EventBridge

Data
Processing
Addendum

Last Updated: 18 January 2026
Scope: This Data Processing Addendum ("DPA") forms part of the Organiser Service Agreement. It governs how Event Bridge Technologies t/a EventBridge Tickets ("Operator") processes data on behalf of the Organiser ("Responsible Party") in accordance with the Protection of Personal Information Act (POPIA).

1. Definitions (POPIA Context)

  • "Data Subject": The ticket buyer or attendee.
  • "Personal Information": Names, emails, phone numbers, ID numbers, company details / registration information, etc.
  • "Processing": Collecting, storing, displaying or transmitting data.

2. Roles, Instructions and Transfer of Control

2.1 EventBridge Tickets (Operator)

We agree to process Personal Information solely on your specific written or platform-based instructions (e.g., ticket issuance, check-ins, report generation) and in accordance with Section 21 of POPIA. We shall not process data for any other purpose, nor treat data as our own asset, except for anonymised analytics used to improve platform performance.

2.2 The Organiser (Responsible Party)

You retain sole decision-making power over why and how data is collected. You warrant that you have obtained all necessary consents or have a lawful justification (e.g., contract performance) to collect Attendee data.

Data Export Severance: The moment Personal Information is exported from the EventBridge Tickets' platform (via CSV download, API, webhook or third-party integration) to your own devices, servers or email, Event Bridge’s liability ceases entirely. From that point of egress, you assume 100% risk and responsibility for the security and usage of that data as a separate Responsible Party.

3. Security and Account Integrity

3.1 Platform Security

EventBridge Tickets maintains appropriate technical and organisational measures (including SSL/TLS encryption and firewalls) to protect data while it resides within our infrastructure. We will notify you within 72 hours of confirming any data breach affecting your event.

3.2 Organiser Credential Liability

You are solely responsible for maintaining the confidentiality of your account credentials (usernames, passwords, API keys organiser pin). You agree that:

  • Any action performed or data accessed/exported using your valid credentials, shall be deemed to have been authorised by you.
  • EventBridge Tickets is not liable for data breaches resulting from compromised Organiser accounts, weak passwords, phishing attacks targeting your staff or malware on your local devices.

4. Organiser Data Usage Restrictions

By using the platform, you agree NOT to:

  • Sell Attendee data to third parties.
  • Use Attendee data for purposes unrelated to the specific event (unless you have separate consent).
  • Publicly expose Attendee data (e.g., publishing a guest list with phone numbers).
  • Use the platform to collect sensitive personal information (e.g., health data) without explicit legal justification.

5. Data Subject Rights

If an Attendee contacts EventBridge Tickets requesting deletion of their data (Right to be Forgotten), we are legally obligated to comply. We will notify you of this deletion and you agree to immediately delete any copies of that data you may hold locally or in exported files.

6. Indemnification and Limitation of Liability

To the fullest extent permitted by South African law, you agree to indemnify, defend and hold EventBridge Tickets harmless against any liabilities, damages, regulatory fines (including penalties imposed by the Information Regulator) or legal costs arising from:

  • Unlawful Collection: Your failure to secure lawful grounds for processing or consent.
  • Marketing Violations: Your use of Attendee data for unsolicited direct marketing (Section 69 of POPIA) without appropriate opt-in/opt-out mechanisms.
  • Negligence: Any data breach occurring on systems, devices or accounts under your control.