Privacy Policy

This Privacy Policy describes how ActivBharat (“we”, “our”, or “us”) collects, uses, shares, and protects your personal data. We are committed to safeguarding your privacy in compliance with applicable data protection laws, including the Digital Personal Data Protection Act, 2023 (India) (“DPDP Act”) and the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

All capitalized terms used but not defined herein shall have the respective meanings assigned to them under the Terms and Conditions

This Privacy Policy, as amended from time to time, shall govern the collection, storage, usage, and disclosure of the Platform User’s information obtained from the Platform.

The term ‘information’/ ‘personal data’ shall include ‘Personal Information’ and ‘Sensitive Personal Information’ as defined in the Information Technology Act, 2000, DPDP Act and the rules made thereunder. These definitions may be modified in case of any change in law or introduction of new laws.

ACCESSING, BROWSING, OR OTHERWISE USING THE PLATFORM, CONFIRMS YOUR ACCEPTANCE OF THIS PRIVACY POLICY, SO PLEASE READ THE TERMS OF THIS PRIVACY POLICY CAREFULLY BEFORE PROCEEDING AND PLEASE DO NOT USE THE APP OR SERVICES THEREIN IN CASE YOU DO NOT AGREE TO B BOUND BY THE SAME.

Scope

This Privacy Policy applies to all personal data collected through the ActivBharat mobile applications, website, and related services. It covers users located in India, the European Union, and elsewhere.

Data We Collect and Why we collect it

Account Data

  • Name, email, phone, DOB, gender, profile picture, height, weight, Location (based out of)
  • Purpose: Profile creation, personalization, login, syncing across devices.

Event Data (User’s)

  • Participant details required for event registration (e.g., name, contact number, DOB, gender, emergency contact, blood group, T-shirt size, medical history - fields vary by event) are collected through ActivBharat’s UI but processed directly by Ticmint’s backend systems via secure APIs.
  • Payment information (UPI, card, wallet, etc.) is entered by the user on Ticmint’s secure web-view and processed through the payment gateway using ENIL’s Merchant ID. ActivBharat does not store sensitive payment details.
  • Ticmint stores the registration and payment records and shares the necessary participant details directly with event organizers for bib assignment, logistics, and communication.
  • ActivBharat does not permanently store participant registration form data in its own database. Instead, ActivBharat only receives: Booking confirmation status (success / failure / pending), and Transaction records/logs provided by Ticmint for audit, reconciliation, and customer support.
  • ActivBharat logged in user profile data (such as login email, phone number, DOB, or gender stored in the user’s account) is not automatically shared with Ticmint or event organizers, unless the user explicitly enters the same information again as part of the event registration form.
  • Users will be able to access Ticmint’s Privacy Policy here.

Health & Fitness Data

  • From trackers , both read and write (write in case user does some video based traninings from the app) (with user consent): steps, distance, calories, workouts, heart rate, sleep.
  • From GPS: distance, pace, route, elevation, calories, time.
  • From workouts: video completions, timings, calories.
  • From preferences: training preferences, fitness level, weekly frequency.
  • From goals: daily target steps, distance, calories.
  • Usage: progress dashboards, badges/streaks, personalization.
  • All health/fitness data sync (Apple Health, Google Fit, GPS tracking) is collected only with explicit user consent, and users can withdraw consent at any time via device/app settings.

Device & Technical Data

  • Device model, OS, app version, IP address, cookies (web).
  • Usage: diagnostics, app performance, fraud prevention, analytics.

Content & Community Data

  • Posts, reactions, shares, comments.
  • Moderated via profanity filter, image checks, user reports.
  • Usage: powering community feeds, maintaining safe environment.
  • Note: User-generated content reflects the views of individual users. ActivBharat moderates for abuse but does not take responsibility for accuracy or opinions expressed in user posts.

Integrations

  • Gaana: token for linking accounts, playlist usage.
  • Weather API: location for local alerts.
  • Routes: location for nearby recommendations.

Commerce Data

  • We track when a user clicks on an affiliate link and, where possible, whether that click results in a successful conversion (via redirect parameters from the partner).
  • This data is used only to attribute sales/commissions to ActivBharat.
  • After attribution/reconciliation, we would not retain user-identifiable affiliate click or purchase data - only aggregated, anonymized reports are kept for internal business and financial records.

Location Data

  • City-level (events, weather, routes).
  • GPS-level (runs, route tracking).
  • Usage: personalized experiences, weather alerts, run summaries.
  • Note: Users can disable location permissions at the device level; this may limit access to GPS tracking, weather alerts, and route discovery features and information on nearby events.

Communications

  • Raise support queries, bug reports, submit app feedback (from Settings).
  • Notifications & preferences (opt-in/opt-out) (from Settings).
  • Usage: support, retention, engagement analytics.
  • Important: Communications (email/WhatsApp) for marathon and other events bookings to be handled directly by Ticmint – invoice and tickets.

In General

We process personal data to:
- Create and manage accounts.
- Facilitate event registration, ticketing, and payments.
- Provide health and fitness tracking features.
- Enable community engagement and content sharing.
- Provide personalized recommendations and alerts.
- Ensure security, fraud prevention, and diagnostics.
- Fulfil legal and contractual obligations.

Legal Basis for Processing

Our processing of personal data is based on:
- Consent: For health/fitness tracking, GPS/location data, integrations, and optional services.
- Contractual Necessity: To deliver core services such as event booking and account management.
- Legal Obligation: For compliance with tax, audit, and regulatory requirements.
- Legitimate Interests: For analytics, service improvements, and prevention of fraud, balanced against user rights.

Data Sharing

We may share data only as necessary with: - Ticmint: For event registrations, ticketing, and payments (primary custodian for such data). - Event Organizers: Via Ticmint, for logistics and communication. - Payment Gateways: For secure processing of transactions. - Technology Partners: Such as Gaana, weather services, analytics providers, with appropriate safeguards. - Analytics or marketing SDKs (e.g., Firebase, GA, Appsflyer). - Authorities: Where legally required. We will disclose Your information to any person as mandated by law and/or courts/tribunal or such other legal/administrative/governmental or regulatory authorities.

We do not sell personal data to advertisers.

Cross-Border Data Transfers

We may transfer, store, or process your personal data outside your country of residence, including to other countries within the Association of Southeast Asian Nations (“ASEAN”) region and elsewhere, where our affiliates, service providers, and business partners operate. Such transfers are necessary for the operation of our services, including data hosting, analytics, payments, logistics, and technical support.

To ensure that your personal data continues to receive a high and consistent level of protection during such transfers, We have adopted and implemented the ASEAN Model Contractual Clauses (MCCs) for Cross-Border Data Flows, endorsed by the ASEAN Digital Senior Officials’ Meeting (ADGSOM) in January 2021.

  • Lawful Basis and Notification: All cross-border transfers of personal data are carried out in accordance with applicable laws of the relevant ASEAN Member States (“AMS Laws”). Where required, you will be notified of, and your consent obtained for, the transfer and processing of your personal data in another country.
  • Controller-to-Processor Transfers: When We transfer personal data to a third-party service provider (‘Data Processor’) such as a cloud host, analytics platform, or payment processor that processes data on our behalf, the following safeguards apply;
    1. The processor shall process the data only for the purposes and under the instructions provided by us.
    2. The processor shall implement appropriate technical and organizational measures to protect the data from unauthorized access, disclosure, alteration, or loss.
    3. Any onward transfer by the processor to another sub-processor shall be subject to equivalent contractual obligations.
    4. The processor shall promptly notify us of any actual or suspected data breach.
    5. Upon completion or termination of the processing activity, the processor shall return or securely delete all personal data as directed by us.
  • Controller-to-Controller Transfers: When we transfer personal data to another independent organization (another data controller) such as an affiliated company or event partner — for its own legitimate business purposes;
    1. Both parties act as independent controllers and agree to handle the data in accordance with applicable AMS Laws and the ASEAN MCCs.
    2. The receiving controller shall implement reasonable security and privacy measures, notify us of any data breach, and respond to inquiries from data subjects or authorities as required by law.
    3. We ensure that only the minimum data necessary for the intended purpose is shared.
  • Accountability and Due Diligence: Before transferring personal data across borders, We conduct due diligence to assess the recipient’s data protection standards and ensures that contractual safeguards consistent with the ASEAN MCCs are in place. Onward transfers are permitted only where equivalent protection is maintained.
  • Rights and Remedies of Individuals: Individuals whose personal data is transferred under these arrangements retain their rights under applicable laws to access, or request deletion of their personal data, and to seek redress in accordance with relevant AMS Laws. Where permitted, individuals may enforce certain protections as third-party beneficiaries of the ASEAN MCCs.
  • Choice of Law and Enforcement: Contracts incorporating the ASEAN MCCs are interpreted in accordance with the applicable law of the relevant ASEAN Member State. Individuals have access to effective legal remedies and compensation under such law for any breach of data protection obligations.
  • Variation and Compatibility: We may adapt or supplement the ASEAN MCCs with additional clauses or mechanisms (such as adequacy decisions, certifications, or binding corporate rules) as required to comply with specific national laws or international standards, provided that such modifications do not diminish the level of protection guaranteed under the ASEAN MCCs.

By adopting the ASEAN MCCs, We ensure that all cross-border transfers of personal data — whether within the ASEAN region or beyond — uphold the principles of transparency, accountability, security, and fairness as set out in the ASEAN Framework on Personal Data Protection (2016) and other applicable data protection laws.

Data Retention

We retain personal data for as long as necessary for the purposes described. Account data is retained until a user deletes their account. Event data is retained by Ticmint as per their own policies, with limited access provided to us for audits and support. Certain records (tax, financial, legal) may be retained for statutory durations.

Data Security

We apply appropriate technical and organizational measures to secure personal data, including encryption, secure servers, and restricted access. Sensitive payment data is handled only by certified payment gateways via Ticmint.

Your Rights

Depending on applicable law (GDPR/DPDP), you may have the following rights:
- Right to access and obtain a copy of your data.
- Right to correction and updating.
- Right to deletion/erasure (‘right to be forgotten’).
- Right to withdraw consent at any time.
- Right to restrict or object to processing.
- Right to data portability (where applicable).
- Right to nominate in such manner as may be prescribed, any individual, who shall, in the event of your death or incapacity exercise your rights in accordance with DPDP Act and rules made thereunder.
- Right to lodge a complaint with a supervisory authority (EU Data Protection Authority or India’s Data Protection Board).
All other rights as per applicable laws and regulations.

You shall can make a request for erasure of her personal data, and upon receipt of such a request, We shall erase her personal data unless retention of the same is necessary for the specified purpose or for compliance with any law for the time being in force.

Children’s Data

Our services are intended for users 18 years and older. We do not knowingly collect personal data from children without parental consent. If we learn we have collected data from a child without proper consent, we will delete it promptly.

Updates to this Policy

We may revise this Privacy Policy periodically. Users may be notified of significant changes through the app, website, or email.

The Company reserves the right, at its sole discretion, to amend, change or replace any part of the Privacy Policy by posting updates and changes to the Platform. It is Your responsibility to check the Platform periodically for changes. Your continued use of or access to the Platform or the Services following the posting of any changes to the Privacy Policy constitutes acceptance of those changes.

If You have any questions about this Privacy Policy or security incident to report, please feel free to contact Us.

Contact Us

For any queries or to exercise your rights under this Privacy Policy, please contact:
Email: mirchi.feedback@timesgroup.com

Data Protection Officer

Address: Entertainment Network (India) Limited, 4th Floor, The Times Group, Sunteck Icon, CST Link Road, Kalina, BKC Junction, Santacruz East, Mumbai - 400098, Maharashtra, India.