Contents
- Who We Are
- Information We Collect
- How We Collect Information
- How We Use Your Information
- Legal Basis for Processing
- Sharing of Information
- Payment & Financial Data
- Cookies & Tracking
- Data Retention
- Data Security
- Your Rights
- Children's Privacy
- International Transfers
- Third-Party Links
- Event Organiser Responsibilities
- Marketing Communications
- Changes to This Policy
- Contact Us
01 Who We Are
Bookarlo is an online event discovery and ticketing platform operated by Rasajay Bookarlo Digital Pvt. Ltd., registered in India. Our platform connects event organisers with attendees across concerts, conferences, workshops, sports events, and more.
For the purposes of data protection law, Bookarlo acts as both a data controller (for user account data) and a data processor (when processing attendee data on behalf of event organisers).
Website: https://bookarlo.com
Registered Address: Rasajay Bookarlo Digitak Pvt. Ltd.., Kerela, India
02 Information We Collect
We collect several categories of personal information depending on your use of the platform:
| Category | Examples | Required? |
|---|---|---|
| Identity Data | Full name, username, date of birth, gender | Yes |
| Contact Data | Email address, phone number, postal address | Yes |
| Account Data | Password (hashed), profile photo, preferences | Yes |
| Booking Data | Events booked, ticket types, seat numbers, QR codes | Yes |
| Payment Data | Partial card details, billing address, transaction IDs | Yes |
| Communication Data | Support messages, reviews, chat logs | Optional |
| Technical Data | IP address, browser type, device ID, OS, cookies | Automatic |
| Usage Data | Pages visited, search queries, time on site, clicks | Automatic |
| Location Data | City/region (from IP or opt-in GPS) | Optional |
| Social Data | Profile data from Google/Facebook login (if used) | Optional |
| Organiser Data | Business name, GST/PAN, bank account details, event details | Organisers only |
We do not collect sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data unless specifically required for a particular event (e.g. age-verified events) and you have given explicit consent.
03 How We Collect Information
We collect your information through:
- Direct interactions: When you register an account, book tickets, list an event, fill out forms, or contact support.
- Automated technologies: Cookies, web beacons, pixels, and server logs automatically collect technical and usage data as you navigate our platform.
- Third-party sources: Social login providers (Google, Facebook), payment processors, analytics services, and fraud prevention partners may share data with us.
- Event organisers: Organisers may upload attendee lists or share information about ticket purchasers for events hosted on Bookarlo.
- Public sources: Publicly available information such as social media profiles when relevant.
04 How We Use Your Information
We use the personal information we collect for the following purposes:
- Account management: Creating and managing your Bookarlo account, verifying your identity, and maintaining account security.
- Booking fulfilment: Processing ticket purchases, issuing booking confirmations, and generating QR code entry passes.
- Payment processing: Charging the correct amount, processing refunds, and detecting fraudulent transactions.
- Event communications: Sending booking confirmations, event reminders, cancellation notices, and important updates about events you have booked.
- Customer support: Responding to your queries, resolving disputes, and improving support quality.
- Platform improvement: Analysing usage patterns to improve features, performance, and user experience.
- Personalisation: Recommending events based on your interests, location, and past bookings.
- Marketing: Sending promotional emails and notifications about new events, offers, and features (with your consent where required).
- Legal compliance: Meeting obligations under Indian law, including the Information Technology Act, 2000, and applicable consumer protection laws.
- Fraud prevention & security: Detecting, investigating, and preventing fraudulent activity, abuse, or security incidents.
- Analytics & research: Understanding market trends and improving our event discovery algorithms.
- Organiser payouts: Calculating and disbursing earnings to event organisers via our payment system.
05 Legal Basis for Processing
We process your personal data only where we have a lawful basis to do so:
- Contractual necessity: Processing required to perform our contract with you (e.g. fulfilling a ticket booking).
- Consent: Where you have given clear, informed consent (e.g. marketing emails, location access).
- Legitimate interests: Where processing is in our or a third party's legitimate interests and not overridden by your rights (e.g. fraud prevention, platform analytics).
- Legal obligation: Where processing is required to comply with applicable law (e.g. tax records, law enforcement requests).
06 Sharing of Information
We do not sell, rent, or trade your personal information. We may share it in the following circumstances:
- Event Organisers: When you book a ticket, the organiser of that event receives your name, email, phone number, and booking details necessary to manage entry and communicate with attendees.
- Payment Processors: We share payment information with authorised processors (e.g. Razorpay, PayU, Stripe) who are bound by strict data security standards.
- Service Providers: Trusted vendors providing email delivery, cloud hosting, analytics, customer support, and fraud detection services — bound by data processing agreements.
- Legal Authorities: When required by law, court order, or government authority, or to protect the rights, property, or safety of Bookarlo, our users, or the public.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, subject to the same privacy protections.
- With Your Consent: For any other sharing not listed here, we will ask for your explicit consent.
All third-party processors are contractually obligated to use your data only as instructed by us and to maintain appropriate security measures.
07 Payment & Financial Data
All payment transactions on Bookarlo are processed by PCI-DSS-compliant third-party payment gateways. We do not store full credit or debit card numbers on our servers.
We retain:
- The last four digits of your card number for reference purposes
- Transaction IDs and timestamps for accounting and dispute resolution
- Billing address for fraud prevention and tax compliance
For event organisers, we collect bank account details and PAN/GST information solely for the purpose of processing payouts and complying with Indian tax regulations (TDS deduction under Income Tax Act).
08 Cookies & Tracking Technologies
We use cookies and similar technologies to operate and improve our platform. The types we use include:
| Cookie Type | Purpose | Can You Opt Out? |
|---|---|---|
| Essential | Login sessions, cart/booking state, security tokens | No (required) |
| Functional | Language preferences, remembered searches | Yes |
| Analytics | Google Analytics, page views, funnel tracking | Yes |
| Marketing | Retargeting ads, campaign performance (Meta Pixel, Google Ads) | Yes |
You can manage cookie preferences via our Cookie Settings banner on first visit or through your browser settings. Note that disabling essential cookies may prevent core features from functioning.
09 Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy, unless a longer retention period is required by law.
- Account data: Retained for the duration of your account and up to 3 years after account deletion.
- Booking records: Retained for 7 years for accounting and legal compliance purposes.
- Payment records: Retained for 7 years as required under the Companies Act and GST regulations.
- Support communications: Retained for 2 years after resolution.
- Marketing data: Retained until you unsubscribe or withdraw consent.
- Technical/log data: Retained for up to 12 months.
When data is no longer required, we securely delete or anonymise it.
10 Data Security
We implement industry-standard security measures to protect your personal information against unauthorised access, loss, or misuse:
- HTTPS encryption (TLS 1.2+) for all data in transit
- AES-256 encryption for sensitive data at rest
- Bcrypt hashing for stored passwords
- Two-factor authentication (2FA) available for all accounts
- Regular penetration testing and security audits
- Role-based access controls and least-privilege principles for staff
- Secure, redundant cloud infrastructure with automated backups
- PCI-DSS compliant payment processing
No method of transmission over the internet is 100% secure. While we strive to use best-in-class security, we cannot guarantee absolute security.
11 Your Rights
Depending on your jurisdiction, you have the following rights regarding your personal data:
- Right to Access: Request a copy of the personal data we hold about you.
- Right to Rectification: Request correction of inaccurate or incomplete data.
- Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data, subject to legal retention obligations.
- Right to Restrict Processing: Request that we limit how we use your data in certain circumstances.
- Right to Data Portability: Receive your data in a structured, machine-readable format to transfer to another provider.
- Right to Object: Object to processing based on legitimate interests, including direct marketing.
- Right to Withdraw Consent: Withdraw consent at any time for consent-based processing.
- Right against Automated Decisions: Not to be subject to solely automated decisions (including profiling) that significantly affect you.
To exercise any of these rights, contact us at privacy@bookarlo.com. We will respond within 30 days. We may ask you to verify your identity before processing your request.
You also have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.
12 Children's Privacy
Bookarlo is not directed at children under the age of 13, and we do not knowingly collect personal information from children under 13 without verifiable parental consent.
Certain events on our platform may be restricted to users aged 18 or above. It is the responsibility of the event organiser to enforce age restrictions at the venue.
If you believe a child under 13 has provided us with personal information without parental consent, please contact us at privacy@bookarlo.com and we will promptly delete such data.
13 International Data Transfers
Bookarlo is based in India and primarily processes data on servers located in India. Some of our service providers (e.g. cloud infrastructure, analytics) may process data in other countries.
Where data is transferred outside India, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) with overseas processors
- Adequacy decisions where applicable
- Compliance with the Digital Personal Data Protection Act, 2023 (DPDPA) requirements for cross-border transfers
14 Third-Party Links
Our platform may contain links to third-party websites, event venue websites, social media platforms, or partner services. This Privacy Policy does not apply to those third-party sites.
We encourage you to review the privacy policies of any third-party sites before providing them with your personal information. We are not responsible for the privacy practices of third parties.
15 Event Organiser Responsibilities
Event organisers who use Bookarlo to sell tickets and manage attendees have independent responsibilities regarding personal data:
- Organisers must have a lawful basis for processing attendee data they receive via Bookarlo.
- Organisers must only use attendee data for the event management purpose for which it was collected.
- Organisers must maintain appropriate security measures for any attendee data they access.
- Organisers must not sell, share, or use attendee contact details for unsolicited marketing without consent.
- Organisers must comply with all applicable data protection laws in their jurisdiction.
- Organisers are responsible for publishing their own privacy policy where required.
Bookarlo is not responsible for how organisers use attendee data outside our platform. If you have concerns about how an organiser is using your data, please contact us and we will investigate.
16 Marketing Communications
With your consent, we may send you:
- Event recommendations based on your interests and location
- Promotional offers and early-bird ticket alerts
- Bookarlo product updates and new feature announcements
- Curated event newsletters
You can opt out of marketing communications at any time by:
- Clicking the "Unsubscribe" link in any marketing email
- Updating your notification preferences in Account Settings → Notifications
- Contacting us at privacy@bookarlo.com
Opting out of marketing will not affect transactional emails related to your bookings (confirmations, reminders, receipts), which are necessary for our service.
17 Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page
- Send an email notification to registered users for significant changes
- Display a notice on our platform for at least 30 days
We encourage you to review this policy periodically. Continued use of Bookarlo after changes are posted constitutes your acceptance of the updated policy.
18 Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact our Privacy Team:
Bookarlo Privacy Team
📧 Email: privacy@bookarlo.com
📋 Data Requests: bookarlo.com/data-request
📮 Post: Data Protection Officer, Rasajay Bookarlo Digital Pvt. Ltd., India
⏱ Response Time: We aim to respond to all privacy requests within 30 days.