Learn how Quicket has become GDPR compliant

The General Data Protection Regulation

What is GDPR?

The General Data Protection Regulation (GDPR) is a regulation by the European Union that aims to expand the protection of EU citizens' personal data and the control each citizen has over the personal data they share with organisations. This is the new standard for every organisation in the European Union as well as any organisation in the world that processes and uses data of EU citizens. 

An organisation, relative to GDPR, is defined as any natural or legal person, public authority, agency, company or other body which is involved in the processing of an individual's personal data. There are two categories of data processing an organisation may fall under: data controllers and data processors. Event organisers using Quicket would be considered data controllers, whereas Quicket is both a data controller and a data processor.

Data controllers decide to collect personal data, which personal data to collect, how it's used, how long it's used for and who it's shared with. Data processors, on the other hand, are merely the means to which the data is stored and transferred; they process data on behalf of the data controller and do not decide how it's used. 

What is Quicket doing to be GDPR compliant?

We impose a strict Privacy Policy, see link here for more details.

Quicket generally does not carry out processing of information that could result in high risks to the rights and freedoms of individuals, nor do we collect "sensitive" personal data (such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation), but where necessary the relevant event Organiser may require such information for purposes of delivering its services to you.

However, we conduct regular assessments of the risk level of our processing activities and document this to ensure compliance data protection laws. As part of these assessments, we determine whether a Data Protection Impact Assessment (DPIA) is necessary. 

If any processing activity is identified as potentially high risk, we will then conduct a DPIA to ensure that appropriate measures are in place to mitigate those risks. 

As a processor of personal data, Quicket shall ensure (and shall reasonably procure that any third party processors Quicket engages to process personal data) adheres to data protection laws and all processing principles as set out in GDPR: 

1. Process personal data lawfully, fairly and in a transparent manner.
2. Collect personal data only for specified, explicit and legitimate purposes.
3. Only process personal data which is adequate, relevant and limited to what is necessary in relation to the purpose for which the personal data is processed.
4. Keep personal data accurate and up to date and we will correct inaccurate personal data, or delete same, where necessary.
5. Keep personal data in an identifiable format for no longer than is practically, or legally necessary;
6. Keep personal data secure.

As a general rule, we will only process personal data if:

  1. The individual has consented to such processing, and not withdrawn his/her consent;

  1. The processing is necessary for performing a contract with the individual e.g. the purchase of a ticket for an event;

  2. The processing is necessary for the purposes of our, or our event organiser’s, legitimate interests e.g. event management and crowd control; 

  1. The processing is necessary for compliance with Quicket's legal obligation; or 

  1. The processing is necessary to protect the vital interests of the data subject or of another natural person.

Any personal information which is not necessary to perform a contract with a person, or necessary for our, or our event organiser’s legitimate interests, will require consent of the individual. Such consent may at any time be withdrawn.

Subject to legal requirements, we will endeavour to facilitate and respect individual’s rights to object to the processing of their information, their right to be forgotten, and their right to restrict the processing of information. As is currently the case, we will continue to honour an individual’s rights to object to any direct marketing activity, and any access requests.

We are in the process of updating our privacy policy so that it is concise, transparent, intelligible and easily accessible. Our privacy policy will be updated to ensure that it includes all information as set out in the GDPR.

If we become aware of a personal data breach which is likely to be of risk to individuals, we will notify the relevant supervisory authority(ies) without undue delay and per applicable data protection law requirements.

To the extent that we process personal data on behalf of our event organisers, we will comply with all aspects of the GDPR appropriate to us as “processors”. In addition, we will ensure that any processors of personal data we appoint are fully GDPR compliant.

Insofar as cookies are concerned, users of Quicket will be asked to expressly consent to the collection of any non-essential cookies that contain personally identifiable information. Users can manage and/or withdraw this consent at any time through the cookie settings on our website or through the browser settings. Quicket will ensure that appropriate mechanisms are in place to obtain and document user consent for cookies.

What are cookies?

Cookies are small files which are stored on your computer when you visit a website. They are a functional part of almost all websites on the internet and are also used for reporting purposes.

Quicket makes use of two types of cookies:

First party cookies are set by Quicket and may process certain personal data, such as your IP address or browsing behaviour, for purposes like enhancing user experience, site analytics, and delivering personalised content to users. We will only set these cookies once we have obtained your consent. You can manage or withdraw your consent to these cookies at any time through the cookie settings on our website or through your browser settings. For technical reasons, some of these cookies are required in order for the Quicket website to function correctly. If you wish to block these cookies, you will need to block them through your web browser settings, but please note that if you do this, some parts of the Quicket website will not work. First-party cookies may also be used for certain non-essential purposes such as marketing and analytics. 

Third party cookies are set by third party vendors acting as our data processors or controllers. These vendors are obliged to comply with applicable data protection laws and must process data in accordance with the consent obtained by Quicket. Quicket is responsible for obtaining your consent for these third-party cookies before they are placed on your device. You can manage or withdraw your consent to these cookies at any time through the cookie settings on our website or through your browser settings (by setting your web browser to accept or refuse cookies for these web sites). 

If you wish to block these cookies, please read the following vendors privacy policies to find out how to do so and opt-out: 

Google Tag Manager: https://policies.google.com/technologies/partner-sites?hl=en

Google Analytics: https://policies.google.com/technologies/partner-sites?hl=en

Google AdWords: https://policies.google.com/technologies/ads

Facebook: https://www.facebook.com/policies/cookies/

Zoho: https://www.zoho.com/cookiepolicy.html

Sift Science: https://siftscience.com/service-privacy

    • Related Articles

    • Privacy Policy

      Introduction: These terms must be read with our Website Terms and Community Guidelines, Terms of Use and our other policies and terms available on our website. All users and our service providers are bound by the terms and conditions of this Privacy ...
    • Terms of Use: Organisers

      Introduction These terms must be read with our Website Terms and Community Guidelines and our Privacy Policy. Please refer to our Privacy Policy for more detailed information about how and why we use, collect, store and process personal data, data ...
    • PAIA Manual

      Documents available for download on this page include: Quicket's PAIA manual Form 2 - Request for Access to Records [Regulation 7] Form 3 - Outcome of Request and of Fees Payable [Regulation 8]
    • Website Terms and Community Guidelines

      Introduction These are the website terms and community guidelines applicable to everyone who visits, or otherwise interacts with the Quicket platform, website or app (the “platform”). These terms must be read with our Privacy Policy. Please refer to ...