Last updated Feb 2020
Tickety Box takes the privacy of its customers very seriously. Our Privacy Notice has been written in accordance with the Data Protection Act 2018 (DPA 2018) and takes into consideration the seven principles, six lawful bases and the relevant individual rights from the General Data Protection Regulation (GDPR). Our Privacy Notice explains in detail the types of Personal Data We collect and when, how We use it, who We share it with, how long We keep it for, Your legal rights and how to control Your Personal Data. By using Our Site, You are agreeing to accept Our Privacy Notice and all policies referred to herein.
1. Definitions and Interpretation
In this Notice, unless the context otherwise requires, the following words have the following meanings:
"We/Us/Our" means Tickety Box
"You/Your" refers to the user of Our Website
"Our Site" means this Website, www.ticketybox.co.uk and includes reference to any and all content included therein.v "Personal Data" is any data that can be used to identify You or can be reasonably used in connection with other data to identify You.
"Account" means Your Account with Us for managing the electronic transmission of information between You and Us through the online service in accordance with this Contract.
"Goods" means the goods sold by Us through Our Site
"Order" means Your Order for Goods
"Contract" means a Contract for the purchase and Sale of Goods
"GDPR" stands for General Data Protection Regulation
"User Generated Content / Comments / Reviews" means any content submitted to Our Site by You
"Blog" means a blog hosted on Our Site, created by Us
2. Information about Us
2.1 We operate the Website www.ticketybox.co.uk. We are Tickety Box Limited, a company registered in England and Wales under company number 12504185 . Our registered and trading address is 77 Cedar Avenue, Worthing, West Sussex. BN13 2HU.
3. The Lawful Bases We use to process data
3.1 We will only ever process your information if We have a lawful basis to do so. The lawful bases We rely on are;
- Consent: This is where We have asked You to provide explicit permission to process Your data for a particular purpose. For example, when You opt-in to receive marketing emails.
- Contract: This is where We process Your information to fulfil a contractual arrangement We have made with You. For example, to fulfil an Order or provide a quote.
- Legal obligation: This is where We have a statutory or other legal obligation to process the information. For example, We have to produce a ‘Sale of Goods' Contract for tax purposes and keep this record for seven years. This basis also covers obligations concerning fraud prevention and anti-money laundering.
- Legitimate interests: This is where We process Personal Data for Our own business interests. For example, We could email a survey in order to understand more about Our customers, offer the right Goods and provide a positive shopping experience for the future.
4. When do we collect Your Personal Data and which Legal Basis do We rely on?
4.1 We only collect Personal Data from You when You give it to Us by interacting with Our Site, when You engage with Us on social media or by speaking to Us.
4.2 We collect Personal Data when You:
- Create an online Account with Us (consent);
- Make an online purchase with Us (contract, legal obligation and legitimate interest);
- Contact customer services (consent and contract);
- Sign up for Our newsletter/marketing (consent);
- Sign up to Our Blog (consent);
- Visit or post a Comment on one of Our social media pages (consent and legitimate interest);
- Enter a competition (consent);
- Write a Review/Blog known as User Generated Content (consent and legitimate interest);
- Interact with Our Site (consent);
- Complete a survey (consent and legitimate interest).
5. What Personal Data do We collect?
5.1 We collect Your Personal Data to deliver the Goods and services You request and to help improve Your experience.
5.2 This includes:
- Full name;
- Email address;
- Telephone number/s;
- Billing and delivery address/es;
- Order history;
- Payment details (however We do not store or see this information as it goes straight through to the payment services provider);
- To personalise box: Optional, name, sex and DOB of the birthday child.
6. Children's online privacy
6.1 This Website is not marketed to, and does not knowingly collect or maintain Personal Data from children under the age of 18. If We learn that We have collected or received Personal Data from a child under the age of 18 without verification of parental consent, We will delete that data. If You believe We might have any data from or about a child under the age of 18, please contact Us immediately:
Write: Customer Service
77 Cedar Avenue
If you choose to contact us by phone, we may ask you to follow up our conversation in writing.
7. How do We use Your Personal Data?
7.1 Our primary use for Your Personal Data is to fulfil Our Contract with You. However, as detailed below, there are also legitimate interests and legal obligations.
7.2 We may use Your Personal Data to:
- To create a ‘Sale of Goods' Contract for tax purposes;
- Process, manage and track Your Order/s (including Order history);
- Send You updates regarding the status of Your Order;
- Ask the delivery service to inform You of estimated delivery date/time;
- Contact You regarding an aspect of Your Order, for example, dealing with returns and confirming refunds;
- Respond to customer support enquiries ;
- Send You an email newsletter including promotional offers on products and services;
- Send You feedback/survey requests to help Us improve Our products and services;
- Invite You to enter a competition ;
- Improve and maintain Our Site and monitor usage;
- Send You service communications required by law or which are necessary to inform You about changes to the services We provide You. We do not require Your consent;
- Personalise Your party box with Your child's details if You have given consent. We will also use this data to send relevant emails leading up to the child's birthday. On an annual basis, unless You have unsubscribed, an email reminder of Our services will be sent;
- Investigate fraud;
- Comply with legal and regulatory obligations.
8. Who do we share your personal data with?
8.1 Your Personal Data maybe shared with service provider such as:
- Delivery partners – helping Us to deliver the Goods directly to You;
- IT companies – Webwhiz who host Our Site and Grey Metis who maintain Our Site;
- Other business systems including; providing phone lines, data storage facilities, and providing and supporting Cloud based infrastructure used in providing Our products and services;
- Payment processors - who provide payment gateway services to Us;
- Law enforcement or other governmental authority - GDPR and DPA 2018 is exempt, if by law We are required to disclose Personal Data. We have a legitimate interest in disclosing information about possible criminal acts or security threats to the authorities;
- Media - We would only personally identify You in press releases, advertising, or reports with Your prior consent.
9. How long do We keep Your Personal Data for?
9.1 Whenever We collect or process Your Personal Data, We will only keep it for as long as is necessary for the purpose for which it was collected. At the end of that retention period, Your data will either be deleted completely or rendered anonymous so that it can only be used in a non-identifiable way for statistical analysis and business planning.
- Personal Data given to Us to process an Order, will be held for seven years so We can comply with HMRC tax requirements.
- Email addresses will cease to be used for marketing purposes three years after Your last interaction with Us.
- If You unsubscribe to marketing emails, Your email address will go onto a suppression list so We can comply with Your requirements. Email addresses on suppression lists will be kept for the life of the business.
- We may also keep a record of correspondence with You (for example if You have made a complaint about a product) for as long as is necessary to protect Us from a legal claim.
- Reviews and User Generated Content will remain visible on Our Site for the life of the business. If You terminate Your Account, Your User Generated Content will be anonymised, unless you specifically request deletion.
- Surveys will be anonymised after 1 year. Data may be kept longer, for statistical purposes.
- For more data about the duration of Cookies please refer to Our Cookies Policy.
10. What are Your individual rights?
10.1 View and update Your Personal Data
You can view and update Your Personal Data at any time by accessing ‘My Account' on Our Site. All data You provide must be true, accurate and complete.
10.2. ‘Right to rectification' (correct Personal Data)
Under GDPR You have the right to have inaccurate Personal Data rectified or completed if it is not complete.
10.3. ‘Right to restrict processing' (restrict the use of Personal Data)
Under GDPR, You have the right to restrict the processing of Personal Data in certain circumstances. This means that You can limit the way We use Your data and is an alternate solution to erasing Your Personal Data. However, You must have a particular reason for wanting the restriction.
10.4. ‘Right to object' – (object to the use of Personal Data)
Under GDPR, You have the right to object to the processing of Personal Data in certain circumstances which allows You to stop or prevent Us from processing Your Personal Data. An objection may be in relation to all or one piece of Personal Data We hold or only relate to a particular purpose We are processing the data for.
10.5 ‘Right to access' (request a copy of Your Personal Data)
Under GDPR, You have the right to obtain a copy of Your Personal Data, free of charge. This can help You to understand how and why We are using Your data. We will send You an electronic form (Subject Access Request Form) to complete and return. It is not compulsory and Your request will still be processed within the timeframe but it helps Us to locate the data You require.
10.6. ‘Right to erasure' (delete Personal Data) Under GDPR, You have the right to have Personal Data erased although this right is not absolute and only applies in certain circumstances. The right to erasure does not apply if processing is necessary for one of the following reasons:
- To exercise the right of freedom of expression and information;
- To comply with a legal obligation;
- For the establishment, exercise or defence of legal claims.
10.7 For information on how to exercise Your rights, please refer to Clause 11.
11. Information on exercising Your rights as listed in Clause 10
11.1 You can make a request verbally or in writing to:
Write: Customer Service
77 Cedar Avenue
11.1.1 To protect the confidentiality of Your information, We will ask You to verify Your identity before proceeding with any request.
11.2 We can refuse to comply with a request if it is:
- Manifestly unfounded;
- or Excessive.
11.3 Under GDPR We must comply with a request without undue delay and within one calendar month of receipt of the request or (if later) within one calendar month of receipt of:
- Any requested information to clarify the request
- Any information requested to confirm the requester's identity
- A fee as detailed in sub-Clause 11.7
11.4 We have the right to extend the time to respond by a further two months if the request is complex or We have received a number of requests from You. In this case, We would inform You within one month of receiving Your request and explain why the extension is necessary.
11.5 You will be notified of the outcome in writing.
11.6 We are obligated to pass on Your request to related third parties if the Personal Data has been disclosed to them.
11.7 A charge of £10 will be raised for further requests of data regarding the same ‘Right' following a resolved request.
12. How can You control the Personal Data We hold?
- As detailed in Clauses 10 and 11, under GDPR, You have the Right to update, correct, restrict, object to, access and delete Your Personal Data (conditions apply to some Rights).
- Every marketing email We send You, gives You the opportunity to "unsubscribe" from further email marketing messages.
- We strongly advise that You read the policies of any site that You visit as a result of following a link from Our Site.
- You can terminate Your Account at any time. Any User Generated Content You have created on Our Site will be anonymised unless You request it be deleted.
13. What cookies do We use and what for?
13.1 Please read Our Cookies Policy.
14. Revise and amend Our Privacy Notice
14.1 We have the right to revise and amend this Privacy Notice from time to time to reflect changes in technology, payment methods, relevant laws and regulatory requirements and Our system's capabilities.
14.2 Your decision to continue to use Our Site and any of Our services after such changes have been made, constitutes Your formal acceptance of the new Privacy Notice. You are, therefore advised to check this page from time to time.
15. Contacting Us
15.1 If You have questions or comments about Our privacy practices, or would like to exercise Your rights in accordance with this Privacy Notice, or have a complaint about Our treatment of Your Personal Data, please contact Us:
Write: Customer Service
77 Cedar Avenue
If you choose to contact us by phone, we may ask you to follow up in writing.
15.2 If You are unhappy with the way We handle Your personal information or if You need any advice You should contact the Information Commissioner's Office (ICO).
Information Commissioner's Office
Wycliffe House Water Lane
Phone: 0303 123 1113
Textphone: 01625 545860