This Privacy Notice ("Notice") is intended to explain how your personal information will be handled by Team Tito Limited ("Tito" "we", "our" and "us") of Unit 2, 64 Dame Street, Dublin 2 and sets out the information including the personal information detailed below relating to you ("Personal Data") that will be collected and processed by Tito and/or on its behalf by its third party service providers in the context of your engagement with www.ti.to (the "Website") and the platform and services provided thereon (together the "Tito Services").
Tito provides an event management and ticketing platform to its customers ("Event Organisers") that facilitates administration and organisation of these events plus the promotion of the events to, and the purchase of tickets to these events by, potential and actual attendees ("Attendees"). In certain circumstances, Event Organisers may be the controller of certain Attendees' Personal Data. Attendees who are a customer of, or otherwise interact through the Tito Services with, any of our Event Organisers are asked to also read Section 10 of this Privacy Notice.
For the purposes of this Notice, the controller of your Personal Data is Tito. If you have any questions or concerns about this Notice, please contact our Data Protection Representative Cillian O’Ruanaidh who can be contacted at email@example.com.
IMPORTANT: Please note that this Notice, while intended to be as complete and accurate as reasonably possible, is not exhaustive and may be updated from time to time in accordance with Section 11 of this Notice.
This Notice applies to the way we collect and process your Personal Data. Personal Data will be collected and processed during the course of our relationship with you and for a period afterward as may be required by applicable law.
During the course of your dealings with us, we will collect Personal Data:
For example, when you communicate with us, sign-up to the Tito Services as an Event Organiser, work with us or supply us with services, when you supply Personal Data via our Website or through the Tito Services, submit an enquiry or request support or when you subscribe to or express an interest in any of our newsletters or mailing lists; and from Event Organisers or other third party sources: for example when you are an attendee who expresses an interest in or purchases a ticket to an event promoted by an Event Organiser using the Tito Services, through software platforms we use for business processes, statutory and regulatory authorities, third party service providers and occasionally some additional sources.
We may collect and process the following Personal Data:
This includes information such as your name, email address, company, phone number and your password.
This includes information about the date, time, value and number of transactions you make through the Tito Services.
This includes any other information which is provided to us by you or on your behalf.
The following details the legal basis for which ("Legal Basis") and the reasons why ("Purposes") we collect, obtain and process your Personal Data:
It is necessary to process this Personal Data to enter into and perform our contract with you in relation to:
The purpose of the above is the following:
It is in our legitimate interests to collect and process your Personal Data for the purposes of improving and monitoring website efficiency, enhancing your use of the Website.
It is also necessary for the purposes of our legitimate interests to process your Personal Data to respond to any queries or requests submitted by you to us.
Before we process your Personal Data to pursue our legitimate interests for these purposes, we determine if such processing is necessary and we carefully consider the impact of our processing activities on your fundamental rights and freedoms. On balance, we have determined that such processing is necessary for our legitimate interests and that the processing which we conduct does not adversely impact on these rights and freedoms.
The purposes are:
We may process your Personal Data where it is necessary to comply with legal obligations to which we are subject, to comply with our obligations under Irish and European law.
We may process your Personal Data as necessary in order for us to establish, investigate, exercise or defend a legal claim to which you are a party for the following purposes:
We may disclose some or all of the Personal Data we collect from and obtain about you to the following third parties:
We may share your Personal Data with the following third party service providers:
Amazon Web Services, who provide us with cloud storage;
Intercom, who provide us with customer relationship management, messaging and technical support services;
The list of third party service providers we use may change from time to time as we change or remove some of the providers listed above and/or put in place other providers to assist us in providing the Tito Services. We update our list of third party service providers on https://github.com/teamtito/tito-gdpr-compliance/blob/master/third-parties.md regularly and we would refer you to this as the most up-to-date source of information on our third party service providers.
Regulatory Authorities, Law Enforcement Agencies, Public Bodies and Other Third-Party Companies To comply with any applicable legal obligation, court order, summons, search warrants, or any other legal or regulatory obligation or request to which Tito is or may become subject; and to protect the rights, property or safety of Tito, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
We may share your Personal Data with other third parties as and when necessary, including:
We store and process your Personal Data on servers located within the European Economic Area (the "EEA"). However, we may transfer your Personal Data outside the EEA where we engage with third party services providers. We only transfer your personal data outside the EEA where the European Commission has decided that the third country in question ensures an adequate level of protection in line with EEA data protection standards or there are appropriate safeguards in place to protect your Personal Data. If you would like to find out more about the appropriate safeguards that we have in place to govern the transfer of your Personal Data you can contact our Data Protection Representative Cillian O’Ruanaidh who can be contacted at firstname.lastname@example.org
Unfortunately, the transmission of information via the internet is not completely secure. Although we will always do our best to protect your Personal Data, we cannot guarantee the security of any information you transmit to us. Any transmission is at your own risk. Once we have received your information, we use strictly maintained physical, electronic and procedural safeguards to prevent unauthorised access.
We do not store or process any of your card or payment information. All payment information is processed by our trusted third party payment providers.
In general, we expect to keep your Personal Data for as long as you use the Tito Services plus a period of up to 7 years thereafter. However we shall delete your IP address after 90 days. Please note that in certain circumstances, we may hold your personal data for a different period, for example, if we believe in good faith that the law or a relevant regulator may reasonably in our view expect or require us to preserve or delete your Personal Data.
If you would like to know more about how long we will retain your Personal Data, please contact our Data Protection Representative Cillian O’Ruanaidh who can be contacted at email@example.com.
We care about protecting your information. That's why we put in place appropriate measures that are designed to prevent unauthorised access to, and misuse of, your Personal Data. We also have in place measures to deal with and respond to any suspected data breach.
We are committed to taking reasonable and appropriate steps to protect the Personal Data that we hold from misuse, loss, or unauthorised access. We do this by having in place a range of appropriate technical and organisational measures.
You have a number of rights in relation to your Personal Data, which are set out in this Section 9. Note that in certain circumstances these rights might not be absolute.
You have the right to know whether your Personal Data is being processed by us, how we use your Personal Data and your rights in relation to your Personal Data.
You have the right to request a copy of the Personal Data held by us about you and to access the information which we hold about you. We will only charge you for making such an access request where we feel your request is unjustified or excessive.
ou have the right to have any inaccurate Personal Data which we hold about you updated or corrected.
In certain circumstances, you may also have the Personal Data that we hold about you deleted, for example if you exercise your right to object and we do not have an overriding reason to process your Personal Data or if we no longer require your Personal Data for the purposes set out in this notice.
You have the right to ask us to restrict processing your Personal Data in certain cases, including if you believe that the Personal Data we hold about you is inaccurate or that our use of your Personal Data is unlawful. If you validly exercise this right, we will store your Personal Data and will not carry out any other processing on it until the issue is resolved.
You may request us to provide you with your Personal Data which you have given us in a structured, commonly used and machine-readable format and you may request us to transmit your Personal Data directly to another controller where this is technically feasible.
This right only arises where we process your Personal Data on the legal basis of either your consent or where it is necessary to perform our contract with you and the processing is carried out by automated means.
You have a right to object at any time to the processing of your Personal Data where we process your Personal Data on the legal basis of pursuing our legitimate interests.
Please note you have the right to object to our processing of your Personal Data for the purposes of sending you marketing and news.
You can exercise any of these rights by submitting a request to our Data Protection Representative Cillian O’Ruanaidh who can be contacted at firstname.lastname@example.org.
We will provide you with information on any action taken in relation to any of these rights upon your request without undue delay and at the latest within 1 month of receiving your request. We may extend this timeframe by one more month if necessary however we will inform you if this arises. Please note that we may ask you to verify your identity when you seek to exercise any of your data protection rights.
You also have the right to lodge a complaint with the Data Protection Commission. For further information see www.dataprotection.ie.
Tito provides a comprehensive event management platform through which Event Organisers reach out to, communicate with, and sell to Attendees.
Whenever Tito processes an Attendee's Personal Data on behalf of an Event Organiser, we are acting as a processor, and we therefore conduct such activities strictly in accordance with the instructions of that Event Organiser and pursuant to the contractual arrangements in place with them. If you are an Attendee with an existing relationship with one of our Event Organisers, you should refer to the Event Organiser's website or any terms provided by that Event Organiser to understand their privacy practices and policies. Where you, as an Attendee, would like to exercise your rights in relation to your Personal Data over which the Event Organiser is the controller, you should contact the Event Organiser with such requests. We will cooperate as appropriate with requests from our Event Organisers to assist with such requests.
We may amend this Notice on occasion, in whole or in part, at our sole discretion. Any changes will be effective immediately upon communicating the revised Notice to you.
If at any time we decide to use your Personal Data in a manner significantly different from that stated in this Notice, or otherwise disclosed to you at the time it was collected, we will notify you by e-mail, and you will have a choice as to whether or not we use your Personal Data in the new manner.
If you have any questions, comments or concerns about the way your Personal Data are being used or processed by Tito, please submit your question, comment or concern in writing to our Data Protection Representative Cillian O’Ruanaidh who can be contacted at email@example.com.
All Tito services that store data are hosted by Amazon Web Services, in Ireland.
All applications use SSL for HTTP transport, without support for compromised cryptographic mechanisms.
Outside access to services other than those hosted on port 80 and 443 are disabled. All insecure HTTP requests on port 80 are automatically redirected to HTTPS on port 443.
All passwords are stored in a one-way hash using strong (bcrypt) cryptography and multiple stretches.
Tito will commission a detailed penetration test every 2 years, and an interim test every 6 months.
In the event of a data breach, upon investigation, Tito will notify all individuals affected by the breach with: