IRF27 Privacy Policy
How we handle your personal data when you use our site and join us at Indian Riders Fest 2027.
WHO WE ARE (DATA CONTROLLER) AND HOW TO CONTACT US
Controller: Legendary Productions s.r.o., organiser of the Indian Riders Fest 2027, further mentioned as IRF27
Registered in: Czech Republic
Registered address: Ocelkova 643/20, 198 00 Prague, Czech Republic
VAT/Tax No.: CZ24317489
Chamber of Commerce registration no.: C 196098
Date of registration: 12.07.2012
Contact (general/privacy): info@indianridersfest.eu
Data rights requests: privacy@indianridersfest.eu
Event details for reference
Dates: Thursday 17 June to Sunday 20 June 2027 (3 days, 3 nights)
Location: Lipno nad Vltavou, Czech Republic
SCOPE OF THIS POLICY
This Policy applies to:
Use of the IRF27 website and E-shop
Communications with us (email, forms, social media)
Participation in Indian Riders Fest 2027 (on-site and off-site activities)
CATEGORIES OF PERSONAL DATA WE COLLECT
Depending on how you interact with us, we may collect:
Identification and contact data: name, email, phone, postal address, country/region.
Registration data: order profile, preferences.
Order and transaction data: purchased items, ticket/pack details, booking identifiers, amounts, currency, VAT, company name and VAT number (for business orders), invoice details.
Payment-related data: payment status, method, last 4 digits and card brand. We do not store full card numbers; payments are processed by third parties (e.g., Stripe).
Rider information (optional): rider/pillion status, the motorcycle you ride, Indian Motorcycle dealership, IMRG club, and prior IRF attendance, where you choose to share it.
Event operations data: check-in/out time stamps, wristband/QR validation, group/ride-out assignments, dietary or accessibility notes you choose to share.
Communications data: emails, messages, support requests, survey responses.
Marketing preferences: newsletter opt-ins/opt-outs, channel preferences.
Device and usage data: IP address, device/browser type, language, referrer/UTM, pages viewed, approximate location, cookies and similar identifiers.
Media from the Event: photos and videos captured by our team or accredited partners that may include your image or motorcycle.
Emergency/assistance data (optional): information you provide for accessibility or special assistance. Do not share sensitive medical details unless strictly necessary.
HOW WE COLLECT YOUR DATA
Directly from you: website forms, checkout, emails, event registration and check-in, surveys, competitions, and on-site interactions.
Automatically: via cookies, pixels, SDKs, server logs, and analytics tools when you browse our site.
From third parties: payment providers (e.g., Stripe), email/CRM and ticketing systems, event vendors (e.g., accommodation partners for rooming lists), marketing or social media platforms when you interact with our content, and professional photo/video partners.
PURPOSES AND LEGAL BASES
We process your data under GDPR on these legal bases:
Contract: to register you, process orders, deliver tickets/packs, provide customer support, and operate on-site services.
Legitimate interests: to run and secure our services; plan logistics and ride-outs; prevent fraud/abuse; produce event media; analyze and improve our website and event; send service notices; keep basic suppression lists for opt-out management.
Consent: to send marketing messages where required; to place/activate non-essential cookies; to share your data with selected partners when you opt in; to capture and use certain close-up media if consent is specifically requested.
Legal obligation: tax and accounting retention; responding to lawful requests from authorities.
Vital interests: basic information sharing with emergency services in case of an incident.
HOW WE USE YOUR DATA
Account and ticketing: registrations, order confirmations, invoicing, check-in, wristband/QR activation.
Payments: processing via Stripe; fraud screening; refunds where applicable.
Event operations and safety: capacity management, ride-out and parade coordination, marshal briefings, access controls, and health/safety compliance.
Communications: service emails (e.g., schedule updates, arrival info), responses to inquiries, surveys and feedback.
Marketing: newsletters, event news, offers, and promotions (you can opt out anytime).
Analytics and site performance: measuring traffic and engagement to improve our services.
Media and storytelling: capturing photos/videos at the Event to document and promote IRF27 across our channels and trusted partners.
Compliance and security: logs, audits, and incident response.
SHARING YOUR DATA
We share personal data only as needed for the purposes above and subject to appropriate safeguards:
Service providers (processors): hosting and cloud storage, CRM/email platforms, customer support tools, analytics, security, on-site scanning and accreditation.
Payment providers: Stripe, to process payments. They may act as independent controllers—see their respective privacy policies.
Event vendors and partners: accommodation partners for rooming and access, on-site production teams, accredited photo/video contractors, ride-out stewards where needed for safety coordination.
Marketing and media: email platforms, social networks (if you interact with our content), and accredited media partners for event coverage.
Authorities and legal: where required by law, to protect rights and safety, or to respond to lawful requests.
Corporate transactions: in connection with a merger, acquisition, or asset transfer, subject to continuity of protections. We require confidentiality and data protection commitments from processors and do not sell your personal data.
INTERNATIONAL TRANSFERS
If we transfer data outside the EU/EEA, we use recognized safeguards such as:
European Commission adequacy decisions (where available).
Standard Contractual Clauses (SCCs) and supplementary measures as needed.
Provider-specific frameworks where applicable. You can contact us for details of current transfer mechanisms.
RETENTION PERIODS
We keep personal data only as long as necessary for the stated purposes or as required by law:
Accounts and registration data: while active and for up to 24 months of inactivity, then deletion or anonymization.
Orders, invoices, and tax records: typically 10 years (or longer if required by applicable law).
Customer support: up to 24 months after resolution.
Device/usage logs: typically 12 months.
Marketing data: until you withdraw consent or object; we keep minimal records to honor your opt-out.
Event media: retained for documentation and archival purposes. You may request reasonable takedown of content featuring you where our legitimate interests do not override your rights.
COOKIES AND SIMILAR TECHNOLOGIES
We use essential cookies (site operation), analytics cookies (performance/usage), and marketing cookies (ads/personalization).
Where required, we ask for your consent before setting non-essential cookies. You can change preferences via our cookie banner or your browser settings.
Disabling some cookies may affect site functionality. Learn more about cookies at www.allaboutcookies.org.
PAYMENTS (STRIPE)
Payments are handled by third-party providers such as Stripe. They receive information necessary to process your transaction and may conduct fraud checks.
We do not store full payment card numbers on our systems. Please review your provider's privacy policy for details on their processing.
EVENT PHOTOGRAPHY & MEDIA
We document IRF27 with photos and video for event operations, community storytelling, and promotional use across our channels (website, social media, newsletters) and trusted partners.
Our legal basis is legitimate interests. We take care to capture the event context and avoid undue intrusion. If you prefer not to be in close-up shots, tell our photographers on site or contact us.
You can request reasonable removal of identifiable images featuring you, subject to legal or editorial limitations.
YOUR RIGHTS
Subject to GDPR and applicable law, you have the right to:
Access your data and receive a copy.
Rectify inaccurate or incomplete data.
Erase data ("right to be forgotten") where applicable.
Restrict or object to processing, including for direct marketing.
Data portability for information you provided to us.
Withdraw consent at any time, without affecting prior lawful processing. To exercise rights, contact privacy@indianridersfest.eu. We may need to verify your identity. We aim to respond within one month, extendable where permitted for complex requests. You can also manage marketing preferences via the unsubscribe link in our emails.
SECURITY
We apply technical and organizational measures to protect your data against unauthorized access, loss, alteration, or misuse, including encryption in transit, access controls, backups, and staff training.
No system is 100% secure; please keep your account credentials confidential and notify us promptly of any suspected compromise.
CHILDREN
IRF27 services are not directed to children under the age established by applicable law.
Where minors attend the event, registration and consent should be managed by a parent or legal guardian. We do not knowingly collect data from children without appropriate consent.
THIRD-PARTY WEBSITES AND SERVICES
Our site may link to third-party websites or services. Their privacy practices are governed by their own policies. Please review those policies before providing any data.
SUPERVISORY AUTHORITY AND COMPLAINTS
You can lodge a complaint with your local data protection authority or with: The Office for Personal Data Protection (Úřad pro ochranu osobních údajů), Address: Pplk. Sochora 27, 170 00 Praha 7, Czech Republic, Website: www.uoou.cz
We encourage you to contact us first so we can try to resolve your concerns.
CHANGES TO THIS POLICY
We may update this Policy to reflect operational, legal, or regulatory changes. The "Last updated" date appears below. Material changes will be highlighted on this page.
CONTACT US
Controller: Legendary Productions s.r.o., organiser of the Indian Riders Fest 2027 (IRF27)
Address: Ocelkova 643/20, 198 00 Prague, Czech Republic
Email: info@indianridersfest.eu
Data rights requests: privacy@indianridersfest.eu
Last updated: 30 June 2026