Privacy Policy

Introduction

Black Aegis Private Limited (hereinafter referred to as "EveShark," "we," "us," or "our") is a company incorporated and registered in the State of Maharashtra, India, with its registered address at [insert registered address]. This Privacy Policy (hereinafter referred to as "Policy") applies to all individuals who interact with us in the context of our business activities, including but not limited to:

• Visitors to our website (eveshark.com).
• Users of the EveShark Platform (hereinafter referred to as "Platform"), including event organizers, attendees, and prospective customers.
• Observers of our operations, business partners, employees, job applicants, investors, and suppliers.

By accessing or using the Platform, creating an account, or otherwise engaging with our Services, you acknowledge and agree to the terms of this Policy. You are referred to as a "User," "You," or "Your" in this Policy, and your use of the Platform is subject to our Terms of Use.

This Policy is intended to inform you about the collection, processing, storage, sharing, organization, utilization, retention, and deletion of your information ("Personal Data" or "Personal Information") by EveShark. It also describes the protective measures we employ to safeguard your data and how you can exercise your rights regarding your Personal Data.

If you do not agree with any aspect of this Policy, we request that you refrain from using our Services or engaging with our business operations in any capacity.

Please note: This Policy does not apply to information collected by third parties, such as data collected through third-party applications, plugins, or content (e.g., advertisements) that may be linked to or accessible from the Platform or our websites.

Our Commitment

EveShark Technologies Private Limited is committed to safeguarding your privacy and protecting your Personal Data in compliance with this Policy. We adhere to applicable data protection regulations and industry best practices to ensure the security of your information and empower you with continuous access and control over it.

This Policy provides comprehensive details on how EveShark collects, processes, and protects your information, as well as the privacy and security measures implemented on the Platform.

In the event of any significant changes to how your data is used, we will notify you through appropriate channels, including email or notifications on the Platform. You can also review the latest version of this Policy on our website at https://www.eveshark.com.

General Information

EveShark has developed a powerful and user-friendly platform for organizing virtual, in-person, and hybrid events. Through our Services, event organizers ("Merchants") can utilize the Platform to connect with attendees("Users") and manage their events effectively.

Depending on the context of data collection, EveShark acts as either:

• Data Controller: When we collect Personal Data directly from you, we act as the Data Controller (as defined under applicable data protection regulations).
• Data Processor: When we process data on behalf of event organizers or other third parties, we act as a Data Processor, following their instructions and applicable agreements.

If you have any questions about how EveShark handles your Personal Data or wish to exercise your privacy rights, you may contact us at privacy@eveshark.com.

Definitions

Here are key definitions to help you understand this Privacy Policy:

Account: The self-service account created by the Customer on the EveShark Platform for utilizing the Services.

Data Subject or Data Owner: A natural person whose Personal Data is processed by a Data Controller or Data Processor.

Customer Data: All data submitted, displayed, and/or uploaded by Attendees, Sponsors, Booth Representatives, Authorized Administrators, and/or the Customer during registration, access, event hosting, or other usage of the Platform.

Customer Personal Data: Any Personal Data shared by the Customer with EveShark or authorized for access, storage, hosting, modification, sharing, deletion, and further processing to perform the Services.

Customer or Data Controller: Refers to the Merchant (Organizer) who has a service agreement with EveShark to access the Platform for hosting in-person, virtual, and hybrid events. This includes employees, independent contractors, consultants, affiliates, successors, and assignees using or accessing the Platform or Services. Data Controllers determine the purposes and means of processing Personal Data and are responsible for ensuring data security, transport, storage, and compliance with business rules. If purposes and means are prescribed by laws or regulations, the Data Controller may be designated accordingly.

Personal Data: Encompasses any information relating to a Data Subject, where an identifiable natural person is one who can be directly or indirectly identified, particularly by reference to identifiers such as name, identification number, location data, online identifiers, or factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity. This includes special categories of Personal Data under Article 9 of the GDPR, data related to criminal convictions and offenses under Article 10 of the GDPR, and national security numbers under Article 87 of the GDPR and applicable national laws.

Attendees: Refers to clients and individuals attending or participating in events organized by the Customer through EveShark Services.

Sponsors: Refers to organizations that have agreements with the Customer to display relevant information within the Platform during events for activities such as branding and lead generation. Sponsors are granted access only to manage and modify their designated data, as defined by the Customer during event creation.

Booth Representatives: Refers to individuals designated by Sponsors to interact with Attendees and collect relevant information within the Booth section of the Platform. Booth Representatives are limited to using the Booth Representative App provided by EveShark.

Data Processor: Refers to any natural or legal person, public authority, agency, or other entity processing Personal Data on behalf of the Data Controller and according to their instructions, typically for specific services or purposes.

Commercial Purposes and Sell: Bear the meanings as defined under Section 1798.140 of the California Consumer Privacy Act (CCPA).

Applicable Data Protection Laws: Refers to all global data protection laws and regulations, including: United States federal and state privacy laws. European Union Data Protection Laws, such as the General Data Protection Regulation (GDPR). Any other data protection laws that apply to the processing of Personal Data under this Privacy Policy.

CCPA: Refers to the California Consumer Privacy Act of 2018, including its amendments and final regulations.

Data Protection Officer (DPO): Refers to an individual, where applicable, responsible for overseeing compliance with data protection laws and safeguarding Personal Data at EveShark.

Sub-processor or Third-Party Service Provider: Refers to any natural or legal person, public authority, agency, or body engaged by a Processor or Sub-processor to process Personal Data on behalf of the Data Controller, as defined in Article 4(10) and further elaborated in Article 28(4) of the GDPR.

Supervisory Authority: Carries the meaning assigned under the GDPR, referring to the regulatory body responsible for overseeing data protection compliance.

What Information We Collect About You

When you connect to and navigate our Platform, EveShark collects information about you to improve the quality of our Services and enhance your overall experience.

Below is a general outline of the types of Personal Data we collect:

Types of Personal Data Collected by EveShark as a Data Controller

1. Contact Information via the "Request a Demo" Form:
   • First Name, Last Name, Business Email Address, Phone Number, and Company Name.
2. Professional Information for Job Applications:
   • First Name, Last Name, Email Address, Phone Number, and Resume Details.
3. Customer Account Creation:
   • First and Last Name, Email Address (Social Login options available), Phone Number, Address, City, State, Country, ZIP Code, GST Number (if applicable), Identity Proof and Number (e.g., Driving License), and Bank Account Details (if required).
4. Information Technology-Related Data:
   • Internet Protocol (IP) Address, Geolocation Data, Browser Type, Operating System, Device ID, and analytics information collected via cookies and tracking technologies.
   • Metadata generated during interactions with the Platform to improve the user experience, where applicable and with your consent, in compliance with applicable data protection laws.
5. De-Identified and Anonymized Information:
   • EveShark may use anonymized Personal Data to analyze trends and improve Services.
6. Integration with Third-Party Service Providers:
   • By integrating Third-Party Services with our Platform, you grant us permission to access Personal Data associated with these providers. EveShark is not responsible for agreements between you and these Third-Party Service Providers.
7. Transactional and Payment Information:
   • Payment details, such as billing address, transaction data, and other payment-related information.
   • EveShark does not store card details; payments are processed securely by Third-Party Payment Processors, with encryption protocols in place.
8. Attendee Data:
   • For Customers using the Platform for attendee management or registrations, we may collect attendee information such as names, emails, and preferences.
   • This data may also be used to enhance user experiences, such as curating events based on interests and promoting similar events within the EveShark Marketplace.

Types of Personal Data Collected by EveShark as a Data Processor During Events

When EveShark acts as a Data Processor, we provide customizable features for event organizers. Organizers may choose to collect attendee Personal Data, which could include:

1. Attendee Account Creation Information:
   • Mandatory: First Name, Last Name, and Email Address.
   • Optional: Phone Number, Title, Organization, Location, Biography, and Social Media Handles (e.g., LinkedIn, Instagram, Twitter).
2. Registration and Ticketing Information:
   • Details provided during event registration, such as name, email, and responses to customized registration forms (e.g., T-shirt size or dietary preferences).
3. Event App-Related Data:
   • Social profile logins (e.g., Facebook, LinkedIn) and permissions for accessing media files, storage, and calendar integration.
4. Activity Metadata:
   • Details of attendee interactions within the Platform, including pages visited, files downloaded, questions asked during events, poll submissions, and direct chats with other attendees.

The purpose and method of data collection when the Customer acts as the Data Controller are determined solely by the Customer. EveShark processes such data based on the Customer's instructions and does not control its purpose or scope.

Purpose for Collecting Your Information

EveShark collects your information for the following purposes:

1. Assisting Customers with Product and Service Inquiries:
   • Accessing your Personal Data provided through the "Request a Demo" form or subscription to the Platform to:
   • Respond to your inquiries.
   • Provide updates via newsletters or webinars.
   • Address your questions and concerns as part of a pre-contractual or contractual relationship.
2. Contacting Purposes:
   • Collecting and utilizing information to manage business relationships and contracts with:
   • Business partners and their staff.
   • Customers and their teams regarding product and service requests.
3. Enhancing Customer Service and Platform Performance:
   • During events, we may process attendee Personal Data to:
   • Generate session transcripts using third-party services.
   • Improve Services and user experiences on the Platform.
   • Capture metadata on attendee interactions, such as pages visited and chats initiated, to refine event offerings and engagement.
4. Profiling:
   • Gaining insights into audience demographics and behaviors using aggregated data, such as:
   • Geographic location (via IP address).
   • Language preferences.
   • Interaction metrics (e.g., emails opened, pages visited).
5. Providing a Personalized Experience:
   • Collecting and analyzing data to create, develop, operate, and enhance the Platform, ensuring it is secure, efficient, and tailored to your needs.

EveShark will not collect additional categories of Personal Data or use your data for unrelated purposes without obtaining explicit consent.

Legal Basis for Processing Your Information

EveShark Global Data Processing Policy

This Policy applies globally and extends to all individuals interacting with EveShark, regardless of their country of residence. This section outlines the legal justifications ("legal basis") for processing your Personal Data in connection with our primary business activities.

The legal requirements for using specific legal bases may vary based on your country of residence. For instance:

• Under the GDPR, explicit consent is required to process Personal Data in certain contexts.
• For international data transfers involving third-party vendors, EveShark partners only with entities adhering to GDPR-compliant Standard Contractual Clauses (SCCs) or equivalent safeguards.

Legal Basis for Processing Activities and Purposes of Personal Information Use

1. Contractual Basis:
   • As a customer or business partner, we process your personal and professional contact information to:
   • Facilitate interactions.
   • Provide relevant offers.
   • Manage your user account, pre-contract, or contract.
   • Fulfill administrative or billing purposes.
2. Consent Basis:
   • We collect and process your information when you:
     • Navigate our website or Platform.
     • Submit queries, subscribe to newsletters, or request product demos.
     • Opt-in for marketing communications or promotional updates about EveShark products and events.
   • Depending on your jurisdiction, we may require prior consent for:
     • Subscribing to newsletters or updates.
     • Sharing Personal Data with Sub-processors located in regions without equivalent data protection laws.
     • Using cookies or similar technologies, as detailed in our Cookie Policy.
3. Compliance with Applicable Laws:
   • In specific scenarios, we may retain limited Personal Data to fulfill legal obligations, such as:
   • Tax or accounting requirements.
   • Responding to regulatory inquiries or legal statutes.

Cross-Border Data Transfers

If your data is transferred to countries outside your region that may not have equivalent data protection standards (e.g., EU to non-EEA regions):

• EveShark ensures all data transfers comply with Applicable Data Protection Laws, including the use of Standard Contractual Clauses (SCCs) under the GDPR.
• Your explicit consent will be obtained when required, particularly for sensitive Personal Data.

Your Rights for Cross-Border Transfers

• You may request a copy of the safeguards used for these transfers by contacting us at privacy@eveshark.com.

Retention, Return, and Deletion of Your Personal Information

EveShark Data Retention Policy

We retain your Personal Data only as long as necessary to fulfill the purposes outlined in this Policy or comply with legal obligations.

1. General Retention Policy:
   • For Platform Users, Personal Data is retained for as long as required to provide our Services and ensure compliance with applicable laws (e.g., legal, tax, or archival requirements).
   • Customer Personal Data is retained for 60 months after the termination of the agreement. This allows for the convenience of reusing the data for future events, with the Customer's consent. After this period, the data will be automatically deleted unless otherwise requested by the Customer or required by legal obligations.
2. Data Retention Periods:
   • Platform User Data:
     • Purpose: To provide and enhance the Platform and Services.
     • Legal Basis: Consent (e.g., for cookies, newsletters, demos) and Legitimate Interest (e.g., responding to queries).
   • Customer Personal Data:
     • Purpose: To manage contracts, fulfill service requests, and for administrative or billing purposes.
     • Legal Basis: Contractual Obligations, Legitimate Interest, and Consent.
   • Customer-Defined Data:
     • Purpose: As defined by the Customer (Data Controller).
     • Legal Basis: EveShark acts as a Data Processor, and the legal basis is defined by the Customer.
3. Deletion and Return:
   • Where EveShark no longer has a legitimate business need to process your data, or upon your request, we will:
   • Delete or anonymize your data irreversibly.
   • Securely store it and restrict further processing if immediate deletion is infeasible.
   • Employ advanced security measures (e.g., encryption or obfuscation) to protect stored data until deletion.
4. Attendee Data Retention:
   • Attendee data provided by Customers will be retained for 36 months after the contract's expiration.
   • Customers can request earlier deletion via a written request, which will be fulfilled within 15 days of receipt.
5. Automatic Deletion:
   • After the retention period, all Customer and Attendee data will be automatically deleted from EveShark systems and Third-Party Service Providers' databases unless legally mandated otherwise.

Key Highlights on Retention and Processing

• Data retained solely for archival or compliance purposes is securely stored and isolated from active systems.
• Sensitive Personal Data is processed only with enhanced safeguards and Customer consent.
• International data transfers comply with GDPR-standard safeguards or equivalent mechanisms.

By ensuring these practices, EveShark is committed to lawful, ethical, and transparent data processing in line with global data protection regulations.

With Whom Do We Share Your Personal Information

EveShark Employees

Access to your Personal Data is restricted to authorized EveShark employees who require such access on a strict need-to-know basis for performing their job functions.

Disclosure of Personal Data to Third-Party Service Providers

In specific circumstances, EveShark may share your Personal Data with authorized Third-Party Service Providers for the following purposes:

1. Platform Maintenance and Technical Support: Third-party providers assisting with IT services, technical maintenance, and addressing platform-related technical issues.
2. Operational and Administrative Functions: Managing Platform access and usage, conducting data analysis, improving Services, assessing marketing campaign performance, ensuring secure user identification, handling billing, and performing general business operations.
3. Auditing and Compliance: Collaborating with auditors, legal counsel, or data centers to meet legal requirements or respond to court orders, legal claims, or investigations by regulatory authorities.

Consent for Third-Party Service Providers

By using the Platform, you explicitly consent to the sharing of your Personal Data with relevant Third-Party Service Providers for:

• Marketing, analytics, advertising, billing, consent management, contract management, and data subject rights management.
• Cloud-based service management and other operational functions.

EveShark ensures that all Third-Party Service Providers operate under agreements that align with our instructions, prioritize confidentiality and security, and adhere to Applicable Data Protection Laws.

Cookies and Tracking Technologies We Use

EveShark uses cookies and similar tracking technologies to collect information about your device and enhance your experience on our Platform. While we generally do not collect Personal Data via cookies, certain cookies may process limited Personal Data in specific scenarios.

The types of cookies we collect include:

1. Essential Cookies:
   • Necessary for providing core Platform features (e.g., secure login).
   • Disabling these cookies may result in restricted access to certain Platform functionalities.
2. Functional Cookies:
   • Enable personalization by storing your preferences (e.g., language, region) and maintaining settings over time.
   • Allow us to greet you by name and tailor content to your preferences.
3. Performance/Analytical Cookies:
   • Gather insights on how visitors interact with the Platform (e.g., pages viewed, duration of visits).
   • Help measure advertising campaign performance and refine Platform content.
   • Example: Google Analytics uses cookies to analyze visitor behavior. For more information, you can review the Google Analytics Terms of Use and Google Privacy Policy. You can opt out of Google’s cookies via the Google Advertising Opt-Out Pageor the Google Analytics Opt-Out Browser Add-On.

Behavioral Advertising

Use of Behavioral Advertising

We may use Personal Data to deliver targeted advertisements tailored to your interests and preferences, based on:

• Your activity on the EveShark Platform (e.g., events attended, searches performed).
• Interactions with our marketing campaigns or website (e.g., pages visited, content engagement).
• Data collected through cookies or similar technologies (refer to the Cookies and Tracking Technologies section).

Opt-Out Options

You can opt out of behavioral advertising by:

1. Adjusting your cookie preferences in the Cookie Settings section of our Platform.
2. Using the opt-out tools provided by advertising partners or organizations like YourAdChoices or Google Ad Preferences.

We are committed to respecting your preferences and ensuring transparency in how your data is used for targeted advertising

Cookie Duration and Management

Cookie Duration

The duration of cookies we use depends on their purpose:

1. Session Cookies:
   • Deleted once you close your browser.
2. Persistent Cookies:
   • Stored on your device for a specified period unless deleted manually. These cookies help us recognize you on future visits and retain your preferences.

Managing Cookies

You can manage or delete cookies using the following methods:

1. Browser Settings:
   • Adjust cookie permissions in your browser preferences.
2. Cookie Management Tool:
   • Use the cookie settings feature on the EveShark Platform to manage your preferences.

Third-Party Cookies

Cookies from third-party advertisers may also be used on our Platform. We encourage you to review their privacy policies for more details:

• Google: Google Privacy Policy.
• Meta (Facebook): Meta Privacy Policy.

Data Minimization

EveShark is committed to minimizing the collection, processing, and transmission of Personal Data. To safeguard your privacy rights, we undertake reasonable measures to:

• Eliminate or anonymize data that could directly or indirectly identify you.
• Reduce the volume of Personal Data shared with Third-Party Service Providers to the extent practicable.

Unsubscribe and Withdrawal of Consent

If EveShark processes your Personal Data based on your consent, you have the right to withdraw your consent at any time. To do so, contact us at privacy@eveshark.com.

Upon withdrawal of consent:

• You may be unable to access certain Services or features on the Platform.
• EveShark reserves the right to withhold Services in such cases.
• Your Personal Data will be deleted or anonymized unless retention is required for legal or regulatory purposes (refer to the Legal Basis for Processing Your Information section).

When EveShark Acts as a Data Processor

When acting as a Data Processor, EveShark processes Personal Data exclusively based on the instructions provided by Customers (Data Controllers).

• Customers are responsible for ensuring compliance with laws requiring notice, disclosure, or consent before transferring data to EveShark.
• Attendees should direct requests for data access, correction, or deletion to the respective event organizer (Customer).
• If a Customer requests EveShark to modify or delete attendee data, we will process such requests within the timeframe specified by Applicable Data Protection Laws.

Limitations on Data Modification Requests

EveShark will not process Data Subject requests that could result in:

• Incorrect, fraudulent, or misrepresented information.
• Violations of applicable laws or legal statutes.

In such cases, EveShark will notify the Customer about the legal obligations preventing the fulfillment of the request.

How Do We Protect Information About You?

We employ robust technical and organizational measures to safeguard your Personal Data from unauthorized access, processing, loss, disclosure, misuse, alteration, or destruction. These include advanced security technologies such as encryption, anonymization, pseudonymization, and de-identification, alongside restoration mechanisms to ensure secure access to your data.

We also require our Third-Party Service Providers to adhere to recognized data privacy, confidentiality, integrity, availability, and security standards. Our practices include:

• Regular assessments of our security frameworks and processes, including evaluations of our business partners and vendors.
• Anonymizing or deleting your Personal Data when it is no longer required for its original purpose.

Security Measures Implemented by EveShark

1. System-Level Security:
   • Application of industry-standard information security measures.
   • Adoption of recognized security frameworks to prevent data loss, unauthorized access, and system alterations.
2. Access Control:
   • Restricting access to Personal Data to employees, contractors, and Third-Party Service Providers with legitimate business needs.
3. Third-Party Engagement:
   • Requiring Third-Party Service Providers to comply with stringent security, data protection, and privacy standards, ensuring the confidentiality and integrity of your data.

Other Information About Your Privacy

Your Rights

Rights Under Specific US State Privacy Laws

Rights of European Individuals to Complain to Data Protection Authorities

If you reside in the EEA, UK, or Switzerland and believe EveShark has violated your data privacy rights under GDPR or similar laws, you can file a complaint with the relevant Supervisory Authority, such as the Information Commissioner’s Office (ICO) in the UK.

Exercising Your Rights

To exercise your rights, submit a request through the designated contact channels: Email: privacy@eveshark.com. Include your full name, email address associated with your account, and a detailed description of your request.

We may verify your identity before processing your request. Responses will be provided within the timeframe mandated by applicable data protection laws. For security purposes, we may request additional information to verify your identity. We will respond to your request within the timeframe required by Applicable Data Protection Laws. Requests that would violate legal or regulatory obligations may be denied, and you will be informed of the reasons for such denial.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technologies, legal requirements, or other factors. Any updates will be effective upon posting to this page, and the “Last Updated” date at the top of this document will reflect the most recent revision.

We encourage you to review this Policy regularly to stay informed about how we protect your Personal Data. Continued use of the EveShark Platform or Services following any changes constitutes your acceptance of the revised Privacy Policy.

Representative

To uphold your privacy rights as a data subject, EveShark has appointed Prighter Group, along with its local partners, as our privacy representative and point of contact for the following region:

EveShark Contact Details

We are committed to addressing your privacy-related concerns or questions promptly. For inquiries or requests related to this Privacy Policy or your Personal Data, please reach out to us at: Email: privacy@eveshark.com. We aim to respond to all queries within 2 business days (48 hours).