Privacy Policy

Bloom Graphics and Software Development, trading as BloomEvents ("BloomEvents", "we", "us", or "our"), respects your privacy and is committed to protecting your personal data.

This Privacy Policy explains how and why we collect, use, disclose, store, and protect personal data when you access or use the BloomEvents Platform, including: our website and web dashboard, mobile applications, USSD services, ticket scanning and access-control tools, and related APIs and integrations.

This policy is issued in accordance with the Data Protection Act, 2012 (Act 843) of the Republic of Ghana. By using the BloomEvents Platform, you acknowledge that you have read and understood this Privacy Policy.

BloomEvents as Data Controller

BloomEvents acts as a Data Controller for personal data collected to operate the Platform (accounts, ticketing, payments, security, and compliance).

Event Organizers

Event Organizers act as independent Data Controllers for any additional personal data they choose to collect from Attendees using custom forms, surveys, or questionnaires hosted on the Platform.

Payment and Communication Vendors

Payment Service Providers and communication vendors act as Data Processors under their own privacy and regulatory obligations.

3.1 Identity and Contact Information

We may collect: full name, email address, mobile telephone number, and username or account identifier. For Event Organizers, we may also collect: organization name, business contact details, and role or authority within the organization. This information is collected during account creation, ticket purchases, KYC checks, or when contacting support.

3.2 Event, Ticket, and Attendance Data

When you interact with events on BloomEvents, we collect: events created or managed, tickets purchased, issued, or received, ticket type (paid, free, complimentary, group), ticket validation and check-in timestamps, and scanner or agent identifiers used during validation. This data is required to ensure legitimate entry, prevent fraud, and resolve disputes.

3.3 Organizer-Collected Custom Data

Event Organizers may use BloomEvents to collect additional information from Attendees, such as: dietary requirements, t-shirt sizes, survey responses, and accessibility needs. While this data is stored on our infrastructure for operational purposes, the Organizer is the primary Data Controller for such data and is responsible for complying with applicable data protection obligations in relation to it.

3.4 Financial and Transaction Data

BloomEvents facilitates ticket payments through licensed third-party payment service providers. We may collect and store: transaction references, payment amounts, payment dates and status, and payout and settlement records. Important clarification: BloomEvents does not store full card numbers, CVVs, or mobile money PINs. Sensitive payment credentials are handled directly by licensed payment service providers. BloomEvents does not issue wallets, electronic money, or stored value. Funds collected via ticket sales may pass transiently through BloomEvents' merchant account with a licensed payment provider solely for the purpose of facilitating settlements to Event Organizers.

3.5 USSD and Telecommunications Data

When using BloomEvents via USSD (e.g., *920*XXX#), we collect: MSISDN (phone number), mobile network operator, USSD session identifiers, and menu selections and timestamps. USSD sessions are logged for transaction completion, fraud prevention, customer support, and reconciliation. USSD data is also subject to independent retention policies imposed by mobile network operators.

3.6 Technical and Usage Data

We automatically collect technical data including: IP address, device type and operating system, browser type and version, and session logs and timestamps. This data helps us maintain security, prevent abuse, and improve system reliability.

3.7 Scanner and Mobile Application Data

Our mobile scanner application is used by authorized scan agents to validate tickets at event venues. When using the scanner app, we collect and process the following data:

• Camera access: The app requires camera permission solely for the purpose of scanning QR codes on tickets. No images or video are stored or transmitted — the camera feed is used only for real-time ticket validation.
• Scan logs: Each scan attempt (successful or failed) is logged with: attendee name, ticket reference, ticket status, timestamp, and the scan agent's identifier. These logs are retained for fraud prevention, event analytics, and audit purposes.
• Session tokens: The app stores authentication tokens securely on the device (e.g., via secure storage) to maintain the agent's session. Tokens expire when the access window closes or the agent is revoked.
• Device identifiers: We may collect device type, operating system version, IP address, and app version for security monitoring and troubleshooting.
• Role-based access: Scan agents access attendee information (name, ticket type, admission status) on behalf of and under the authority of the event organizer. Agents cannot export, copy, or retain attendee data outside the app.
• Push notifications: The app may use push notifications for session alerts or operational updates. You can disable these via your device settings.

4.1 Performance of a Contract

We process personal data where necessary to: create and manage accounts, process ticket purchases and issue tickets, deliver tickets via email, SMS, or USSD, and validate tickets at event venues.

4.2 Legal and Regulatory Compliance

We process data to comply with: financial record-keeping obligations, tax and audit requirements, lawful requests from courts or regulators, and anti-fraud and risk-management obligations.

4.3 Legitimate Interests

We process data where necessary to: prevent fraud and ticket abuse, monitor system performance, secure the Platform and APIs, and investigate disputes and misuse. These interests do not override your fundamental rights and freedoms.

4.4 Consent (Limited Use)

We rely on consent only for optional communications such as marketing messages. You may withdraw consent at any time.

These may include: identity verification (name, phone, email validation), confirmation of organizational authority, review of payout account details, and monitoring of transaction patterns for fraud.

KYC data is used strictly for security, compliance, and risk management and is not shared except with lawful authorities or payment partners where required.

6.1 Event Organizers

When you purchase or hold a ticket, relevant details (such as name and ticket status) are shared with the Organizer to manage attendance and access control.

6.2 Service Providers

We share data with trusted providers who assist with: payment processing, SMS and email delivery, and cloud hosting and infrastructure. These providers are contractually obligated to protect your data.

6.3 Legal and Regulatory Authorities

We may disclose personal data where required by law, court order, or regulatory request, or where necessary to prevent fraud or harm.

6.4 Scan Agents

Scan agents are authorized by Event Organizers to access limited attendee data (name, ticket type, admission status) solely for the purpose of validating entry at event venues. Agents operate under the direction and responsibility of the Organizer and do not have independent rights to attendee data.

We implement appropriate technical and organizational measures, including: encrypted data transmission (SSL/TLS), access controls and role-based permissions, and audit logs and monitoring.

While no system can guarantee absolute security, we take reasonable steps to protect your personal data.

Typical retention periods include: Transaction records: up to 6 years (tax and audit compliance). Inactive accounts: anonymized or deleted after prolonged inactivity. USSD logs: retained short-term (typically 6–12 months) for reconciliation and fraud detection. Scan logs: retained for the duration of the event plus up to 12 months for dispute resolution and audit purposes, then deleted or anonymized. Scanner session tokens: automatically invalidated when the access window expires or the agent is revoked.

You have the right to: request access to your personal data, request correction of inaccurate data, request deletion where legally permissible, object to certain processing activities, and withdraw consent to marketing communications.

Requests may be sent to our Data Protection Officer using the contact details below.

We use cookies to: maintain session security, ensure platform functionality, and analyze usage trends.

You may control cookies via your browser settings, though disabling cookies may affect functionality.

The Platform may link to third-party services. BloomEvents is not responsible for the privacy practices of external sites.

We may update this Privacy Policy from time to time. Updates will be posted on the Platform with a revised effective date. Continued use of the Platform constitutes acceptance of the updated policy.

Email: admin@bloomgh.com. Phone: +233 59 911 1700.