Privacy Policy

Last updated: January 2025

This Privacy Policy explains how TicketFair ("we", "us", "our") collects, uses, shares, and protects your personal data when you use our platform at ticketfair.co.uk ("Platform"). We are committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

TicketFair is a technology platform that enables societies, clubs, and organisations ("Organisers") to sell tickets and manage events. We are the data controller for personal data we collect and process in connection with the operation of the Platform itself.

When you purchase a ticket from an Organiser, that Organiser is the data controller for the personal data they collect about you in relation to their event. TicketFair acts as a data processor on their behalf for that data.

Contact details:
Email: legal@ticketfair.co.uk
Website: ticketfair.co.uk

2. What Data We Collect

2.1 Account Information

When you create an account or purchase tickets, we collect:

  • Full name
  • Email address
  • Password (stored in hashed form)
  • Account preferences

2.2 Transaction Data

When you purchase tickets, we collect:

  • Details of tickets purchased (event, ticket type, quantity, price)
  • Payment status and transaction references
  • Billing information (processed and stored by Stripe; we do not store full card details)
  • Order history

2.3 Usage Data

We automatically collect certain information when you use the Platform:

  • IP address
  • Browser type and version
  • Device information
  • Pages visited and actions taken on the Platform
  • Date and time of access
  • Referring website

2.4 Communications

If you contact us for support or other enquiries, we collect:

  • The content of your messages
  • Your email address and name
  • Any attachments you send

3. How We Use Your Data

We use your personal data for the following purposes:

PurposeLegal Basis
Providing the Platform and processing ticket purchasesPerformance of a contract
Sending order confirmations and e-ticketsPerformance of a contract
Processing payments via StripePerformance of a contract
Providing customer supportLegitimate interest
Preventing fraud and ensuring Platform securityLegitimate interest
Improving the Platform and user experienceLegitimate interest
Sending marketing communications about TicketFairConsent
Complying with legal obligations (e.g., tax records)Legal obligation

4. Who We Share Your Data With

We share your personal data with the following categories of recipients:

4.1 Organisers

When you purchase a ticket, we share your name and email address with the Organiser of that event. This enables them to manage attendance, communicate event updates, and fulfil their obligations to you. The Organiser is an independent data controller for this data and their own privacy policy applies to their use of it.

4.2 Stripe (Payment Processing)

We use Stripe to process payments securely. When you make a purchase, Stripe collects and processes your payment card details directly. Stripe acts as an independent data controller for payment data. See Stripe's Privacy Policy.

4.3 Google / Firebase

We use Google Firebase for authentication, database hosting, and infrastructure. Google acts as a data processor on our behalf under a Data Processing Agreement. See Firebase Privacy and Security.

4.4 Other Disclosures

We may also share your data:

  • Where required by law, regulation, or court order
  • To protect our rights, property, or safety, or that of our users or the public
  • In connection with a merger, acquisition, or sale of assets (you would be notified)

We do not sell your personal data to third parties. We do not share your data with advertisers.

5. International Transfers

Your data may be transferred to and processed in countries outside the UK, specifically:

  • Google Cloud / Firebase: Data may be processed in the EEA and United States. Google relies on Standard Contractual Clauses (SCCs) and the UK International Data Transfer Agreement for transfers outside the UK.
  • Stripe: Payment data may be processed in the United States and other jurisdictions. Stripe relies on SCCs and the UK International Data Transfer Agreement.

In all cases, we ensure that appropriate safeguards are in place to protect your data in accordance with UK GDPR requirements.

6. Data Retention

We retain your personal data for the following periods:

  • Account data: For as long as your account is active, plus 2 years after account deletion to handle any outstanding queries or disputes
  • Transaction data: 7 years from the date of the transaction (to comply with tax and accounting obligations)
  • Usage data: 26 months from collection
  • Marketing consent records: For as long as consent is active, plus 1 year after withdrawal
  • Support communications: 3 years from the date of the last communication

After the applicable retention period, data is securely deleted or anonymised.

7. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of access: You can request a copy of the personal data we hold about you
  • Right to rectification: You can ask us to correct inaccurate or incomplete data
  • Right to erasure: You can ask us to delete your data in certain circumstances (e.g., where it is no longer necessary for the purpose it was collected)
  • Right to restrict processing: You can ask us to limit how we use your data in certain circumstances
  • Right to data portability: You can request your data in a structured, commonly used, machine-readable format
  • Right to object: You can object to processing based on legitimate interests or for direct marketing purposes
  • Right to withdraw consent: Where we rely on consent, you can withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, please contact us at legal@ticketfair.co.uk. We will respond to your request within one month. In complex cases, we may extend this by a further two months, but we will inform you if this is necessary.

8. Cookies

We use cookies and similar technologies to operate the Platform, remember your preferences, and understand how you use our services. For full details, please see our Cookie Policy.

Essential cookies (required for the Platform to function) are used without consent. Non-essential cookies (analytics, marketing) are only set with your consent.

9. Children's Privacy

The Platform is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected data from a child under 16, please contact us and we will delete it promptly.

10. Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/HTTPS)
  • Encryption of data at rest
  • Access controls and authentication
  • Regular security reviews
  • Use of reputable, certified infrastructure providers (Google Cloud, Stripe)

No system is completely secure. While we take reasonable precautions, we cannot guarantee absolute security of your data.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (if you have an account) or by posting a notice on the Platform. We encourage you to review this policy periodically.

12. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us first at legal@ticketfair.co.uk.

13. Contact

For any questions about this Privacy Policy or our data practices, please contact us at:

Email: legal@ticketfair.co.uk