Introduction and Scope
RUNINDIA NETWORKS PVT. LTD., (“the “Company”, “we”, “us” or “our”), a Company incorporated under The Companies Act, 2013, and having its registered office at A-403, Tricity Grand CHS, Sector 30, Plot No. 33/34, Kharghar – 410210, Maharashtra, India, operates an online platform that enables organisers, promoters, clubs, federations and companies (collectively, “Event Organisers”) to list, promote and sell tickets and registrations for sports, fitness and endurance events, including marathons, runs, races, cycling and biking events, triathlons, trekking, adventure and similar activities (each, an “Event”).
This Privacy Policy (“Policy”) explains how we collect, use, store, share, disclose, retain, transfer and otherwise process the personal data of users when they access or use our website `www.runindia.in`, our mobile applications, our application programming interfaces, and any associated micro-sites, pages, features or services that link to or display this Policy (collectively, the “Platform”).
This Policy forms part of, and must be read together with, our Terms of Use and any other notices, consent forms or supplementary terms that we may provide to you. By accessing or using the Platform, creating an account, registering for or purchasing tickets to an Event, or otherwise providing your personal data to us, you acknowledge that you have read and understood this Policy.
This Policy does not apply to: (i) websites, applications, platforms or services operated by third parties, including Event Organisers, Payment Service Providers, and other partners, even where they are accessible through or linked from the Platform; or (ii) information that you share directly with such third parties. We encourage you to review the privacy policies of those third parties before sharing your personal data with them.
Capitalised terms used in this Policy have the meanings given to them in Section 2 (Definitions) or as defined in the body of this Policy.
Definitions
In this Policy, unless the context requires otherwise:
- “Applicable Law” means the Digital Personal Data Protection Act, 2023 (“DPDP Act”) and the Digital Personal Data Protection Rules, 2025 (“DPDP Rules”), the Information Technology Act, 2000 and the rules made thereunder, and any other law, rule, regulation, notification or guideline applicable to the processing of personal data in India, as amended from time to time.
- “Data Fiduciary” means a person who, alone or in conjunction with others, determines the purpose and means of processing personal data. The Company is a Data Fiduciary in respect of the personal data it processes for its own purposes.
- “Data Principal” means the individual to whom the personal data relates, and where such individual is a child, includes the parent or lawful guardian; and where such individual is a person with disability, includes their lawful guardian.
- “Data Processor” means any person or company who processes personal data on behalf of a Data Fiduciary.
- “Personal Data” means any data about an individual who is identifiable by or in relation to such data.
- “Processing” means a wholly or partly automated operation or set of operations performed on digital personal data, and includes collection, recording, organisation, structuring, storage, adaptation, retrieval, use, alignment, combination, indexing, sharing, disclosure, dissemination, restriction, erasure or destruction.
- “You” / “User” means any Data Principal who accesses or uses the Platform, including registered users, ticket purchasers, Event participants and visitors.
Consent and Lawful Basis for Processing
We process your Personal Data only for lawful purposes and on a lawful basis, namely (i) the consent you provide; or (ii) certain legitimate uses permitted under Applicable Law, including where you voluntarily provide your Personal Data for a specified purpose and have not indicated that you do not consent to its use.
Where we rely expressly on consent, we will, at or before the time of collection, provide a notice (“Consent Notice”) that describes the Personal Data sought to be collected, the purpose of processing, and the manner in which you may exercise your rights.
Your consent must be free, specific, informed, unconditional and unambiguous, given through a clear affirmative action, and limited to the Personal Data necessary for the specified purpose. By providing consent, you signify your agreement to the processing of your Personal Data for that purpose.
Withdrawal of consent: You may withdraw your consent at any time, with effect for the future, through the channels described in Section 14. Withdrawal of consent will not affect the lawfulness of processing carried out before such withdrawal. Where you withdraw your consent, we will cease the relevant processing within a reasonable time and cause our Data Processors to do the same, unless retention or processing is required or permitted under Applicable Law. Withdrawing certain consents may limit or prevent your ability to use parts of the Platform, including registering for or purchasing tickets to Events.
Personal Data We Collect
We collect Personal Data in three principal ways: (i) information you provide to us directly; (ii) information we collect automatically through technology; and (iii) information we receive from third parties. The categories of Personal Data we may collect include the following:
Information you provide to us:
- Identity and contact information, such as your name, gender, date of birth, age, postal address, PIN code, city, state, country, email address and telephone or mobile number.
- Account credentials, such as your username, password and security questions.
- Event participation information, such as the Events you register for, ticket categories, participant or bib details, t-shirt size, race category, finish-line preferences and other registration details requested by the Event Organiser.
- Emergency and health-related information that an Event Organiser may require for participant safety, such as emergency contact details, blood group, and self-declared fitness or medical declarations.
- Payment information, such as the name on the instrument, the type of instrument, and transaction references. Full card numbers, CVV and banking credentials are collected and processed directly by our Payment Service Providers.
- Communications, such as your comments, feedback, queries, ratings, reviews, survey responses and correspondence with us.
- Preferences, such as your interests, communication and marketing preferences, and language settings.
Information collected automatically:
- Internet Protocol (IP) address and approximate location derived from it.
- Device, browser and connection information, such as device type, operating system, browser type and version, mobile network information and unique device identifiers.
- Usage and clickstream data, such as the pages, Events and content you view or search for, the links you click, dates and times of access, referring and exit pages, and session duration.
- Precise location information, where you enable location services on your device and consent to such collection, to provide location-relevant Events and features.
Where automatically collected information is combined with information that identifies you, we treat the combined information as Personal Data. Aggregated, anonymised or de-identified information that cannot reasonably be used to identify you is not treated as Personal Data and may be used for any lawful purpose.
Information from third parties: We may receive Personal Data about you from Event Organisers, co-organisers, timing and registration partners, social-media platforms, payment service providers, analytics providers, and other partners.
Sensitive and special-category data: Some Events may require limited health or fitness-related information for participant safety. We collect and process such information only where you provide it for the relevant purpose, apply enhanced safeguards to it, and do not use it for any unrelated purpose.
Cookies and Similar Technologies
The Platform uses cookies and similar technologies, such as web beacons, pixels, tags and software development kits, to operate and improve the Platform. Cookies are small text files placed on your device that allow the Platform to recognise your device on subsequent visits.
We use: (i) strictly necessary cookies, which are required for core functionality such as login, security and processing transactions; (ii) functional cookies, which remember your preferences; (iii) analytics or performance cookies, which help us understand how the Platform is used; and (iv) advertising or targeting cookies, which help deliver and measure relevant promotions.
You can manage cookies through your browser or device settings, including blocking or deleting cookies and choosing to be notified when a cookie is set. Where required by Applicable Law, we will seek your consent for non-essential cookies through a cookie banner or similar mechanism.
Our HTML-formatted emails may contain a web beacon that tells us whether the email was opened and whether links within it were clicked.
How We Use Your Personal Data
We use your Personal Data only for the purposes for which it was collected and for compatible purposes permitted under Applicable Law, including to:
- create and administer your account and verify your identity;
- process your Event registrations, ticket purchases, orders and payments, and deliver tickets, confirmations and receipts;
- facilitate your participation in Events, including sharing necessary details with the relevant Event Organiser and timing or logistics partners;
- provide customer support, respond to your queries, and manage cancellations, refunds, transfers and disputes;
- operate, maintain, personalise, improve and secure the Platform and develop new features and services;
- send you transactional and service communications relating to your account, Events and purchases;
- send marketing communications, offers, newsletters and event information where allowed;
- conduct analytics, research, surveys, audits and quality assurance; and
- comply with Applicable Law, respond to lawful requests, establish or defend legal claims, and enforce our terms.
Sharing and Disclosure of Personal Data
We do not sell your Personal Data. We may share your Personal Data with the following categories of recipients, in each case subject to appropriate safeguards and only as necessary for the relevant purpose:
- Event Organisers – where you register for or purchase tickets to an Event, we share the Personal Data necessary for the Event Organiser to administer your registration, manage participation, ensure participant safety and comply with their legal obligations. Event Organisers determine their own purposes for such Personal Data and act as independent Data Fiduciaries in that respect.
- Service providers and Data Processors – we may engage third parties to provide hosting, cloud storage, payment processing, timing and registration, analytics, marketing, communications, customer support, fraud prevention and similar services. These providers process Personal Data on our behalf under contractual obligations to maintain confidentiality and security and to process Personal Data only in accordance with our instructions and Applicable Law.
- Payment service providers – to process payments, refunds and chargebacks. Such providers handle your payment instrument details directly and in accordance with applicable card-network and regulatory standards.
- Group companies and affiliates – for the purposes described in this Policy, subject to equivalent protections.
- Legal, regulatory and law-enforcement authorities – where we are required or permitted to do so under Applicable Law, by court order, or to respond to lawful requests, prevent harm, or protect our rights, property and safety and those of others.
- Successors – in connection with a merger, acquisition, financing, reorganisation, sale of assets, insolvency or similar transaction, in which case Personal Data may be transferred as part of the transaction subject to this Policy or a successor policy offering comparable protection.
Role of Event Organisers
The Platform acts as an intermediary that enables Event Organisers to list Events and sell tickets and registrations. When you register for or purchase tickets to an Event, certain of your Personal Data is shared with, and independently processed by, the relevant Event Organiser for purposes determined by that Event Organiser.
In respect of such independent processing, the Event Organiser is a separate Data Fiduciary and is responsible for its own compliance with Applicable Law, including providing notices, obtaining any required consents, honouring Data Principal rights, and implementing appropriate security safeguards.
We encourage you to review the privacy policy of the relevant Event Organiser before registering for or purchasing tickets to an Event. Any queries or requests relating to an Event Organiser’s own processing of your Personal Data should be directed to that Event Organiser.
Children and Persons with Disabilities
The Platform is intended for use by persons who are 18 years of age or older. We do not knowingly create accounts for, or solicit Personal Data directly from, children except in accordance with Applicable Law.
Where the processing of a child’s Personal Data is involved, we will obtain verifiable consent of the parent or lawful guardian in the manner required under Applicable Law. Where a Data Principal is a person with disability who has a lawful guardian, we will obtain the consent of the lawful guardian.
We will not undertake any processing of a child’s Personal Data that is likely to cause any detrimental effect on the well-being of the child, and we will not undertake tracking, behavioural monitoring or targeted advertising directed at children, except as permitted under Applicable Law.
If we become aware that we have collected the Personal Data of a child without the required verifiable consent, we will take reasonable steps to delete such information promptly. If you believe that we hold a child’s Personal Data without appropriate consent, please contact our Grievance Officer using the details in Section 16.
Data Retention and Erasure
We retain your Personal Data only for as long as is necessary to fulfil the purposes for which it was collected, to provide the Platform and our services to you, and to comply with legal, accounting, tax, regulatory and contractual obligations.
We will erase your Personal Data, and cause our Data Processors to erase it, when: (i) you withdraw your consent and there is no other lawful basis to retain it; (ii) the purpose for which it was collected is no longer being served by its retention; or (iii) any retention period prescribed under Applicable Law expires, whichever is earliest, unless retention is required or permitted under Applicable Law.
Where a User does not engage with the Platform or otherwise approach the Company for the specified purpose for the period prescribed under Applicable Law, we may treat the purpose as no longer being served and erase the associated Personal Data.
We may retain anonymised or aggregated information, which does not identify you, for analytics and record-keeping purposes for longer periods.
Data Security
We implement reasonable security safeguards designed to protect Personal Data against unauthorised access, use, disclosure, alteration, loss or destruction. These safeguards may include encryption, access controls, secure development practices, network and application security measures, logging and monitoring, data minimisation and back-ups, and contractual obligations imposed on our Data Processors.
While we take reasonable measures to protect your Personal Data, no method of transmission over the internet or method of electronic storage is fully secure. You are responsible for maintaining the confidentiality of your account credentials and for any activity carried out through your account. You agree to notify us promptly of any unauthorised use of your account.
To the maximum extent permitted under Applicable Law, the Company shall not be liable for any loss arising from a security incident or breach that occurs despite the implementation of reasonable security safeguards and that is beyond the Company’s reasonable control, including incidents attributable to your acts or omissions or to third parties.
In the event of a personal data breach, we will take steps to mitigate the breach and will notify the Data Protection Board of India and affected Data Principals in the manner and within the timelines prescribed under Applicable Law.
Cross-Border Transfer of Personal Data
We primarily store and process Personal Data on servers located in India. Where we transfer Personal Data outside India, we will do so only to countries or territories that are not restricted under Applicable Law, and subject to any conditions and restrictions prescribed by the Government of India.
Where any category of Personal Data is subject to data-localisation requirements prescribed under Applicable Law, we will store and process such Personal Data in accordance with those requirements. We require recipients of Personal Data outside India to provide a level of protection consistent with this Policy and Applicable Law.
Your Rights as a Data Principal
Subject to and in accordance with Applicable Law, you have the following rights in relation to your Personal Data:
- Right to access information – to obtain a summary of the Personal Data we process about you, the processing activities undertaken, and the identities of other Data Fiduciaries and Data Processors with whom your Personal Data has been shared, together with a description of the Personal Data shared.
- Right to correction and erasure – to request the correction of inaccurate or misleading Personal Data, the completion of incomplete Personal Data, the updating of your Personal Data, and the erasure of Personal Data that is no longer necessary for the purpose for which it was processed, unless retention is required under Applicable Law.
- Right to grievance redressal – to have access to a readily available means of grievance redressal in respect of any act or omission regarding the performance of our obligations.
- Right to nominate – to nominate another individual who may exercise your rights under Applicable Law in the event of your death or incapacity.
- Right to withdraw consent – to withdraw your consent at any time, as described in Section 3.
You also have a duty under Applicable Law to provide accurate information, not to impersonate another person, not to suppress material information, and not to register false or frivolous grievances or complaints.
How to Exercise Your Rights and Raise Grievances
You may exercise your rights, or raise a grievance, by contacting our Grievance Officer using the details set out in Section 16, or through any dedicated facility we make available on the Platform. To help us verify your identity and respond accurately, please provide the details we reasonably request, which may include your registered username, registered email address or other identifying information.
We will respond to your request or grievance within the timelines prescribed under Applicable Law. We will endeavour to resolve grievances expeditiously and, in any event, within the period prescribed under Applicable Law from the date of receipt of the grievance.
If you are not satisfied with our response, or if your grievance is not resolved within the prescribed period, you may make a complaint to the Data Protection Board of India in accordance with Applicable Law.
Marketing and Communications Preferences
We may send you service and transactional communications that are necessary for your use of the Platform, such as confirmations, receipts, security alerts and changes to our terms. You cannot opt out of these communications while you maintain an account or transaction with us.
Where you have consented, or as otherwise permitted under Applicable Law, we may send you marketing communications about Events, offers and services. You may opt out of marketing communications at any time by using the unsubscribe link in our emails, adjusting your communication preferences in your account, or contacting us using the details in Section 16. Opting out of marketing communications will not affect service or transactional communications.
Contact Us and Grievance Officer
If you have any questions about this Policy, wish to exercise your rights, or wish to raise a grievance regarding our processing of your Personal Data, you may contact us at:
Data Fiduciary
RUNINDIA NETWORKS PVT. LTD.
Registered Office
A-403, Tricity Grand CHS, Sector 30, Plot No. 33/34, Kharghar – 410210, Maharashtra, India
Grievance Officer / Contact Person
RunIndia Support Team
Email
registrations@runindia.in
Telephone
WhatsApp: +91 8655942195
Third-Party Links and Services
The Platform may contain links to, or integrations with, third-party websites, applications and services, including those of Event Organisers, payment providers and social-media platforms. This Policy does not apply to those third parties, and we are not responsible for their content, privacy practices or security. Your interactions with such third parties are governed by their own terms and privacy policies, which we encourage you to review.
Changes to This Policy
We may update this Policy from time to time to reflect changes in our practices, technologies, legal requirements or for other operational reasons. When we make changes, we will post the revised Policy on the Platform with an updated “Last Updated” date. Where required under Applicable Law, we will provide you with additional notice or seek your fresh consent. Your continued use of the Platform after the revised Policy takes effect constitutes your acknowledgement of the changes, to the extent permitted under Applicable Law. We encourage you to review this Policy periodically.
Governing Law and Jurisdiction
This Policy is governed by and construed in accordance with the laws of India. Subject to Applicable Law, the courts and tribunals at Mumbai, India shall have exclusive jurisdiction over any dispute, controversy or claim arising out of or in connection with this Policy, without prejudice to the statutory jurisdiction of the Data Protection Board of India and any appellate authority under Applicable Law.
Acknowledgement and Consent
By accessing or using the Platform, creating an account, registering for or purchasing tickets to an Event, or otherwise providing your Personal Data to us, you acknowledge that you have read and understood this Policy and, where you provide consent, you consent to the collection, use, sharing, disclosure, retention, transfer and other processing of your Personal Data as described in this Policy and in accordance with Applicable Law.