Menu

Privacy Policy

  • TIXTRACK, INC. - PRIVACY POLICY
  • UPDATED: September 17 2024

This Privacy Policy includes important information about your personal data and we encourage you to read it carefully.

Welcome

We provide ticketing services through the internet to businesses of all sizes who use our technology and services to sell tickets to consumers online. TixTrack, Inc. wants to be clear about our use of the Personal Data that is entrusted to us.

This Privacy Policy (“Policy”) describes the “Personal Data” that we collect about you, how we use it, how we share it, your rights and choices, and how you can contact us about our privacy practices. This Policy also outlines your data subject rights, including the right to object to some uses of your Personal Data by us.

“TixTrack”, “we”, “our” or “us” means TixTrack, Inc. which is the entity responsible for the collection and use of Personal Data under this Privacy Policy. This Privacy Policy applies to the collection and use of Personal Data on the purchase of tickets and items for events hosted in the United States, meaning that it could apply to residents of the United States or other countries who purchase tickets to events hosted in the United States.

“Personal Data” means any information that relates to an identified or identifiable individual, and can include information that you provide to us to facilitate a transaction (such as first and last name, email address, billing address/shipping address, zip code and phone number) and that we collect about you, such as when you engage with our Services (e.g. device information, IP address).

Our “Business Services” are services provided by TixTrack to entities (“Business Users”) who directly and indirectly provide us with “End Customer” Personal Data in connection with those Business Users’ own business and activities.

Transaction Data” as used in this Privacy Policy includes Personal Data, and may include the following: your name, email address, billing address, shipping address, payment method information, location, purchase amount, date of purchase and your phone number. 

Depending on the context, “you” means End Customer or Visitor:

  • When you do business with, or otherwise transact with, a Business User (e.g. when you buy tickets from a merchant that uses TixTrack’s technology and services) but are not directly doing business with TixTrack, we refer to you as an “End Customer.”
  • When you visit TixTrack.com or otherwise communicate with TixTrack, we refer to you as a “Visitor” (e.g. you send TixTrack a message asking for more information because you are considering being a user of our technology or services).

1. Personal Data that we collect and how we use and share it

Our collection and use of Personal Data changes depending on whether you are acting as End Customer or Visitor.  

End Customers

TixTrack offers Business Services to our Business Users (e.g. facilitating the sale of tickets for those Business Users). When we are acting as a Business User’s service provider (also known as a data processor), we will process Personal Data in accordance with the terms of our agreement with the Business User and the Business User’s lawful instructions (e.g. when we process a ticket purchase for a Business User because you bought a product from them). 

Business Users are responsible for making sure that their End Customers’ privacy rights are respected, including ensuring appropriate disclosures about data collection and use that happens in connection with their products and services. If you are an End Customer, please refer to the privacy policy or notice of the Business User you choose to do business with for information regarding their privacy practices, choices and controls. 

Personal Data that we collect about End Customers

  • Transaction Data. If you are an End Customer, when you make payments or get refunds from a Business User that uses our Business Services, our payment processing partners may collect Transaction Data such as credit or debit card number. We may also receive your transaction history with the Business User.
  • Identity/Verification Information. Our payment processing partners also provide a verification and fraud prevention service that allows a Business User to verify Personal Data about you, such as your authorization to use a payment method. As part of these services, you may be asked to share Personal Data with our Business Users that we share with our payment processing partners for this purpose (e.g., your government ID, your image (selfie), and Personal Data you input or that is apparent from the physical payment method (e.g. credit card image)). To protect against fraud, our payment processing partners may compare this information with information about you that they collect from Business Users, financial partners, business partners, identity verification services, publicly available sources, and other third party service providers and sources so that they can assess whether the person is likely to be you or a person purporting to be you.
  • How we use Personal Data of End Customers We do not use your Personal Data for any purpose other than to fulfill our contractual obligations with our Business Users.  We do not sell or share Personal Data of End Customers for advertising or marketing purposes.

Visitors 

We collect and use Personal Data of Visitors.

Visitor Personal Data that we collect

When you visit www.TixTrack.com, we will receive your Personal Data either from you providing it to us or through our use of cookies and similar technologies

Forms. When you choose to fill in a form on www.TixTrack.com, we will collect the information included in the form (e.g. your contact information and other information about your question related to our Business Services). We may also associate a location with your visit.

How we use Visitor Personal Data

  • Personalization. We use information about you that we gather from cookies and similar technologies to measure engagement with the content on www.TixTrack.com, to improve relevancy and navigation. 
  • Advertising. We do not sell or share Visitor Personal Data to others for their advertising purposes.
  • Engagement.  When Visitors engage with www.TixTrack.com, we will use information we collect about and through your devices in order to provide the opportunity to engage in conversations or with chatbots to address your questions.

More ways we collect, use and share Personal Data

Personal Data Usage. In addition to the Personal Data usage described above, we use Personal Data in the following ways:

  • Compliance with Legal Obligations. We use Personal Data to meet our contractual and legal obligations related to anti-money laundering, Know-Your-Customer (“KYC”) laws, anti-terrorism, export control and prohibitions on doing business with restricted persons or in certain business areas and other legal obligations. We strive to make our Services safe, secure and compliant, and the collection and use of Personal Data is critical to this effort.
  • Compliance with Business User Ticket Limits. We may use your Personal Data to enforce any ticket limits (if any) established by us or our Business Users and as may be changed from time to time at the discretion of us or the Business User. We may provide insights to the Business User based on your Personal Data for purposes of determining whether or not the the interactions with us or the Business User are intended to defraud or circumvent the established ticket limits that have been established. We reserve the right to take actions to block any End User that has disputed charges in the past for any of our Business Users or we have reasonable evidence to determine that an End User is intending to defraud or circumvent the established ticket limits that have been established.
  • Minors. The Services are not directed to minors, including children under the age of 13, and we request that they not provide Personal Data through the Services.
  • Compliance and Harm Prevention. We share Personal Data as we believe necessary: (i) to comply with applicable law, (ii) to enforce our contractual rights; (iii) to secure or protect the Services, rights, privacy, safety and property of TixTrack, you or others, including against other malicious or fraudulent activity and security incidents; and (iv) to respond to valid legal process requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, including to meet national security or law enforcement requirements,which may include authorities outside your country of residence.

2. Legal bases for processing data

For the purposes of the General Data Protection Regulation, we rely upon a number of legal bases to enable our processing of your Personal Data.

a. Contractual Business Relationships. We process Personal Data on behalf of our Business Users and to perform the respective contractual obligations with them. Activities include:

  • Creation and management of TixTrack accounts and TixTrack account credentials;
  • Creation and management of TixTrack checkout accounts;
  • Accounting, auditing, and billing activities;
  • Processing of ticket purchases;
  • Processing of donations; and
  • Processing of memberships or subscriptions.

b. Legal Compliance. We process Personal Data to verify the identity of individuals and entities in order to comply with fraud monitoring, prevention and detection obligations, laws associated with the identification and reporting of illegal and illicit activity, such as “Anti-Money Laundering (“AML”) and Know-Your-Customer (“KYC”)” obligations, and financial reporting obligations. For example, we may be required to record and verify a Business User’s identity for the purpose of compliance with legislation intended to prevent money laundering and financial crimes. These obligations are imposed on us by the operation of law and may require us to report our compliance to third parties, and to submit to third party verification audits.

c.  Legitimate Interests. Where allowed under applicable law, we rely on our legitimate business interests to process Personal Data about you. The following list sets out the business purposes for which we have a legitimate interest in processing your data:

    • Mitigate financial loss, claims, liabilities or other harm to Business Users and TixTrack;
    • Conduct aggregate analysis of de-identified data to promote, analyze, modify and improve our Services, systems, and tools, and develop new products and services, including reliability of the Services and develop business intelligence that enable us to operate, protect, make informed decisions, and report on the performance of, our business.

3. Your rights and choices

You may have choices regarding our collection, use and disclosure of your Personal Data:

a. Opting out of receiving electronic communications from us

If you have received a marketing related email from us and you no longer want to receive such emails, you may opt-out via the unsubscribe link included in such emails.  We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, our Business Users may still send you transactional messages and/or direct us to send you transactional messages on their behalf, such as notification of cancelled events, time changes, and other important information to attend your event. 

b. Your data protection rights

Depending on your location and subject to applicable law, you may have the following rights with regard to the Personal Data we control about you:

  • The right to request confirmation of whether TixTrack processes Personal Data relating to you, and if so, to request a copy of that Personal Data;
  • The right to request that TixTrack rectify or update your Personal Data that is inaccurate, incomplete or outdated;
  • The right to request that TixTrack erase your Personal Data in certain circumstances provided by law;
  • The right to request that TixTrack restrict the use of your Personal Data in certain circumstances;
  • Where the processing of your Personal Data is based on your previously given consent, you have the right to withdraw your consent at any time; 
  • Where we process your information based on our legitimate interests, you may also have the right to object to the processing of your Personal Data. Unless we have compelling legitimate grounds or where it is needed for legal reasons, we will cease processing your information when you object.  
  • The right not to be discriminated against for exercising these rights; and/or
  • The right to appeal any decision by us relating to these rights.

You may have additional rights regarding your Personal Data under applicable law. For example, see Section 9 below.

c. Process for exercising your data protection rights

To exercise your data protection rights please contact us as at [email protected].

4. Payment Processing Services

We use Stripe for payments, and other business services.  Stripe may collect personal data including via cookies and similar technologies.  The personal data Stripe collects may include transactional data and identifying information about devices that connect to its services. Stripe uses this information to operate and improve the services it provides to us, including for fraud detection, loss prevention, authentication, and analytics related to the performance of its services.  You can learn more about Stripe and read its privacy policy at https://stripe.com/privacy.

5. Security and retention

We make reasonable efforts to provide a level of security appropriate to the risk associated with the processing of your Personal Data. We maintain organizational, technical and administrative measures designed to protect Personal Data covered by this Policy against unauthorized access, destruction, loss, alteration or misuse. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure.

We retain your Personal Data as long as we are providing the Business Services to our Business Users or for a period during which we reasonably anticipate providing the Business Services. Even after we stop providing Business Services directly to a Business User with which you are doing business, and even if complete a transaction with a Business User, we may retain your Personal Data: 

  • to comply with our legal and regulatory obligations. 
  • to enable fraud monitoring, detection and loss prevention activities. 
  • to comply with our tax, accounting, and financial reporting obligations
  • where required by our contractual commitments to our Business Users. 

In cases where we keep Personal Data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.

6. International data transfers

If you are outside of the United States, your Personal Data may be processed in the United States, where laws regarding the processing of Personal Data may be different than the laws in your country.  When transferring data across borders, we take measures to comply with applicable data protection laws related to such transfer.

7. EU-U.S. and Swiss-U.S. and UK Extension to the EU Data Privacy Frameworks

TixTrack, Inc. participates in the EU-US Data Privacy Framework, the UK Extension to the EU-US Data Privacy Framework, and the Swiss-US Data Privacy Framework* regarding the collection, use, and retention of personal information from European Union and European Economic Area member countries, the Udsnited Kingdom and Switzerland. We have certified with the Department of Commerce that we adhere to the Data Privacy Framework Principles. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/

As explained in detail above, we sometimes provide personal information to third parties to perform services on our behalf. If we transfer personal information received under the Data Privacy Framework to a third party, the third party’s access, use, and disclosure of the personal information must also be in compliance with our Data Privacy Framework obligations, and we will remain liable under the Data Privacy Framework for any failure to do so by the third party unless we prove we are not responsible for the event giving rise to the damage.

We may disclose your personal information to the following categories of third parties for the following business or commercial purposes:

  • Vendors, Business Users and other service providers: We may share personal information with our vendors, and service providers who perform functions on our behalf and require access to such information to provide us with services  or do work for us or on behalf of our Business Users.  Examples include: payment processing, supporting the delivery of your ticket purchase or order, providing functionality on, or helping to enhance the security of our platform, and with Business Users to fulfill our contractual obligation with our Business Users.
  • Vital interest, legal rights and compliance with laws. We may share personal information with law enforcement, regulatory authorities, courts with competent jurisdictions, emergency services or other necessary third parties for legal, protection, security, and safety purposes, including:
    • to comply with laws or regulatory requirements and to respond to lawful requests and legal process;
    • to protect the rights and property of TixTrack, Inc, our affiliates, Business Users, and others, including enforcing our agreements, policies, and terms of use and protecting our network and platforms; and/or
    • to protect the safety of our employees and agents, our Business Users, or any person.

TixTrack, Inc. is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). We may be required to disclose personal information that we handle under the Data Privacy Framework in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, TixTrack, Inc. commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.

If you have an inquiry regarding our privacy practices in relation to our DPF certification, we encourage you to contact us at [email protected]. You may also refer a complaint to your local data protection authority and we will work with them to resolve your concern. In certain circumstances, the DPF provides the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the DPF Principles.

8. Updates and notifications

We may change this Policy from time to time to reflect new services, changes in our privacy practices or relevant laws. The “Last updated” legend at the top of this Policy indicates when this Policy was last revised. Any changes are effective the latter of when we post the revised Policy on the Services or otherwise provide notice of the update as required by law.

We may provide you with disclosures and alerts regarding the Policy or Personal Data collected by posting them on our website.

9. United States-specific provisions

If you are an End Customer located in the United States (“US”), we process your personal information in accordance with US privacy laws, including the California Consumer Privacy Act ( “CCPA”), Colorado Privacy Act, Connecticut Act Concerning Personal Data Privacy and Online Monitoring, Florida Digital Bill of Rights, Montana Consumer Data Privacy Act, Oregon Consumer Privacy Act, Texas Data Privacy and Security Act, Utah Consumer Privacy Act, and Virginia Consumer Data Protection Act.

  • Your Rights and Choices. As a US consumer and subject to certain limitations under US privacy laws, you may have choices regarding our use and disclosure of your Personal Data. In addition to the above rights, other rights include:
    • Exercising the right to know: You have a right to request additional information about the categories of personal information collected, sold, disclosed, or shared; purposes for which this personal information was collected, sold, or shared; categories of sources of personal information; and categories of third parties with whom we disclosed or shared this personal information.
    • Exercising the right to opt-out from a sale or sharing: We do not transfer your personal data to third parties in exchange for payment. However, as noted above, we may provide the data to third party partners, such as the payment services processor. Because these third parties may use the data we provide for their own purposes, our provision of data to these parties may be considered a data “sale” or “sharing” as those terms are defined under the CCPA and other applicable US privacy laws. You can opt out of targeted advertising and any related data “sales” or “sharing” by contacting us at [email protected].
    • Exercising the right to limit the use or sharing of Sensitive Personal Information: We do not sell or share Sensitive Personal Information as defined by US privacy laws and have not done so in the past 12 months.
    • To submit a request to exercise any of the rights described above, please contact us at [email protected]. Please note that rights under some U.S. state laws do not apply to Personal Data we collect, process, and disclose when you act as a consumer.
    • We will verify your request by asking you to send it from the email address associated with your account or requiring you to provide information necessary to verify your identity, including name, address, transaction history, photo identification, and other information associated with your account.
    • You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights under the CCPA. Your agent may submit a request on your behalf by contacting us at [email protected]. We may still require you to directly verify your identity and confirm that you gave the authorized agent permission to submit the request.

10. Contact us

If you have any questions or complaints about this Policy, please contact us at [email protected]. If you are an End Customer (i.e. an individual doing business or transacting with a Business User), please refer to the privacy policy or notice of the Business User for information regarding the Business User’s privacy practices, choices and controls, or contact the Business User directly.

Read Post

Case Studies