Effective Date: 25 July 2025
This Privacy Policy (“Privacy Policy”) explains how Eventchy, operated by Xugbo Technologies Inc. and its subsidiaries and affiliates (collectively, “Xugbo,” “Eventchy,” “we,” “us,” or “our”), collects, uses, processes, and discloses your Personal Data when you access or use our mobile and desktop applications, websites, APIs, integrations, widgets, and other online or offline event-related products, features, and services (collectively, the “Services”).
Your privacy is important to us, and we are committed to protecting your data in compliance with the Data Privacy Act of 2012 (RA 10173) and its implementing rules and regulations.
This Privacy Policy applies to all individuals who interact with Eventchy, including event organizers (customers), attendees, sponsors, partners, prospects, and suppliers (including vendors and merchants) (collectively, “you” or “your”). For suppliers, the terms ‘Supplier,’ ‘Vendor,’ or ‘Merchant’ may also apply where explicitly stated.
Personal Data means any information relating to an identified or identifiable natural person. We collect the following, depending on your role and interaction with our platform:
For Customers (Event Organizers / Bookers)
- Full name, email address, and phone number
- Billing and payment details for bookings (processed securely by our payment gateway; Eventchy does not store complete card details)
- Event details, preferences, and uploaded media (e.g., photos, videos)
- Location data, device identifiers, IP address, and usage data
For Suppliers (Vendors / Service Providers)
- Business registration documents:
- Corporations: SEC Certificate of Incorporation, BIR Certificate, Secretary’s Certificate, Government-issued IDs, Latest GIS
- Sole Proprietorships: DTI Certificate, BIR Certificate, Government-issued IDs
- Individuals: Government-issued IDs, Barangay Clearance or Police Clearance, BIR Certificate
- Bank account details for payouts
- Business address and contact information
- Profile information, photos, and service descriptions
We do not store or collect full card details. All payments are processed directly by our authorized payment gateway. Eventchy only shares necessary personal details with the payment processor to facilitate secure transactions.
We collect, use, disclose, and otherwise process your Personal Data as described in this Privacy Policy:
- With your consent, where required by applicable law;
- To provide and facilitate the Services you request;
- For our legitimate interests, such as to operate, secure, and improve our Services, provided those interests do not override your rights;
- As required or permitted by law, including to comply with legal obligations, court orders, or regulatory requirements.
DATA PROCESSING SYSTEM OVERVIEW
| Item | Description |
|---|---|
| System Name | Eventchy |
| Processing Type | Electronic / Automated |
| System Nature | Publicly facing web & mobile application |
| Processing Role | Personal Information Controller (PIC) |
| External / Internal | External‑facing |
| Automated Profiling | Yes – personalized recommendations, service matching, targeted promotions |
| Consent Mechanism | Explicit consent during registration and acceptance of Terms of Service & Privacy Policy |
I. COLLECTION OF PERSONAL DATA
We collect Personal Data from and about you in the ways set out below and may combine information from multiple sources.
A. Data You Provide Directly
This includes, but is not limited to:
- Account & Profile – name, email, phone, company/organization, profile picture, bio, and other details you choose to provide.
- Event Registration & Participation – includes, but is not limited to: ticket type, seating preferences, dietary or accessibility requirements, attendee surveys, uploaded materials (e.g., slide decks, photos), and other event-related details as required by suppliers to deliver their services.
- Payment & Billing – payment details you provide during transactions; processed securely by our third‑party payment gateway provider. Eventchy does not store full card information.
- Content & Communications – chat messages, comments, Q&A, polls, networking interactions.
- Support & Feedback – correspondence, troubleshooting logs, satisfaction surveys.
- Social & Third‑Party Logins – information you authorize (e.g., Google, Facebook, LinkedIn): name, profile photo, email, friend connections.
B. Data Collected Automatically
- Usage & Analytics – pages viewed, features used, clicks, time stamps, referrer URLs.
- Device & Technical Data – device model, operating‑system version, browser type, IP address, carrier, screen resolution, crash/error logs.
- Location Data – precise or approximate location when permission is granted (to discover nearby events or personalize recommendations).
C. Data from Third Parties
- Event Organizers uploading attendee lists or inviting you.
- Integration Partners (CRM, marketing automation, analytics) syncing contact or performance data.
- Social Media Platforms when you share content or log in via social accounts.
- Publicly Available Sources & Data Aggregators for business verification or profile enrichment.
D. Sensitive Personal Data
We do not intentionally collect highly sensitive data (e.g., health, biometric, race, religion) unless you provide it voluntarily (e.g., special dietary needs, disability accommodations). Such data is processed only with your explicit consent and in accordance with applicable law.
II. USE OF PERSONAL DATA
Where the law requires, we rely on one or more legal bases (consent, contract, legitimate interests, or legal obligation). We use Personal Data to:
A. Provide & Improve Our Services
- Service Delivery – register accounts, process ticketing, supplier payouts, event check‑ins, livestreams and on‑demand content, and customer support.
- Personalization – tailor event, supplier, and content recommendations based on your interests and past activity.
- Analytics & Research – measure attendance, engagement, app performance, conduct A/B tests, develop new features.
- Operations & Maintenance – troubleshoot issues, monitor security, prevent fraud, debug, and optimize performance.
B. Communication & Marketing
- Transactional Messages – confirmations, receipts, reminders, technical notices, security alerts.
- Promotional Messages – newsletters, special offers, event announcements, surveys (with opt‑out at any time).
- Networking & Social Features – facilitate attendee, speaker, sponsor connections at your request.
C. Safety, Security & Legal Compliance
- Fraud Prevention & Risk Management – detect unauthorized access, account take‑overs, payment fraud, spam.
- Legal Obligations – comply with subpoenas, court orders, regulatory requests; enforce our Terms of Service; protect the rights, property, or safety of Eventchy, our users, or the public.
III. DISCLOSURE OF PERSONAL DATA
| Recipient Category | Purpose of Disclosure |
|---|---|
| Service Providers & Sub‑processors | Hosting, storage, content delivery, payment processing, accounting, analytics, and security |
| Event Organizers & Hosts | Event management purposes, including registration details, invited guest information (e.g., name, email), check-in status, and session interactions. |
| Integration / API Partners | CRM sync, email marketing, accounting packages |
| Government Authorities | Compliance with laws, subpoenas, court orders, regulatory inspections |
| Business Transferees | Merger, acquisition, restructuring, insolvency (subject to confidentiality) |
We do not sell your Personal Data.
IV. RETENTION OF PERSONAL DATA
| Data Category | Retention Period | Disposal Method |
|---|---|---|
| Account & Profile | 5 years of account inactivity; accounts deleted thereafter | Secure digital deletion; backups overwritten after a few days |
| Event & Transaction Records | 7 years (tax & regulatory) | Secure deletion / anonymization |
| Raw Analytics Logs | Up to 2 years | Aggregated or anonymized thereafter |
| Printed Documents | Per above | Cross‑cut shredding |
Once retention periods expire, data is securely deleted or anonymized.
V. INTERNATIONAL TRANSFERS
Your Personal Data may be stored or processed on servers outside the Philippines (e.g., Singapore, Germany, United States). Whenever we transfer data cross‑border, we implement appropriate safeguards (Standard Contractual Clauses, comparable transfer mechanisms, or contractual assurances) to ensure a level of protection consistent with Philippine law.
VI. COOKIES, TRACKING & SIMILAR TECHNOLOGIES
A. Cookies & Local Storage
We and our partners use cookies, SDKs, and similar technologies to:
• Enable core functionality (session management, security).
• Remember preferences.
• Analyze site & app usage.
• Deliver and measure advertising campaigns.
B. Mobile Identifiers & SDK Tracking
We and our service providers collect:
• Advertising identifiers (e.g., IDFA, GAID) – Device identifiers (UUIDs, IMEI)
• Push notification tokens
• Mobile analytics and crash-reporting SDK data (session duration, screen views, app version)
• These technologies help us personalize in-app recommendations, diagnose performance issues, and send relevant push notifications.
C. Browser & Device Controls
You can manage cookies via browser settings and industry tools. Disabling cookies may affect Service functionality.
VII. PROTECTION OF PERSONAL DATA
A. Organizational Measures
• Appointed Data Protection Officer (DPO) registered with the NPC.
• Privacy Management Program & Privacy Manual.
• Role‑based access, NDAs, confidentiality undertakings.
• Mandatory privacy training, periodic audits, penetration tests.
B. Physical Measures
• Infrastructure hosted in ISO 27001‑certified data centers.
• 24/7 surveillance, biometric access, fire suppression, secure perimeters.
C. Technical Measures
• TLS 1.2+ encryption in transit; AES‑256 encryption at rest.
• Web application firewalls, DDoS mitigation, continuous monitoring.
• Multi‑data‑center redundancy; automated backups; security patch management.
VIII. YOUR RIGHTS & CHOICES
Under the Data Privacy Act you may:
- Access / Portability – obtain a copy of your data in a structured, machine‑readable format.
- Rectification – correct inaccurate or incomplete data.
- Erasure – request deletion, subject to legal limitations.
- Restriction / Objection – limit or object to certain processing.
- Withdraw Consent – at any time without affecting prior lawful processing.
- File a Complaint – with the National Privacy Commission (NPC).
To exercise your rights, contact us (Section XIII). We may verify your identity and will respond within statutory timeframes.
IX. LAWFUL BASIS FOR PROCESSING
| Lawful Basis | Examples |
|---|---|
| Consent | Event invitations & optional attendee feedback surveys |
| Contract | Booking fulfilment, supplier contracts, Terms of Service fulfillment |
| Legal Obligation | Tax records, AML/KYC, government reporting |
| Legitimate Interest | Platform security, fraud prevention, service optimization |
| Vital / Public Interest | Safety incidents or emergencies at events |
Sensitive Personal Data is processed only with explicit consent or when required for legal claims or compliance with lawful orders.
X. AUTOMATED PROCESSING & PROFILING
We use algorithms for personalized recommendations and targeted promotions. No decisions with significant legal or similarly significant effect are made solely by automated means without human review.
XI. AMENDMENTS & UPDATES
We may revise this Privacy Policy from time to time. Material changes will be posted prominently and, where required, notified by email or in‑app alert. The Effective Date above reflects the latest version. Continued use of the Services after changes become effective constitutes your acceptance of the revised Policy.
XII. DATA SUBJECT CONSENT
Consent is obtained via:
• Registration process, where proceeding indicates acceptance of the Terms of Service & Privacy Policy.
• Granular opt‑ins for marketing communications and location services.
• Cookie banner and preference center.
You may withdraw consent at any time by contacting us or our DPO.
XIII. CHAT & MESSAGING MONITORING
Eventchy provides chat and messaging features for communication between users, suppliers, and event organizers. To ensure platform integrity and protect our community, we monitor and analyze chat and messaging content using automated tools and, when necessary, manual review. Monitoring is conducted for the following purposes:
- Fraud Prevention & Security – detect scams, phishing attempts, payment fraud, or other suspicious activities.
- Enforcement of Terms of Service – identify prohibited conduct, abusive language, or policy violations.
- Platform Safety & Compliance – comply with legal obligations, regulatory requirements, and lawful requests from authorities.
We do not sell or share chat content with unrelated third parties. Monitoring is strictly limited to the purposes above and is conducted in compliance with the Data Privacy Act of 2012.
XIV. CONTACT INFORMATION
Eventchy – Xugbo Technologies Inc.
📧 Email: [email protected]
📍 Address: Ground Floor Building 4, JDN Square, P. Remedio St., Banilad, Mandaue City, Cebu, Philippines, 6014
For escalations you may also contact the National Privacy Commission at npc.gov.ph.
ADDENDUM 1 – SUPPLIER DATA RESPONSIBILITIES
- Relationship with Suppliers
Eventchy facilitates event bookings between customers and suppliers. To fulfill confirmed bookings, Eventchy shares necessary customer details—including name, contact information, and event specifications—with the chosen suppliers. This information is provided solely for delivering the booked services. - Independent Data Controllers
Suppliers and Eventchy each act as independent Personal Information Controllers (PICs). Once suppliers receive customer data, they determine their own purposes for processing and are responsible for compliance with the Data Privacy Act of 2012 and other applicable regulations. Eventchy does not control suppliers’ internal data processing beyond what is required for booking fulfillment. - Data Collected
• Business registration documents (e.g., SEC, DTI, BIR Certificate of Registration)
• Government-issued IDs for suppliers
• Business address and contact details
• Bank account details for payouts
• Supplier profile, service descriptions, pricing, and portfolio media - Disclosures
Customer details shared with suppliers are strictly limited to fulfilling confirmed bookings. Suppliers must not disclose this data to unrelated third parties unless legally required or with the customer’s explicit consent. Use of customer data for marketing or unrelated purposes requires additional consent. - Obligations
• Both Eventchy and each supplier must:
• Protect customer data using appropriate security measures
• Use customer data exclusively for confirmed bookings
• Obtain additional consent for any other purpose (e.g., marketing)
• Comply fully with the Data Privacy Act of 2012 and relevant NPC guidelines
ADDENDUM 2 – AFFILIATE & PARTNER PROGRAMS
- Data Collected Full name, contact details, bank account for payouts, Affiliate ID, performance metrics.
- Purpose Onboarding, tracking referrals, calculating commissions, and secure payment processing.
- Disclosures Affiliate performance may be shared internally and with payment processors; no unrelated third parties receive this data.
- Security Affiliate data enjoys the same technical and organizational protections outlined in Section VII.
Last Updated: 25 July 2025