Privacy Policy

Last updated: [DD Month YYYY]

This notice explains how [Your Legal Entity Name] (“we,” “us,” “our”) processes personal data when you use [website URL / service name].

1. Who we are

Controller: [Your Legal Entity Name], [registered address], [company number], [VAT number if any]
Contact: [privacy@yourdomain.com]
Data protection contact/DPO (if appointed): [Name / contact]

This notice applies to users in the UK and EEA. Additional local rights may apply in your country.

2. What we collect

• You provide: name, email, phone, billing/shipping details, ticket selections, preferences, messages to us.
  
  

• Usage/technical: IP address, device identifiers, browser type, pages viewed, referring URLs, time stamps.
  
  

• Derived data: engagement metrics, campaign attribution.
  
  

• From third parties: payment processors, fraud-prevention providers, analytics/advertising partners, and event tools such as Ticket Tailor.
  
  

We do not intentionally collect data from children under 13.

3. Purposes and lawful bases

Purpose

Examples of data

Lawful basis

Run the site, provide content, ensure security

IP, device, logs

Legitimate interests (operate, secure, prevent abuse)

Sell and deliver tickets/orders

Identity, contact, order, payment status

Contract (perform and administer your purchase)

Customer support

Identity, communications

Legitimate interests; Contract (where related to an order)

Email marketing and newsletters via Mailchimp

Email, engagement

Consent; or “soft opt-in” for our similar products/services to existing customers. You can opt out anytime.

Analytics/measurement

Usage, events

Consent (for non-essential cookies/SDKs)

Compliance, tax, accounting, legal claims

Identity, transaction records

Legal obligation; Legitimate interests

Where we rely on consent, you can withdraw it at any time.

4. Cookies and similar tech

We use necessary cookies to run the site. Non-essential cookies (analytics, ads, social) are used only with your consent. You can manage choices at any time via [Manage cookies]. See [Cookie Policy link] for details.

5. Disclosures (recipients)

We share personal data with:

• Service providers (processors): hosting/CDN, security, analytics, email and marketing tools (e.g., Mailchimp), ticketing/e-commerce tools (e.g., Ticket Tailor), support, backup, and IT vendors. They act under our instructions and appropriate contracts.
  
  

• Payment processors: to take payments and prevent fraud. We do not store full card details.
  
  

• Professional advisors and authorities: where required.
  Some vendors may also act as independent controllers for their own necessary purposes (e.g., fraud prevention, compliance). Review their notices for details.
  
  

6. International transfers

If personal data is transferred outside the UK/EEA, we use one or more of: an adequacy decision, the UK International Data Transfer Agreement (IDTA) or UK Addendum to EU SCCs, and transfer risk assessments. Copies of relevant safeguards are available on request.

7. Retention

We keep data only as long as needed:

• Account/support records: while active and up to 6 years after last interaction.
  
  

• Order/ticket and tax records: 6 years (or longer if legally required).
  
  

• Marketing data: until you unsubscribe or your consent is withdrawn, plus a short period to maintain suppression lists.
  
  

• Logs/analytics: per our Cookie Policy.
  
  

8. Your rights

Subject to conditions in law, you can request: access, rectification, erasure, restriction, portability, and to object to processing based on legitimate interests. You also have the right to withdraw consent.
Requests: [privacy@yourdomain.com].
UK residents can complain to the ICO: ico.org.uk. We’d appreciate the chance to resolve issues first.

9. Direct marketing rules

Email/SMS marketing is sent with your consent or under the “soft opt-in” where you bought or negotiated to buy from us and the message concerns our similar products/services. Every message includes an unsubscribe option. We do not use purchased or scraped lists.

10. Security

We use appropriate technical and organisational measures to protect data, limit access to need-to-know, encrypt data in transit, and maintain incident response and vendor management procedures.

11. Children

Our services are not directed to children under 13. If you believe a child provided data, contact us to delete it.

12. Automated decision-making

We do not conduct solely automated decisions that produce legal or similarly significant effects.

13. Third-party links

Our site may link to third-party sites. Their processing is governed by their own notices.

14. Changes

We may update this notice. If changes are material, we will provide a prominent notice. The “Last updated” date shows the latest version.

Service-specific notes

Mailchimp (email and marketing automation)

Used for sending newsletters and managing subscriber preferences, campaign analytics, and deliverability. Lawful basis: consent or soft opt-in (marketing), legitimate interests (service analytics essential to deliver emails). International transfers may occur; safeguards as in Section 6. Unsubscribe links are included in every email.

Ticket Tailor (ticketing and event operations)

Used to list events, issue tickets, manage attendee details, confirmations, and entry control. Lawful basis: contract (fulfil your ticket order) and legitimate interests (event administration, fraud prevention). Ticket Tailor may also process data for its own necessary purposes under its privacy notice. International transfers and safeguards as in Section 6.

Contact

[Your Legal Entity Name]
[registered address]
Email: [privacy@yourdomain.com]
[Optional: phone]