What is GDPR?
The General Data Protection Regulation (GDPR) is a new regulation by the European Union that aims to expand the protection of EU citizens' personal data and the control each citizen has over the personal data they share with organisations. This regulation will become the new standard for every organisation in the European Union as well as any organisation in the world that processes and uses data of EU citizens starting 25 May 2018.
An organisation, relative to GDPR, is defined as any natural or legal person, public authority, agency, company or other body which is involved in the processing of an individual's personal data. There are two categories of data processing an organisation may fall under: data controllers and data processors. Event organisers using Quicket would be considered data controllers, whereas Quicket is both a data controller and a data processor.
Data controllers decide to collect personal data, which personal data to collect, how it's used, how long it's used for and who it's shared with. Data processors, on the other hand, are merely the means to which the data is stored and transferred; they process data on behalf of the data controller and do not decide how it's used.
What is Quicket doing to be GDPR compliant?
In anticipation of GDPR becoming effective 25 May 2018, and with the knowledge that some of our event organisers and ticket purchasers are based in the EU, Quicket have sought legal advice in order to ensure GDPR compliance.
Quicket does not carry out “high risk” processing of information, nor do we collect “sensitive” personal data. However, as a processor of personal data, Quicket shall ensure (and shall procure that any third party processors Quicket engages to process personal data on its behalf) adheres to all 6 processing principles as set out in GDPR. In this regard, Quicket shall ensure that we (and our third party processors):
1. Process personal data lawfully, fairly and in a transparent manner.
2. Collect personal data only for specified, explicit and legitimate purposes.
3. Only process personal data which is adequate, relevant and limited to what is necessary in relation to the purpose for which the personal data is processed.
4. Keep personal data accurate and up to date and we will correct inaccurate personal data, or delete same, where necessary.
5. Keep personal data in an identifiable format for no longer than is practically, or legally necessary;
6. Keep personal data secure.
As a general rule, we will only process personal information if:
1. The individual has consented to such processing, and not withdrawn his/her consent;
2. The processing is necessary for performing a contract with the individual e.g. the purchase of a ticket for an event; or
3. The processing is necessary for the purposes of our, or our event organiser’s, legitimate interests e.g. event management and crowd control.
Any personal information which is not necessary to perform a contract with a person, or necessary for our, or our event organiser’s legitimate interests, will require consent of the individual. Such consent may at any time be withdrawn.
Subject to legal requirements, we will endeavour to facilitate and respect individual’s rights to object to the processing of their information, their right to be forgotten, and their right to restrict the processing of information. As is currently the case, we will continue to honour an individual’s rights to object to any direct marketing activity, and any access requests.
We are in the process of updating our privacy policy so that it is concise, transparent, intelligible and easily accessible. Our privacy policy will be updated to ensure that it includes all information as set out in the GDPR.
If we become aware of a personal data breach which is likely to be of risk to individuals, we will notify the relevant supervisory authority(ies) without undue delay.
To the extent that we process personal data on behalf of our event organisers, we will comply with all aspects of the GDPR appropriate to us as “processors”. In addition, we will ensure that any processors of personal data we appoint are fully GDPR compliant.
Insofar as cookies are concerned, users of Quicket will be asked to expressly consent to the collection of any cookies which may contain personally identifiable information, and which cookies are not critical for our website function (such consent may be withdrawn at any time).
What are cookies?
Cookies are small files which are stored on your computer when you visit a website. They are a functional part of almost all websites on the internet and are also used for reporting purposes.
Quicket makes use of two types of cookies:
First party cookies are cookies that are set by Quicket. For technical reasons these are required in order for the Quicket website to function correctly. If you wish to block these cookies you will need to block them through your web browser settings. Please note that if you do this some parts of the Quicket website will not work.
Third party cookies are cookies that are set by third party vendors. These third parties are used by Quicket for advertising, analytics and other purposes. If you wish to block these cookies please visit the following vendors privacy policies to opt-out. Alternatively you can set your web browser to accept or refuse cookies for these web sites.