GDPR Compliance Statement
Last Updated: March 2025
1. Introduction
At TicketRoot, a product of Root ID Private Limited, we are committed to safeguarding the privacy and personal data of our users. We adhere to the General Data Protection Regulation (GDPR) (EU) 2016/679 to ensure the secure and lawful processing of personal data for EU-based users and global clients.
This GDPR Compliance Statement outlines how we collect, process, store, and protect personal data in compliance with GDPR requirements.
2. Scope & Applicability
This statement applies to:
- Users of TicketRoot’s services, including event ticketing, registration, networking, lead scanning, and managed services.
- Event organizers, exhibitors, and attendees who are based in the European Economic Area (EEA) or process EEA-based personal data.
- Any entity using TicketRoot’s platform that collects and processes personal data of EU citizens.
3. Data We Collect
We collect and process the following personal data:
- Name, email address, phone number
- Company name, designation, industry
- Profile photo (if required for badging or event check-in)
- Event participation details (sessions attended, networking activity, lead scans)
- Any additional information required by event organizers
We do not collect or process special category data (e.g., health, political, religious, or biometric data) unless explicitly required by an event organizer with clear user consent.
4. Lawful Basis for Data Processing
Under GDPR, we process personal data based on one or more of the following lawful bases:
- Consent: When users actively opt-in to share their personal data (e.g., networking, lead scanning, event check-in).
- Contractual Obligation: When data processing is required to fulfill event ticketing, registration, and related services.
- Legitimate Interests: When we use data for fraud prevention, security, and service improvement, provided it does not override user rights.
- Legal Obligation: When required by law for compliance, fraud detection, or regulatory reporting.
5. How We Use Personal Data
TicketRoot processes user data to:
- Facilitate event registration, ticketing, and check-in.
- Provide personalized event experiences, networking, and lead scanning tools.
- Enable custom integrations with event organizers’ CRM or ERP systems.
- Improve platform security, monitor fraud, and ensure GDPR compliance.
- Provide customer support and respond to user inquiries.
6. Data Retention & Storage
- Personal data is stored on AWS India servers with industry-standard security measures.
- Data is retained on active servers for 2 weeks post-event.
- After 2 weeks, data is moved to passive storage for up to 1 year and deleted upon confirmation from the organizer.
- Sensitive data is encrypted and anonymized where required.
7. User Rights Under GDPR
Users in the EEA have the following rights under GDPR:
- Right to Access: Request a copy of the personal data we hold about them.
- Right to Rectification: Correct inaccurate or incomplete personal data.
- Right to Erasure (Right to be Forgotten): Request deletion of their personal data.
- Right to Restrict Processing: Limit how their data is processed under certain conditions.
- Right to Data Portability: Obtain and reuse their personal data across services.
- Right to Object: Withdraw consent or object to data processing for marketing purposes.
Users can exercise their rights by contacting us at av@ticketroot.com.
8. Data Sharing & Third-Party Processors
We do not sell personal data. However, data may be shared under the following conditions:
- With Event Organizers: User data may be shared with event organizers who manage ticketing and check-ins.
- With Third-Party Service Providers: Payment processors (e.g., Razorpay), event engagement tools (e.g., Premagic), or CRM integrations.
- Legal & Compliance Obligations: When required by law or regulatory authorities.
All third-party processors used by TicketRoot comply with GDPR standards and have data processing agreements (DPAs) in place.
9. Security Measures
We implement industry-standard security practices, including:
- Encryption: Data is encrypted in transit and at rest.
- Access Controls: Restricted access to personal data based on user roles.
- Regular Audits: Ongoing security assessments to detect vulnerabilities.
- Data Minimization: Only necessary data is collected and retained.
10. Data Transfers Outside the EEA
- TicketRoot stores data on AWS India servers, ensuring high security standards.
- If EU personal data is transferred outside the EEA, we use Standard Contractual Clauses (SCCs) or equivalent safeguards as required by GDPR.
11. Breach Notification Policy
- In the event of a data breach affecting EU users, TicketRoot will notify the relevant supervisory authority within 72 hours.
- Users affected by a breach will also be informed promptly if there is a risk to their rights or freedoms.
12. Compliance with Other Privacy Laws
In addition to GDPR, TicketRoot complies with relevant data protection laws, including:
- Indian IT Act, 2000 (including recent data privacy amendments)
- California Consumer Privacy Act (CCPA) (for applicable US-based users)
13. Governing Law & Dispute Resolution
- TicketRoot’s GDPR compliance is subject to Indian data protection laws.
- Any disputes related to GDPR compliance shall be resolved through arbitration in Mumbai, India.
14. Contact Information
For GDPR-related inquiries, users can contact:
Root ID Private Limited
Registered Address: 5th Floor, 52, Prem Bhavan, Jamshedbaug Compound, SBS Road, Colaba, Mumbai City, Maharashtra, 400005
Email: av@ticketroot.com
Let’s Get Started
Access all the data you need for events of all kinds and sizes. Enjoy the flexibility to build nuancing, with low-cost fees and personalised support
FAQs
What services does TicketRoot provide?
Do you support both paid and unpaid registrations?
How do attendees check in at events?
Can you pre-print badges in eco-friendly materials?
What solutions do you offer for onsite badge printing?
What is cashless payments, in contect to F&B spends at an event?
Do you provide event analytics?