Purpose and scope of notice
This Privacy Notice ("Notice") is intended to explain how your personal information will be handled by Team Tito Limited ("Tito" "we", "our" and "us") of Unit 2, 64 Dame Street, Dublin 2 and sets out the information including the personal information detailed below relating to you ("Personal Data") that will be collected and processed by Tito and/or on its behalf by its third party service providers in the context of your engagement with www.ti.to (the "Website") and the platform and services provided thereon (together the "Tito Services").
Tito provides an event management and ticketing platform to its customers ("Event Organisers") that facilitates administration and organisation of these events plus the promotion of the events to, and the purchase of tickets to these events by, potential and actual attendees ("Attendees"). In certain circumstances, Event Organisers may be the controller of certain Attendees' Personal Data. Attendees who are a customer of, or otherwise interact through the Tito Services with, any of our Event Organisers are asked to also read Section 10 of this Privacy Notice.
For the purposes of this Notice, the controller of your Personal Data is Tito. If you have any questions or concerns about this Notice, please contact our Data Protection Representative Cillian O’Ruanaidh who can be contacted at firstname.lastname@example.org.
Application of this noticeIMPORTANT: Please note that this Notice, while intended to be as complete and accurate as reasonably possible, is not exhaustive and may be updated from time to time in accordance with Section 11 of this Notice.
This Notice applies to the way we collect and process your Personal Data. Personal Data will be collected and processed during the course of our relationship with you and for a period afterward as may be required by applicable law.
During the course of your dealings with us, we will collect Personal Data:
- from you: for example when you communicate with us, sign-up to the Tito Services as an Event Organiser, work with us or supply us with services, when you supply Personal Data via our Website or through the Tito Services, submit an enquiry or request support or when you subscribe to or express an interest in any of our newsletters or mailing lists; and
- from Event Organisers or other third party sources: for example when you are an attendee who expresses an interest in or purchases a ticket to an event promoted by an Event Organiser using the Tito Services, through software platforms we use for business processes, statutory and regulatory authorities, third party service providers and occasionally some additional sources.
What personal data we process
We may collect and process the following Personal Data:
- Personal Information
- This includes information such as your name, email address, company, phone number and your password.
- Device Information
- Transactional History
- This includes information about the date, time, value and number of transactions you make through the Tito Services.
- This includes any other information which is provided to us by you or on your behalf.
Why we process your personal data
The following table details the legal bases for which ("Legal Basis") and the reasons why ("Purposes") we collect, obtain and process your Personal Data:
Legal Basis: Contract
It is necessary to process this Personal Data to enter into and perform our contract with you in relation to:
- your use of the Tito Services as an Event Organiser; and
- your use of the Website.
If you do not wish to provide us with your Personal Data for these purposes, we will not be able to enter into or perform our contract(s) with you and you will not be able to avail of the Tito Services.
Purpose(s): Access to the website
- To provide you with access to the Website and to allow you to use the Website.
Providing the Tito services
- To determine, perform and execute the terms on which you will engage with us as an Event Organiser;
- to ensure the smooth running of the Tito Services;
- to process your payments, through our third party payment providers; and
- to contact you in relation to any aspect of the Tito Services;
- To create your account for you to use on the Website;
- to process your actions through this account; and
- to otherwise manage and administer your account.
Legal Basis: Legitimate interests
It is in our legitimate interests to collect and process your Personal Data for the purposes of improving and monitoring website efficiency, enhancing your use of the Website.
It is also necessary for the purposes of our legitimate interests to process your Personal Data to respond to any queries or requests submitted by you to us.
Before we process your Personal Data to pursue our legitimate interests for these purposes, we determine if such processing is necessary and we carefully consider the impact of our processing activities on your fundamental rights and freedoms. On balance, we have determined that such processing is necessary for our legitimate interests and that the processing which we conduct does not adversely impact on these rights and freedoms.
Purpose(s): Improving functionality and efficiency
- To monitor, test and improve the effectiveness of the Tito Services;
- to monitor metrics such as total number of visitors, traffic data and demographic patterns on our Website; and
- to ensure the content on the Website is presented in the most effective manner for you and your device.
Responding to queries
- To process and respond to any queries or requests you submit to us whether through the Website, by emailing us or otherwise; and
- to seek your views on the Website and our services.
- To build up a profile of you as a user of the Tito services, so that we can analyse and derive insights about who uses the Tito Services and how you use them.
News and marketing
- To send you a personal introduction email when you first sign up for the Tito Services;
- to keep you updated with our news; and
- to send you promotional and marketing material which we believe would be of use or interest to you.
Legal Basis: Compliance with a legal obligation
We may process your Personal Data where it is necessary to comply with legal obligations to which we are subject.
- To comply with our obligations under Irish and European law.
Legal Basis: To defend, establish, or be a party to legal claims
We may process your Personal Data as necessary in order for us to establish, investigate, exercise or defend a legal claim to which you are a party.
- To file legal proceedings;
- to investigate, establish, exercise or defend a legal claim; and
- to settle legal claims.
Disclosure of your personal data
We may disclose some or all of the Personal Data we collect from and obtain about you to the following third parties:
Third party service providers
We may share your Personal Data with the following third party service providers:
- Amazon Web Services, who provide us with cloud storage;
- Intercom, who provide us with customer relationship management, messaging and technical support services;
The list of third party service providers we use may change from time to time as we change or remove some of the providers listed above and/or put in place other providers to assist us in providing the Tito Services. We update our list of third party service providers on https://github.com/teamtito/tito-gdpr-compliance/blob/master/third-parties.md regularly and we would refer you to this as the most up-to-date source of information on our third party service providers.
Regulatory Authorities, Law Enforcement Agencies, Public Bodies and Other Third-Party Companies
- To comply with any applicable legal obligation, court order, summons, search warrants, or any other legal or regulatory obligation or request to which Tito is or may become subject; and
- to protect the rights, property or safety of Tito, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
We may share your Personal Data with other third parties as and when necessary, including:
- prospective or actual buyers of Tito or our assets (to facilitate the acquisition of Tito or a substantial portion of Tito's assets by a third party);
- external advisors such as our lawyers, accountants and auditors.
Tito transfers of your personal data
We store and process your Personal Data on servers located within the European Economic Area (the "EEA"). However, we may transfer your Personal Data outside the EEA where we engage with third party services providers. We only transfer your personal data outside the EEA where the European Commission has decided that the third country in question ensures an adequate level of protection in line with EEA data protection standards or there are appropriate safeguards in place to protect your Personal Data. If you would like to find out more about the appropriate safeguards that we have in place to govern the transfer of your Personal Data you can contact our Data Protection Representative Cillian O’Ruanaidh who can be contacted at email@example.com
Unfortunately, the transmission of information via the internet is not completely secure. Although we will always do our best to protect your Personal Data, we cannot guarantee the security of any information you transmit to us. Any transmission is at your own risk. Once we have received your information, we use strictly maintained physical, electronic and procedural safeguards to prevent unauthorised access.
We do not store or process any of your card or payment information. All payment information is processed by our trusted third party payment providers.
Retention of your personal data
In general, we expect to keep your Personal Data for as long as you use the Tito Services plus a period of up to 7 years thereafter. However we shall delete your IP address after 90 days. Please note that in certain circumstances, we may hold your personal data for a different period, for example, if we believe in good faith that the law or a relevant regulator may reasonably in our view expect or require us to preserve or delete your Personal Data.
If you would like to know more about how long we will retain your Personal Data, please contact our Data Protection Representative Cillian O’Ruanaidh who can be contacted at firstname.lastname@example.org.
How we store and safeguard your personal data
We care about protecting your information. That's why we put in place appropriate measures that are designed to prevent unauthorised access to, and misuse of, your Personal Data. We also have in place measures to deal with and respond to any suspected data breach.
We are committed to taking reasonable and appropriate steps to protect the Personal Data that we hold from misuse, loss, or unauthorised access. We do this by having in place a range of appropriate technical and organisational measures.
Your rights and how to exercise them
You have a number of rights in relation to your Personal Data, which are set out in this Section 9. Note that in certain circumstances these rights might not be absolute.
Further InformationRight to be Informed
You have the right to know whether your Personal Data is being processed by us, how we use your Personal Data and your rights in relation to your Personal Data.Right of Access
You have the right to request a copy of the Personal Data held by us about you and to access the information which we hold about you. We will only charge you for making such an access request where we feel your request is unjustified or excessive.Right to Rectification
ou have the right to have any inaccurate Personal Data which we hold about you updated or corrected.Right to Erasure
In certain circumstances, you may also have the Personal Data that we hold about you deleted, for example if you exercise your right to object and we do not have an overriding reason to process your Personal Data or if we no longer require your Personal Data for the purposes set out in this notice.Right to Restriction of Processing
You have the right to ask us to restrict processing your Personal Data in certain cases, including if you believe that the Personal Data we hold about you is inaccurate or that our use of your Personal Data is unlawful. If you validly exercise this right, we will store your Personal Data and will not carry out any other processing on it until the issue is resolved.Right to Data Portability
You may request us to provide you with your Personal Data which you have given us in a structured, commonly used and machine-readable format and you may request us to transmit your Personal Data directly to another controller where this is technically feasible.
This right only arises where we process your Personal Data on the legal basis of either your consent or where it is necessary to perform our contract with you and the processing is carried out by automated means.Right to Object
You have a right to object at any time to the processing of your Personal Data where we process your Personal Data on the legal basis of pursuing our legitimate interests.
Please note you have the right to object to our processing of your Personal Data for the purposes of sending you marketing and news.
You can exercise any of these rights by submitting a request to our Data Protection Representative Cillian O’Ruanaidh who can be contacted at email@example.com.
We will provide you with information on any action taken in relation to any of these rights upon your request without undue delay and at the latest within 1 month of receiving your request. We may extend this timeframe by one more month if necessary however we will inform you if this arises. Please note that we may ask you to verify your identity when you seek to exercise any of your data protection rights.
You also have the right to lodge a complaint with the Data Protection Commission. For further information see www.dataprotection.ie.
Consumers of our event organisers
Tito provides a comprehensive event management platform through which Event Organisers reach out to, communicate with, and sell to Attendees.
Whenever Tito processes an Attendee's Personal Data on behalf of an Event Organiser, we are acting as a processor, and we therefore conduct such activities strictly in accordance with the instructions of that Event Organiser and pursuant to the contractual arrangements in place with them. If you are an Attendee with an existing relationship with one of our Event Organisers, you should refer to the Event Organiser's website or any terms provided by that Event Organiser to understand their privacy practices and policies. Where you, as an Attendee, would like to exercise your rights in relation to your Personal Data over which the Event Organiser is the controller, you should contact the Event Organiser with such requests. We will cooperate as appropriate with requests from our Event Organisers to assist with such requests.
Changes to this notice and questions
We may amend this Notice on occasion, in whole or in part, at our sole discretion. Any changes will be effective immediately upon communicating the revised Notice to you.
If at any time we decide to use your Personal Data in a manner significantly different from that stated in this Notice, or otherwise disclosed to you at the time it was collected, we will notify you by e-mail, and you will have a choice as to whether or not we use your Personal Data in the new manner.
If you have any questions, comments or concerns about the way your Personal Data are being used or processed by Tito, please submit your question, comment or concern in writing to our Data Protection Representative Cillian O’Ruanaidh who can be contacted at firstname.lastname@example.org.
Tito Security Policy
General Web Security
All Tito services that store data are hosted by Amazon Web Services, in Ireland.
All applications use SSL for HTTP transport, without support for compromised cryptographic mechanisms.
Outside access to services other than those hosted on port 80 and 443 are disabled. All insecure HTTP requests on port 80 are automatically redirected to HTTPS on port 443.
All passwords are stored in a one-way hash using strong (bcrypt) cryptography and multiple stretches.
Tito will commission a detailed penetration test every 2 years, and an interim test every 6 months.
In the event of a data breach, upon investigation, Tito will notify all individuals affected by the breach with:
- details of what happened
- personal information compromised
- recommendations of a follow-on action
If there is evidence of a breach, all passwords will be reset, even those not specifically targetted by the breach.
Marketing Page (ti.to/home)
Tito’s marketing page sets the following cookies:
- Tito Application Cookies
- These cookies are set by the application software that we use to host the site (Ruby on Rails and Phusion Passenger). These cookies do not store any data that is tracked.
- Google Analytics
- Google Analytics cookies are used to measure visitors to the site.
Tito Event Pages
- Tito Application Cookies
- These cookies are set by the application software that we use to host the web application (Ruby on Rails and Phusion Passenger). These cookies do not store any data that is tracked.
- Stripe Cookies
- If a Tito customer is using Stripe, then Stripe sets a cookie on initial page load.These cookies are set by Stripe and are used by Stripe’s fraud detection software to assist in ensuring that only safe and legitimate transactions are allowed through their payment system.