Customer: an individual or individuals who purchase tickets for an Event via the Platform.
Data Protection Law(s): all applicable laws relating to the processing of personal data, data privacy, electronic communications, marketing and/or data security including the GDPR, UK GDPR, the Data Protection Act 2018, The Privacy and Electronic Communications (EC Directive) Regulations 2003 in each case as from time to time in force and as from time to time amended, extended, consolidated, re-enacted, replaced, superseded or otherwise converted, succeeded, modified or incorporated into law.
Event: an individual Event or Events listed on our Platform as operated by Event Organisers.
Event Organiser(s): a third-party supplier or suppliers of Events (which will typically include the sale of tickets for Events) which may include a venue, performer, promoter, university society or organisation, or general event organiser.
GDPR: EU Regulation (EU) 2016/679 more commonly known as the General Data Protection Regulation.
Platform: our website; mobile applications; Entry Manager application; and Content Management System used by Event Organisers (including features contained within this which can be used by Event Organisers for their Events, including but not limited to, ticket widgets and "ticket shop" functionality).
UK GDPR: the GDPR as it forms part of domestic law in the United Kingdom by virtue of section 3 of the European Union (Withdrawal) Act 2018 (including as further amended or modified by the any existing or subsequent legislation of England and Wales from time to time).
The terms controller, processor, personal data and processing shall have the meaning given in the Data Protection Laws.
1. Important information
2. Personal data we collect from you
3. Purposes for which we collect and process personal data
4. Lawful bases of processing
5. Notifications and marketing to you
6. Personal data we provide to event organisers and their marketing to you
7. Personal data we share with third parties
8. International transfer of personal data
9. Public forums, external websites and social networking features
10. How we protect your personal data
11. Retention of personal data
12. Your rights
We are VIPR Digital Limited (Company Number 08184813) located at 4th Floor, Cameo House, 11 Bear Street, London WC2H 7AS trading as FIXR and hereinafter referred to as FIXR, our or we.
Please note that the Platform is not intended for anyone under the age of 16.
PERSONAL DATA WE COLLECT FROM YOU
Personal data includes any information relating to a person from which that person can be identified either directly or indirectly.
Personal data that we collect and process may include the following:
Identity Data: first name, surname, date of birth, gender, location or similar identifier; photographs/video footage of you in attendance at an Event; evidence (including a student ID) you may provide to prove your eligibility for a purchase, promotional offer, exchange, refund, competition, prize draws or similar.
Contact Data: billing address, delivery address, home address, postcode, email address and telephone numbers.
Financial Data: bank details and payment card information.
Profile Data: your account login details, username and password for use within our Platform; purchases made by you and your preferences; your social media handle, posts, public profile, follows and likes from a social media network where you interact with us on social media.
Usage Data: information about the pages or sections you have visited on the Platform including the pages or sections you visited.
Marketing and Communications Data: your preferences in receiving marketing data from us (and, where applicable, Event Organisers) and your communications preferences; information you provide to us with when you contact us by phone, email, post, or when you communicate with us online or via social media (e.g., with a query, complaint or refund request); information about electronic communications you receive from us (including whether that communication has been opened and if you have clicked on any links within that communication); and answers you provide when you respond to competitions, votes and surveys (where applicable).
Geo-demographic Data: such as age range, gender, location or information about Events you like or attend.
Miscellaneous: other personal data which you may disclose to us when you use the Platform.
We do not collect any special category data or details about your race, ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, genetic or bio-metric data, health data or data relating to criminal convictions.
We collect and process your personal data in the following ways:
- When you register, create or login to an account with us using the Platform (or via associated features or tools such as our ticket widgets) or when you enter your details when logged into your account (including when you enter your information under the “Settings” section of the Platform and any information you upload to the Platform).
- When you contact us (for example with a query, complaint or refund request).
- When you sign-up or agree to receive to receive communications and notifications from us (including for marketing purposes).
- When you enter competitions, prize draws or promotional offers.
- When you make a purchase or other transaction using the Platform.
- When you use a social networking or social media sites or applications to log-in to your account, make use of the Platform’s social networking features or interact with us.
- When you choose to make use of any ratings service provided by the Platform.
- When you provide your preferences or apply personal settings.
- When you respond to surveys or questionnaires we may send you.
- When you visit the Platform (including Event information and resources you choose to access and any data you choose to download).
- When an Event Organiser raises a complaint about you.
- When you answer questions created by an Event Organiser in relation to an Event. For example, if attending a dinner, you may be asked to select a menu choice. Such questions may be wide-ranging and cover a range of topics. Event Organisers can ask to collect any information (excluding special category data) from Customers when Customers register for an Event listed on the Platform. In this instance, we are the processor and the Event Organiser is the controller of such personal data.
- When we validate your Event tickets using our Entry Manager software (including where you purchased your ticket outside of the Platform and the Event Organiser uses the Event Manager software to validate those tickets) including time and date of validation and number of tickets admitted or rejected. This information may also be used to determine the validity of refund requests made by you.
- Other information that you may consent to give us from time to time.
- When you register with the Platform, create an account or log-in to your account.
- When we make payments to or receive payments from you.
- When you contact us (for example with a query or complaint).
- When you use a social networking or social media site or application to log-in to your account, make use of the Platform’s social networking features or interact with us.
- When a Customer provides ratings information or feedback relating to you or completes a survey or questionnaire relating to you.
- When you provide your preferences or apply personal settings.
- When you respond to surveys or questionnaires we may send you.
- When you visit the Platform (including the resources you choose to access and any data you choose to download and including when you use the Event Manager application).
- When a Customer communicates with us relating to you (including queries, complaints and requests for a refund or exchange).
- Other information that you may consent to give us from time to time.
- Any other data or information you choose to provide to us.
You are under no obligation to provide any personal information. However, if you choose to withhold requested information, we may not be able to provide you with certain services.
PURPOSES FOR WHICH WE COLLECT AND PROCESS PERSONAL DATA
We will only process your personal data, in accordance with Data Protection Laws, for the following purposes:
- To provide the Platform services or other services to you, including allowing purchase of tickets and processing any purchases.
- To manage your entry to an Event when the Event Organiser uses our Event Manager application (including where an Event Organiser imports your personal data into the Platform for this purpose).
- To respond to communications sent by you including emails, online support enquiries and phone calls.
- To contact you by post, instant messages, phone, email, sms, in-app message, in-app notification, push notification or other notification when necessary to discuss the transactions entered into by you on the Platform and for marketing purposes (see “Notifications and Marketing to You” below), including where an Event Organiser imports your personal data into the Platform for the purpose of contacting you using the Platform.
- To help us build a profile for you so that we may offer you Event information, promotions and services based on your preferences. In order to tailor such offers appropriately, we undertake profiling of you on the basis of our legitimate interests.
- To monitor your use of the Platform and investigate any complaints or potential breaches of use of the Platform.
- To notify you of any changes to the Platform, request feedback from you as to your use of the Platform or respond to any communications you send us by using the contact data you have provided.
- To identify users of the Platform.
- To respond to any queries, returns, exchange or refund requests or to investigate any dispute.
- If you are an Event Organiser, to provide you with relevant reports and information concerning use of the Platform.
- For other purposes to which you may consent from time to time.
- To comply with applicable law, or the requirements of governing bodies - for example, in response to a request from the police or other emergency services, or a court or regulatory body, where such request is made in accordance with the law. This includes compliance with governing bodies in overseas jurisdictions.
We will use contact data you provide to us for the purposes of contacting you, or enabling third parties to contact you, with information or offers regarding upcoming Events, products, services or surveys. This shall only be done with your consent and our direct marketing policy as explained below.
LAWFUL BASES OF PROCESSING
We will only collect and process your personal data where we have a lawful basis for doing so. Lawful bases include consent, contract (where processing is necessary for the performance of a contract with you (e.g., to ensure you receive tickets you have purchased), legitimate interests and compliance with legal obligations to which we are subject.
Where we rely on your consent to process your personal data, you have the right to withdraw or decline your consent at any time, and, where we rely on legitimate interests, you have the right to object. For further information, please see the section headed Your Rights below.
NOTIFICATIONS AND MARKETING TO YOU
Notifications. From time-to-time, we may send you notifications (including by way of email, sms, in-app messaging, in-app notifications, instant message and push notifications (provided you have opted-in to receiving such notifications). This includes where you "follow" an Event Organiser and where you have opted-in to receive communications from us about an Event Organiser and their Events. When you purchase a ticket from an Event Organiser, unless you specifically opt-out, you will automatically become a “follower” of that Event Organiser, which means that you may receive notifications from them (see “Event Organiser Marketing to You” below for more information on Event Organiser marketing). We will always give you the option to opt-out of receiving notifications by following the unsubscribe instructions on communications sent to you. You can also opt-out of such notifications under the “Settings” section of your account and you can un-follow an Event Organiser at any time. Notifications may include information about an Event, updates to our service and surveys. We may use surveys (or similar) to gather additional information from you so that we can determine if we should introduce additional services or product lines. Notifications may also include communications distributed on our behalf and/or our commercial partners containing, inter alia, promotions, offers, competitions, career and internship opportunities and advertisements.
Service messages. If necessary, we may send you service emails, for example notifying you of an Event cancellation or important information relating to an Event you are attending, regardless of your preference settings.
Advertisements. From time-to-time we may display banner (or similar) advertisements or promotions for our commercial partners on the Platform (including within an Event listed on FIXR; on ticket receipts and in follow-up communications if you have attended an Event.
Recruitment Information. When registering an account with FIXR, you will be asked if you would like to supply additional information. If you are a student, this will include (but is not limited to): name of university, course length and start year (Recruitment Information). In providing us with Recruitment Information, you will be asked if you are happy for us to use this information to communicate with you about career and internship opportunities. This may include displaying advertisements or promotions relating to careers and internships within specific Events listed on FIXR, on ticket receipts for that Event and in follow-up communications if you have attended an Event. These Events may have been selected based on the following criteria: location; university; event-type; links to academic or certain interests; and the demographic of Customers. If you do not consent to us using Recruitment Information to communicate with you about career and internship opportunities, we will not do so, however, we will retain the information you have provided, and may use this to send you other notifications, where we have the necessary consent to do so.
PERSONAL DATA WE PROVIDE TO EVENT ORGANISERS AND THEIR MARKETING TO YOU
Event Organisers delivering their services
In using the Platform, Event Organisers will have access to your personal data as is necessary to enable them to fulfil their contractual obligations to you to provide the Event for which you have purchased a ticket. Event Organisers may use this data to, amongst other things, inform you of Event changes or cancellations, process tickets on entry, validate your eligibility, or deal with any ticketing disputes.
Event Organiser marketing to you
When booking a ticket to an Event, you will be presented with the opportunity to opt-in to marketing communications from the Event Organiser. If you do not want to receive these communications, you have the choice to opt-out of receiving these when you make your booking. These marketing communications can be sent to you by the Event Organiser using our Platform or outside of our Platform and can be sent to you by us on the Event Organiser’s behalf.
Should you wish to opt-out of such marketing communications from the Event Organiser, you can do so at any time by updating your preferences in your account settings, or by contacting the Event Organiser directly. You can unsubscribe from marketing communications by following the unsubscribe instructions on communications sent to you.
Ticket sales reps
PERSONAL DATA WE SHARE WITH THIRD PARTIES
In some instances, we provide your personal data to third parties. This will only take place in accordance with Data Protection Laws and for the purposes listed above. Some instances include:
- To enable debit or credit card purchases to be transacted, for example through payment providers, banks, credit card companies and ticket merchants.
- To third-party merchants for the purposes of redeeming the tickets you purchase through the Platform.
- To comply with any legal or regulatory obligation or to uphold or enforce our Terms of Service for Customers and Terms of Service for Event Organisers.
- To comply or cooperate with investigations being carried out by the police or other emergency services.
- To exchange information with other companies for the purposes of fraud prevention and detection, including police authorities.
- To share data with social networking sites, if you allow us to do so.
- To check or verify your age or identity.
- Subject to your consent, to third parties for marketing purposes, who may contact you by post, email, telephone, SMS or by other means.
- To third-party service providers and consultants to protect the security or integrity of our business, including our databases and systems, and for business continuity reasons.
- To partners, advertisers and merchants who promote the Platform and our services.
- To providers of analytical tools.
- To service, tool and platform providers.
- To online document storage and cloud processing providers.
- To professional advisors including lawyers, business affairs consultants, bankers, auditors, insurance brokers and insurers who provide consultancy, banking, legal, business affairs, insurance and accounting services.
- To HM Revenue and Customers, regulators and other authorities who require reporting of processing activities in certain circumstances.
- To another legal entity, on a temporary or permanent basis, for the purposes of a joint venture, collaboration, financing, sale, merger, reorganisation, change of legal form, dissolution or similar event. In the case of a merger or sale, your personal data will be permanently transferred to a successor company.
- To any other third-party where you have provided your consent.
INTERNATIONAL TRANSFER OF PERSONAL DATA
We may transfer your personal data to a third-party in countries outside the country in which it was originally collected for further processing in accordance with the purposes set out above. For example, your personal data may be transferred to our outsourced service providers or payment providers located abroad. In these circumstances we will, as required by Data Protection Laws, ensure that your privacy rights are adequately protected by appropriate technical, organisation, contractual or other lawful means.
PUBLIC FORUMS, EXTERNAL WEBSITES AND SOCIAL NETWORKING FEATURES
The Platform may, from time to time, make public forums available to its users. Any information that is disclosed in these areas becomes public information and you should exercise caution when using these and never disclose your personal data.
The Platform may, from time to time, contain links to external websites, or external websites may host our ticketing widget functionality. We are not responsible for the terms and conditions, data protection, privacy, or security (including SSL compliance and data encryption practices) or content of such websites.
Please take care when using the Platform’s social networking features since the information you choose to make available may be seen by other users of the social network. We do not monitor the use of such features in the normal course of business although we reserve the right to do so at our discretion.
HOW WE PROTECT YOUR PERSONAL DATA
We treat the security of personal data provided by you very seriously. All information that you provide to us is stored by us or on our behalf on secure servers based in the UK or other European Economic Area (“EEA”) Countries.
We do not store credit or debit card information on our servers. We use Stripe, a leading PCI compliant service payment provider, to store your debit and credit card information. Stripe has been audited by an independent PCI Qualified Security Assessor (QSA) and holds the highest level of certification given by card issuers (PCI-DSS Level 1),
When transferring your personal data we protect it with multiple layers of security, including leading encryption technology like HTTPS and Transport Layer Security.
Any transactions completed using our ticketing widget functionality are secured by SSL technology, and any payment information entered is encrypted by our payment provider Stripe in the same way as a direct transaction through the Platform.
Your data is backed up to servers in different geographical locations within the EEA in order to provide resilience against fire or other disasters.
We monitor our services and underlying infrastructure to protect them from threats, including spam, malware, viruses and other forms of malicious code.
RETENTION OF PERSONAL DATA
We retain your personal data only for as long as we think is necessary. Personal data that we collect will be retained for as long as needed to fulfil the purposes outlined under the Purposes for which we process personal data section above, in line with our legitimate and lawful interest or for a period specifically required by applicable regulations or laws, such as retaining the information for regulatory reporting purposes.
When determining the relevant retention periods, we will take into account factors including: our contractual obligations and rights in relation to the personal data concerned; legal obligation(s) under applicable law to retain data for a certain period of time; statute of limitations under applicable law(s); our legitimate interests where we have carried out balancing tests; (potential) disputes; and guidelines issued by relevant data protection authorities.
Otherwise, we securely erase your personal data where we no longer require your information for the purposes collected.
We may keep an anonymised form of your personal data, which will no longer be able to identify you, for statistical purposes without time limits, to the extent that we have a legitimate and lawful interest in doing so.
Data Protection Law provides you with numerous rights, including the right to: access, rectify, erase, restrict, transport, and object to the processing of, your personal data. You also have the right to lodge a complaint with the relevant data protection authority if they believe that your personal data is not being processed in accordance with Data Protection Laws.
You have the following rights:
Right to make subject access request (SAR)
You may, where permitted by applicable law, request copies of your personal data. If you would like to make a SAR, (i.e., a request for copies of the personal data we hold about you), please contact us using the contact information provided above and below. You may be required to submit a proof of your identity.
Right to rectification
You may request that we rectify any inaccurate and/or complete any incomplete personal data. You can also access your own account details and amend them yourself at any time by going to the “Settings” page within your account.
Right to withdraw consent
You may withdraw your consent to the processing of your personal data at any time. Such withdrawal will not affect the lawfulness of processing based on your previous consent. Please note that if you withdraw your consent, you may not be able to access the entire Platform or benefit from certain service features for which the processing of your personal data is essential.
Right to object to processing, including automated processing and profiling
You may request that we stop processing your personal data. In relation to automated processing and profiling, you may object to the processing.
Right to erasure
You may request that we erase your personal data and, unless there is a lawful reason for not doing so, we will comply with your request. For example, there may be an overriding legitimate ground for keeping your personal data, such as, a legal obligation.
Right to data portability
In certain circumstances, you may request that we provide your personal data to you in a structured, commonly used and machine-readable format and have it transferred to another provider of the same or similar services. We will comply with such transfer obligations as far as it is technically feasible. Please note that a transfer to another provider does not imply erasure of your personal data which may still be required for legitimate and lawful purposes.
Your right to lodge a complaint with the supervisory authority
We suggest that you contact us about any questions or if you have a complaint in relation to how we process your personal data. However, you do have the right to contact the relevant supervisory authority directly. To contact the Information Commissioner’s Office in the United Kingdom, please visit the ICO website for instructions.
If you wish to exercise any of the above rights, please contact us at [email protected] or by using the chat service on our website (www.fixr.co). You can also write to us at the address above.