facebook, we receive your public profile information and email as permitted by those providers and by you.

●

Analytics and telemetry from third-party providers including Google Analytics, Microsoft Clarity and Google Search Console.

●

Payment processors: transaction confirmations and settlement metadata from Stripe, PayPal, Paytm and PayU.

●

Information from Organizers or third parties where you interact with their event pages or services.

●

Publicly available sources and third-party data enrichment services where permitted.

The categories listed are illustrative and not exhaustive; AllEvents may process other categories of Personal Data as necessary for the purposes described in this Policy.

5. PURPOSES OF PROCESSING

AllEvents processes Personal Data to operate and improve its Platform, including to:

●

Create and manage user accounts and event registrations;

●

Process payments and verify transactions;

●

Ensure system integrity, performance, and fraud prevention;

●

Conduct analytics and product optimization;

●

Communicate with users regarding services, updates, and support;

●

Comply with applicable laws and regulations.

Processing of analytics and technical information collected through cookies or equivalent technologies is conducted based on AllEvents' legitimate interests to ensure the functionality, security, and performance of its Platform.

6. LAWFUL BASES FOR PROCESSING

AllEvents processes Personal Data only when it has a lawful basis to do so under applicable data protection laws, including but not limited to the General Data Protection Regulation (EU 2016/679) ("GDPR"), the United Kingdom Data Protection Act 2018 ("UK GDPR"), the Lei Geral de Proteção de Dados ("LGPD") of Brazil, the Digital Personal Data Protection Act 2023 ("DPDP Act") of India, the Personal Information Protection and Electronic Documents Act ("PIPEDA") of Canada, and the California Consumer Privacy Act / California Privacy Rights Act ("CCPA / CPRA") of the United States.

The lawful bases on which AllEvents relies, depending on the context of processing, are described below:

6.1 Performance of a Contract

Processing is lawful where it is necessary for the performance of a contract to which the data subject is a party, or to take steps at the data subject's request prior to entering into a contract. This includes, without limitation:

●

registering users and maintaining accounts;

●

facilitating event discovery, ticketing, and attendance;

●

processing and reconciling payments;

●

providing customer support; and

●

delivering services requested by Organizers and attendees.

Under the DPDP Act and similar frameworks, this corresponds to processing required for the provision of a service lawfully requested by the Data Principal.

6.2 Compliance with Legal Obligations

Processing is lawful where it is necessary to comply with a legal or regulatory obligation to which AllEvents is subject, including:

●

accounting, audit, and tax record-keeping requirements;

●

compliance with law-enforcement or governmental requests;

●

fraud prevention, anti-money-laundering, and financial-reporting obligations; and

●

retention or disclosure mandated by applicable laws or court orders.

Such processing is carried out under Article 6(1)(c) GDPR and equivalent statutory provisions in other jurisdictions.

6.3 Legitimate Interests

Processing is lawful where it is necessary for the purposes of legitimate interests pursued by AllEvents or by a third party, except where such interests are overridden by the fundamental rights and freedoms of the data subject.

AllEvents relies on legitimate interests, within the meaning of Article 6(1)(f) GDPR and comparable provisions under the LGPD, DPDP Act, and PIPEDA, for the following types of processing:

●

ensuring the functionality, security, and performance of the Platform;

●

monitoring and analyzing usage to improve features and user experience;

●

detecting, preventing, and addressing fraud, abuse, or security threats;

●

maintaining business continuity and internal operations;

●

conducting aggregated analytics and statistical reporting; and

●

contacting users with administrative or operational communications.

Where applicable law requires a balancing test, AllEvents has assessed that such processing does not materially prejudice the privacy rights of individuals and that the data processed is proportionate to the purposes described.

Analytics and technical tracking carried out through cookies or equivalent identifiers are also processed under this legitimate-interest basis, as they are strictly limited to operational and performance measurement purposes and do not involve personalized advertising or profiling.

6.4 Consent

Processing based on freely given, specific, informed, and unambiguous consent is carried out only where required by law—for example, for direct marketing communications or optional data submissions.

Users may withdraw consent at any time by contacting privacy@allevents.in or by using the unsubscribe or preference-management mechanisms provided in communications.

Withdrawal of consent will not affect the lawfulness of processing performed prior to withdrawal.

Under the DPDP Act, withdrawal of consent does not affect any processing lawfully undertaken before such withdrawal or any processing that remains necessary for legitimate purposes.

6.5 Protection of Vital Interests

Processing may occur when necessary to protect the vital interests of the data subject or another natural person, such as preventing harm or ensuring safety at an event.

6.6 Legal Claims and Enforcement

Processing may also occur as necessary for the establishment, exercise, or defence of legal claims, dispute resolution, or enforcement of contractual rights.

6.7 Public Interest or Official Authority

Where applicable, processing may be carried out for reasons of public interest or the exercise of official authority vested in AllEvents, in compliance with the relevant provisions of the GDPR Article 6(1)(e) or equivalent statutes.

7. DATA SHARING, DISCLOSURE AND RECIPIENTS

AllEvents shares Personal Data only as necessary for the purposes described in this Policy. Our use of third-party tools and integrations does not create a data-processing relationship in every instance.

Certain providers—such as payment gateways, analytics platforms, and hosting services—act as independent controllers under their own privacy and compliance frameworks.

AllEvents does not control or assume responsibility for their independent processing of Personal Data, which is subject to their respective privacy policies.

7.1 Service Providers / Processors. We disclose Personal Data to third-party service providers who perform services on our behalf under written contracts that require them to process Personal Data in accordance with this Policy and Applicable Law. Categories include:

●

Cloud hosting and infrastructure (e.g., AWS, Hetzner, DigitalOcean);

●

Payment processors and settlement services (Stripe, PayPal, Paytm, PayU);

●

Analytics and performance providers (Google Analytics, Microsoft Clarity, Google Search Console);

●

Customer support, email and messaging services;

●

Backup, logging, and monitoring providers;

●

Fraud detection and anti-money laundering vendors.

Such Processors are subject to contractual controls (DPAs), technical and organizational safeguards and are permitted to Process Personal Data only in accordance with our instructions.

7.2 Organizers. When you register for or purchase tickets to an event, or otherwise interact with an Organizer, AllEvents will share Personal Data relevant to the event with the Organizer to enable event management, ticket fulfillment, communications and reporting. In those circumstances, the Organizer will typically be the Controller for that Personal Data and is responsible for its onward Processing. Organizers may also use their own third-party service providers; AllEvents is not responsible for Organizer privacy practices.

7.3 Legal and Regulatory Disclosures. We disclose Personal Data where required to comply with law, regulation, valid legal process, court order, subpoena, or to respond to lawful requests by public authorities, to protect the rights and safety of AllEvents, its users or the public, and to defend legal claims.

7.4 Corporate Transactions. Personal Data may be disclosed to potential or actual acquirers, merger partners, or in connection with a restructuring, amalgamation, sale of assets, financing, or other corporate transaction; in such events AllEvents will use reasonable efforts to ensure that any transferee will protect Personal Data in a manner consistent with this Policy.

7.5 Aggregated / Anonymized Data. We may share aggregated, anonymized or de-identified data that does not reasonably identify any individual for analytics, research or commercial purposes.

AllEvents use of third-party tools and integrations does not constitute a data processing relationship in every instance.

Certain third parties (such as payment gateways, analytics providers, and hosting platforms) act as independent controllers under their own privacy and compliance frameworks.

AllEvents does not control and is not responsible for their independent data practices, which are governed by their respective privacy policies.

8. INTERNATIONAL TRANSFERS

AllEvents operates globally, with infrastructure and third-party service providers located in multiple jurisdictions, including India, the United States, Canada, Brazil, and countries within the European Economic Area ("EEA").

As a result, Personal Data collected through the Platform may be transferred to, stored in, or processed in a country that does not offer the same level of data protection as the country in which the data subject resides.

AllEvents ensures that such cross-border transfers comply with applicable data-protection laws and that adequate safeguards are implemented to protect Personal Data, including:

1. Standard Contractual Clauses ("SCCs") or Equivalent Mechanisms

We take reasonable steps to ensure that your data is treated securely and in accordance with this policy, regardless of the jurisdiction in which it is processed, using appropriate safeguards as required by applicable law.

2. Service-Provider Frameworks

Certain providers used by AllEvents (for example, Amazon Web Services, Google Cloud, Stripe, and PayPal) operate under globally recognized privacy and security frameworks such as ISO 27001, SOC 2, and GDPR or DPDP compliance certifications. These frameworks constitute reasonable contractual or policy-level assurances of adequate protection.

3. Legitimate Business and Contractual Necessity

Transfers may also occur where necessary for the performance of a contract between the data subject and AllEvents (e.g., event registrations, ticket issuance, or payment processing), or to implement pre-contractual measures at the individual's request.

4. Transparency and Limitation

AllEvents transfers only the data necessary for the specific purpose and requires service providers to process such data solely for legitimate and defined operational reasons.

5. User Rights

Users may contact privacy@allevents.in to request further information about international transfers, specific safeguards in place, or copies of applicable contractual clauses (subject to confidentiality restrictions).

By using the Platform, users acknowledge that their Personal Data may be transferred to and processed in jurisdictions outside their country of residence as described above, and that such processing is necessary to enable the provision of AllEvents' services.

9. DATA RETENTION

AllEvents retains Personal Data only for as long as it is necessary to fulfill the purposes for which such information was collected, or as required to comply with applicable legal, regulatory, accounting, or contractual obligations.

The duration for which AllEvents retains specific categories of data depends on the nature of the data and the purposes for which it was collected. In general, account-related information such as user names, email addresses, and authentication credentials are retained for as long as the user maintains an active account with AllEvents. Upon account closure, such information is securely deleted or anonymized after a limited administrative period, unless retention is required for legitimate business or legal reasons.

We retain personal data only for as long as is necessary to provide our services, comply with our legal and tax obligations, resolve disputes, and enforce our agreements.

Analytics and technical data, such as cookies, telemetry logs, and usage metrics, are typically retained for a period of up to twenty-six months. Following this period, such information may be aggregated or anonymized in accordance with the retention practices of analytics providers such as Google Analytics and Microsoft Clarity. Communications data, including customer support correspondence, may be retained for up to twenty-four months from the date of the last interaction to ensure adequate service recordkeeping and quality assurance.

Marketing and subscription data collected on the basis of consent are retained until the user withdraws consent or unsubscribes from further communications. Data retained for compliance, enforcement, or legal defense purposes will be kept for as long as reasonably necessary to establish, exercise, or defend potential legal claims or to comply with statutory record-keeping requirements.

Once the applicable retention period expires, AllEvents will either delete, anonymize, or aggregate the Personal Data so that it can no longer be linked to an identifiable individual. AllEvents periodically reviews its data holdings and applies technical and organizational controls to ensure that Personal Data is not retained beyond the period necessary for its intended purpose.

Users who wish to request the deletion of their Personal Data or who seek further information about specific retention periods may contact the AllEvents Data Protection Officer at privacy@allevents.in. All requests will be reviewed and responded to in accordance with applicable data protection laws and the legitimate operational requirements of the Platform.

10. COOKIES AND TRACKING TECHNOLOGIES (UPDATED TRANSPARENCY VERSION)

Our Platform uses cookies and similar technologies ("Cookies") for operational, analytical, and performance purposes. Cookies are small text files or similar data identifiers stored on your browser or device when you access the Platform.

10.1 Use of Cookies

We use Cookies and other tracking tools to:

●

Operate, secure, and authenticate your session;

●

Analyze usage patterns and traffic flows across pages;

●

Improve Platform stability and performance;

●

Detect errors, fraud, or abnormal behavior.

We do not use cookies for personalized advertising or tracking across third-party websites.

10.2 Automatic Operation

Cookies and similar identifiers are placed automatically when you access our Platform. At this time, AllEvents does not provide a mechanism to prevent the placement of analytics or functional cookies, even if a user disables cookies in their browser or selects "Reject Cookies" on any notice.

While users may manage cookies through their browser settings, our Platform may still store limited identifiers or collect analytics data through alternative technical means (e.g., local storage or session logs). These are necessary for legitimate operational and performance purposes.

10.3 Legal Basis for Processing

AllEvents processes cookie data under its legitimate interest (Article 6(1)(f) GDPR and equivalent provisions under the DPDP Act, LGPD, and PIPEDA) to ensure the security, functionality, and proper performance of the Platform.

Users may object to such processing at any time by contacting privacy@allevents.in. We will evaluate such objections in accordance with applicable law.

10.4 Third-Party Analytics

We use third-party analytics tools such as Google Analytics, Microsoft Clarity, and Google Search Console. These providers may collect usage data independently for their own analytics and improvement purposes. Their privacy policies govern such data handling.

10.5 Continued Use

By continuing to access or use our Platform after being notified of our cookie practices, you consent to the use of cookies and similar technologies as described in this Policy.

If you do not agree, you should discontinue using the Platform.

11. DATA SUBJECT RIGHTS AND HOW TO EXERCISE THEM

Individuals have the right to exercise certain privacy and data protection rights in accordance with applicable laws, which may include the rights of access, rectification, erasure, restriction, data portability, and objection to processing. These rights may vary depending on the individual's jurisdiction.

Requests to exercise these rights may be submitted by contacting privacy@allevents.in or, where available, through AllEvents' Privacy Request Form. Before responding, AllEvents may take reasonable steps to verify the identity and authority of the requesting party to protect against unauthorized disclosures.

AllEvents will respond to valid and verifiable requests within the timeframes prescribed by applicable law (for example, within one month under the GDPR), subject to permissible extensions and lawful exemptions. Requests may be denied or limited where required to comply with legal or regulatory obligations, prevent fraud or abuse, protect legitimate business interests, or fulfill contractual necessities.

For California residents, additional information regarding specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), as well as instructions for exercising those rights, can be found in Section 14.B (CCPA/CPRA Addendum) of this Policy.

Users may object to the processing of their Personal Data, including analytics or tracking-based processing, at any time by contacting AllEvents. Such objections will be honored to the extent technically and operationally feasible; however, certain limited technical or security-related data (for example, server logs or essential telemetry) may continue to be collected and processed as necessary to maintain the functionality, integrity, and security of the Platform.

12. SECURITY MEASURES

AllEvents implements administrative, technical and organizational security measures designed to protect Personal Data against unauthorized access, alteration, disclosure or destruction. Such measures include:

●

Encryption of data in transit using TLS and encryption of certain data at rest;

●

Role-based access controls; principle of least privilege for internal personnel;

●

Multi-factor authentication for administrative and sensitive access;

●

Network security controls, firewalls and intrusion detection systems;

●

Regular security testing, vulnerability scanning and third-party audits;

●

Data minimization, logging and monitoring of access to Personal Data;

●

Incident response planning and breach notification procedures.

Despite reasonable safeguards, no security controls can provide absolute security. In the event of a data breach that is likely to result in a risk to data subject rights and freedoms, AllEvents will follow applicable breach notification obligations and notify affected data subjects and supervisory authorities as required by Applicable Law.

13. CHILDREN'S PRIVACY

The Platform is not directed to children and AllEvents does not knowingly collect Personal Data from children under the ages required by Applicable Law (including under 13 for COPPA in the United States, under 16 for GDPR where applicable, and under 18 where applicable under DPDP). If AllEvents becomes aware that Personal Data of a minor has been collected without required parental or guardian consent, we will take reasonable steps to delete such information. Parents or guardians who believe their child under the applicable age has provided Personal Data may contact privacy@allevents.in.

14. LOCAL ADDENDA (JURISDICTIONAL PROVISIONS)

The following Addenda provide supplementary rights and specific disclosures for Users in certain jurisdictions. They form part of this Policy for Users in those jurisdictions.

A. European Economic Area (EEA) and United Kingdom — GDPR / UK GDPR Addendum

Data Controller: AllEvents Informations Private Limited is the Controller for the Processing described in this Policy. For EU/EEA data subjects, communications concerning data protection may be directed to privacy@allevents.in.

Lawful Bases: We process Personal Data under the lawful bases set out in Section 6 and as otherwise permitted by EU/UK law.

Data Subject Rights: EU/UK data subjects have the rights specified in Section 11 and may lodge complaints with their local supervisory authority (for example, the UK's Information Commissioner's Office (ICO) or the relevant national Data Protection Authority).

Data Transfers: For transfers of Personal Data outside the EEA/UK, AllEvents relies on appropriate safeguards such as SCCs, EU Commission or UK adequacy findings, or other mechanisms permitted under the GDPR/UK GDPR. Where required, AllEvents will provide access to the relevant SCCs or transfer documentation upon request.

Automated Decision-making / Profiling: AllEvents does not engage in automated decision-making with legal or similarly significant effects. To the extent that automated profiling is introduced, appropriate notices and rights to human intervention will be provided.

B. California — CCPA / CPRA Addendum

Applicability: This addendum applies to California residents as defined by the CCPA/CPRA.

Categories of Personal Information Collected: See Section 4 for categories and examples of Personal Data collected in the last 12 months.

Consumer Rights:

●

Right to Know / Access: California residents may request disclosure of categories, sources, purposes and recipients of Personal Data gathered over the last 12 months, and specific pieces of Personal Data.

●

Right to Delete: California residents may request deletion of Personal Data subject to exceptions permitted by law (e.g., legal obligations, completion of transactions, fraud prevention).

●

Right to Correct: California residents may request correction of inaccurate Personal Data.

●

Right to Opt-Out: California residents have the right to opt out of "sale" or "sharing" of Personal Data (as defined by the CCPA/CPRA). AllEvents does not sell or share Personal Data for monetary consideration.

●

Right to Non-Discrimination: Exercising privacy rights will not result in discrimination.

Verification and Submission: Requests must be submitted to privacy@allevents.in and will be subject to verification measures to confirm identity. For authorized agents, appropriate authorization documentation is required.

Do Not Sell / Do Not Share: Although AllEvents does not sell or share Personal Data, if practices change, an opt-out mechanism and notice will be implemented in accordance with CCPA/CPRA requirements.

Additional California Disclosures: Upon verifiable request, AllEvents will disclose applicable information regarding Personal Data practices as required under CCPA/CPRA.

C. Canada — PIPEDA Addendum

Accountability: AllEvents is accountable for Personal Data under its control and designates privacy@allevents.in as its contact point.

Consent: Consent for collection, use and disclosure of Personal Data is obtained at the time of collection and may be express or implied depending on context; explicit consent is obtained for marketing.

Access and Correction: Canadian residents may request access to or correction of Personal Data by contacting privacy@allevents.in.

Safeguards and Retention: Retention follows the timelines in Section 9.

Recourse: Complaints may be raised with AllEvents first; unresolved complaints may be directed to the Office of the Privacy Commissioner of Canada.

D. Brazil — LGPD Addendum

Controller: AllEvents is the Controller for Processing undertaken in relation to the Platform.

Legal Bases: We rely on legal bases recognized under LGPD (consent, contract, legal obligation, legitimate interest, protection of credit, among others) in accordance with Article 7 and Article 11 of LGPD.

Data Subject Rights: Brazilian data subjects have rights of access, correction, anonymization, portability, deletion, revocation of consent, and information on shared personal data. Requests may be directed to privacy@allevents.in.

International Transfers: Cross-border transfers are conducted in compliance with LGPD; AllEvents will ensure contractual and technical safeguards as required by the National Data Protection Authority (ANPD).

Regulatory Contact: Complaints may be lodged with ANPD where appropriate.

E. India — DPDP Act 2023 Addendum

Data Fiduciary: AllEvents acts as a Data Fiduciary for Processing governed by this Policy.

Lawful Processing and Consent: Personal Data is processed for lawful purposes and, where necessary, upon the free, informed, specific and unambiguous consent of the Data Principal. Consent may be withdrawn by contacting privacy@allevents.in.

Rights of Data Principals: Data Principals have rights to access, correction, erasure, portability, withdraw consent and grievance redressal; AllEvents will act on verifiable requests within prescribed timelines.

Grievance Redressal: Complaints to privacy@allevents.in are acknowledged within seven (7) days and resolved within thirty (30) days, barring reasonable extensions for complexity or lawful exceptions.

Cross-Border Transfers: Transfers are permitted where not restricted by applicable Indian law; equivalent protections and contractual safeguards will be applied.

Retention and Purpose Limitation: Personal Data is retained only for necessary purposes and as required by law.

15. USE OF THIRD-PARTY SERVICE PROVIDERS

AllEvents uses trusted third-party service providers and technology platforms to enable certain functions of the Platform, including hosting, payment processing, analytics, and customer support.

These third parties process information under their own privacy terms and regulatory obligations.

AllEvents does not directly control and is not responsible for the privacy practices of such third parties.

AllEvents evaluates its vendors and tools for security and reliability before use, and only integrates services that provide reasonable assurances of compliance with applicable privacy and data protection laws.

Where legally required, AllEvents may enter into contractual arrangements with service providers to ensure appropriate safeguards for data handling and protection. However, AllEvents does not maintain separate Data Processing Agreements with every service provider or tool used in connection with the Platform.

16. OPT-OUTS AND MARKETING COMMUNICATIONS

AllEvents will send marketing communications where we have obtained user consent or where such communications are otherwise permitted by Applicable Law. Marketing messages include event recommendations, promotional offers and newsletters. Users may opt out of marketing by following the unsubscribe link in marketing emails or by contacting privacy@allevents.in.

Opting out does not affect transactional or service-related communications (e.g., ticket confirmations), unless otherwise requested.

17. CHANGES TO THIS POLICY

AllEvents reserves the right to update or modify this Policy at any time. Material changes will be notified via email or prominent notice on the Platform. The "Last Updated" date at the top of this Policy indicates the most recent revision. Continued use of the Platform after such updates constitutes acceptance of the revised Policy.

18. CONTACT, COMPLAINTS AND DPO

Data Protection Officer (DPO) / Privacy Contact:

AllEvents Informations Private Limited
1402, 14th Floor, Capstone, Kalgi Cross Road, Near Chirag Motors, Parimal Garden, Ahmedabad, Gujarat, India.
Email: privacy@allevents.in

Data Subjects with questions or complaints regarding privacy should contact the DPO. Where not resolved, Data Subjects may lodge complaints with the competent supervisory authority in their jurisdiction.

19. GOVERNING LAW AND JURISDICTION

This Policy shall be governed by and construed in accordance with the laws of India. Any dispute arising out of or relating to this Policy shall be subject to the exclusive jurisdiction of the courts of Ahmedabad, Gujarat, India.