This Privacy Notice ("Notice") is intended to explain how your personal information will be handled by Team Tito Limited ("Tito" "we", "our" and "us") of Unit 2, 64 Dame Street, Dublin 2 and sets out the information including the personal information detailed below relating to you ("Personal Data") that will be collected and processed by Tito and/or on its behalf by its third party service providers in the context of your engagement with www.ti.to (the "Website") and the platform and services provided thereon (together the "Tito Services").
Tito provides an event management and ticketing platform to its customers ("Event Organisers") that facilitates administration and organisation of these events plus the promotion of the events to, and the purchase of tickets to these events by, potential and actual attendees ("Attendees"). In certain circumstances, Event Organisers may be the controller of certain Attendees' Personal Data. Attendees who are a customer of, or otherwise interact through the Tito Services with, any of our Event Organisers are asked to also read Section 10 of this Privacy Notice.
For the purposes of this Notice, the controller of your Personal Data is Tito. If you have any questions or concerns about this Notice, please contact our Data Protection Representative Cillian O’Ruanaidh who can be contacted at firstname.lastname@example.org.
IMPORTANT: Please note that this Notice, while intended to be as complete and accurate as reasonably possible, is not exhaustive and may be updated from time to time in accordance with Section 11 of this Notice.
This Notice applies to the way we collect and process your Personal Data. Personal Data will be collected and processed during the course of our relationship with you and for a period afterward as may be required by applicable law.
During the course of your dealings with us, we will collect Personal Data:
We may collect and process the following Personal Data:
This includes information such as your name, email address, company, phone number and your password.
This includes information about the date, time, value and number of transactions you make through the Tito Services.
This includes any other information which is provided to us by you or on your behalf.
The following table details the legal bases for which ("Legal Basis") and the reasons why ("Purposes") we collect, obtain and process your Personal Data:
It is necessary to process this Personal Data to enter into and perform our contract with you in relation to:
If you do not wish to provide us with your Personal Data for these purposes, we will not be able to enter into or perform our contract(s) with you and you will not be able to avail of the Tito Services.
Access to the Website
It is in our legitimate interests to collect and process your Personal Data for the purposes of improving and monitoring website efficiency, enhancing your use of the Website.
It is also necessary for the purposes of our legitimate interests to process your Personal Data to respond to any queries or requests submitted by you to us.
Before we process your Personal Data to pursue our legitimate interests for these purposes, we determine if such processing is necessary and we carefully consider the impact of our processing activities on your fundamental rights and freedoms. On balance, we have determined that such processing is necessary for our legitimate interests and that the processing which we conduct does not adversely impact on these rights and freedoms.
Improving Functionality and Efficiency
Compliance with a Legal Obligation
We may process your Personal Data where it is necessary to comply with legal obligations to which we are subject.
To Defend, Establish or be a Party to Legal Claims
We may process your Personal Data as necessary in order for us to establish, investigate, exercise or defend a legal claim to which you are a party.
We may disclose some or all of the Personal Data we collect from and obtain about you to the following third parties:
We may share your Personal Data with the following third party service providers:
The list of third party service providers we use may change from time to time as we change or remove some of the providers listed above and/or put in place other providers to assist us in providing the Tito Services. We update our list of third party service providers on https://github.com/teamtito/tito-gdpr-compliance/blob/master/third-parties.md regularly and we would refer you to this as the most up-to-date source of information on our third party service providers.
We may share your Personal Data with other third parties as and when necessary, including:
We store and process your Personal Data on servers located within the European Economic Area (the "EEA"). However, we may transfer your Personal Data outside the EEA where we engage with third party services providers. We only transfer your personal data outside the EEA where the European Commission has decided that the third country in question ensures an adequate level of protection in line with EEA data protection standards or there are appropriate safeguards in place to protect your Personal Data. If you would like to find out more about the appropriate safeguards that we have in place to govern the transfer of your Personal Data you can contact our Data Protection Representative Cillian O’Ruanaidh who can be contacted at email@example.com
Unfortunately, the transmission of information via the internet is not completely secure. Although we will always do our best to protect your Personal Data, we cannot guarantee the security of any information you transmit to us. Any transmission is at your own risk. Once we have received your information, we use strictly maintained physical, electronic and procedural safeguards to prevent unauthorised access.
We do not store or process any of your card or payment information. All payment information is processed by our trusted third party payment providers.
In general, we expect to keep your Personal Data for as long as you use the Tito Services plus a period of up to 7 years thereafter. However we shall delete your IP address after 90 days. Please note that in certain circumstances, we may hold your personal data for a different period, for example, if we believe in good faith that the law or a relevant regulator may reasonably in our view expect or require us to preserve or delete your Personal Data.
If you would like to know more about how long we will retain your Personal Data, please contact our Data Protection Representative Cillian O’Ruanaidh who can be contacted at firstname.lastname@example.org.
We care about protecting your information. That's why we put in place appropriate measures that are designed to prevent unauthorised access to, and misuse of, your Personal Data. We also have in place measures to deal with and respond to any suspected data breach.
We are committed to taking reasonable and appropriate steps to protect the Personal Data that we hold from misuse, loss, or unauthorised access. We do this by having in place a range of appropriate technical and organisational measures.
You have a number of rights in relation to your Personal Data, which are set out in this Section 9. Note that in certain circumstances these rights might not be absolute.
|Right to be Informed||
|Right of Access||
|Right to Rectification||
|Right to Erasure||
|Right to Restriction of Processing||
|Right to Data Portability||
|Right to Object||
You can exercise any of these rights by submitting a request to our Data Protection Representative Cillian O’Ruanaidh who can be contacted at email@example.com.
We will provide you with information on any action taken in relation to any of these rights upon your request without undue delay and at the latest within 1 month of receiving your request. We may extend this timeframe by one more month if necessary however we will inform you if this arises. Please note that we may ask you to verify your identity when you seek to exercise any of your data protection rights.
You also have the right to lodge a complaint with the Data Protection Commission. For further information see www.dataprotection.ie.
Tito provides a comprehensive event management platform through which Event Organisers reach out to, communicate with, and sell to Attendees.
Whenever Tito processes an Attendee's Personal Data on behalf of an Event Organiser, we are acting as a processor, and we therefore conduct such activities strictly in accordance with the instructions of that Event Organiser and pursuant to the contractual arrangements in place with them. If you are an Attendee with an existing relationship with one of our Event Organisers, you should refer to the Event Organiser's website or any terms provided by that Event Organiser to understand their privacy practices and policies. Where you, as an Attendee, would like to exercise your rights in relation to your Personal Data over which the Event Organiser is the controller, you should contact the Event Organiser with such requests. We will cooperate as appropriate with requests from our Event Organisers to assist with such requests.
We may amend this Notice on occasion, in whole or in part, at our sole discretion. Any changes will be effective immediately upon communicating the revised Notice to you.
If at any time we decide to use your Personal Data in a manner significantly different from that stated in this Notice, or otherwise disclosed to you at the time it was collected, we will notify you by e-mail, and you will have a choice as to whether or not we use your Personal Data in the new manner.
If you have any questions, comments or concerns about the way your Personal Data are being used or processed by Tito, please submit your question, comment or concern in writing to our Data Protection Representative Cillian O’Ruanaidh who can be contacted at firstname.lastname@example.org.
All Tito services that store data are hosted by Amazon Web Services, in Ireland.
All applications use SSL for HTTP transport, without support for compromised cryptographic mechanisms.
Outside access to services other than those hosted on port 80 and 443 are disabled. All insecure HTTP requests on port 80 are automatically redirected to HTTPS on port 443.
All passwords are stored in a one-way hash using strong (bcrypt) cryptography and multiple stretches.
Tito will commission a detailed penetration test every 2 years, and an interim test every 6 months.
In the event of a data breach, upon investigation, Tito will notify all individuals affected by the breach with:
If there is evidence of a breach, all passwords will be reset, even those not specifically targetted by the breach.