Effective Date: May 25, 2025
Governing Entity: Wimbo Au Pty Ltd (ACN: 687 084 984), trading as Wimbo™
Contact: legal@wimbo.au | help@wimbo.au
Registered Address: 470 St Kilda Road, Melbourne, Victoria 3004, Australia

ARTICLE I — PURPOSE, LEGISLATIVE BASIS, AND NORMATIVE AUTHORITY

1.1 This Organizer Verification & Identification Policy ("Policy") is hereby adopted and promulgated by Wimbo Au Pty Ltd (ACN: 687 084 984), trading as Wimbo™, as a binding internal regulatory instrument governing the processes, standards, and compliance obligations relating to identity verification, organizer qualification, age-appropriate access controls, and regulatory oversight for all events created, hosted, or otherwise facilitated through the Wimbo™ digital platform ("Platform").

1.2 The primary objective of this Policy is to:
(a) Ensure lawful and secure use of the Platform through robust and uniform Organizer authentication procedures;
(b) Prevent fraud, impersonation, child endangerment, and unlawful event hosting;
(c) Satisfy applicable international and domestic legal obligations relating to personal data protection, age-based access restrictions, and lawful event hosting conduct;
(d) Enhance public trust and regulatory accountability in the operation of the Wimbo™ ecosystem.

1.3 This Policy shall be read and construed in strict conformity with binding statutory and regulatory frameworks across all relevant jurisdictions, including but not limited to:

• Regulation (EU) 2016/679, General Data Protection Regulation (“GDPR”), including Articles 5 (data processing principles), 6 (lawfulness), 8 (children’s consent), 9 (special category data), 13 (notice requirements), and 32 (security of processing);

• California Consumer Privacy Act and the California Privacy Rights Act (collectively “CCPA/CPRA”), Cal. Civ. Code §§ 1798.100–1798.199.100, governing the processing of personal information of California residents;

• UK General Data Protection Regulation and the Data Protection Act 2018, establishing lawful bases and obligations for data processing within the United Kingdom;

• Australian Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs), applicable to the handling of personal information by Australian entities;

• Children’s Online Privacy Protection Act of 1998 (COPPA), 15 U.S.C. §§ 6501–6506, establishing parental consent requirements and restrictions on the collection of data from minors under the age of 13;

• United Nations Convention on the Rights of the Child (CRC), particularly Articles 16 (protection of privacy) and 34 (protection from exploitation);

• OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, as endorsed internationally for ethical data governance.

1.4 This Policy forms an integral part of Wimbo’s wider legal and regulatory documentation suite, including the Privacy Policy, Terms of Use, and Event Host Agreement, and shall prevail in the event of interpretive ambiguity with respect to Organizer identification, age classification, or jurisdictional application.

ARTICLE II — TERRITORIAL SCOPE, LEGAL EFFECT, AND CONTRACTUAL BINDING NATURE

2.1 This Policy shall apply with full force and effect to all natural and legal persons who, by act or omission, create, promote, manage, or otherwise engage in the organization of events on the Wimbo™ Platform, including but not limited to:
(a) Primary Organizers, Co-Organizers, Group Hosts, Event Managers, and any affiliated entities acting under delegation or contract;
(b) All Event types, including general public events, private invitation-only events, “Adults-Only (18+)” events, and “Kids Events” (as defined infra);
(c) All geographic regions, territories, or states wherein Wimbo™ markets or makes available its Platform services, whether directly or via third-party affiliates;
(d) Any third-party data processors, service providers, marketing partners, or agents acting on behalf of an Organizer or in furtherance of any Event hosted on the Platform.

2.2 This Policy shall have extraterritorial reach to the maximum extent permissible under the doctrines of digital territoriality, contractual consent, and lex loci solutionis, and shall be enforceable under applicable private international law rules.

2.3 By initiating use of the Platform for the purposes of Event organization, all Organizers irrevocably agree to be bound by the provisions herein, which shall constitute a legally binding agreement enforceable under:

• Contract law principles including offer, acceptance, and consideration;

• Applicable consumer protection statutes;

• Applicable data protection laws governing data fiduciaries and controllers;

• Regulatory codes concerning child protection and age-restricted services.

ARTICLE III — LEGALLY DEFINED TERMS

3.1 Verified Organizer: Any individual or entity who has fulfilled Wimbo’s identity verification process and has received formal Platform approval to organize events, subject to ongoing compliance monitoring.

3.2 Acceptable Identification: A valid, unexpired, government-issued identification document bearing the full legal name, date of birth, and clear photograph of the bearer. Acceptable forms include national identity cards, biometric passports, and government-issued driver’s licenses.

3.3 Kids Event: Any event organized through the Platform where the intended or foreseeable primary participants are individuals under the age of 13. Such events shall be subject to heightened compliance obligations under COPPA, GDPR Article 8, and equivalent statutes.

3.4 18+ Event: Any event classified as suitable only for adults 18 years of age or older, including events containing mature content, requiring age verification, or subject to legal age restrictions in the host jurisdiction.

3.5 Parental Account Holder: A registered user who affirms under penalty of perjury that they are the legal parent or guardian of a minor, and who assumes legal responsibility for organizing, managing, and supervising participation in a Kids Event.

ARTICLE IV — ORGANIZER IDENTITY VERIFICATION REQUIREMENTS

4.1 No individual or entity shall be permitted to publish, promote, or manage any Event on the Wimbo™ Platform unless and until they have been approved as a Verified Organizer pursuant to the procedural requirements of this Article.

4.2 Verification shall comprise the following mandatory components:
(a) Submission of a legible, Acceptable Identification document;
(b) Completion of a real-time facial recognition scan or biometric liveness verification procedure;
(c) Confirmation of a unique and valid mobile phone number and email address;
(d) Successful clearance through Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) compliance protocols, especially for users in high-risk jurisdictions or politically exposed persons (PEPs).

4.3 All verification activities shall be conducted either by Wimbo directly or through a licensed, GDPR-compliant data processor who satisfies ISO/IEC 27001 certification and adheres to GDPR Article 28 regarding processor obligations.

4.4 Wimbo reserves the right to conduct periodic re-verification, spot audits, or risk-based escalation of Organizer accounts as deemed necessary to preserve the integrity of the Platform.

ARTICLE V — SPECIAL COMPLIANCE FOR 18+ EVENTS

5.1 Organizers seeking to list or host 18+ Events must:
(a) Incorporate robust age verification protocols, including mandatory ID checks at entry (physical or digital);
(b) Display conspicuous Platform-issued age-restriction disclaimers at the point of RSVP, registration, or ticket purchase;
(c) Employ technical safeguards to ensure that tickets, passes, or entry codes are non-transferrable to unauthorized or underage individuals.

5.2 Failure to comply with the foregoing obligations shall constitute a material breach of this Policy and may, at Wimbo’s sole discretion, result in:
(a) Immediate deactivation of the Event listing;
(b) Temporary suspension or permanent ban of the Organizer account;
(c) Referral to competent authorities, including but not limited to data protection regulators, consumer rights commissions, or local law enforcement agencies.

ARTICLE VI — LEGAL SAFEGUARDS FOR KIDS EVENTS

6.1 Only duly registered Parental Account Holders may create or supervise Kids Events. Any misrepresentation of parental status shall be grounds for immediate suspension and legal liability.

6.2 Organizers of Kids Events must implement the following safeguards:
(a) Provide for continuous adult supervision by a verified parent or guardian throughout the duration of the Event;
(b) Obtain documented written consent from the parents or legal guardians of all minor participants, which shall be retained for audit and enforcement purposes;
(c) Prohibit the public visibility or map-based discovery of such Events, thereby ensuring—Privacy and safety of minor participants;
(d) Demonstrate ongoing compliance with COPPA, GDPR Article 8, and all analogous data protection regimes concerning children’s rights and consent.

ARTICLE VII — DATA PROTECTION, STORAGE, AND AUDITABILITY

7.1 All personal and biometric data collected under this Policy shall be subject to the following legally binding obligations:
(a) Processed exclusively for specified, lawful purposes and in accordance with the principle of purpose limitation (GDPR Art. 5(1)(b));
(b) Encrypted in transit and at rest using end-to-end cryptographic standards consistent with GDPR Article 32 and ISO/IEC 27018;
(c) Accessed only by authorized personnel, subject to role-based access controls and periodic access audits;
(d) Retained only for the minimum period necessary to fulfill the purposes of verification or to comply with applicable statutory or regulatory retention periods (GDPR Art. 5(1)(e)).

7.2 Wimbo shall maintain a record of processing activities (RoPA) and ensure compliance with data subject rights under applicable data protection laws, including rights to access, rectification, erasure, restriction, and objection.

ARTICLE VIII — ENFORCEMENT MECHANISMS AND LEGAL RECOURSE

8.1 Violation of any provision of this Policy may result in administrative, contractual, or legal sanctions, including but not limited to:
(a) Immediate removal or de-listing of the Event in question;
(b) Suspension or termination of the Organizer account, with or without prior notice depending on the severity of the infraction;
(c) Legal action for breach of contract, misrepresentation, negligence, or statutory violations.

8.2 In the event of egregious violations—such as those involving child endangerment, identity fraud, or regulatory evasion—Wimbo reserves the right to:
(a) Refer the matter to the relevant supervisory authorities under GDPR, CCPA/CPRA, COPPA, or equivalent national laws;
(b) Notify law enforcement agencies for potential criminal investigation;
(c) Initiate civil proceedings for injunctive relief, damages, or other equitable remedies.

8.3 Wimbo’s rights and remedies under this Policy are cumulative and non-exclusive, and shall not preclude the exercise of any other rights or remedies available under law, contract, or equity.

ARTICLE IX — USER RIGHTS, RECOURSE, AND ADMINISTRATIVE REMEDIES

9.1 In accordance with applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR), all Verified Organizers shall retain the following enforceable rights in respect of their personal data processed during the identity verification lifecycle:
(a) The right of access, including the right to obtain confirmation of whether personal data concerning them is being processed and, where applicable, to receive a copy of such data, pursuant to GDPR Article 15;
(b) The right to rectification of inaccurate or incomplete personal data, without undue delay, under GDPR Article 16;
(c) The right to erasure ("right to be forgotten"), where the continued processing of such data is no longer necessary or lawful, as provided by GDPR Article 17, subject to statutory exceptions;
(d) The right to restriction of processing, particularly in cases of data inaccuracy, unlawful processing, or pending objection assessment, as enshrined in GDPR Articles 18–21;
(e) The right to object, on grounds relating to their particular situation, to processing carried out on the basis of Wimbo’s legitimate interests or public interest grounds, and the right not to be subject to automated decision-making without meaningful human review, in accordance with GDPR Article 22.

9.2 Organizers who wish to assert any of the aforementioned rights or challenge any aspect of data handling or account suspension may submit a formal request or appeal to legal@wimbo.au. Appeals shall be handled by Wimbo’s Legal Compliance Division in accordance with internal dispute resolution protocols, and decisions will be communicated within a reasonable timeframe not exceeding thirty (30) calendar days.

ARTICLE X — LIMITATION OF LIABILITY AND LEGAL DISCLAIMERS

10.1 Nothing in this Policy shall be construed as creating any form of agency, employment, partnership, fiduciary duty, or guarantee of Organizer eligibility or approval. The Organizer bears sole responsibility for the accuracy, lawfulness, and integrity of the information submitted and the Events hosted on the Platform.

10.2 To the fullest extent permissible under applicable law, Wimbo shall not be held liable for:
(a) Misrepresentations, omissions, or fraudulent declarations made by third-party Organizers during the verification or Event hosting process;
(b) Erroneous or falsified documentation submitted in support of Organizer verification, unless Wimbo was grossly negligent in its review;
(c) Unlawful, tortious, or criminal acts committed by Organizers or Event participants during, in connection with, or arising from any Event hosted through the Platform.

10.3 Wimbo’s liability, if any, shall be strictly limited to the extent required by mandatory consumer protection laws and shall not extend to consequential, indirect, or exemplary damages unless explicitly provided by applicable statute.

ARTICLE XI — THIRD-PARTY VERIFICATION SERVICE PROVIDERS

11.1 Wimbo reserves the right to contract with qualified third-party service providers for the performance of identity verification, screening, biometric testing, or document authentication. Any such provider shall be subject to the following obligations:
(a) Execution of a Data Processing Agreement in accordance with GDPR Article 28, detailing the nature, scope, purpose, and limitations of data processing activities;
(b) Submission to periodic security and compliance audits, whether internal or externally mandated, to assess adherence to contractual and legal obligations;
(c) Maintenance of technical and organizational measures aligned with industry-leading standards (e.g., ISO/IEC 27001, NIST SP 800-53, or equivalent), ensuring data integrity, confidentiality, and availability.

11.2 Wimbo shall remain the Data Controller with respect to Organizer data and shall exercise supervisory authority over the conduct and practices of all contracted data processors.

ARTICLE XII — CROSS-BORDER DATA TRANSFER FRAMEWORK

12.1 Organizer verification data may be transferred to, stored in, or accessed from jurisdictions outside the Organizer’s country of residence, including countries that may not offer the same level of data protection. Such transfers shall occur only under one or more of the following legally recognized safeguards:
(a) A determination of adequacy by the European Commission or another competent supervisory authority, in accordance with GDPR Article 45;
(b) Implementation of Standard Contractual Clauses (SCCs) or International Data Transfer Agreements (IDTAs), consistent with GDPR Article 46 and applicable national frameworks;
(c) Adoption of supplementary measures, including encryption, pseudonymization, and access controls, in accordance with the European Data Protection Board (EDPB) Recommendations on international transfers.

12.2 Wimbo shall provide prior notice to affected Organizers regarding such transfers, and, upon written request, shall disclose the destination jurisdiction, legal basis for transfer, and the categories of safeguards implemented to ensure the protection of transferred data.

ARTICLE XIII — POLICY MODIFICATIONS AND LEGAL NOTIFICATION

13.1 This Policy shall be reviewed and updated periodically to reflect:
(a) Amendments to applicable legal frameworks, including but not limited to GDPR, CCPA/CPRA, COPPA, and other regional or sectoral regulations;
(b) Material technological developments in identity verification, biometric recognition, and data protection;
(c) Operational enhancements or changes in the scope of Wimbo's platform offerings or business model.

13.2 In the event of any material modification to the terms of this Policy, Wimbo shall provide advance notice to all affected users through one or more of the following methods:

• Direct email notification to the Organizer’s registered email address;

• Prominent in-app banners or pop-up alerts;

• An updated version of the Policy posted on Wimbo’s official Legal Portal.

13.3 Such notifications shall be issued not fewer than seven (7) calendar days prior to the effective date of any changes, except in cases where immediate changes are mandated by law, regulation, or governmental directive.

ARTICLE XIV — INTERPRETATION, SEVERABILITY, AND GOVERNING AUTHORITY

14.1 If any provision or sub-clause of this Policy is determined to be invalid, illegal, or unenforceable by a court of competent jurisdiction, such provision shall be severed from the remainder of the Policy, and the remaining provisions shall continue in full legal force and effect.

14.2 The headings and titles used in this Policy are provided for convenience only and shall not affect the interpretation or construction of the substantive provisions herein.

14.3 This Policy shall be interpreted and enforced in accordance with the laws applicable to Wimbo’s principal place of business, the State of Victoria, Australia, without prejudice to the mandatory consumer protection rights of users in their home jurisdictions.

14.4 The Wimbo Legal Department shall retain exclusive interpretive authority over the meaning, scope, and application of this Policy. In the event of disputes or ambiguities, the determinations issued by the Legal Department shall be final and binding, subject to appeal only where required by law.

Last Updated: May 25, 2025
Effective Date: May 25, 2025
Contact: legal@wimbo.au