Privacy Policy

This privacy policy (the “Policy”) sets out how VIPR Digital Limited (Company Number 08184813) located at 4th Floor, Cameo House, 11 Bear Street, London WC2H 7AS (“FIXR”, “our” or “we”) process information about you which is personally identifiable when you use the Platform, whether you are a Customer, Event Organiser, or visitor.

VIPR Digital Limited is the data controller for the purposes of the Data Protection Legislation. By separate agreement with Event Organisers, Event Organisers might also act as the data controller for the purposes of the Data Protection Legislation.

If you have any questions about this Policy, please contact us at [email protected] For the purposes of this Policy, the following definitions shall apply:

Customer” means an individual or individuals who purchase tickets for an Event via the Platform.

"Data Protection Legislation" means (i) the General Data Protection Regulation (GDPR) as revised and superseded from time to time; (ii) the UK Data Protection Act 2018; (iii) Directive 2002/58/EC as updated by Directive 2009/136/EC; and (iv) any other laws and regulations relating to the processing of personal data and privacy which apply to a party and, if applicable, the guidance and codes of practice issued by the relevant data protection or supervisory authority.

Event” means an individual Event or Events listed on our Platform.

Event Organiser(s)” means a third party supplier or suppliers of Events (which will typically include the sale of tickets for Events) which may include a venue, performer, promoter, university society or organisation, or general event organiser.

"Platform" means our website, Customer mobile applications and Entry Manager applications. It also means the FIXR Content Management System (Organiser) and features contained within this which can be used by Event Organisers for their Events, including but not limited to, ticket widgets and "ticket shop" functionality.

PERSONALLY IDENTIFIABLE INFORMATION (PII) / PERSONAL DATA

Personal data or PII means any information relating to a person who can be identified either directly or indirectly; it may include name, address, email address, phone number, credit / debit card number, IP address, location data, purchase history or such other meaning given to personal data in the Data Protection Legislation (“Personal Data”).

LAWFUL BASES OF PROCESSING

We will only collect and process Personal Data about you where we have a lawful basis for doing so. Lawful bases include consent, contract (where processing is necessary for the performance of a contract with you (e.g. to ensure you receive tickets you have purchased), legitimate interests and compliance with legal obligations to which we are subject.

Where we rely on your consent to process personal data, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object. For further information, please see the section headed “Your Rights” below.

INFORMATION WE MAY COLLECT FROM YOU

We may collect and process the following information about you:

Customers

  • Personal information when you register with the Platform (or via associated features / tools such as our ticket widgets) or enter details under the “Settings” section of the Platform or otherwise, including Personal Data, including any information you upload to the Platform or provide when contacting us (including to register complaints or claim a refund) or entering / accepting any promotional offers and including any CV or careers-related information or student loan application information you may upload.
  • Details of any transactions you make through the Platform.
  • If you make any purchases, your financial information (like your credit or debit card numbers), although we do not store this ourselves.
  • In connection with your account log-in, your log-in details and password.
  • Information from social networks you are a member of, where you choose to log-in via a social networking site or make use of the Platform’s social networking features.
  • Location data.
  • Ratings information, where you choose to make use of any ratings service provided by the Platform.
  • Details of any preferences, personal settings and responses to surveys or questionnaires we may send you.
  • Details of your visits to the Platform, Event information and resources you choose to access and any data you choose to download.
  • Technical data, including device properties such the type of internet browser you are using and any website you may have navigated from to use the Platform. For the purposes of this privacy policy, “technical data” includes “aggregate” and “de-personalised” information, which is data we collect about the use of FIXR’s services, from which any personally identifiable data has been removed. We may use tools or third party analytical software to automatically collect and use certain technical data that does not directly enable us to identify you. The types of technical data we may collect and use include, but are not limited to: (i) device properties, including, but not limited to Media Access Control (“MAC”) address and identifier for advertising (“IDFA”) or other device identifier; (ii) device software platform and firmware; (iii) mobile phone carrier; (iv) geographical data such as coarse location; (v) other technical data as reasonably required by FIXR to enhance our products and services.
  • Details of any complaints made against you by Event Organisers.
  • Information supplied by you when answering questions created by an Event Organiser in relation to an Event. For example, if attending a dinner, you may be asked to provide your dietary requirements. Such questions may be wide-ranging and cover a range of topics. Event Organisers can ask to collect virtually any information from Consumers when Consumers register for an Organiser’s event listed on the Platform. We do not control any such Personal Data collected by the Event Organiser. All Personal Data collected on behalf of an Event Organiser is made available to them.
  • Details relating to validation of tickets held by you if these are processed using our Entry Manager software, including time and date of validation, and number of tickets admitted / rejected. Such information may be used to determine the validity of refund requests made by you.
  • Other information that you may consent to give us from time to time.

You are under no obligation to provide any such information. However, if you should choose to withhold requested information, we may not be able to provide you with certain services.

Event Organisers

  • Your name, address, contact details, links to your social media pages and/or website, and other information required for you to register with the Platform and create an account.
  • Payment details, to enable us to collect and make any payments owed to you.
  • In connection with your account log-in, your log-in details and password.
  • Information from social networks you are a member of, where you choose to log-in via a social networking site or make use of the Platform’s social networking features.
  • Location data.
  • Ratings information, where ticket purchasers are able to provide ratings and feedback about your venue.
  • Details of any preferences, personal settings and responses to surveys or questionnaires we may send you.
  • Details of your visits to the Platform, the resources you choose to access and any data you choose to download.
  • Technical data, including the type of internet browser you are using and any website you may have navigated from to use the Platform.
  • Details of any complaints made by Customers against you.

Visitors

  • Cookies information as set out under the section “Cookies Policy” below.
  • Any other data or information you choose to provide to us.

PURPOSES FOR WHICH WE PROCESS PERSONAL DATA

We will only process your Personal Data, in accordance with applicable law, for the following purposes:

  • To provide the Platform services or other services to you, including allowing purchase of tickets and processing any purchases.
  • To respond to communications sent by you including emails, online support enquiries and phone calls.
  • To contact you by post, instant messages, phone or email when necessary to discuss the transactions entered into by you on the Platform.
  • To help us build a profile for you so that we may offer you events, promotions and services based on your preferences. In order to tailor such offers appropriately, we will undertake profiling of you on the basis of our legitimate interests.
  • To monitor your use of the Platform and investigate any complaints or potential breaches of use of the Platform.
  • To notify you of any changes to the Platform, request feedback from you as to your use of the Platform, or respond to any communications you send us by using the contact details you have provided.
  • To identify users of the Platform.
  • To resolve any returns, refunds or disputes.
  • If you are an Event Organiser, to provide you with relevant reports and information concerning use of the Platform.
  • For other purposes to which you may consent from time to time.
  • To comply with applicable law, for example, in response to a request from the police or other emergency services, or a court or regulatory body, where such request is made in accordance with the law.

We will also use information you provide to us for the purposes of contacting you, or enabling third parties to contact you, with information or offers regarding upcoming events, products, services or surveys. This shall only be done with your consent and our direct marketing policy which is explained in full below.

COVID-19

Due to the COVID-19 pandemic, Personal Data may be used by us or Event Organisers to help support the NHS Test and Trace programme. Any Personal Data will only be retained for 21 days for Test and Trace purposes. If you do not wish for your Personal Data to be used for Test and Trace purposes, you must notify both us and the organiser of the Event you are attending.

NOTIFICATIONS AND MARKETING TO YOU

Notifications. From time-to-time, we may send you notifications, including by way of email, instant message, and push notification, provided you have opted-in to receiving such notifications. This includes if you have chosen to "follow" an Event Organiser and opted-in to receive communications from us about that Event Organiser and their Events. We will always give you the option to opt-out of receiving notifications by following the unsubscribe instructions on communications sent to you. You can also opt out of such notifications under the “Settings” section of your account. Notifications may include information about events, updates to our service, and surveys. In respect of the latter, we may use surveys (or similar) to gather additional information from you so that we can determine if we should introduce additional services or product lines. Notifications may also include communications distributed on behalf of FIXR and/or our commercial partners containing, inter alia, promotions, offers, competitions, career and internship opportunities, student loan information and advertisements.

Service messages. If necessary, we may send you service emails, for example notifying you of an event cancellation, regardless of your preference settings.

Third party marketing. Additionally, if you consent by opting-in to receive such information and offers, we may allow carefully selected third parties, to send you information directly which you may find useful regarding their products and services. If you decide to engage with such third parties, note that their terms and conditions and privacy policy will then apply.

Advertisements. From time-to-time we may display banner (or similar) advertisements or promotions for our commercial partners on the Platform, including within events listed on FIXR; on ticket receipts; and in follow-up communications if you have attended an event.

Recruitment Information. When registering an account with FIXR, you will be asked to supply additional information. If you are a student, this will include but not be limited to: name of university, course length and start year (“Recruitment Information”). In providing us with Recruitment Information, you will be asked if you are happy for us to use this to communicate with you about career and internship opportunities. This may include displaying advertisements or promotions relating to careers and internships within specific events listed on FIXR; on ticket receipts for that event; and in follow-up communications if you have attended that event. These events may have been selected based on the following criteria: location; university; event-type; links to academic or certain interests; and the demographic of event attendees. If you do not consent to us using Recruitment Information to communicate with you about career and internship opportunities, we will not do so however, we will retain the information you have provided, and may use this to send you other notifications, unless you opt-out of these.

Further third party sales and marketing. When you purchase a ticket from FIXR, you may at that time be offered an opportunity to purchase third party products or services or enter third party promotions or loyalty programmes. If you expressly consent to purchase those products or services or enter into the promotions or programmes you authorise us to share your name, phone number, e-mail address and, where necessary and only where you have consented for us to do so, your financial and billing details with that third party. The use of your Personal Data will be governed by the terms of that entity’s own terms of supply and privacy policy, so please ensure that you read the relevant terms and privacy policy carefully before you agree to purchase from, or engage with, that third party.

INFORMATION WE PROVIDE TO EVENT ORGANISERS AND THEIR MARKETING TO YOU

In using the Platform, Event Organisers will have access to certain Personal Data of Customers including your name, age and contact details. This is provided to enable Event Organisers to fulfil their contractual obligations to provide the Event for which you have purchased tickets. Event Organisers may use this data to, inter alia, inform you of Event changes or cancellations, process tickets on entry or deal with any ticketing disputes.

In certain cases, we will have a data controller to data controller agreement with Event Organisers. This means that the Event Organiser will be able to process Personal Data on a lawful basis in accordance with such agreement, it's own terms of service and privacy policy, or otherwise in accordance with the Data Protection Legislation. In acting as a data controller, the Event Organiser will ensure its own compliance with the Data Protection Legislation with respect to the processing and handling of Personal Data.

Event organiser marketing to you

When booking a ticket to an Event, you will be presented with the opportunity to opt-in to marketing communications from that Event Organiser. If you do not want to receive these communications, you have the choice to opt-out of receiving these when you make your booking.

If you decide to opt-in to receiving marketing communications from the Event Organiser when booking a ticket to that Event Organiser's Event, or do not expressly opt-out when making a booking (known as a soft-opt in), the Event Organiser will be able to communicate with you about upcoming Events and other similar promotions. By engaging with Event Organisers, you should note that their terms or service and privacy policy will then apply.

Should you wish to opt-out of such marketing communications from the Event Organiser, you can do so at any time by updating your preferences in your account settings, or by contacting the Event Organiser directly. You can unsubscribe from marketing communications by following the unsubscribe instructions on communications sent to you.

Ticket sales reps

If you sign-up to rep ticket sales on behalf of an event organiser, your details and contact information will be available to that event organiser so that they can monitor rep sales and contact you. You can stop acting as a rep for an event organiser at any time.

INFORMATION WE MAY SHARE WITH THIRD PARTIES

There are circumstances where we wish to disclose or are compelled to disclose your Personal Data to third parties. This will only take place in accordance with the applicable law and for the purposes listed above. These scenarios include disclosure:

  • To enable debit or credit card purchases to be transacted, for example through payment providers, banks, credit card companies and ticket merchants.
  • To third party merchants for the purposes of redeeming the tickets you purchase through the Platform.
  • To comply with any legal or regulatory obligation or so as to uphold or enforce our Terms of Service for Customers and Terms of Service for Event Organisers.
  • To comply or cooperate with investigations being carried out by the police or other emergency services.
  • To exchange information with other companies for the purposes of fraud prevention and detection, including police authorities.
  • To share data with social networking sites, if you allow us to do so.
  • To check or verify your age or identity.
  • Subject to your consent, to third parties for marketing purposes, who may contact you by post, email, telephone, SMS or by other means.
  • To third party service providers and consultants in order to protect the security or integrity of our business, including our databases and systems and for business continuity reasons.
  • To potential partners, advertisers and merchants with a view to promoting the Platform and its services.
  • To another legal entity, on a temporary or permanent basis, for the purposes of a joint venture, collaboration, financing, sale, merger, reorganisation, change of legal form, dissolution or similar event. In the case of a merger or sale, your Personal Data will be permanently transferred to a successor company; and
  • To any other third party where you have provided your consent.

INTERNATIONAL TRANSFER OF PERSONAL DATA

We may transfer your Personal Data to a third party in countries outside the country in which it was originally collected for further processing in accordance with the purposes set out above. In particular, your Personal Data may be transferred to our outsourced service providers located abroad. In these circumstances we will, as required by applicable law, ensure that your privacy rights are adequately protected by appropriate technical, organisation, contractual or other lawful means.

PUBLIC FORUMS, EXTERNAL WEBSITES AND SOCIAL NETWORKING FEATURES

The Platform may, from time to time, make public forums available to its users. Any information that is disclosed in these areas becomes public information and you should exercise caution when using these and never disclose your Personal Data.

The Platform may, from time to time, contain links to external websites, or external websites may host our ticketing widget functionality. We are not responsible for the terms and conditions, data protection, privacy, or security (including SSL compliance and data encryption practices) or content of such websites.

Please take care when using the Platform’s social networking features since the information you choose to make available may be seen by other users of the social network. We do not monitor the use of such features in the normal course of business although we reserve the right to do so at our discretion.

HOW WE PROTECT YOUR INFORMATION

We treat the security of Personal Data provided by you very seriously. All information that you provide to us is stored by us or on our behalf on secure servers based in the UK or other European Economic Area (“EEA”) Countries.

No credit or debit card information is stored on our servers. We use Stripe, a leading PCI compliant service payment provider, to store your debit and credit card information. Stripe has been audited by an independent PCI Qualified Security Assessor (QSA) and holds the highest level of certification given by card issuers (PCI-DSS Level 1),

When moving your data we protect it with multiple layers of security, including leading encryption technology like HTTPS and Transport Layer Security.

Any transactions completed using our ticketing widget functionality are secured by SSL technology, and any payment information entered is encrypted by our payment provider Stripe in the same way as a direct transaction through the Platform.

Your data is backed up to servers in different geographical locations within the EEA in order to provide resilience against fire or other disasters.

We monitor our services and underlying infrastructure to protect them from threats, including spam, malware, viruses and other forms of malicious code.

RETENTION OF PERSONAL DATA

COVID-19: Personal Data supplied for NHS Test and Trace purposes will be retained for 21 days.

We will not retain your information for any longer than we think is necessary.

Information that we collect will be retained for as long as needed to fulfil the purposes outlined under the "Purposes for which we process personal data" section above, in line with our legitimate and lawful interest or for a period specifically required by applicable regulations or laws, such as retaining the information for regulatory reporting purposes.

When determining the relevant retention periods, we will take into account factors including: our contractual obligations and rights in relation to the information involved; legal obligation(s) under applicable law to retain data for a certain period of time; statute of limitations under applicable law(s); our legitimate interests where we have carried out balancing tests; (potential) disputes; and guidelines issued by relevant data protection authorities.

Otherwise, we securely erase your information where we no longer require your information for the purposes collected.

We may keep an anonymised form of your Personal Data, which will no longer refer to you, for statistical purposes without time limits, to the extent that we have a legitimate and lawful interest in doing so.

YOUR RIGHTS

Data protection law provides you with numerous rights, including the right to: access, rectify, erase, restrict, transport, and object to the processing of, your Personal Data. You also have the right to lodge a complaint with the relevant data protection authority if they believe that your Personal Data is not being processed in accordance with applicable data protection law.

  • Right to make subject access request (SAR). You may, where permitted by applicable law, request copies of your Personal Data. If you would like to make a SAR, (i.e. a request for copies of the Personal Data we hold about you), please contact us as set out below. You may be required to submit a proof of your identity and a fee.
  • Right to rectification. You may request that we rectify any inaccurate and/or complete any incomplete Personal Data. You can also access your own account details and amend them yourself at any time by going to “Settings”.
  • Right to withdraw consent. You may, as permitted by applicable law, withdraw your consent to the processing of your Personal Data at any time. Such withdrawal will not affect the lawfulness of processing based on your previous consent. Please note that if you withdraw your consent, you may not be able to access the entire Platform or benefit from certain service features for which the processing of your Personal Data is essential.
  • Right to object to processing, including automated processing and profiling. You may, as permitted by applicable law, request that we stop processing your Personal Data. In relation to automated processing and profiling, you may object to the processing.
  • Right to erasure. You may request that we erase your Personal Data and we will comply, unless there is a lawful reason for not doing so. For example, there may be an overriding legitimate ground for keeping your Personal Data, such as, a legal obligation that we have to comply with, or if retention is necessary for us to comply with our legal obligations.
  • Right to data portability. In certain circumstances, you may request that we provide your Personal Data to you in a structured, commonly used and machine readable format and have it transferred to another provider of the same or similar services. We will comply with such transfer obligations as far as it is technically feasible. Please note that a transfer to another provider does not imply erasure of your Personal Data which may still be required for legitimate and lawful purposes.
  • Your right to lodge a complaint with the supervisory authority. We suggest that you contact us about any questions or if you have a complaint in relation to how we process your Personal Data. However, you do have the right to contact the relevant supervisory authority directly. To contact the Information Commissioner’s Office in the United Kingdom, please visit the ICO website for instructions.

If you wish to exercise any of the above rights, please contact us at [email protected] or by using the chat service on our website (www.fixr.co). You can also write to us at the address above.

AGE

Please note that the Platform is not intended for anyone under the age of 16.

COOKIE POLICY

Please refer to our cookie policy here.

AMENDMENTS

We may amend this Policy at any time to reflect changes to the Platform, services provided thereunder or our general terms of use.