Tixel operates in an increasingly global marketplace where the protection of personal data is of paramount important to us, as we expand our footprint beyond Australia, and increasingly into the USA, the UK and Europe. In light of our expansion, Tixel operates in accordance with the leading standard for data protection law as enshrined in the General Data Protection Regulation (EU) 2016/679 ("EU GDPR"). Since 1 January 2021 we also comply with the retained version of the EU GDPR which applies in the UK, as amended from time to time (the "UK GDPR").
For the remainder of our activities, mostly hosted and conducted from Australia (which has little or no effect on UK and EU-located individuals) we continue to comply with the Australian Privacy Act including its 13 Privacy Principles. For USA activities, we adhere to relevant Federal and State data privacy laws such as the Children's Online Privacy Protection Act and the California Consumer Privacy Act.
1. What personal data do we collect?
Personal data is any information that could be used to identify you in some way. The personal data that we collect from or about you may include the following:
1 Tixel recognises the impacts on data protection law brought about by the UK's withdrawal from the European Union (EU) and the resulting UK GDPR which applies since 1 January 2021.
- your name;
- your date of birth;
- your address;
- your email address;
- your contact telephone number;
- your bank account details;
- your location country (if you have selected a country view);
- your financial information (such as Bank account details, or credit or debit card information);
- your purchase history with us;
- information you voluntarily give us when you contact our customer services team, including any phone number used to call out customer service number;
- information about your visit to our website, including:
- The full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), tickets or events you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page; technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, browser plug-in types and versions, and operating system and platform. information collected from our websites and elsewhere across the internet through cookies, web beacons, pixel tags, device identifiers and other technologies including information about your shopping habits and preferences.
2. When do we collect personal data?
We may collect personal data in a variety of ways including:
- Information you give us. This is information about you that you give us by filling in forms on our site or by corresponding with us by phone, e-mail or otherwise. It includes information that you provide when you register for an account, complete our “get in touch” form on our website, list tickets for sale, buy or sell tickets via our site, sign up for ticket alerts, subscribe to our newsletter, contact our customer services team, or get in touch with us on social media.
- Information you give us when you report a problem with our site, a ticket transaction or another user
- Information we collect automatically when you use our service. This would include personal data held in respect of a ticket when you are selling through Tixel and use our ticket scanning technology. With regard to each of your visits to our site we may, independently or through third-party data analytics tools or services such as Google Analytics, automatically collect information as you use our services.
- Information we receive from other sources. We work closely with third parties, for example our event partners and/or primary ticketing companies who may provide us with information about you in order for us to authenticate the tickets you have listed on our site, or in some cases public databases.
- Social Media. You might wish to register for an account with us using your Facebook account. By doing so you give us permission to access certain information from your Facebook account. We only use it to obtain your name and email address, we don't navigate your friends lists. You can control the information you allow us to have access to through your privacy settings on Facebook.
- Spotify. If you elect to attach your Spotify account, we may use your listening preferences to help us show you relevant events or events you may be interested in based on this information.
3. Cookies policy:
We use the following types of cookies:
- Technical cookies: Technical cookies are essential to the operation of our Website. They allow you to navigate through our Website and to use the functions incorporated in it.
- Analytical or statistical cookies: Analytical cookies are used to check the quality and effectiveness of the Website. For instance, we can see how many users visit the Website and which pages are visited. We use this information to improve our Website and Services.
- Tracking cookies: Tracking-cookies monitor the click and surf behaviour of our visitors. By means of these cookies we can see whether and when you look at your profile and whether you click through to our Website. We may also use these cookies to show you ads based on your interests.
Opt-Out from the setting of cookies on your individual browser
While some internet browsers offer a “do not track” or “DNT” option that lets you tell websites that you do not want to have your online activities tracked, these features are not yet uniform and there is no common standard that has been adopted by industry groups, technology companies or regulators. If you do not want cookies to be sent to your computer, you can change this in the cookie settings of your browser
We include below an updated list of the more popular browser types with hyperlinks showing how to adapt their cookie settings accordingly:
4. Which personal data do we collect and for what purposes do we use it?
We use your personal data for a variety of purposes related to the services that we provide. We only hold and process personal data when the law in your particular jurisdiction allows us to. Using the EU GDPR and UK GDPR as our benchmark (and refining these lawful bases as required to suit Australian, USA and other regional contexts) we have reviewed the six kinds of legal justification that could apply to the processing of a user's personal data. They are summarized as followed in the visual/infographic below:
- For purposes related to the provision of the services that we offer to you:
- To give you access to and use of our service which includes our website blog and other features and also enabling you to set up an account and to list, sell, supply, buy and acquire tickets via our service;
- Communicating with you in connection with your ticket transaction(s), giving you access to your account information, and providing you with customer services/dispute resolution support;
- To measure customer satisfaction, obtain personal testimonials for our website and provide customer service (including troubleshooting in connection with purchases or your requests for services).
- Changes. To notify you about changes to our service
We use your data in this way either primarily because we have a contract with you (for example, our legally binding User Agreements which apply when you set up an account (here: https://tixel.com/terms) or when you sell or buy tickets using our platform, we have a contract to provide that service to you.) In addition, our use of your data will be legally justified because it may be essential to fulfilling a legal obligation in your particular jurisdiction or because it is in our legitimate interests to do so. When we identify our legitimate interests, we balance them ( against the rights and freedoms of you as an individual. In this way we are assured that our measurement of customer satisfaction and our ability to swiftly and responsively "troubleshoot" customer issues are fully justified. Please be assured that we will always ensure that your rights are protected when we consider our assessments of our legitimate interests going forward.
- For advertising and marketing purposes:
- To send you ticket alerts via e-mail and/or notifications to your mobile phone. You can turn off and edit your alerts in the My Waitlists section within your account settings or by contacting us by the methods set out at the bottom of this policy;
- To send marketing emails on behalf of business partners in the future to let you know about other products and services that we think might interest you. You can opt in or out of receiving these emails by updating your preferences in the "my account" section of your account.
- We'll send you marketing emails (including newsletters) about other events you might be interested in. You can opt to stop receiving marketing information by updating your preferences in the "my account" section, by clicking on the unsubscribe link in any email, or by contacting us by the methods set out at the bottom of this policy;
- To measure or understand the effectiveness of any advertising we serve to you and others.
- To send you information or offers on behalf of our event partners;
- Where you have registered your account from the United Kingdom, the European Union, Australia, New Zealand or Canada, we will rely on your consent to contact you or your existing relationship with us based on our previous dealings (such as ticket transactions or registrations) for marketing purposes. Where you have registered your account from the United States, or in other scenarios (for example, measuring the effectiveness of our marketing), we will rely on our legitimate interests as a business, always ensuring that your rights are protected.
- For the purposes of tailoring our services to you to enhance your user
- We may combine the personal data we collect from third parties (for example, if you have said we can, from Spotify) with personal data you give to us and the personal data we collect about you to improve the relevancy of the Tixel service and to make suggestions and recommendations to you about Tixel goods or services that may interest you.
- For administrative and internal business purposes:
- To ensure that content from our site is presented in the most effective manner for you and your device;
- To administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- To allow you to participate in interactive features of our services when you choose to do so. It is in our legitimate interests as a business to use your data in this way. For example, we have a clear interest in ensuring that our site works properly and that our services are high quality and efficient. We will always ensure that your rights are protected.
- To permit and enable trend analysis and certain analytics with respect to aggregated and/or anonymised data - to enable insights to be gleaned into certain demographics (such as preferences or ticketing habits fans of a particular age or location)
- For security, fraud prevention and legal and compliance purposes:
- To keep our website and app safe and secure;
- We may process your personal data using software and systems that look for fraudulent activity by studying patterns in data. This may involve automated decision making (including profiling). For example, our software and systems may notice that an account (or series of accounts) is being used in a way that is unusual and that is indicative of fraudulent conduct or otherwise in a manner that breaches our terms and conditions;
- To protect our rights or property (or the rights or property of others) and to enforce our rights and pursue available remedies.
- In some cases, we will need to use your personal data to fulfil a legal obligation (for example, if we receive a legitimate request from law enforcement agencies), and in other cases (such as the detection of fraud or ensuring the security of the site) this processing may be for the purpose of preventing and detecting crime which we believe to be necessary or appropriate in each case in order to comply with laws or legal process (including laws of legal process in other countries). We will also rely on our legitimate interests in ensuring the integrity of our services and in enforcing our terms and conditions to use your data in this way.
5. Privacy of minors:
- Tixel does not knowingly collect personal information from children under the age of 16 without parental consent
6. When do we share your personal data?
- We may share your personal data:
- in order to fulfil our contractual obligations to you, to fulfil another legal obligation (such as to a court or regulatory authority or police) or because it is in our legitimate interests to do so (for example, where we collaborate with primary ticketing companies such as Eventbrite, Oztix, Iwannaticket and others for integrations/ processes required to complete our services);
- with selected third parties who provide services to us for specific functions. In each case we will ensure that these third parties are only allowed to use your personal data in order to provide the relevant services to us and to you. It is in our legitimate interests as a business to work with these third parties since we may not have the capabilities to provide these services ourselves. We mention by example the servers provided by Amazon Web Services, the use of Xero for accounting and financial tasks, and the use of Stripe for payment support for the ticketing transactions.
- with our event partners or primary ticketing companies so that they can verify the authenticity of tickets that have been listed or sold via our site and control access to their event in order to fulfil our contractual obligations to you, or because it is in our (and their) legitimate interests to do so (for example our event partners need to do this to ensure they uphold health and safety, and security standards);
- with other users during the sale/purchase of ticket(s) via our service in order to complete a transaction.
- with marketing partners who may use your details to contact you with
news and offers:
- if you were located at time of registration in the United Kingdom, the European Union, Australia, New Zealand or Canada and only if you have provided your explicit consent; or
- if you were located at time of registration in the US and unless you have told us specifically that you do not want this to happen subsequent to registration.
You can withdraw consent at any time by contacting us via the help and support section.
- with third parties if we propose to seek investment from external funders, sell or buy any business or assets, in which case we may be required to disclose your personal data to the prospective buyer or seller of such business or assets. Similarly, if there are changes to our group structure, or if our ownership changes, we may need to disclose your personal data to the new owners or operators as one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our User Agreement and other agreements; or to protect the rights, property, or safety of Tixel, our users, or others. This includes exchanging information with other companies and organisations (including law enforcement agencies where appropriate) for the purposes of fraud protection and credit risk reduction.
7. Transfers of ring your personal data - when you are located in outside of the UK or European Economic Area (The 'EEA'):
- Some of the processes involved in our use of your personal data may require your data to be stored or processed in countries outside of the UK or EEA; for example, where you purchase tickets for a venue outside of the UK or EEA or if one of our service providers is based outside of the UK or EEA (such as in Australia or in the USA).
- These countries will naturally have different data protection laws as the UK and the EEA and so your personal data has to be subject to broadly equivalent standards in order to comply with UK GDPR and EU GDPR as applicable in each case. In such cases, we will make sure that any transfer of your personal data to countries outside of the UK or EEA is subject to appropriate safeguards as if it were being processed inside of the UK or EEA.
- Tixel is willing to apply the most appropriate safeguard for such transfers and acknowledges the “EU standard contractual clauses” updated for use by the European Commission on 4 June 2021 and available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX%3A32021D0914&locale=en . Tixel shall monitor the UK variant of these as and when updated and made available for deemed use in data transfers outside the UK by the Information Commissioners Office.
- Note that transfers of data between the UK and EEA are deemed compliant with EU GDPR and UK GDPR pursuant to European Commission “adequacy decision” published on 28 June 2021.
8. How do we protect your personal data?
- We take the security of your personal data very seriously and have put in place technical and organisational measures to help keep it safe from unauthorised access or disclosure as required by law and in accordance with good industry practice. For example, all information you provide to us is stored on our secure servers and our database is encrypted using only whitelisted IP addresses for access. Any payment transactions will be encrypted using SSL technology.
- Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We require you not to share a password with anyone.
- Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk.
9. Retention of your personal data:
- We'll only retain your personal data for as long as is necessary for the purpose described in this policy. This means that retention periods will vary according to the type of data we have in the first place. For example, we'll hold on to your personal data for as long as you have your account, or as long as is needed to be able to provide the services to you but we may also keep hold of some of your personal data (even after you have closed your account) for fraud prevention and detection reasons.
10. Third party websites:
- Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates such as Facebook, Instagram and Twitter. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these other organisations and websites
11. Your rights:
- Please note, we take a firm stance on ticket touting and we take ticketing fraud very seriously. The law permits us to refuse a request to exercise your rights where we believe permitting you to exercise your rights may prejudice the prevention or detection of crime or the apprehension or prosecution of offenders.
- You may exercise any of the following rights in the following section regarding
- Right to request the correction of inaccurate personal data: You may request the correction of inaccurate personal data held and controlled by Tixel. In most instances this can also be done through the "my account" section (though note, any errors held or made by Spotify, Facebook and others will be the responsibility of those third parties, whom you should contact directly to request corrections).
- Right to ask us not to use your personal data for direct marketing purposes: This can be done through the communication preferences part of "my account" or by clicking the "unsubscribe" link on marketing communication.
- Right to access: You may request a copy of the personal data we hold about you (and in some circumstances, you can ask us to provide a copy to a third party).
- Right to be forgotten (account deletion): You may ask us to either permanently delete or temporarily stop using the personal data we hold about you and to close your Tixel account. Please note that we will do all we can to respect your right to have your personal data deleted where there is no good reason for us to continue to process it but there may be some circumstances where we will need to retain some personal data in accordance with applicable laws.
- Right to data portability: You can ask us to have the personal data that you've provided to us provided to you in a structured, machine-readable and commonly-used electronic format.
- Right not to be subject to decisions made solely on the basis of "automatic processing": You may object to automated decision making which produces legal effects concerning you or similarly significantly affects you.
- Right to file a complaint with your National Data Protection Authority, if you believe that we process your personal data unlawfully. See here for a list of all National Data Protection Authorities in the European Union and the UK.