Event Organiser Data Privacy Policy


TicketSource is committed to upholding the Data Protection principles of good practice. Protecting your privacy is important to us and we strive to keep all information relating to you confidential in accordance with this statement and the law. As part of the normal operation of our services you may voluntarily provide us with information about yourself. The purpose of this Data Privacy Policy is to explain what personal data we collect about you, how that personal data might be used and how we protect your personal data and privacy.

TicketSource is a member of STAR (the Society of Ticket Agents and Retailers) which requires TicketSource to comply with an industry Code of Practice. TicketSource also uses the latest extended validation security (EV SSL) certificate and is PCI DSS compliant ensuring that tickets are sold in a safe and secure environment.

Who are we?

TicketSource is an online ticketing software provider. You, the Event Organiser, have contracted us to deliver online ticketing services for your events. Therefore, TicketSource is the Data Controller and responsible for the handling and safe and confidential storage of your Personal Data.

What is the legal basis for processing your personal data?

Processing is necessary for the performance of a contract – i.e. the provision of an online box office system. We may also store your IP Address for risk management purposes or use Cookies to allow full access and smooth progression through our platform. These are processed under Legitimate Interest.

How do we process your personal data?

TicketSource complies with its obligations under the General Data Protection Regulations (GDPR) by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining unnecessary data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

TicketSource only collects personal information about you when you specifically provide us with such information on a voluntary basis. The information that we collect from you and your authorised users includes:

  • User's full name
  • Business/Organisation name
  • Business/Organisation address
  • Email
  • Contact number
  • Web address and social media pages (Facebook and Twitter)
  • Business bank account details (if required for ticket settlement)
  • Charity number (if applicable)
  • IP address - we may collect information about your computer, including where available your IP address, operating system and browser type, for system security client support and some site analytics. This statistical data cannot be used to identify a user.
  • Cookies – cookies are used to track users through our site and to save information as you move from page to page of website.

We use your personal data for the following purposes:

  • To enable us to deliver to you the TicketSource service as per the Terms and Conditions of Use and also to keep you advised of system updates and new features;
  • To enable the creation of a TicketSource account;
  • To set up users on your account and allow them access to the TicketSource system in accordance to the permission levels as set by you;
  • To send you and your nominated users email communication regarding your event, your account, your ticket settlement or a customer query;
  • To identify you as a user, your permission level and your TicketSource account should you contact TicketSource for support or assistance;
  • If using TicketSource merchant services, we will access your bank account details to process ticket settlement;
  • To process card payments for sundry extras (such as event cancellations, stock orders, equipment hire, sundry invoices, etc.) and where necessary to arrange delivery of orders or equipment hire.
  • To process and deliver an order of sundry items such as ticket stock, scanners, etc.
  • We may contact you by phone or email if we have a query regarding your event, your account or a customer booking;
  • We may also use your data to perform quality assurance, sales analysis or other business analysis.

Sharing your personal data

TicketSource does not share or sell client contact details to Third parties unless stipulated within this Privacy Policy. TicketSource will only contact you with regard to the contract and your use of the TicketSource system.

TicketSource may share your Personal Data with our processing partners who are contracted to assist TicketSource with the delivery of our service – known as Sub-Processors. TicketSource is responsible under GDPR to ensure that any Sub-Processor we contract are fully compliant with GDPR law and will also act to ensure the safety and confidentiality of your Personal Data. A list of our Sub-Processors can be found in the Data Processing Agreement.

Where Personal Data relating to an EU (or UK or Swiss) Data Subject is transferred outside of the EEA it shall be processed by an entity: (i) located in a third country or territory recognised by the EU Commission as having an adequate level of protection; or (ii) that is subject to Standard Contractual Clauses; or (iii) that has other legally recognised appropriate safeguards in place, such as the EU-US Privacy Shield or Binding Corporate Rules.

TicketSource will not share your personal contact details with your ticket-buying customers unless you have provided written permission for your name, email or phone number to be provided for customer queries.

How long do we keep your Personal Data?

TicketSource will keep your Personal Data for no longer than is reasonably necessary. An Administrator on an account can delete a user along with their Personal Data at any time.

If an account is dormant for two years (i.e. no log-ins to the account) the account will be deleted along with all Personal Data and Event Data, unless an Event Organiser with Administrative access requests in writing that an account remains active.

Accounts can be closed by submitting a written request from an account Administrator however if there is event data within an account (i.e. bookings), Personal Data and Event Data will be retained for two years to assist with any booking queries, finance reporting or charge disputes.

Your Rights and your Personal Data

You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your Personal Data held by TicketSource, please contact the Data Security Officer using the contact details listed below.

Under GDPR you have the following rights:

  • Right to be informed of why your data is being processed (included within this Data Privacy Policy)
  • Right of access to the Personal Data held
  • Right of rectification if incorrect data is held
  • Right to erasure (may be subject to the booking contract and retention periods)
  • Right to object to processing

Further processing

If additional processing is required beyond the scope of this Privacy Policy, we will provide you with information explaining this new process prior to commencing the processing and the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

Other websites

Our website may contain links to other websites (e.g. Mailchimp, Stripe, Google Analytics, etc). This Data Privacy Policy only applies to the TicketSource website so when you link to other website you should read their own privacy policies.

Contact Details

To exercise any relevant rights, queries or complaints regarding TicketSource and the handling of your Personal Data, please contact:

The Data Security Officer


Off Edge


CF64 3EE

Email: support@ticketsource.co.uk

How to make a complaint

If you are unhappy with the way in which your personal data has been processed by TicketSource you may in the first instance contact The Data Security Officer using the contact details above.

If you remain dissatisfied, then you have the right to apply directly to the Information Commissioner for a decision. The Information Commissioner can be contacted by phone on 0303 123 1113 or via their online notification system at www.ico.org.uk/concerns

Category: Terms of Use

Keywords: gdpr, data privacy policy

Last modified on Wed 11 April 2018