1. How And When Does the Company Collect Non-Public Personal Information?
In the course of selling tickets or other merchandise, we may collect and maintain certain nonpublic personal information that will help us to efficiently perform various transactions. In addition, we may be required to share your personal information with certain entertainment organizations and venues (an “Event Host”) as part of our contractual relationship with them. Of course, if you wish to purchase tickets to an event and remain anonymous, you can purchase your tickets in person, directly through the Event Host's box office.
We do not collect personal information (such as names, addresses, phone numbers, email addresses or credit card numbers) about you except when you specifically provide your information on a voluntary basis. Your personal information may be collected as you:
2. How And When Does the Company Use Non-Public Personal Information?
The Company may utilize your personal information in several discrete ways.
3. How Long Is Your Personal Information Retained?
If you are a registered user of our Website, we may retain your information as long as you maintain your registered status. If you purchase tickets or other merchandise using a credit card, we will retain your credit card information for a length of time reasonably necessary to process any future transactions related to your purchases, including refunds and charge backs. We occasionally purge our computer system of information relating to visitors of our Website and their past transactions.
4. What Is “Aggregate Information” And What Does the Company Do With It?
Typically, as visitors browse our Website, our computers automatically collect information related to how certain features of our Website are used, what general region our visitors are contacting us from and how many people visit our Website at any given time. We only use this information in the aggregate, which means that we only derive meaning from the sum of all such information gathered for a period of time and accordingly, we refer to this information as “Aggregate Information”. Aggregate Information includes, but is not limited to your computer's (i) Internet browser type (e.g., Microsoft Internet Explorer 5.5), (ii) IP address, (iii) resolution settings, (iv) platform type, and (v) originating URLs of referring web pages. We use Aggregate Information to (a) help diagnose problems with our computers, (b) administer our Website, (c) share certain generalized demographic information with Event Hosts and our advertising partners about visitors of our Website, and (d) provide our advertising partners with information regarding which visitors saw and clicked on certain advertisements on our Website. Aggregate Information does not contain any personal information of any of our Website visitors.
5. What Are “Cookies” And How Does the Company Use Them?
6. Consent/Choice Statement
Non-Vermont Computer Users. We do not sell or rent personal information about our on-line customers to any third parties at this time. If we engage in such commerce in the future, our on-line customers will be notified in advance by email and will have an opportunity to remove themselves from such lists prior to being included therein by return email or by emailing us separately at email@example.com.
Vermont Computer Users. Vermont places additional restrictions on sharing a user's personal information while such user resides in Vermont. We will not rent or sell non-public personal information we collect from a user residing in Vermont except (1) as permitted by law or (2) with the express authorization or consent of the Vermont User.
7. Data Quality and Security Statement
We use data security systems to encrypt your personal and financial information to reduce the risk that your information will be obtained by unauthorized persons. Our electronic security measures are complemented by the physical security of our facilities and limited access to certain critical areas, such as our computer locations. However, because of the increasing sophistication of computer hackers and others who would seek to invade our computer systems for the purpose of stealing information, damaging our systems or denying our systems' ability to operate effectively to safeguard personal and financial information as intended, we make no promises as to the security of personal or financial information in our possession or the impenetrability of our computer systems under unusual circumstances or our computer system's resilience to future sophisticated attacks.
8. When Might Information Be Disclosed As A Matter Of Law? We may disclose non-public personal information to unrelated parties in special cases when we have reason to believe that that disclosure is necessary to identify, contact, or bring legal action against a person or persons who may be causing injury to, or interference with, the rights or property of the Company (including our Website), computer users accessing our Website, or any third party. In addition, we may disclose information about individuals who access our Website to law enforcement agencies, judicial or government authorities, or to other individuals or entities in response to subpoenas, court orders, or other legal processes.
9. Links To / From Other Sites Our Website contains links to other Internet websites which we do not operate and, conversely, other Internet websites may contain links to our Website. We are not aware of and are not responsible for the privacy policies, practices, or content of such other websites. We encourage visitors to read and become familiar with the privacy policies maintained by such other websites.
10. Information of Minors & Children. We do not target our Website or our products or merchandise for sale on our Website to children, and our Website does not seek to collect contact information from children under the age of 13. If you are under the age of 13, please do not email us, contact our Website, attempt to use our Website, submit information to our Website, or ask us to email you. If you are under the age of 18, you should get permission from a parent or guardian before you email our Website, contact our Website, attempt to use our Website, submit information to our Website, or ask us to email you.
Tickets.com, Inc., a Delaware corporation with its principal place of business in California (the “Company”), created ticket privacySM in order to demonstrate the Company's firm commitment to your privacy and privacy-related concerns. The following sets forth the Company's information gathering, use, and dissemination practices.
It is the Companies policy to allow our customers to control what personal information you provide to us. As a customer of the Company you:
Information Collection - Notice and Disclosure Statement
From time to time, Tickets.com may ask customers to provide personal information that will help the Company efficiently perform various transactions. That information may be sought as you:
The Company does not collect personal information - names, addresses, phone numbers, email addresses or credit card numbers - about you except when you specifically provide such information on a voluntary basis; like, for instance, purchase sports or entertainment tickets, or make inquiries about ticket or reservation availability.
The Company may utilize your personal information in several discrete ways.
The Company uses your Internet Protocol (IP) address to help diagnose problems with our computer server, and to administer our web site. Your IP address is used to help identify you, and to gather broad demographic data. Your IP address contains no personal information about you.
The Company does, however, perform statistical analysis of customer usage in order to measure interest in, and use of, the various parts of the Company's web site, and the Company shares that information with current and prospective advertisers, and other interested third parties. But, this information is aggregated data only (statistics, etc.), and contains no personally identifiable information whatsoever.
The Company does not sell or rent personal information about its customers to any third parties at this time. In the event the Company does engage in such commerce in the future, you will have an opportunity to remove yourself from any such lists prior to your inclusion therein by emailing us at firstname.lastname@example.org.
Data Quality and Security Statement
The Company maintains strict data security systems that ensure specific individual information will not be made available to any unauthorized person. We use a multi-level security system to control access to information stored for our customers. This is complemented with physical security of our facilities and limited access to certain critical areas.
The Company is committed to work with recognized trade associations and organizations that support consumer privacy.
In each country where we operate, we actively participate in the Direct Marketing Association's efforts to maintain and develop appropriate industry guidelines that safeguard the individual's right to privacy. We recognize and actively support sectoral codes of practice and relevant legislation which covers other industry-specific guidelines on privacy such as the European Union Data Protection Act, the recommendations of the Office of Telecommunications in the UK, and the National Health and Medical Research guidelines in Australia.
Data Protection and Privacy legislation was originally developed in Europe and now exists in many countries worldwide. Wherever the Company operates, we are committed to adhering to the relevant data protection legislation and/or industry codes of practices.
Privacy Principles for Non USA Based BusinessUnited Kingdom's homepage
We will adhere to the overall privacy principles of Tickets.Com set out on this website. In addition, in the United Kingdom we will ensure that:-
The Commonwealth Privacy Act 1998 implements strict privacy protection which Commonwealth and government agencies must observe when collecting, storing, using and disclosing personal information. Other Commonwealth laws contain privacy provisions relating to information about health insurance claims, data matching, information about old criminal convictions and personal information disclosed by telecommunications companies. The Privacy Act applies to the private sector only with respect to tax file numbers and consumer credit information. The Federal Privacy Commissioner has encouraged Australian businesses to develop voluntary industry codes of conduct to meet privacy standards. In February 1998, the Commissioner issued a document entitled "National Principles for the Fair Handling of Personal Information." The National Principles are based on the OECD Guidelines. These Principles address the collection, use, and disclosure of data; data quality and security; openness, access and correction; identifiers, anonymity, trans-border data flows and sensitive information. In December 1998, the Federal Government announced that it intends to enact legislation to strengthen self-regulatory privacy protection in the private sector. They also announced that the legislation that will be introduced would be based on the National Principles. The Company is committed to adherence to industry codes of conduct and/or legislation that will be required to process data in Australia and respects the privacy rights of the citizens of Australia.
For more information on our privacy practices or the privacy regulations in your country, you may contact:PTYPrivacyPolicy@tickets.com
or the Privacy Commissioner's Office at:
Privacy Commissioner's Office
Sydney, NSW, Australia 1042
Phone: 1-300 363 992
Fax: 02 9284 9666
URL: www.privacy.gov.auNetherlands' homepage
The Netherlands enacted the Data Protection Act (DPA or the Act) on July 1, 1989. The DPA promotes self-regulation, and provides consumers with certain rights, including notice, access to information, disclosure and correction of inaccuracies. It requires those in control of personal data files to take measures to assure only authorized disclosures and ensure informational accuracy. Lastly, the DPA allows consumers to seek and obtain compensation for damages. The Act applies to personal data files relating to living individuals. Collection of data for personal or private use is excluded from its provisions. When certain requirements are met, a corporation may bring an action under the Act's provisions, however, the Act itself does not apply to data concerning corporations.
The Act creates the Chamber of Registration which is responsible for:
Your Rights as the Consumer
A consumer must be informed of the collection of data within one month in writing. Notice must contain the following:
A consumer must be informed of their right to question the existence, accuracy, and origin of data.
Information bureaus may gather information that affects the rights of consumers. For example, a credit bureau may gather information relating to a consumer's creditworthiness. Consent is required for the issuance and dissemination of such information and such consent must be in writing. Data may be issued to a third party if in conjunction with the purpose of the file, on request for research or statistical purposes, or "on the grounds of urgent and important considerations." The Act applies to all civilian collections of personal data, regardless of residency status in the Netherlands. It also applies to foreign files having a Dutch file controller and containing personal data about Netherlands residents. There are certain limited exemptions that may be granted in trans-border data dissemination, however, exemptions are only granted to those countries with adequate data protection laws. The Act limits access to foreign data files dictated by a foreign controller. A total ban on the transfer of data can be issued if it is established that the privacy of an individual is threatened.
For more information on our privacy practices or the privacy regulations in your country, you may contact:
or the Registratiekamer at:
P.O. Box 93374
2595 AJ Den Haag
Phone: +(31) 70 381 1300
Fax: +(31) 70 381 1301Canada's homepage
The Canadian government passed two acts, the Access to Information Act (“AIA”) and the Privacy Act on July 1, 1983 to balance the need for data processing with the competing interests of Canadian citizens for protection of their privacy. Although the AIA received more media attention, it is the Privacy Act that guarantees citizens the right to privacy.
The Privacy Act - General Provisions
The Privacy Act ensures the right of every Canadian citizen and permanent resident:
Personal information is deemed to include:
For more information on our privacy practices or the privacy regulations in your country, you may contact:
or the Privacy Commissioner of Canada at:
Privacy Commissioner of Canada
112 Kent Street, 3rd Floor
Ottawa, Ontario K1A 1H3
Phone: 1 800 267 0441
Fax: 613 947 6850
TDD 613 992 9190
Hong Kong enacted the Personal Data (Privacy) Ordinance (Ordinance) which entered into force December 20, 1996. The Privacy Commission Office is an independent statutory body set up to oversee the enforcement of the Ordinance. The Ordinance has as its core purpose the protection of privacy interests of living, identifiable individuals in relation to personal data. It also contributes to Hong Kong's continued economic well being by safeguarding the free flow of personal data to Hong Kong from restrictions by countries that already have data protection laws. The Ordinance binds the government to ensure the protection of privacy rights of its citizens. Where there is a conflict between the Ordinance and any other legislative action or ordinance, the Privacy Ordinance takes precedence. The Ordinance states its mission as: "A data user shall not do an act, or engage in a practice, that contravenes data protection principle unless the act or practice, as the case may be, is required or permitted under this Ordinance."
The Ordinance provides certain rights to consumers including:
Consumers must be informed of: the rights and obligations of compliance; penalties or consequences for failure to do so; purpose of the data collection; any anticipated third party disclosure; and rights of access and correction. Personal data should not be kept longer than necessary to the fulfillment of the purpose for which they are collected
Data transferred to Hong Kong from other jurisdictions will generally become subject to the requirements of the Ordinance. Section 33 of the Ordinance regulates the transfer of data out of Hong Kong. This section provides for an equivalence test of protection, rather than the adequacy test of the EU Directive. It permits transfers to jurisdictions lacking a data privacy regime where the interests of the consumer are otherwise adequately protected. Examples are where consent has been obtained or there are contractual assurances in place that the data protection principles will be respected.
or the Privacy Commissioner for Personal Data at:
Privacy Commissioner for Personal Data
Privacy Commission Office
1 Harbour Road
Wanchai, Hong Kong
Phone: 852 2827 2827
Fax: 852 2877 7026Germany's homepage
Data protection in Germany has come in two phases. The Federal Data Protection Act (BDSG) was adopted January 27, 1977. The major provisions came into force January 1, 1978 and the technical and organizational measures became effective on January 1, 1979. The BDSG was then replaced in 1991 by a new data protection act which took advantage of the experiences and technical improvements of the previous years as well as judicial opinions of the Federal Constitutional court. Data protection in Germany centers around important concepts of general privacy, human rights and the balance between access to information and privacy concerns. Basically, the German data protection law embodies “informationelles Selbstbestimmungsrecht” - the basic right of the individual to decide on the use and communication of his or her personal data. This tenet is paramount, with the caveat of overriding social or public concerns. The main purpose of the Act is to “protect the individual against his right to privacy being impaired through the handling of his personal data.” The Act states that the “processing and use of personal data shall be admissible only if this Act or any other legal provision permits or prescribes them or the consumer's has consented.” But the Act may be superseded by the interests of the state. The Act states that insofar as “other legal provisions of the Federation are applicable to personal data, including their publication, such provisions shall take precedence over the provisions of this Act.”
Personal data is defined as “any information concerning the personal or material circumstances of an identified or identifiable individual.” Dissemination of personal data to third persons is limited but permissible, as long as there is no threat of harm to the consumer's or his interests.
A consumer has the right of notification of collection of data, notification of content, purpose and identity of recipients and the rights of correction, erasure or blocking. Blocking is defined as the labeling of stored personal data so as to restrict further processing or use. This information must be transmitted to the consumer in writing and free of charge. If a file controller refuses access, a consumer's has the right to appeal to the Federal Commissioner for Data Protection. In general, communication and storage of data is permissible if the business has identifiable and justifiable interests. There are no restrictions, for instance, on information regarding membership in a group, occupation, birth year, name, title, academic degree or address. These categories are not sensitive by their nature and may be of legitimate interest or use of a file controller. Restrictions do apply to sensitive data relating to health, criminal offenses, administrative offenses, or religious or political convictions.
or the Der Bundesbeauftragte für den Datenschutz at:
Der Bundesbeauftragte für den Datenschutz
Phone: +(49) 228 819 95 10
Fax: +(49) 228 819 95 50Belgium's homepage
Belgium enacted the Belgium Data Protection Act (BDPA) on December 8, 1992, to ensure that personal data may only be processed for clearly described and justified purposes and may not be used in a manner incompatible with these purposes.
With regard to sensitive personal data, there are more specific, more stringent rules that must be observed by the file controller. These rules apply to three categories of personal data: highly sensitive, medical and judicial data. Highly sensitive data refers to information on the subject's race, ethnicity, sexual orientation or behavior, political activity or opinion, religious and philosophical beliefs and membership in labor unions. Appropriate groups may, of course, keep membership lists.
The consumer's has the right to information, access, correction or deletion of inaccurate or illegally stored data, appeal and information about these rights. The BDPA refers to information collected both directly from and indirectly about the consumer's. This applies to all consumers in Belgium, including foreign consumers, even when further processing occurs outside of Belgium.
The consumer's has the right to access information directly or through the Privacy Commission. For direct access, the consumer's must submit a written request to the company and can be charged a fee. The company must respond within 45 days with the information. A consumer has a right to correct any misinformation collected free of charge. They must submit a request to the company who must respond within one month and inform any consumer of the correction or deletion. The company must keep the identity of any third consumer for at least one year. A consumer's has the right to appeal any adverse decision through a complaint to the Privacy Commission or before the Chairman of the Court of First Instance. A consumer has the right to be informed of these rights and their methods of exercise. The BDPA doesn't explicitly prohibit or restrict the merging of personal data from different
or the Commission de la Protection de la Vie Privée at:
E-mail address: email@example.com
Commission de la Protection de la Vie Privée
Boulevard de Waterloo 115
Rue de la Regence 61
B - 1000 Brussels
Phone: (32) 2 542 7200
Fax: (32) 2 542 7212
Italy enacted the Processing of Personal Data Act (the Act) in September, 1993. The Act is designed to "ensure that the processing of personal data is carried out by respecting the rights, fundamental freedoms and dignity of natural persons, especially as related to privacy and personal identity..." Personal data is defined under the Act as "any information relating to natural or legal persons, bodies or associations that are or can be identified, even indirectly, by reference to any other information including by a personal identification number..." The law applies to the processing of personal data carried out by any person on Italian soil. It does not apply to data collected for purely personal use, provided that the data are not intended for systematic communication or dissemination. The Act applies to the processing, "on the State's territory, of personal data kept in a foreign country."
All data collected must be:
A consumer has certain rights in regard to the collection of data including:
or the Data Protection Authority at:
Data Protection Authority
Via Della Chiesa Nuova, 8
Telephone: + (39) 6 6889 2135
Fax: + (39) 6 6889 2140
Unlike the other Scandinavian countries, Denmark has passed two acts relative to the protection of privacy and access to information: the Private Registers Act and the Public Registers Act. These acts were adopted by the Danish Folkerting (Parliament) in 1978 and became law January 1, 1979. Amendments were made in 1987. The acts affect "personal data" defined as "data that are referable to identifiable individuals even if such referral presupposes knowledge of the personal registration number or any particular means of identification of such individual." Personal data is data that permit, in any form, directly or indirectly, the identification of the natural persons to which they relate, irrespective of whether the processing is done by a natural or legal person.
A consumer now has the right to know what is registered about him and may submit a request of access once every 12 months. Response must be within four weeks and complaints regarding denial or delay are made to the DSA.
Tickets.com will ensure that:
Personal information will only be processed with the your consent. You are entitled to withdraw consent at any time.
Personal information may be transferred to other countries. The Company will obtain approval from the DSA prior to any transfer so that the DSA can determine if that country can secure adequate data protection. Adequate protection will be decided based on the type of data to be transferred, the purpose of the transfer, the country of (the data's) origin, the country of (the data's) destination, as well as data protection rules and guidelines in place in the receiving country. Data may be transferred with the your consent if the transfer is considered necessary for the completion of a purchase on our site.
In addition, Danish regulatory authorities may permit the transfer of personal data to countries lacking adequate protection, if the data controller can provide satisfactory guarantees for the protection of the data subject. The regulatory authorities will notify the European Commission and the EU member states about any data transfers under the latter rule.
Our Obligations to You and Your Rights
We are committed to protecting your right to privacy. We have demonstrated this commitment by agreeing to the following:
or the Registertilsynet at:
E-mail address: firstname.lastname@example.org
Christians Brygge 28 4 sal
1559 Copenhagen V
Phone: (45) 33 14 38 44
Fax: (45) 33 13 38 43
There are no existing privacy laws in Brazil. The Senate is considering a bill entitled SENATE BILL No. 61 which would place some limits on the collection and use of personal data.
The Company takes your privacy concerns very seriously. If you still have concerns about privacy issues after reading ticket·privacysm, please contact us at email@example.com.
ticket privacySM is effective as of November, 1999, and as amended from time-to-time. ticket privacySM is a statement of our current policy and is not intended to and does not create any contractual or other legal rights in or on behalf of any party.