Tix Miðasala ehf. (“Tix”) proves a ticketing sales system for the sale and administration of entrance tickets to a multitude of events and affiliated products (here after also referred to as “Tix” or “the system”). Customers of Tix, e.g. promoters, organisers or event-, music-, or theaters (here after commonly referred to as “promoters”) use the system to sell entrance tickets and affiliated products.
In relation to the use of the ticketing system personal data is processed, including of ticket buyers and affiliated products that use the ticketing system. In relation to such processing of personal data promoters are classified as the responsibly party in accordance to Icelandic law on data protection, law nr. 90/2018 named the Act on Data Protection and the Processing of Personal Data, but Tix is classified as the processor. As the processor Tix processes ticket buyers’s personal data in accordance with the promoter’s instructions and both parties have entered into a processing agreement related to such processing. Buyers are encouraged to make themselves informed of the personal data protection policy of the promoter where the processing of personal data handled by Tix following the usage of the system is disclosed.
In the personal data protection policy the processing of personal data done by Tix as the responsible party is made known. Should the buyers have any questions related to the policy they are encouraged to contact Tix, according to clause 6 in this policy.
2.1. User Access to tix.is
On Tix’s webpage users can create an access where they can have an overview of all orders done through the website. Should users choose to create such an access Tix processes information regarding name, email and telephone number, in addition to their social security number, home address and country of residence should the user choose to register such information. Additionally Tix processes information related to the username and password of each user, with information of their purchase history, e.g. which events the user has bought access to or which affiliated products the user has purchased (the reference number, name of event, date of event as well as a copy of the receipt). The purpose of such processing is to grant the user an overview of all orders in one place and the processing is in accordance to contractual agreement between both responsible parties.
Tix processes information related to a user’s access while the user has an active access. Should the user choose to terminate their access, Tix deletes all information related to the access. To clarify it shall be noted that such deletion does not affect personal data that Tix processes as the processor on behalf of the promoter, according to clause 1 in this policy.
2.2. Tix’s Mailing List
Should the user choose to subscribe to Tix’s mailing list, Tix will process their name and email address. The processing is done in accordance to provided agreement on behalf of the user and the user has the right at any opportunity to unsubscribe from the mailing list, including but not limited to by clicking the unsubscribe link in any email sent by Tix through the mailing list.
2.3. Cookies on tix.is
Tix’s webpage, tix.is , uses various cookies. A further specification may be found in the cookie banner which is accessible on the webpage. All usage of the cookies is in accordance with the acceptance of the user, not including essential cookies.
2.4. Representatives of Promoters
For the purpose of communication with promoters, who in most cases are legal entities, Tix processes communication- and contact information of representatives of their clients (promoters). As such, information regarding name, email address, phone number and position of the relevant party is processed. In instances where the promoter is classified as an individual and not as a legal entity, their social security number and home address is processed in addition. In relation to communication of parties a history of communication is created which is additionally processed by Tix for the purpose of further communication with promoters. The processing of information related to representatives of promoters who are legal entities is centered around legal interest, but in instances where the promoters are individuals the processing is centered around a mutual contractual agreement.
2.5. Applications for Jobs
In relation to job applications of individuals to work for Tix, the company processes a copy of the application. The information primarily processed in relation to such applications are communication- and contact information, information related to previous job experience and education, a copy of a cover letter if applicable and other information that the applicant chose to share in regard to their application. Should the applicant refer to any individuals to provide recommendations such information is also processed and in certain instances other relevant information that is public, e.g. social media. This processing of personal data of applicants is built on their request to enter into a contractual obligation as an employee of Tix.
Tix preserves personal data related to job applications for one year after the application was received. Should the job have been advertised publicly Tix preserves the application for six months after the application process has been finalised unless the applicant agreed to a further extension of the preservation time.
2.6. Other Communication
If an individual contacts Tix, e.g. through social media, for any reason Tix processes the contact information of the individual and the information the individual chose to communicate in their request. Such processing is primarily built around the legal interest of Tix to be able to receive and answer to any such inquiries and requests received by the company
Individuals that Tix is processing personal data of have the right to be informed of which personal data is being processed and in which manner it is being processed. The individuals may also have the right to receive a copy of the information being processed. In certain instances the individual may furthermore request that Tix, as the processor, send a copy of the pertinent information, either provided by the individual or information created electronically, to a third party.
If an individual would like the personal data erased that Tix is processing as the responsible party, such right may also exist, e.g. when the preservation of the information is no longer required on the basis of the purpose of the processing or in cases where the individual revokes their acceptance and another permission is not existing to support the processing of said data. Furthermore, a request may be made that the processing shall be limited and in such cases where the processing is built on the legal interest of Tix the individual may object to the processing.
If the processing is built on the acceptance of the individual they may at any time revoke their acceptance, e.g. in relation to their subscription to Tix’s mailing list.
Aforementioned rights are not unconditional and laws or other regulations may oblige the company, Tix, to deny the request of deletion or access of data. Tix may in addition be required to deny the request in the case of a more rightful request by a third party. In cases where Tix may not assent to a request the company will seek to provide an explanation for the denial of the request.
If an individual has any remarks in regard to how Tix processes their personal data or in the manner which the company has responded to their request it should be noted that such a motion may be sent to The Data Protection Authority. Further information may be found on their homepage, http://www.personuvernd.is
Should Tix receive a request affiliated with the processing of data where a promoter is the responsible party of the processing, according to clause 1 in this policy, Tix will refer the individual to the respective promoter.
Tix may make use of external third parties in relation to technical information services, e.h. hosting and technical support. With regard to such services, the pertinent third party may process personal data that Tix is responsible for, as processing parties themselves. Tix commits to comprehensive measures to maintain secure processing of the data by these third parties in such cases.
In regards to a potential sale of the company Tix may need to disclose limited personal data to prospective investors. The same may be the case in regard to the use of external consultants by the company, for example lawyers and auditors.
In other respects Tix does not share personal data that the company processes as the responsible party unless the company has a duty enforced by law, e.g. provision to the government or judicial courts. Furthermore, your personal data may be shared to a third party to aid with legal operations such as house searches, appeals or judicial verdicts.
Tix will not share personal data outside of the EEA except it is granted on the basis of the relevant data and protection law, e.g. on the basis of conformed contractual terms, agreements or the posting of the Icelandic Data Protection Authority regarding states that provide satisfactory protection of personal data.
Tix carries out appropriate technical and administrative measures to protect personal data that is processed. These measures are intended to protect the personal data against being lost or changed on accident and against unlawful access, duplication, usage or sharing.
Tix Miðasala ehf
Hallgerðargata 13, 105 Reykjavík
Tel. + 354 551 3800