Data Collection

Contact Information: Name, email, phone number, address, IP address.
Payment Information: Billing name, address, and payment method (excluding credit card details).
Demographic Information: Event preferences, ticket purchases, survey responses.
Website Usage Data: IP address, browser type, referring website, time spent on site, pages visited, device information.
Sensitive Data: No sensitive data (biometrics, health, racial information) is explicitly mentioned as being collected.
Collection Methods: Data is collected both automatically (cookies, Google Analytics) and voluntarily (user input forms).

Data Usage

Primary Purposes: Contacting users, responding to inquiries, confirming registrations, improving products and services, customizing user experience.
Secondary Purposes: Analyzing website trends, marketing (promotions, new features), security purposes.
AI/Profiling: The policy doesn’t explicitly mention AI training or user profiling, but data usage for personalization and targeted marketing suggests potential for these practices.

Third Parties: Business partners (event sponsors, venue operators), government agencies (legal requests), successors in business.
Data Sharing: Data is shared with business partners as described in their privacy policies. Data may be shared for legal compliance, fraud investigation, or as part of a business sale.
Data Sale/Rent: The policy doesn’t explicitly state that data is sold or rented.
International Transfers: The policy doesn’t explicitly detail international data transfers or compliance with regulations like GDPR beyond a general statement of compliance.

Rights: The policy mentions rights to access and correct data under GDPR. The policy mentions the right to restrict processing or object to processing, and the right to data portability.
How to Exercise Rights: Contact legal@sisainfosec.com.
Limitations/Fees: No limitations or fees are explicitly mentioned.

Data Retention

Retention Period: The policy doesn’t specify a data retention period. It implies data is kept as long as necessary for the purposes described.
Exceptions: Data may be retained longer for legal compliance or fraud prevention.

Security Measures

The policy mentions physical, electronic, and procedural safeguards, including ongoing system evaluations. Specific security measures like encryption are not detailed.

Vague Language: Phrases like “we may use information for business purposes” lack specificity and raise concerns about the scope of data usage.
Jurisdiction Clause: The policy specifies that disputes are governed by Indian law and Karnataka courts have jurisdiction.

Email, IP address, name, address, payment info (excluding credit card details), website usage data. IP address used for analytics.
Rating: 3/5 (Collection is broad, but credit card details are excluded)

Access: Yes (under GDPR). Deletion: Not explicitly stated.
Rating: 2/5 (Access is confirmed, but deletion rights are unclear)

Unspecified retention period. Claims GDPR compliance.
Rating: 2/5 (Lack of specific retention period is a concern)

General security measures mentioned, but specifics are lacking. Shares data with Google Analytics.
Rating: 2/5 (Lack of detail on security measures)

✅ Relatively clear purpose for data collection in some areas.
❌ No clear opt-out mechanism for data sharing with third parties.
❌ Vague language regarding data usage.

Overall Rating: 2.2/5 The policy needs significant improvement in clarity and transparency, particularly regarding data retention, deletion rights, and specific security measures. The vague language and lack of detail on data sharing practices are major concerns.