We are committed to protecting and respecting your privacy and keeping your personal information secure. We ask that you read this Privacy Notice carefully. It sets out important information about:
- Who we are
- How and why we collect, store, use and share information about you (known as “personal data“);
- How long we will keep your personal data;
- Your rights in relation to your personal data
- How to contact us (and supervisory authorities) if you have a complaint.
WHO WE ARE
Helm Squared Limited is a private limited company, registered under the laws of England and Wales with company number 07456920. Our registered address is at Poseidon House, Plymouth, PL4 0SN.
We are the “controller” of personal data we collect from you or which you provide to us. This means that when we collect and use your personal data, we are responsible for ensuring that your personal data is lawfully and properly processed and our conduct is regulated by the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR“). Our registration number under the Register of fee payers (held by the Information Commissioner’s Office) is ZA241388.
When the following words with capital letters are used in this Privacy Notice, this is what they mean:
|Customer||means a person who registers an account with us to purchase one or more Tickets;|
|Event||any performance, production, seminar or other planned public or social occasion promoted or produced by an Organiser, which is advertised on www.helmtickets.com;|
|Membership||a subscription for Tickets and/or discounts for Tickets, in either case for more than one Event operated by one or more Organisers;|
|Organiser||the person or entity who is responsible for the organisation, administration and operation of an Event;|
|our site||means www.helmtickets.com;|
|Ticket||means a ticket for admission to an Event, which is available for purchase on our site (subject to our Customer Terms and Conditions);|
|“we” “us” and “our”||means Helm Squared Limited.|
PERSONAL DATA WE MAY COLLECT FROM YOU
The following table explains what personal data we will or may collect about you and how it will be collected:
|What personal data we will collect||How that personal data is collected|
|PERSONAL DATA COLLECTED BY US|
|Your first and last names, address, post code, email address, telephone number, country of residence, enquiries you submit to us about our site, information about problems/defects you are experiencing with our site and the services available on our site and/or details relating to why you are corresponding with/contacting us|
When you fill in and submit (via the Internet) forms we ask you to complete on our site (i.e. when you register to use our site as a Customer or an Organiser)
By corresponding or communicating with us, including by telephone, by letter or by email
When you use the pop-up “chat” facility available on our site
When you complete surveys on our site or which we send to you (although you do not have to respond to them)
|VAT number and bank account details||When you fill in and submit the form we ask you to complete on our site when you register for an Organiser account|
Details about your visit to our site, including traffic data, location data, weblogs and other communication data
Details about your computer, including your IP address, operating system, browser type and version, time zone setting, browser plug-in types and versions
|May be collected automatically when you navigate the pages of our site|
|PERSONAL DATA WE MAY COLLECT FROM OTHER SOURCES|
|Transactional information relating to a Ticket/Membership purchase, including payment tokens and payment reference numbers||When you pay for Tickets/Membership on our site, our online payment processing service provider (Stripe, Inc) will generate this information and send it to us|
|Information about whether or not you have received and read email newsletters and email marketing that they send to you on our behalf (and only with your consent) to you||When you have asked us to send you email updates (see “how and why we use your personal data” below), Rocket Science Group LLC (trading as ‘Mailchimp’) will collect this data and make it available to us|
When paying for Tickets/Membership on our site, you will be asked for financial details such credit/debit card information. The processing of these payments are carried out by our online payment processing service provider (Stripe, Inc) and on a separate secure server. We do not store any credit or debit card information on our servers.
HOW AND WHY WE USE YOUR PERSONAL DATA
Under the GDPR, we can only use your personal data if we have a legal basis for doing so.
The table below explains the purposes for which we use your personal data and our applicable legal basis for each purpose:
|The purpose for which we use your personal data||Legal basis|
|To provide you with services that you request from us or information about our services that you request from us||For the performance of our contract with you or to take steps at your request before entering into a contract with you|
|To take payment for the services we carry out for you||For the performance of our contract with you|
To include your email address, first name, last name and country of residence in a database (collated using a third party database aggregator, namely Rocket Science Group LLC (trading as ‘Mailchimp’)). Mailchimp will have access to and will store and process this information, but will only do so on our instructions, so that we and Organisers from whom you have purchased Tickets (if any) may contact you as described in the following paragraph. The function of the database aggregator is to help us and the relevant Organiser with conducting our newsletters and marketing campaigns and sending them to you via email. Using a database aggregator also allows us to track the reception and take up of that newsletter and/or marketing campaign by those that subscribe to receive them. Please see below at “Disclosure of your personal data” and “Where we store your personal data”, which sets our further details of the disclosure to Mailchimp of your personal information
To keep you up to date, or permit selected third parties to keep you up to date (see “Who we share your information with” below), with the latest news and information about Helm Tickets, including the services that we offer and events our organisers are running, details of new features on our site, details of product discounts and other products available from us that may be of interest to you, details of offers, campaigns, competitions, promotions and other opportunities
For the performance of our contract with you or to take steps at your request before entering into a contract with you; and
(In respect of promotional marketing emails only) Where you have given us your consent to send you updates (namely, by ticking the relevant “opt-in” box on our site)
Note – you have the right to opt out of receiving updates from us at any time by:
· contacting us, by email to email@example.com;
|To notify you about changes to our site, changes to the services offered via our site||For our legitimate interests or those of a third party (namely, for the success, growth and protection of our business)|
|As part of our efforts to keep our website safe and secure and to monitor actual or suspected fraudulent activity|
For our legitimate interests or those of a third party (namely, to protect our business and users of our services (e.g. Organisers and Customers) from fraud/fraudulent activity)
To comply with our legal and regulatory obligations.
We may also use the personal data you provide to us in an aggregated and anonymous form for research purposes and to help us make development, marketing, sales and/or other business decisions.
We may associate/combine any category of information with any other category of information (for example, we may associate/combine Submitted Information with Third party Information) and will treat the combined information as personal data in accordance with this Privacy Notice for as long as it is combined.
DISCLOSURE OF YOUR PERSONAL DATA
Any time during the course of our providing services to you, we may disclose some or all of the personal data we collect from you to the following third parties:
|Personal data we will disclose||Recipient and reason for disclosure|
|First name, last name, email address, order reference numbers, ticket reference numbers, first and last names of individuals identified as ticket holders.|
The Organiser of the Event you have purchased a Ticket/Membership. The Organiser will also be a “controller” of your personal data and their use of your personal data will be subject to the terms of the privacy notice they make available to you during the course of the Ticket/Membership purchasing process.
We will provide this information to the Organiser so that they can:
Administer the organisation and operation of their Event, your Ticket and/or Membership
Send you information about the Event, your Ticket and/or your Membership
Keep you up to date with the latest news and information about the Organiser, including the products/services that they offer, details of product discounts and other products available from them that may be of interest to you, details of offers, campaigns, competitions, promotions and other opportunities they are offering. The Organiser will do this only where you have given them your consent to send you such updates (namely, by ticking the relevant “opt-in” box on our site).
|First name, last name, country of residence and email address|
Rocket Science LLC (trading as ‘Mailchimp’), who are our database aggregator. Where (and only where) you have expressly indicated (e.g. by ticking the relevant box on our site) that you wish to be sent email newsletters, email marketing materials and other information (via email), we will share with Mailchimp your email address, first name, last name to create a database of individuals who have subscribed for such services. We will use this database as we have described above (see “How we use your personal data“).
|First name, last name and information about the number of tickets you have purchased, money you have spent on tickets, the number of Events you have attended, the last Event you attended, your membership status on our Site.|
To create a client relationship management system/database collated using a third party database aggregator, namely Hubspot, Inc. Hubspot will have access to and will store and process this information, but will only do so on the Organiser’s instructions, so that the Organiser in question may collate information about individuals who have purchased a Ticket/ a Membership. In particular, the function of the database aggregator is to help the Organiser with the organisation, administration and operation of their Event and so that the Organiser can assist you with queries you may have about your Ticket, your Membership and your attendance at their Event.
|First name, last name, email address, and order reference number.|
SendGrid, Inc, who is our transactional email services provider and who may send you certain automated emails (on our behalf), including:
When you register for a Customer or Organiser Account, our automated systems will share your email address with SendGrid, so that they can send you (on our behalf) an email to confirm the registration of your account
When you have purchased a Ticket and/or a Membership (i.e. as a Customer), our automated systems will share your email address with SendGrid, so that they can send you an email to confirm your order and to send your Tickets and/or details about your Membership to you
When you are running an Event (i.e. as an Organiser), our automated systems will share your email address with SendGrid, so that they can send you information about the number of Tickets you have sold for that Event.
|First name, last name, order reference number, the billing address post code for the card you are using to purchase Tickets|
Stripe, Inc, who are our payment processing services provider. When you purchase a Ticket or sign up to a Membership (i.e. as a Customer) our automated systems will share this information with Stripe, so that we can take payment for your Ticket/Membership and so that we can forward part of the payment we have taken to the Organiser.
We also provide the information to Stripe if/when we have agreed to issue you a refund in respect of Tickets you have purchased or Memberships you have signed up to, so that they can process and issue your refund.
We may also provide this information to Stripe so that they can identify and provide us with information about payment transactions, for example in the event of a dispute with you about payments for Tickets/Memberships and/or to protect our business and users of our services (e.g. Organisers and Customers) from fraud/fraudulent activity.
|First name, last name, order reference number, enquiries you submit to us about our site, information about problems/defects you are experiencing with our site and the services available on our site and/or details relating to why you are corresponding with/contacting us, and/or other personal data you disclose (e.g. your email address) as part of your correspondence with us.|
Atlassian Pty Ltd, Atlassian, Inc and its corporate affiliates, who provide us with a software as a service project management tool (known as “Jira”), which we use to manage, process and respond to the queries you submit to us.
Ipdata.co, who provide us with an API driven service. We use this service to get the country of the IPv4 or IPv6 address of an Organiser at point of registration. We do this so we can cross reference this with the country that an organiser selects as “the country they are based in”, in order to determine whether their account could potentially be fraudulent or non legitimate.
Stop Forum Spam, who provide us with an API driven service. We use this service to check whether the I.P address of an Organiser is listed on their blacklists as a source of spam. We do this to prevent spam accounts from signing up to our service.
We may need to share your personal data with other third parties:
- where disclosure of the information is in our legitimate interests (i.e. for the success, growth and protection of our business), including:
- with third party service providers who act as data processors, based inside and outside the EU who provide IT and system administration services which make our site and the services available on our site operate. We require all service providers to respect the security of personal data and to treat it in accordance with the law. We do not allow our third party service providers to use personal data for their own purposes and only permit them to process personal data for specified purposes and in accordance with our instructions.
- with prospective sellers or buyers of businesses or assets, if we plan to sell or buy any business or assets, but we will only do so after the prospective seller or buyer has entered into an agreement with us to protect the confidentiality and security of your personal data;
- if Helm Squared Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about you will be one of the transferred assets.
- where disclosure of the information is necessary for compliance with a legal obligation to which we are subject, including:
- if we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request, in which case we may have to disclose your personal data to law enforcement agencies and regulatory authorities.
Where we act as the data processor of the Organiser:
- In certain circumstances, Organisers ask us to collect and send to them certain personal data on their behalf and in connection with and for the purposes of their Event. In those circumstances, the Organiser is the “controller” of that personal data (and they will collect and process your data in accordance with the Privacy Notice they make available to you via our site during the Ticket purchase process) and we are the “processor”. We will not use any personal data we are asked to collect and send to an Organiser for our own purposes and we will only access it and process it in accordance with the instructions of the Organiser in question.
WHERE WE STORE YOUR PERSONAL DATA
Personal data you provide to us by corresponding with us by telephone, email or by post will be filed and stored at our offices (at Poseidon House, Plymouth, PL4 0SN).
The personal information which we collect from and about you will also be stored using the Amazon Cloud service, via an account which we control and administer. The information stored using the Amazon Cloud service is a distributed cloud platform, and therefore the information we collect is not stored at one specific address. Nevertheless, the information we collect from and about you will be stored on Amazon’s servers within the European Economic Area (“EEA”).
Any payment transactions will be carried out by third parties (namely Stripe, Inc) over encrypted connections using SSL technology.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
HOW LONG WE WILL KEEP YOU PERSONAL DATA
We will hold your personal data for a period of 6 months from the date on which you last logged into your account on our site or otherwise for a period of 6 months.
We will not retain and process your personal data other than for the purposes set out in this Privacy Notice.
When it is no longer necessary to retain your personal data, we will delete or anonymise it.
You have the following rights in respect of your personal data, which you can exercise free of charge (unless your request is manifestly unfounded or excessive, in which case we may charge you a reasonable fee or refuse to act on the request):
|Access||The right to be provided with a copy of your personal data.|
|Rectification||The right to require us to correct any mistakes in your personal data.|
|To be forgotten||The right to require us to delete your personal data – in certain situations.|
|Restriction of processing||The right to require us to restrict processing of your personal data — in certain circumstances (e.g. if you contest the accuracy of the personal data).|
|Data portability||The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party — in certain situations.|
The right to object:
· at any time to your personal data being processed for direct marketing (including profiling);
· in certain other situations to our continued processing of your personal data (e.g. processing carried out for the purpose of our legitimate interests).
|Not to be subject to automated individual decision-making||The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.|
For further information on each of those rights, including the circumstances in which they apply, please contact us or consult the guidance issued by the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please:
- email, or write to us (see below: ‘How to contact us’);
- let us have enough information to identify you (e.g. your full name, address and client or matter reference number);
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
- let us know what right you want to exercise and the information to which your request relates.
KEEPING YOUR PERSONAL DATA SECURE
We hope we can resolve any query or concern you may raise about our use of your personal data (see below ‘How to contact us’).
The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioners Office, who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113.
CHANGES TO THIS PRIVACY NOTICE
This Privacy Notice was last updated in July 2018.
We may change this Privacy Notice from time to time. Any changes we may make to our Privacy Notice in the future will be posted on our website (at www.helmtickets.com) and, where appropriate, notified to you by e-mail. Please check our website frequently to see any updates or changes to this Privacy Notice.
HOW TO CONTACT US
Questions, comments and requests regarding this privacy notice are welcomed and should be addressed to firstname.lastname@example.org.