Privacy Policy & Cookie Policy

1. Introduction

Welcome to Ticketebook ("we," "us," or "our"). We are committed to protecting your privacy and personal data in accordance with UK data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our event ticketing and booking platform. It also explains your rights regarding your personal data and how you can exercise them.

By using Ticketebook's services, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller Information

3. What Data We Collect

3.1 Event Organiser Data

When you create an account as an event organiser, we collect:

• Personal Identification: Name, email address, phone number
• Organisation Details: Company/organisation name, business address
• Account Credentials: Username, password (encrypted)
• Financial Information: Bank account details for payouts, billing information
• Event Data: Event descriptions, locations, dates, pricing, capacity
• Communication Records: Support tickets, emails, chat history

3.2 Ticket Buyer/Attendee Data

When purchasing tickets, we collect:

• Personal Information: Name, email address, phone number (optional)
• Payment Information: Payment card details (processed via secure payment gateway)
• Booking Details: Ticket type, quantity, seat selection, special requirements
• Delivery Information: Address for postal ticket delivery (if applicable)
• Event Attendance: QR code scans, check-in data

3.3 Technical Data

We automatically collect:

• Device Information: IP address, browser type and version, device type
• Usage Data: Pages visited, time spent, click patterns, referral sources
• Location Data: Approximate location based on IP address
• Cookie Data: Cookie identifiers and preferences (see Cookie Policy below)

4. How We Collect Data

• Directly from you: When you register, purchase tickets, contact support, or complete forms
• Automatically: Through cookies, server logs, and analytics tools as you use our platform
• From third parties: Payment processors, event organisers, authentication services
• From public sources: Business information for fraud prevention and verification

5. Why We Collect Data (Legal Basis)

We process your personal data on the following legal bases under UK GDPR:

5.1 Contract Performance

To provide our ticketing services, process bookings, and fulfil contractual obligations between you and event organisers.

5.2 Consent

For marketing communications, optional services, and non-essential cookies (where we obtain your explicit consent).

5.3 Legitimate Interests

To improve our services, prevent fraud, ensure platform security, and conduct business operations.

5.4 Legal Obligation

To comply with UK laws, including tax obligations, anti-money laundering regulations, and legal proceedings.

6. How We Use Your Data

We use your personal data for the following purposes:

6.1 Service Delivery

• Process ticket bookings and payments
• Issue tickets and booking confirmations
• Facilitate event check-in and attendance tracking
• Process refunds and cancellations
• Communicate booking details and event updates

6.2 Platform Management

• Create and manage user accounts
• Provide customer support
• Process payments to event organisers
• Generate reports and analytics for organisers

6.3 Improvement and Development

• Analyse platform usage to improve features
• Conduct research and development
• Test new features and functionality

6.4 Security and Fraud Prevention

• Detect and prevent fraudulent transactions
• Protect against security threats
• Ensure platform integrity
• Comply with legal and regulatory requirements

6.5 Marketing (With Consent)

• Send promotional emails about relevant events
• Share platform updates and new features
• Conduct surveys and market research

You can unsubscribe from marketing communications at any time using the link in our emails or by contacting us.

7. Data Sharing and Third Parties

We may share your data with the following categories of recipients:

7.1 Event Organisers

We share ticket buyer information with event organisers to enable event management, check-in, and attendee communication.

7.2 Payment Processors

We use secure third-party payment processors (including Etellect ePayment Services, Stripe, and others) to handle payment transactions. Payment card details are processed directly by PCI-DSS compliant payment gateways.

7.3 Service Providers

We work with trusted service providers who help us operate our platform:

• Cloud hosting and infrastructure providers
• Email delivery services
• SMS notification services (if applicable)
• Analytics and monitoring tools
• Customer support platforms

7.4 Legal and Regulatory Authorities

We may disclose data when required by law, court order, or regulatory authority, or to protect our legal rights.

7.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new entity, subject to the same privacy protections.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy:

8.1 Account and Booking Data

• Active Accounts: Retained while your account is active
• Booking Records: 6-7 years from booking date (UK financial record-keeping requirements)
• Closed Accounts: 30 days after account closure (unless legal retention applies)

8.2 Financial Records

• Transaction Records: 7 years (UK tax law requirements)
• Payment Information: Minimum time necessary (typically tokenised immediately)

8.3 Marketing Data

• Marketing Consent: Until you withdraw consent or 2 years of inactivity
• Unsubscribed Users: Retained on suppression list to honour your preference

8.4 Technical and Log Data

• Server Logs: 90 days
• Analytics Data: 26 months (aggregated and anonymised)

9. Data Security

We implement robust security measures to protect your personal data:

9.1 Technical Measures

• Encryption: TLS 1.2+ for data in transit, AES-256 for data at rest
• Access Controls: Role-based access, multi-factor authentication
• Network Security: Firewalls, intrusion detection systems
• Secure Infrastructure: ISO 27001 certified data centres

9.2 Organisational Measures

• Regular security audits and penetration testing
• Staff training on data protection
• Data breach response procedures
• Privacy by design principles in development

9.3 Built on eAutomate Framework

Ticketebook is built on Etellect's proven eAutomate framework with:

• Years of production use without security breaches
• Enterprise-grade security architecture
• Regular security updates and patches
• Compliance with industry security standards

10. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

10.1 Right of Access

You can request a copy of the personal data we hold about you.

10.2 Right to Rectification

You can request that we correct inaccurate or incomplete data.

10.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data, subject to legal retention requirements.

10.4 Right to Restrict Processing

You can request that we limit how we use your data in certain circumstances.

10.5 Right to Data Portability

You can request your data in a structured, machine-readable format.

10.6 Right to Object

You can object to processing based on legitimate interests or for marketing purposes.

10.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

10.8 Right to Lodge a Complaint

You can file a complaint with the Information Commissioner's Office (ICO):

• Website: https://ico.org.uk
• Helpline: 0303 123 1113

11. Cookie Policy

We use cookies and similar technologies to enhance your experience on our platform.

11.1 What Are Cookies?

Cookies are small text files stored on your device that help us recognise you and remember your preferences.

11.2 Types of Cookies We Use

Essential Cookies (Required)

These cookies are necessary for the platform to function:

• Session management
• Security and authentication
• Shopping basket functionality
• Load balancing
• Retention: Session or up to 12 months

Analytics Cookies (Optional)

Help us understand how visitors use our platform:

• Google Analytics (anonymised)
• Page view tracking
• User behaviour analysis
• Retention: Up to 26 months

Marketing Cookies (Optional)

Used to deliver relevant advertisements:

• Google Ads
• Facebook Pixel
• Retargeting campaigns
• Retention: Up to 12 months

11.3 Managing Cookies

You can control cookies through:

• Our cookie consent banner (appearing on first visit)
• Your browser settings
• Third-party opt-out tools (e.g., Google Analytics opt-out)

Note: Disabling essential cookies may affect platform functionality.

12. International Transfers

Your data is primarily stored and processed within the United Kingdom. If we transfer data outside the UK, we ensure:

• Adequate safeguards are in place (e.g., Standard Contractual Clauses)
• The recipient country has adequate data protection laws
• Appropriate security measures are implemented

13. Children's Privacy

Our services are not directed at children under 13 years old. We do not knowingly collect personal information from children under 13. Ticket purchases for children should be made by a parent or guardian.

For events specifically for children, parental consent is required and must be provided by the event organiser.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will:

• Post the updated policy on this page
• Update the "Last Updated" date
• Notify you of significant changes via email (if you have an account)
• Obtain new consent where required by law

We encourage you to review this policy periodically.

15. Contact Us