Privacy Notice

This notice applies to ticket buyers, participants, account holders, and other individuals whose data is processed through the platform in connection with event ticketing, participant accounts, wallet balances, and refunds.

Depending on the service, event organisers and EventsGrind may each process personal data for their own purposes. The final allocation of controller and processor responsibilities should be set out in the relevant organiser agreements.

We may collect identity and contact data such as names, email addresses, phone numbers, billing and address information.

When payments or refunds are involved, we may also process payment-related data such as transaction amounts, payment status, payment references, Stripe payment intent or refund identifiers, and limited billing and fraud-prevention data linked to the transaction.

We may collect participant account data such as login details, bracelet links, event participation records, wallet balances, transaction history, and refund request history.

We may also collect technical and security data such as IP addresses, browser and device information, sign-in activity, and operational logs needed to secure the service and investigate issues.

We use personal data to take ticket orders, provide participant accounts, link bracelets to the correct account, display wallet activity, process top-ups and refunds, provide support, and send service messages that relate to those functions.

We also use personal data to protect the platform, prevent fraud, reconcile payment and refund activity, enforce event rules, and keep business and financial records.

We generally rely on contract where processing is needed to sell tickets, provide participant account access, operate wallet functionality, or handle refunds requested through the platform.

We may rely on legitimate interests for fraud prevention, service security, operational monitoring, and internal reconciliation where those uses are necessary and proportionate.

We may rely on legal obligation where data must be retained or disclosed for tax, accounting, anti-fraud, dispute, or regulatory purposes.

Where consent is required by law, such as for optional marketing or non-essential cookies, we will ask for it separately.

We may share personal data with event organisers, payment providers, hosting and infrastructure providers, email delivery providers, support providers, and professional advisers where needed to operate the service or comply with the law.

We use Stripe as a payment service provider for ticket payments, wallet top-ups, and refunds. Depending on the service being provided, Stripe may process personal data on our behalf and may also use certain payment and fraud-related data for its own compliance, security, and network purposes under its own privacy terms.

We do not share more data than is reasonably necessary for those purposes.

Where Stripe-hosted checkout or payment tools are used, payment card details are processed by Stripe rather than stored on our servers. We may still receive and store related payment metadata needed to confirm payment status, reconcile orders, support refunds, and keep audit records.

You can read more about Stripe's handling of personal data in Stripe's own privacy documentation.

When a participant requests a refund, we may process wallet balances, deposit records, payment references, bracelet links, account emails, and refund verification data to determine eligibility, prevent duplicate refunds, and return funds to the appropriate payment route where available.

Refund verification links and refund activity are used as part of our security and audit controls.

We keep personal data only for as long as it is needed for the purpose for which it was collected, including to provide the service, resolve disputes, prevent fraud, and meet legal, tax, accounting, or regulatory obligations.

Detailed retention periods for ticket orders, participant accounts, wallet transactions, and refund records should be defined in the platform retention schedule.

We use organisational and technical measures intended to protect personal data, including access controls, authentication, audit logging, and payment/refund verification controls appropriate to the service.

Depending on the circumstances, individuals may have rights to request access, correction, deletion, restriction, objection, and data portability.

Requests should be reviewed against the platform's controller/processor allocation and any legal obligations to retain financial, fraud, or refund records.

Privacy questions and rights requests should be sent to the contact details made available through the platform or the relevant event organiser, depending on the service and the role of each party.