Mookh Logo
0

Your Cart

Your cart is empty

Looks like you haven't added any tickets yet.

Explore Events
All legal documents
Legal

Data Processing Addendum

How organisers must handle attendee personal data they receive through MOOKH, and each party’s data-protection roles.

Effective 20 February 2026Version 1.05 min readFor organisers

1. Scope

This Data Processing Addendum ("DPA") applies where an organiser receives or processes personal data about attendees through the Services. It forms part of our Organiser Agreement and should be read together with our Privacy Policy.

2. Roles of the parties

MOOKH operates the platform and determines how it processes personal data to provide the Services. When an organiser receives attendee data to run its own events and decides how to use it, the organiser acts as an independent controller of that data and is responsible for its own compliance.

Each party is responsible for complying with the data-protection laws that apply to it, including any applicable laws of Kenya, Uganda, and Rwanda.

3. Organiser obligations

As an organiser, you must:

  • use attendee personal data only to operate and manage the event it relates to, and not for unrelated purposes;
  • have a lawful basis for any further use, including marketing, and obtain consent where required;
  • keep the data confidential and protect it with appropriate security measures;
  • honour attendees’ rights (such as access, correction, and deletion) and respond to their requests;
  • not retain the data longer than necessary, and securely delete it when no longer needed; and
  • not transfer the data to third parties or across borders except as permitted by law.

4. Security

Each party will implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage, taking into account the nature of the data and the risks involved.

5. Personal data breaches

If you become aware of a personal data breach affecting attendee data you received through the Services, you must take prompt steps to contain and remedy it, notify the relevant authority and affected individuals where the law requires, and inform us without undue delay at [email protected].

6. Service providers

MOOKH may engage service providers (such as hosting, analytics, and communications partners) to help provide the Services, under appropriate confidentiality and data-protection obligations. Where you engage your own service providers to process attendee data, you are responsible for imposing equivalent obligations on them.

7. Return and deletion

On termination of your use of the Services, or where attendee data is no longer needed for the event it relates to, you must delete or securely dispose of that data, except where you are required by law to retain it.

8. Liability and indemnity

You are responsible for, and agree to indemnify MOOKH against, any claim, fine, or loss arising from your handling of attendee personal data in breach of this DPA or applicable data-protection law.

9. Contact us

For any data-protection questions, contact us at [email protected].

Questions? Email [email protected]

Back to all documents →