Your privacy matters to us. This Policy explains what personal data we collect, why we collect it, how we use and share it, and the rights you have over it. Please read this Policy carefully. By using the VeniVibe Platform, you acknowledge that you have read and understood it.
| Topic | Summary |
|---|---|
| Who we are | VeniVibe, Inc. — a global event marketplace technology platform |
| What data we collect | Account info, purchase data, event preferences, device & usage data, payment details, and communications |
| Why we collect it | To operate the Platform, process transactions, personalize your experience, and comply with law |
| Who we share data with | Event Organizers, payment processors, SMS/email providers, analytics partners, and law enforcement where required |
| Do we sell your data? | No. VeniVibe does not sell personal data to third parties for their own commercial purposes |
| How long we keep data | As long as necessary for the purposes described in this Policy, or as required by law |
| Your rights | Access, correction, deletion, portability, objection, and opt-out rights (jurisdiction-dependent) |
| Contact us | privacy@venivibe.com | Data Protection Officer: dpo@venivibe.com |
VeniVibe, Inc. ("VeniVibe," "we," "us," or "our") is the data controller responsible for your personal data collected through the VeniVibe platform, website, mobile applications, and related services (collectively, the "Platform"). VeniVibe is incorporated and existing under applicable law and operates as a global event marketplace connecting event organizers with event attendees.
VeniVibe has designated a Data Protection Officer ("DPO") to oversee compliance with applicable data protection laws. You may contact the DPO at any time with questions, concerns, or requests regarding this Privacy Policy or VeniVibe's data processing practices:
Data Protection Officer — VeniVibe, Inc.
Email: dpo@venivibe.com
Privacy: privacy@venivibe.com
For users located in the European Union or the United Kingdom, VeniVibe has appointed a representative within the EU/UK for the purposes of the General Data Protection Regulation (GDPR) and UK GDPR respectively.
This Privacy Policy applies to all individuals who interact with the Platform, including: (a) registered users who create an account on the Platform ("Registered Users"); (b) event attendees who purchase or use Tickets through the Platform ("Attendees"); (c) event organizers, vendors, and promoters who list Events on the Platform ("Organizers"); and (d) unregistered visitors who browse the Platform without creating an account ("Visitors"). Where this Policy distinguishes between categories of users, the relevant provisions will be clearly identified.
This Policy does not apply to third-party websites, services, or applications that may be linked to or integrated with the Platform. VeniVibe is not responsible for the privacy practices of such third parties, and we encourage you to review their privacy policies independently.
When you use the Platform, you may provide us with the following categories of personal data:
When you access or use the Platform, we automatically collect certain technical and behavioral data, including:
We may receive personal data about you from the following third-party sources:
VeniVibe does not intentionally collect sensitive categories of personal data (such as health data, racial or ethnic origin, religious beliefs, or biometric data) unless you voluntarily provide such information (for example, dietary or accessibility requirements for event planning). Where sensitive data is provided, it will be processed only for the specific purpose for which it was provided and will not be used for any other purpose without your explicit consent.
VeniVibe processes your personal data for the following purposes and relies on the following legal bases under applicable data protection law (including the GDPR):
| Purpose of Processing | Legal Basis (GDPR Art. 6) |
|---|---|
| Creating and managing your account | Performance of a contract (Art. 6(1)(b)) |
| Processing ticket purchases and payments | Performance of a contract (Art. 6(1)(b)) |
| Sending transactional communications (booking confirmations, event reminders, account alerts) | Performance of a contract (Art. 6(1)(b)) |
| Verifying identity and conducting KYC/AML checks (Organizers) | Legal obligation (Art. 6(1)(c)) |
| Complying with tax, regulatory, and legal obligations | Legal obligation (Art. 6(1)(c)) |
| Fraud prevention, risk management, and platform security | Legitimate interests (Art. 6(1)(f)) |
| Personalizing event recommendations and platform experience | Legitimate interests (Art. 6(1)(f)) / Consent where required |
| Sending marketing and promotional communications | Consent (Art. 6(1)(a)) |
| Analytics, product improvement, and platform development | Legitimate interests (Art. 6(1)(f)) |
| Sharing data with Event Organizers for event management | Performance of a contract (Art. 6(1)(b)) |
| Responding to legal process and law enforcement requests | Legal obligation (Art. 6(1)(c)) |
| Enforcing our Terms and Conditions | Legitimate interests (Art. 6(1)(f)) |
Where we rely on legitimate interests as our legal basis for processing, VeniVibe has conducted a balancing test to ensure that our interests do not override your fundamental rights and freedoms. Our legitimate interests include operating and improving the Platform, preventing fraud and abuse, ensuring the security of our systems, and enforcing our legal rights. You have the right to object to processing based on legitimate interests as described in Section 10.
VeniVibe uses automated systems for fraud detection and risk management purposes, which may result in automated decisions that affect your ability to complete transactions or access certain Platform features (for example, flagging a transaction as potentially fraudulent). Where such automated decisions produce legal or similarly significant effects on you, you have the right to request human review of the decision by contacting privacy@venivibe.com. VeniVibe does not use personal data for fully automated profiling that produces legal effects without human oversight.
When you purchase a Ticket to an Event, VeniVibe shares the following personal data with the applicable Event Organizer as necessary to fulfill your purchase and enable the Organizer to manage the Event: your name, email address, ticket order details, attendance status, and any accessibility or dietary preferences you have provided. Event Organizers are independent data controllers with respect to this data and their processing is governed by their own privacy policies. VeniVibe is not responsible for the data practices of Event Organizers.
VeniVibe shares personal data with third-party service providers who process data on our behalf ("Data Processors") for the following purposes:
All Data Processors are bound by data processing agreements that require them to process personal data only on VeniVibe's instructions, implement appropriate security measures, and comply with applicable data protection law.
In the event of a merger, acquisition, corporate restructuring, sale of assets, or other business combination, personal data held by VeniVibe may be transferred to the successor entity as part of that transaction. VeniVibe will provide notice of any such transfer that results in a material change to this Privacy Policy, and you will have the opportunity to exercise your data subject rights in connection with such transfer.
VeniVibe may disclose personal data to law enforcement agencies, regulatory authorities, courts, or other governmental bodies where required to do so by applicable law, legal process, or binding court order; where necessary to protect VeniVibe's legal rights or to defend against legal claims; where necessary to detect, prevent, or investigate fraud, security breaches, or other illegal activity; or where necessary to protect the vital interests of any individual.
VeniVibe does not sell, rent, or license personal data to third parties for their own marketing or commercial purposes. This commitment applies to all users, including California residents under the California Consumer Privacy Act (CCPA) and its amendments under the California Privacy Rights Act (CPRA).
VeniVibe operates globally, and your personal data may be transferred to, stored in, and processed in countries outside your country of residence, including countries that may not provide the same level of data protection as your home jurisdiction. VeniVibe takes steps to ensure that all cross-border transfers of personal data are conducted in compliance with applicable data transfer requirements.
Where personal data is transferred from the EEA or the United Kingdom to a country not recognized as providing an adequate level of data protection, VeniVibe relies on one or more of the following transfer mechanisms: (a) Standard Contractual Clauses (SCCs) approved by the European Commission and UK Information Commissioner's Office; (b) an adequacy decision by the relevant data protection authority; or (c) binding corporate rules where applicable. Copies of the applicable transfer mechanisms are available upon request by contacting privacy@venivibe.com.
For users located in other jurisdictions with cross-border data transfer restrictions, including Brazil (LGPD), India, South Korea, and other applicable countries, VeniVibe implements equivalent safeguards as required by the applicable local law to protect your personal data during international transfers.
VeniVibe retains personal data for no longer than is necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by applicable law. VeniVibe's retention periods are determined based on the nature of the data, the purpose of processing, applicable legal obligations, and business necessity.
The following general retention guidelines apply:
| Data Category | Retention Period |
|---|---|
| Account registration data | Duration of account, plus 3 years after account closure |
| Transaction and ticket purchase records | 7 years from transaction date (tax and legal compliance) |
| KYC and identity verification records (Organizers) | 5 years from account closure or last transaction, as required by AML law |
| Payment data (tokenized) | As required by payment processor and PCI-DSS standards |
| Customer support communications | 3 years from resolution of the relevant inquiry |
| Marketing consent records | Until consent is withdrawn, plus 3 years |
| Usage and analytics data (aggregated) | Up to 3 years |
| Fraud investigation records | Up to 7 years, or as required by law |
| Legal hold data | For the duration of the relevant legal proceeding or obligation |
Upon expiry of the applicable retention period, personal data is securely deleted or anonymized in accordance with VeniVibe's data disposal procedures. Anonymized data (from which all identifying information has been irreversibly removed) may be retained indefinitely for analytics and product development purposes and is not subject to data subject rights under applicable data protection law.
VeniVibe implements appropriate technical and organizational security measures designed to protect personal data against unauthorized access, accidental loss, destruction, alteration, or disclosure. These measures include, without limitation: encryption of personal data in transit (using TLS/SSL protocols) and at rest; access controls and authentication requirements for internal systems; regular security assessments and penetration testing; vendor due diligence and security requirements in contracts with Data Processors; and employee training on data protection and security practices.
VeniVibe does not store raw payment card numbers on its systems. All payment card data is processed and tokenized by PCI-DSS compliant payment processors. VeniVibe maintains PCI-DSS compliance as a merchant and takes commercially reasonable steps to ensure the security of payment transactions processed through the Platform.
In the event of a personal data breach that poses a risk to the rights and freedoms of individuals, VeniVibe will notify the relevant supervisory authority within seventy-two (72) hours of becoming aware of the breach, as required by the GDPR and equivalent laws. Where a breach is likely to result in a high risk to your rights and freedoms, VeniVibe will also notify you directly without undue delay. VeniVibe maintains a data breach response plan and conducts regular tests and drills of its incident response procedures.
While VeniVibe takes commercially reasonable steps to protect your personal data, no method of transmission over the internet or method of electronic storage is completely secure. VeniVibe cannot guarantee the absolute security of personal data and is not responsible for unauthorized access, disclosure, or loss resulting from circumstances beyond its reasonable control. You should take steps to protect your own account credentials and notify us immediately of any suspected unauthorized access to your account.
The Platform is not directed to individuals under the age of sixteen (16) years (or such higher age as may be required under applicable law in your jurisdiction). VeniVibe does not knowingly collect personal data from children under the applicable minimum age. If VeniVibe becomes aware that it has collected personal data from a child below the applicable minimum age without verifiable parental or guardian consent, it will take steps to delete such data as soon as practicable.
Certain Events listed on the Platform may be restricted to individuals of a minimum age. It is the responsibility of the Event Organizer to implement appropriate age verification measures for age-restricted Events. If you believe that a child has provided personal data to VeniVibe without appropriate parental consent, please contact us at privacy@venivibe.com.
Subject to applicable law and certain exceptions, you have the following rights with respect to your personal data processed by VeniVibe:
| Right | What It Means |
|---|---|
| Right of Access | You may request a copy of the personal data we hold about you and information about how we process it. |
| Right to Rectification | You may request correction of inaccurate or incomplete personal data we hold about you. |
| Right to Erasure | You may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, or where you withdraw consent and no other legal basis applies. |
| Right to Restriction | You may request that we restrict processing of your personal data in certain circumstances, such as while we verify the accuracy of data you have contested. |
| Right to Data Portability | You may request a copy of personal data you have provided to us in a structured, commonly used, machine-readable format, and request that we transmit it to another controller where technically feasible. |
| Right to Object | You may object to processing of your personal data where it is based on legitimate interests. You may also object to processing for direct marketing purposes at any time. |
| Right to Withdraw Consent | Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal. |
| Right Not to Be Subject to Automated Decisions | You may request human review of any automated decision that produces legal or similarly significant effects on you. |
To exercise any of the rights described above, please submit a written request to VeniVibe's Privacy Office at privacy@venivibe.com or through the data subject request form available on the Platform. To protect your privacy and security, we may require you to verify your identity before fulfilling your request. We will respond to verified requests within thirty (30) calendar days, or within the timeframe required by applicable law. In complex cases, we may extend the response period by an additional sixty (60) days with prior notice.
Certain data subject rights are subject to limitations and exemptions under applicable law. For example, we may be unable to delete data that we are required to retain for legal or regulatory compliance purposes, or data that is necessary to defend against legal claims. Where we are unable to fulfill a request, we will provide a written explanation of the reasons.
If you believe that VeniVibe has processed your personal data in violation of applicable data protection law, you have the right to lodge a complaint with the relevant data protection supervisory authority in your jurisdiction. For EU users, this includes the supervisory authority in your EU member state of habitual residence. For UK users, this is the Information Commissioner's Office (ICO). VeniVibe encourages you to contact us directly in the first instance so that we have the opportunity to address your concerns.
If you are a resident of the State of California, you have the following additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
To submit a CCPA/CPRA rights request, please contact us at privacy@venivibe.com. You may designate an authorized agent to make requests on your behalf by providing written authorization.
EU and UK residents benefit from all rights described in Section 10 of this Policy, which are fully aligned with GDPR and UK GDPR requirements. The legal bases for processing personal data are described in Section 4.1. For data transfers outside the EEA and UK, see Section 6. Your supervisory authority contact details for the EU are available at https://edpb.europa.eu/. For UK residents, the supervisory authority is the Information Commissioner's Office (ICO) at https://ico.org.uk/.
If you are located in Brazil, you have rights under the Lei Geral de Proteção de Dados (LGPD), including the right to access, correct, anonymize, block, delete, port, and receive information about the sharing of your personal data. You also have the right to revoke consent, where processing is based on consent, and to lodge a complaint with the Autoridade Nacional de Proteção de Dados (ANPD). To exercise your LGPD rights, please contact privacy@venivibe.com.
VeniVibe is committed to respecting applicable privacy laws in all jurisdictions in which it operates, including but not limited to Canada (PIPEDA and provincial privacy laws), Australia (Privacy Act 1988), Singapore (PDPA), Japan (APPI), and South Korea (PIPA). If you have questions about your rights under the law of your jurisdiction, please contact privacy@venivibe.com.
With your consent (where required by applicable law), VeniVibe may send you marketing communications about events, promotions, platform features, and other content that may be of interest to you. We may deliver marketing communications by email, SMS, push notification, or in-app messaging.
You may opt out of marketing communications at any time by: (a) clicking the "Unsubscribe" or "Opt Out" link included in any marketing email; (b) replying "STOP" to any marketing SMS; (c) adjusting your notification preferences in your account settings; or (d) contacting us at privacy@venivibe.com. Please note that opting out of marketing communications does not affect your receipt of transactional communications necessary for account management and ticket purchases.
Some browsers transmit "Do Not Track" (DNT) signals to websites. Due to the lack of a uniform standard for interpreting DNT signals, VeniVibe does not currently respond to DNT signals. You may, however, manage your cookie preferences as described in Section 14 of this Policy.
The Platform may contain links to third-party websites, services, and applications, including social media platforms, payment processors, and event venue websites. VeniVibe is not responsible for the privacy practices, content, or data security of such third parties. When you navigate away from the Platform to a third-party site or service, your interactions are governed by that third party's privacy policy. We encourage you to review the privacy policies of any third-party services you use.
Where the Platform integrates with third-party services (such as social login providers or map services), those providers may collect data about your use of the Platform in accordance with their own privacy policies. VeniVibe enters into data processing agreements with third-party service providers who act as Data Processors on our behalf, as described in Section 5.2.
VeniVibe uses the following categories of cookies and similar tracking technologies on the Platform:
| Cookie Category | Purpose |
|---|---|
| Strictly Necessary | Essential for the Platform to function. These cookies enable core functions such as account login, session management, and secure payment processing. They cannot be disabled. |
| Functional / Preference | Remember your preferences and settings (such as language, region, and notification preferences) to provide a personalized experience. |
| Analytics / Performance | Collect information about how you use the Platform, including pages visited, time spent, and errors encountered, to help us understand and improve Platform performance. |
| Marketing / Targeting | Used to deliver relevant advertisements and promotions to you based on your interests and browsing activity. Require your consent where applicable law mandates it. |
| Third-Party / Social Media | Set by third-party services (such as social media share buttons and embedded maps) and governed by those third parties' cookie policies. |
When you first access the Platform from a jurisdiction where consent for non-essential cookies is required, you will be presented with a cookie consent banner that allows you to accept or decline non-essential cookies and manage your preferences by category. You may update your cookie preferences at any time through the Platform's cookie settings, accessible via the "Cookie Preferences" link in the Platform footer.
You may also manage cookies through your browser settings; however, disabling cookies through your browser may affect the functionality of the Platform. For more information about managing cookies, visit www.aboutcookies.org or www.allaboutcookies.org.
Session cookies expire when you close your browser. Persistent cookies remain on your device for a set period (as specified in our cookie settings tool) or until you delete them. You may delete cookies from your device at any time through your browser settings.
Event Organizers who use the Platform to create and manage Events are both data controllers in their own right (with respect to Attendee data they collect) and data subjects with respect to the personal data VeniVibe collects about them for platform operation purposes. VeniVibe's collection and processing of Organizer personal data is governed by this Privacy Policy and, where applicable, the Organizer Data Processing Agreement that forms part of the Vendor Terms and Conditions.
VeniVibe and its third-party KYC providers collect identity verification and business registration data from Organizers as part of our compliance obligations under applicable AML, fraud prevention, and payment processing laws and regulations. This data is processed in accordance with applicable law and retained for the periods required by such law. Organizers have the right to access and correct their KYC data by contacting privacy@venivibe.com, subject to applicable legal restrictions.
Organizers who receive Attendee data through the Platform are independently responsible for complying with applicable data protection laws with respect to such data. VeniVibe's Vendor Terms and Conditions impose restrictions on the use of Attendee data by Organizers, including prohibitions on selling Attendee data or using it for purposes unrelated to the relevant Event. VeniVibe is not responsible for an Organizer's non-compliance with applicable data protection law.
VeniVibe may update this Privacy Policy from time to time to reflect changes in our data processing practices, the Platform, or applicable law. When we make material changes to this Policy, we will notify you by: (a) posting a revised version of this Policy on the Platform with an updated "Effective Date"; (b) sending an email notification to your registered account address; and/or (c) displaying a prominent notice on the Platform. We encourage you to review this Policy periodically.
Your continued use of the Platform following the effective date of a revised Privacy Policy constitutes your acknowledgment of the changes. If you do not agree to a material change, you should discontinue use of the Platform and may request deletion of your personal data as described in Section 10.
For any questions, concerns, or requests relating to this Privacy Policy or VeniVibe's data processing practices, please contact us using the following channels:
VeniVibe, Inc. — Privacy Office
General Privacy Inquiries: privacy@venivibe.com
Data Protection Officer: dpo@venivibe.com
Data Subject Requests: privacy@venivibe.com
Security Incidents: security@venivibe.com
We aim to respond to all privacy-related inquiries within thirty (30) calendar days. For complex requests or those involving multiple jurisdictions, the response period may be extended by up to sixty (60) additional days, with prior written notice.
This Privacy Policy is effective as of the date indicated on the cover page. It supersedes all prior versions of VeniVibe's privacy policy. If you have any questions about this Policy or your privacy rights, please contact us at privacy@venivibe.com.