top of page

PRIVACY POLICY

Last updated: [18 March 2026]

At Judy’s respects your privacy and handles personal information with care. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you visit our website, join our waitlist, register for an event, contact us, or otherwise interact with us.

This Policy is intended to provide the key privacy information people are entitled to receive under major privacy frameworks, including information about who is collecting the data, what is collected, why it is collected, how long it is kept, who it is shared with, and what rights may be available to you depending on where you are located.

​

1. Who we are

At Judy’s is a supper club and event-hosting brand based in Hyderabad, India.

Controller / Business Owner: Judith/At Judy's
Email: hello@atjudys.com
Contact for privacy questions: hello@atjudys.com

If you have questions about this Privacy Policy or about how your personal information is used, you can contact us using the details above.

​

2. The information we collect

We may collect the following categories of personal information, depending on how you interact with us:

  • your name

  • email address

  • phone number

  • billing or payment-related information

  • event registration details

  • dietary preferences, allergies, or accessibility information you choose to share

  • messages, enquiries, or feedback you send us

  • technical and usage information such as IP address, browser type, device information, pages visited, and referral data

  • cookie or similar tracking information, where used

If you register for an event on behalf of someone else, you should only provide their information where you have permission to do so.

 

3. How we collect information

We may collect information:

  • directly from you when you fill out a form, join the waitlist, register for an event, make a purchase, or contact us

  • automatically when you use our website, through cookies, logs, pixels, or similar technologies

  • from service providers that help us run the website, event registrations, communications, and payments

  • from social platforms or linked services where you interact with us there

 

4. Why we use your information

We may use your personal information to:

  • provide and manage event bookings, registrations, confirmations, and guest communications

  • process payments and maintain booking records

  • communicate with you about events, updates, changes, reminders, or customer support matters

  • understand dietary, allergy, accessibility, or hosting needs you choose to share with us

  • operate, maintain, secure, and improve our website and services

  • send marketing or waitlist updates where permitted by law or where you have asked to receive them

  • detect fraud, misuse, or technical issues

  • comply with legal obligations, resolve disputes, and enforce our terms

Under laws such as the GDPR and UK GDPR, organisations are expected to identify the purposes of processing and, where relevant, the legal basis for doing so.

 

5. Legal bases for processing

Where applicable under local law, we process personal information on one or more of the following grounds:

  • to perform a contract or take steps at your request before entering into one, such as processing a booking or event registration

  • with your consent, for example where you opt in to marketing communications or voluntarily provide certain details

  • for our legitimate interests, such as running and improving our events, website, communications, and guest experience, where those interests are not overridden by your rights

  • to comply with legal obligations

Where consent is required by law, you may withdraw it at any time, although this will not affect processing already carried out lawfully before withdrawal. India’s DPDP Act is also built around lawful processing and consent-based use of digital personal data, subject to statutory exceptions.

 

6. Sensitive information

We ask that you only share health-related or dietary information that is necessary for us to host you appropriately and safely. For example, you may choose to tell us about allergies, dietary restrictions, or accessibility needs.

Where required by law, we will handle this information on the basis of your consent or another valid legal basis. We do not ask for more sensitive information than we need for legitimate event-related purposes.

 

7. Cookies and similar technologies

Our website may use cookies and similar technologies to keep the site functioning, understand usage, measure performance, and improve the visitor experience.

Depending on the tools we use and where you are located, you may be able to manage cookie preferences through your browser settings, a consent banner, or both.

If you use technologies that involve advertising, cross-site tracking, or “sale” / “sharing” concepts under California law, your cookie setup and notice should reflect that accurately. California authorities also recognise Global Privacy Control as one valid signal for opting out of sale or sharing where the law applies.

 

8. Marketing communications

If you join our waitlist or choose to receive updates, we may send you information about upcoming dinners, events, or related announcements.

You can opt out of marketing emails at any time by using the unsubscribe link, where available, or by contacting us directly. We may still send non-marketing communications that are necessary for bookings, transactions, service updates, or legal purposes.

 

9. How long we keep information

We keep personal information only for as long as reasonably necessary for the purposes described in this Policy, including to manage bookings, communicate with guests, comply with legal, tax, accounting, or record-keeping obligations, resolve disputes, and protect our business.

Retention periods may vary depending on the type of data and why it was collected. Privacy laws such as the GDPR and UK GDPR expect organisations to explain either how long data is kept or the criteria used to determine that period.

Example retention approach

  • event booking and transaction records: 5 years

  • guest enquiries: 12 months 

  • waitlist and marketing data: until you unsubscribe or after 1 month of inactivity

  • technical logs and analytics: 12 months

​

10. Who we share information with

We may share personal information with trusted third parties where necessary to run At Judy’s and provide our services, such as:

  • website hosting providers

  • event registration and ticketing platforms

  • payment processors

  • email and communication tools

  • analytics providers

  • professional advisers such as accountants, lawyers, insurers, or auditors

  • authorities or regulators where required by law or to protect rights, safety, or property

For transparency, you should list or clearly describe your key processors and service providers where practical. If you use Wix, Wix Events, payment processors, email tools, or analytics tools, name them here once you confirm the exact stack.

We do not sell personal information for money. We do not knowingly use personal information for unrelated third-party purposes.

 

11. International data transfers

Because digital services may be hosted or supported in different countries, your personal information may be processed outside the country where you live. Where required by law, we take steps intended to provide an appropriate level of protection for cross-border transfers.

Major privacy regimes such as the GDPR require organisations to explain when data may be transferred internationally and the safeguards relied on where applicable.

 

12. Your privacy rights

Depending on where you are located, you may have rights that include the right to:

  • know what personal information we collect and how we use it

  • access or request a copy of your personal information

  • correct inaccurate personal information

  • request deletion of personal information

  • object to or restrict certain processing

  • withdraw consent where processing is based on consent

  • opt out of certain marketing communications

  • request portability of certain data, where applicable

  • complain to a regulator or supervisory authority, where applicable

The exact scope of these rights depends on the laws that apply to you and to us. GDPR and UK GDPR provide access, correction, deletion, objection, restriction, portability, and related transparency rights; California law also provides rights to know, delete, correct, and opt out in certain circumstances.

To make a privacy request, contact us at: [privacy@yourdomain.com]

We may need to verify your identity before completing certain requests.

 

13. California-specific disclosures

If California law applies to our processing, California residents may have additional rights regarding access, deletion, correction, and certain opt-out choices, subject to exceptions. California law also requires certain disclosures around categories of personal information collected, purposes of use, categories of recipients, and retention principles.

If we ever engage in “sale” or “sharing” of personal information as those terms are defined under California law, we will provide the required notice and opt-out mechanism. At present, [state whether you do or do not].

 

14. Children’s privacy

Our events and website are not intended for children unless specifically stated otherwise. We do not knowingly collect personal information directly from children where doing so is prohibited by law.

If you believe a child has provided personal information to us inappropriately, please contact us and we will review the matter and, where appropriate, delete the information.

 

15. Security

We use reasonable technical and organisational measures intended to protect personal information against unauthorised access, loss, misuse, alteration, or disclosure. However, no website, platform, or transmission method can be guaranteed to be completely secure.

India’s DPDP framework and other major privacy laws expect reasonable security safeguards in relation to personal data processing.

 

16. Third-party links and services

Our website or emails may contain links to third-party websites, social platforms, or booking tools. Their privacy practices are governed by their own policies, and we are not responsible for the content, security, or privacy practices of those third parties.

 

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or services. When we do, we will update the “Last updated” date at the top of this page.

If the changes are material, we may provide additional notice where appropriate.

 

18. Contact us

If you have questions, concerns, or requests relating to privacy or personal information, please contact:

At Judy’s
hello@atjudys.com

7416297063

bottom of page