Privacy Statement

Last update: 8 July 2024

Who are we and what do we do?

We are TicketSwap B.V., acting under the name TicketSwap. You can find our contact information at the bottom of this Privacy Statement. TicketSwap is a safe, convenient and fair place to buy and sell e-tickets for concerts, festivals, sports events, theatre and days out, with a focus on fraud prevention by strict checks and collaborations with organizations and partners (the Services). You can find more information about us and our Services on our Website: www.ticketswap.com (and all its subdomains for other countries) (the Website) or on the mobile application offered under the name TicketSwap (the App).

In this Privacy Statement we explain which personal data we collect through our Services, Website and App. We also explain for which purposes we use personal data, how we secure them and how long we store them. At the bottom of this Privacy Statement we explain what rights you have regarding your personal data and how you can exercise these rights.

Privacy and Privacy Legislation

We care about your privacy. We comply with the General Data Protection Regulation (GDPR), United Kingdom General Data Protection Regulation (UK GDPR) and other relevant legislation regarding the protection of personal data. This legislation will be referred to hereinafter as the Privacy Legislation.

Personal Data

In this Privacy Statement the notion of “personal data” is understood as all the information by which you can be, directly or indirectly, identified. This definition is in accordance with the Privacy Legislation.

Which personal data do we collect and for which purposes do we use them?

We can collect various sorts of personal data of you when you use our Website, App and/or Services:

(Personal) Data	Purpose(s)
General Information Name, date of birth, gender, city and country of residence, telephone number, email address,avatar and any personal data that you include in your account or feedback	We use your general information to contact you in the right manner; your personal data that is visible on the tickets you upload in the import feature, to enable you to easily store tickets centrally and share them with friends. your email address to send you information and updates about your transaction(s); Based on your (optional) consent we may also send you information about topics that might be interesting or request your feedback on new functions; your avatar, city and country of residence to personalize your account; your telephone number to check whether it is real and it belongs to you. When you sell tickets, the verification of your phone number (and not the number itself) will be shown on our Websites to make buying second hand tickets safer for (potential) buyers. When your ticket is sold we send a text message to your telephone number. your date of birth and gender are used to provide you with the SecureSwap Service, and to personalize tickets bought through the SecureSwap service.
Payment and Country Information Payment Information Bank account, tokenized payment details and bank account holder name. Country Information the country of residence provided by you, your IP-address, the prefix of your phone number, the country code of your IBAN and the country of the event	We use your payment information to handle, check and administer your payments. the payment information to include it in our administration on behalf of the tax authorities. the country information to determine in which country VAT is due.
Know Your Customer (KYC) Standard verification	We use Based on the country of your bank, we are required to ask some of personal details, which are processed and verified by Stripe: City Address Postal code State Date of birth Last 4 digits of Social Security Number (SSN)
Additional verification	When Stripe performs additional verifications, more information is requested and handled by Stripe (documents are not shared with TicketSwap): Copy of identity document Proof of Home Address
Social Media Information Apple Login	We use Your name and email address to (enable you to) complete your account. Depending on your Apple security session we either get your real email address or Apple relay email address.
Facebook app specific ID and Twitter ID	Your Facebook ID, avatar, name, Facebook email address, friends and your residence to (enable you to) complete your account (optional). These "Facebook data" will be shown on our Websites and mobile apps when you sell tickets to make buying second hand tickets safer for (potential) buyers. We further use Facebook IDs for marketing purposes, as described further in this document. Your Twitter ID, username, name, location, followers count, friends count, number of status updates, security status, verification status and account creation date to complete your account. The “Twitter data” will be shown on our Websites and mobile apps when you sell tickets to make buying second hand tickets safer for (potential) buyers.
Google Login	Your Google ID, Google Mail. First Name, Last Name, Location, This "Google data" will be shown on our Websites and mobile apps when you sell tickets to make hand tickets safer for (potential) buyers. We further use Google Mail and Google ID for marketing purposes, as described further in this document.
Instagram	Your Instagram Public profile will be used by TicketSwap Apps based on the user consent. We may use Instagram public profile for some marketing purposes as described further in this Privacy Statement.
Electronic Identifiers IP address, cookies and pixels	We use Your IP address, cookies and pixels in order to communicate with you in a language you speak and to show you content that relates to your location. Your IP address to define your location for the purpose of determining in which country a transaction takes place so we pay VAT in the correct country.
Fraud Prevention Personal and technical information	We use We use personal data to prevent (users that have committed) fraud.
Health and safety	We use
Name and e-mail address	your (sur)name and e-mail address are send to event organizers when it is necessary for the event organizer to safeguard the health and safety of their visitors. Examples include (but are not limited to) communication with visitors on severe weather, terrorism, transport issues, event ingress and egress updates, health, safety and hygiene and Covid-19 requirements, as well as insurance requirements.

Why can we process your personal data?

We process your personal data on the following legal bases:

Consent: For sending newsletters and direct marketing through email, push notifications and marketing via other channels we request your permission. This permission can also easily be withdrawn through the unsubscribe link in each newsletter or by going to your account settings and disabling the toggle for email preferences.
Performance of the agreement: We process your general information, payment information, social information and electronic identifiers to provide our Services to you as a user.
Legal obligation: We are required to store certain general information and payment data in our records for Tax Authorities, such as invoice data, bank account details, phone number and your country of residence.
Legitimate interest: For processing general information, social information and electronic identifiers, in order to log user activities to identify and prevent unlawful use of the account and Services. To fulfill our tax obligations, we process various (personal) data to determine where a transaction took place (and consequently, VAT is due), namely the country of residence provided by you, your IP-address, the prefix of your phone number, the country code of your IBAN and the country of the event.

Are you under the age of sixteen?

If you are younger than sixteen years, you are not allowed to register your profile on our Websites or Apps. This is because the law (GDPR) gives us strict rules on the personal data of minors.

For which marketing purposes do we process your personal data?

Depending on your (optional) consent, we may send you marketing emails about tickets for your favorite events available on TicketSwap. If you have sold or bought a ticket on our platform, we are allowed to opt you in for receiving marketing emails. You can unsubscribe from receiving these emails at any time. You can do this easily by clicking the unsubscribe button in the marketing email you receive or by going to your account settings and disabling the toggle for email preferences. Please note that if you opt-out of receiving marketing-related emails from us, we retain the right to communicate to you regarding the services you use (e.g. support and important legal notices).

Based on your (optional) consent, we may use your personal information to show you personalized advertisements. We may share this information with third party advertising partners in order to show you such advertisements. You may object to this processing at any time by sending an email to privacy@ticketswap.com.

Depending on your (optional) consent, we may use the content of any user reviews you submit to our website for marketing purposes on our website and third party websites. You may object to this processing at any time by sending an email to privacy@ticketswap.com.

How long do we keep the personal data?

It is our policy to store and process personal data that is essential in providing you with the best service possible. We do not store or process personal data we don’t use.

We keep the personal data as long as we need them for the purposes stated below:

Personal data in our accounting records for Tax Authorities are stored for at least 10 years after you have bought or sold on our Platform;
Personal data we process to prevent (users that have committed) fraud we store for at least 5 years after your last login.

All other personal data used within the context of your account we store for 5 years after your last login. If your account is inactive we will send you a reminder after 3 years, 4 years and 5 years of inactivity. After 5 years we remove your account and personal data if your account remains inactive. We will remove your personal data as well after you deleted your account.

Do we share your personal data with others?

Processors

We use the services of “Processors” for the processing of (personal) data. Within this context these Processors receive personal data from us which they process on our behalf and for our purposes. We use, for instance, processors for hosting our data, assisting us in support services, providing (marketing and platform) analytics and insights and sending out mass communication (e.g. via mail and SMS). One example of a third-party processor that we use is OpenAI. We use OpenAI for extracting information from tickets that are uploaded by our users. The output from OpenAI will help our users with automatically filling in details about a ticket including event title, ticket category and ticket price.

The Processors must strictly follow our instructions regarding the processing of such personal data. Therefore, they will not use the personal data for their own purposes. We will ensure that all Processors comply with the requirements of the Privacy Legislation. We require all our processors to sign a data processing agreement and processors are required to demonstrate compliance with the data processing agreement at TicketSwap’s request.

Joint Controllers

For the SecureSwap services, we act as Joint Controller, together with the ticket providers that joined the SecureSwap service. Jointly with the ticket providers we defineour respective responsibilities, roles and relationships in a mutual arrangement.

TicketSwap is the first point of contact for executing your rights asdescribed in this Privacy Statement in relation to the personal data processed for the SecureSwap services. Where appropriate, TicketSwap (or the ticket provider) may refer you to the other party, if you can exercise your rights more quickly or effectively with that other party.

External Controllers

We may also share your personal data with external controllers in the following cases:

Payments: Your Payment will be processed via a third-party payment service provider. We currently use Stripe and Wise for providing this service. Any personal data you provide to this payment provider will be processed by the payment provider (as separate Controller) in accordance with their own privacy policies.

Tax authorities: We are legally obliged to include (some of) the personal data in our financial administration, which may have to be shared with various national tax authorities. The tax authorities will process these personal data as separate Controller in accordance with its own privacy policies.

Event organizers: On an occasional basis, namely when an event organizer needs to cancel or change an event, the organizer asks us which tickets have been sold through our platform to make sure the correct owners are informed and/or refunded. Such information may also be used by the event organizers to prevent fraud or when this information is necessary to safeguard their events visitors’ health and safety. Examples of health and safety reasons include (but are not limited to) severe weather, terrorism, transport issues, event ingress and egress updates, health, safety and hygiene and Covid-19 requirements, as well as insurance requirements.The event organizer in such case acts (as separate Controller) in line with its own privacy policies.

Apart from the above, we may share your personal data with third parties if we are legally obliged to do so. TicketSwap does not sell, trade or rent personal data to third parties. We may share generic aggregated data with our business partners and trusted affiliates. In such cases the data will be fully anonymized.

Is your data transferred outside the European Economic Area (EEA)?

We may transfer personal data to parties outside the EEA, if one of our Processors or Joint Controllers is established outside the EEA. We make sure the transmission of personal data outside the EEA is in accordance with the Privacy Legislation (chapter 5 of the GDPR), meaning the personal data will only be transferred to a company or country that provides an adequate level of protection.

We use cookies on the Website to enhance your experience when you use our Services. To know more about our use of cookies, please refer to our cookie statement.

If you do not want cookies to be sent to your computer, you can change this in the cookie settings of your browser. Please note that some of the functions or services of our Website may not operate, or not so well, without cookies. If you want to opt-out from tracking cookies, click here:

Amendments to this Privacy Statement

We aim at constantly improving our Website and Services. That is why from time to time we may update this Privacy Statement. If we change our Privacy Statement significantly, we will state so on our Website and App together with the reviewed Privacy Statement. We may also notify you before using our services that our Privacy Statement has been updated. If you continue using our platform after we have amended this Privacy Statement, we assume that you acknowledge and agree with its latest content. We advise you to review this Privacy Statement from time to time.

Your rights and our contact data

You are always entitled to file a complaint with a data protection supervisory authority if you believe that we are not processing your Personal Data in accordance with the GDPR. See here a list of all National Data Protection Authorities in the European Union.

Please note that you can also edit or delete your personal data by logging in to your personal account.

If you have questions or concerns about this Privacy Statement or your privacy, you can contact our Data Protection Officer at privacy@ticketswap.com .

TICKETSWAP B.V.,

acting under the name TicketSwap

Rokin 75

1012KL Amsterdam

The Netherlands

No. Chamber of Trade and Industry: 59084952

VAT number: NL8533.10488.B01

E-mail: info@ticketswap.com