Tickets.com Inc. Privacy Policy

Tickets.com, Inc. (the “Company”) is committed to complying with all laws intended to protect your right of privacy. This Privacy Policy describes (i) the type of information about you that we collect; and (ii) the Company's practices with respect to gathering and disseminating information about you. This Privacy Policy was established within the context of our Tickets.com Website and the potential for gathering personal information within electronic media; however, this Policy is not limited to the Tickets.com Website. Our Privacy Policy applies whenever you and the Company interact and there is a possibility that during such interaction, we may acquire certain information about you.

The Company may, but is not obligated to, update this Privacy Policy from time to time. You should review this Privacy Policy periodically to familiarize yourself with the most current version. Your purchase of tickets or other merchandise from us constitutes your acceptance of the Privacy Policy then in effect.

1. How And When Does the Company Collect Non-Public Personal Information?

In the course of selling tickets or other merchandise, we may collect and maintain certain nonpublic personal information that will help us to efficiently perform various transactions. In addition, we may be required to share your personal information with certain entertainment organizations and venues (an “Event Host”) as part of our contractual relationship with them. Of course, if you wish to purchase tickets to an event and remain anonymous, you can purchase your tickets in person, directly through the Event Host's box office.

We do not collect personal information (such as names, addresses, phone numbers, email addresses or credit card numbers) about you except when you specifically provide your information on a voluntary basis. Your personal information may be collected as you:

• Become a registered user of the Tickets.com Website
• Purchase tickets or admission to an event or venue
• Sign-up or subscribe for products or services that we may periodically make available
• Participate in a special promotion

2. How And When Does the Company Use Non-Public Personal Information?

The Company may utilize your personal information in several discrete ways.

• If you are purchasing tickets or admission to an event or venue, the Company utilizes your personal information to complete the purchase transaction and to communicate with you about your ticket order, ticket delivery or other inquiry.
  
  
• In addition, whenever you purchase tickets or admission to an event or venue, we may be required to share your personal information with a third party credit card processor to facilitate completion of your transaction. The credit card processor may share the same information with your credit card issuer for the issuer's use in connection with gathering data related to use of their cards, rewards programs or other purposes. You are urged to read and become familiar with the privacy policies governing the use of your credit cards.
  
  
• Also, when you purchase a ticket or admission to an event or venue, we may be contractually required to pass your personal information to the Event Host so that they may communicate with you about the event you are going to attend. Under those circumstances, we cannot offer you the option to opt-out from having your information passed to the Event Host.
  
  
• Event Hosts are not subject to the provisions of this Privacy Policy, which means that they may use your personal information for purposes other than contacting you about the event you are going to attend, unless you contact them and request otherwise. When you purchase tickets to an event, you should read and become familiar with the privacy policies of the Event Host. The Company has no control over the use of your personal information by any Event Host and you agree that we are not liable for any use of your personal information by an Event Host. If you have special preferences concerning use of your personal information by an Event Host, you must communicate those preferences directly to them.
  
  
• When you visit our Website, we may also gather certain information about the use of your computer that we aggregate with similar information collected from other visitor's computers, which we use for statistical and other purposes (see “Aggregate Information” described in Section 4 below).
  
  
• Finally, we may occasionally contact you, typically by email, to notify you of information that might affect your event experience, or to notify you of event cancellations, or errors in your order. Additionally, we may contact you regarding offerings of future events products or services that may be of interest to you. If you are not interested in receiving email notices or advertisement from us, you can unsubscribe at any time.

3. How Long Is Your Personal Information Retained?

If you are a registered user of our Website, we may retain your information as long as you maintain your registered status. If you purchase tickets or other merchandise using a credit card, we will retain your credit card information for a length of time reasonably necessary to process any future transactions related to your purchases, including refunds and charge backs. We occasionally purge our computer system of information relating to visitors of our Website and their past transactions.

4. What Is “Aggregate Information” And What Does the Company Do With It?

Typically, as visitors browse our Website, our computers automatically collect information related to how certain features of our Website are used, what general region our visitors are contacting us from and how many people visit our Website at any given time. We only use this information in the aggregate, which means that we only derive meaning from the sum of all such information gathered for a period of time and accordingly, we refer to this information as “Aggregate Information”. Aggregate Information includes, but is not limited to your computer's (i) Internet browser type (e.g., Microsoft Internet Explorer 5.5), (ii) IP address, (iii) resolution settings, (iv) platform type, and (v) originating URLs of referring web pages. We use Aggregate Information to (a) help diagnose problems with our computers, (b) administer our Website, (c) share certain generalized demographic information with Event Hosts and our advertising partners about visitors of our Website, and (d) provide our advertising partners with information regarding which visitors saw and clicked on certain advertisements on our Website. Aggregate Information does not contain any personal information of any of our Website visitors.

5. What Are “Cookies” And How Does the Company Use Them?

The term “Cookie” is a nickname for files that a website's computer system can deposit onto a visitor's computer hard drive when the visitor is logged on to the website. Cookies are used to recognize a visitor's repeat visits to the website and what pages are accessed and what functionalities are used while he or she is there. The use of cookies is commonplace on the Internet and they take up minimal room on your computer hard drive. Cookies work by assigning a number to your computer that has a specific meaning to the assigning website. Cookies, by themselves, cannot be used to find out the identity of any visitor. Unless you choose to provide us with information about you, we will never know who you are, even though our computer has previously deposited a cookie on your computer's hard drive. Other companies that advertise on our Website also have the ability to deposit a different cookie on your computer's hard drive in a process that we do not control. Since cookies aren't useable for identifying individuals (i.e., we will not store non-public personal information in a cookie), these advertisers will never know who you are. In addition, you may modify your Internet browser's settings to notify you whenever any website is going to deposit a cookie on your computer's hard drive. This notification option generally gives you the opportunity to decide whether to accept or refuse a cookie before it is deposited. There may be some features on our Website, however, that require a cookie to operate correctly. For example, to become a registered user of our Website, you must allow us to deposit a cookie on your computer's hard drive.

6. Consent/Choice Statement

Non-Vermont Computer Users. We do not sell or rent personal information about our on-line customers to any third parties at this time. If we engage in such commerce in the future, our on-line customers will be notified in advance by email and will have an opportunity to remove themselves from such lists prior to being included therein by return email or by emailing us separately at webfeedback@tickets.com.

Vermont Computer Users. Vermont places additional restrictions on sharing a user's personal information while such user resides in Vermont. We will not rent or sell non-public personal information we collect from a user residing in Vermont except (1) as permitted by law or (2) with the express authorization or consent of the Vermont User.

7. Data Quality and Security Statement

We use data security systems to encrypt your personal and financial information to reduce the risk that your information will be obtained by unauthorized persons. Our electronic security measures are complemented by the physical security of our facilities and limited access to certain critical areas, such as our computer locations. However, because of the increasing sophistication of computer hackers and others who would seek to invade our computer systems for the purpose of stealing information, damaging our systems or denying our systems' ability to operate effectively to safeguard personal and financial information as intended, we make no promises as to the security of personal or financial information in our possession or the impenetrability of our computer systems under unusual circumstances or our computer system's resilience to future sophisticated attacks.

8. When Might Information Be Disclosed As A Matter Of Law? We may disclose non-public personal information to unrelated parties in special cases when we have reason to believe that that disclosure is necessary to identify, contact, or bring legal action against a person or persons who may be causing injury to, or interference with, the rights or property of the Company (including our Website), computer users accessing our Website, or any third party. In addition, we may disclose information about individuals who access our Website to law enforcement agencies, judicial or government authorities, or to other individuals or entities in response to subpoenas, court orders, or other legal processes.

9. Links To / From Other Sites Our Website contains links to other Internet websites which we do not operate and, conversely, other Internet websites may contain links to our Website. We are not aware of and are not responsible for the privacy policies, practices, or content of such other websites. We encourage visitors to read and become familiar with the privacy policies maintained by such other websites.

10. Information of Minors & Children. We do not target our Website or our products or merchandise for sale on our Website to children, and our Website does not seek to collect contact information from children under the age of 13. If you are under the age of 13, please do not email us, contact our Website, attempt to use our Website, submit information to our Website, or ask us to email you. If you are under the age of 18, you should get permission from a parent or guardian before you email our Website, contact our Website, attempt to use our Website, submit information to our Website, or ask us to email you.

Privacy Principles for Non USA Based Business:
ticket privacy^SM

Tickets.com, Inc., a Delaware corporation with its principal place of business in California (the “Company”), created ticket privacy^SM in order to demonstrate the Company's firm commitment to your privacy and privacy-related concerns. The following sets forth the Company's information gathering, use, and dissemination practices.

It is the Companies policy to allow our customers to control what personal information you provide to us. As a customer of the Company you:

1. Control what personally identifiable information is collected
2. Control what the Company can do with the information
3. Have our commitment to your right of privacy

Information Collection - Notice and Disclosure Statement

From time to time, Tickets.com may ask customers to provide personal information that will help the Company efficiently perform various transactions. That information may be sought as you:

1. Register for general information
2. Register for a free trial or demonstration of certain products and services
3. Sign up or subscribe to products and services
4. Participate in a special offer or contest

The Company does not collect personal information - names, addresses, phone numbers, email addresses or credit card numbers - about you except when you specifically provide such information on a voluntary basis; like, for instance, purchase sports or entertainment tickets, or make inquiries about ticket or reservation availability.

The Company may utilize your personal information in several discrete ways.

• If you are purchasing sports or entertainment tickets, the Company utilizes your personal information to communicate with you about your ticket order or ticket inquiry. Also, as is always the case whenever you buy a ticket to a sports or entertainment event, the entertainment organization is entitled to know the name and address of all who purchased a ticket. The Company has no control whatsoever over the entertainment organization's use of that information.
• If you come to our web site from one of our strategic partners or register with us, your personal information provided to us may be shared with our strategic partners and used in accordance with their standard policies.
• As a valued customer of Tickets.com the Company will occasionally contact you, typically by email (or any other way you prefer) in order to notify you of special ticketing promotions, and up-to-date news, custom-tailored to your personal sports, and entertainment interests. Of course, if you do not wish to receive this personalized information, you can always let us know by e-mailing us at webfeedback@tickets.com, and we will happily abide by your wishes.
• Notwithstanding the foregoing, the Company reserves the right to contact you, utilizing your personal information, to inform you of information that might affect your sports or entertainment experience.

The Company uses your Internet Protocol (IP) address to help diagnose problems with our computer server, and to administer our web site. Your IP address is used to help identify you, and to gather broad demographic data. Your IP address contains no personal information about you.

The Company does, however, perform statistical analysis of customer usage in order to measure interest in, and use of, the various parts of the Company's web site, and the Company shares that information with current and prospective advertisers, and other interested third parties. But, this information is aggregated data only (statistics, etc.), and contains no personally identifiable information whatsoever.

Tickets.com users should be aware that non-personal information and data may be automatically collected by virtue of the standard operation of the Company computer servers or through the use of "cookies". Cookies are files a web site can use to recognize repeat users, and allow a web site to track web usage behavior. Cookies take up minimal room on your computer and cannot damage your computer's files. Cookies work by assigning a number to the user that has a specific meaning to the assigning web site. Cookies, by themselves, cannot be used to find out the identity of any user. Unless you choose to provide us with information about you, the Company will never know who you are, even though we assign your computer a cookie. Other companies that place advertising on our site also have the ability to assign a different cookie to you in a process that the Company does not control. But since cookies aren't useable for identifying individuals, these advertisers will never know who you are - and the Company will never tell them! If you do not want information to be collected through the use of cookies, your browser allows you to deny or accept the use of cookies. There may, however, be some features on the Company's web site that require the use of cookies in order to customize the delivery of information to you.

Consent/Choice Statement

The Company does not sell or rent personal information about its customers to any third parties at this time. In the event the Company does engage in such commerce in the future, you will have an opportunity to remove yourself from any such lists prior to your inclusion therein by emailing us at webfeedback@tickets.com.

Data Quality and Security Statement

The Company maintains strict data security systems that ensure specific individual information will not be made available to any unauthorized person. We use a multi-level security system to control access to information stored for our customers. This is complemented with physical security of our facilities and limited access to certain critical areas.

The Company is committed to educate our employees about the issues and laws surrounding individual rights to privacy. We provide information to all employees on the importance of consumer privacy. We provide ongoing education to our employees on the laws and accepted practices under which the Company operates. All new employees agree, as a condition of employment with us, to safeguard the personal data that is under our control. We ensure that all employees understand the provisions of our Privacy Policy.

The Company is committed to work with recognized trade associations and organizations that support consumer privacy.

In each country where we operate, we actively participate in the Direct Marketing Association's efforts to maintain and develop appropriate industry guidelines that safeguard the individual's right to privacy. We recognize and actively support sectoral codes of practice and relevant legislation which covers other industry-specific guidelines on privacy such as the European Union Data Protection Act, the recommendations of the Office of Telecommunications in the UK, and the National Health and Medical Research guidelines in Australia.

Data Protection and Privacy legislation was originally developed in Europe and now exists in many countries worldwide. Wherever the Company operates, we are committed to adhering to the relevant data protection legislation and/or industry codes of practices.

Privacy Principles for Non USA Based Business

Privacy in the United Kingdom

Back to United Kingdom's homepage

We will adhere to the overall privacy principles of Tickets.Com set out on this website. In addition, in the United Kingdom we will ensure that:-

1. In the UK the company responsible is Tickets.Com Limited a subsidiary of Tickets.Com Inc. The address is Tickets.com Ltd, 252 Upper Third Street, Milton Keynes, Buckinghamshire, MK9 1NP. Data is kept on the company's database but supplied to any venue from which you choose to purchase tickets. In using our service you consent to us supplying your data to the venue as this is necessary for the purchase of tickets. Venues hold personal data subject to their own privacy policies under the Data Protection Act. From time to time we may contact you with details of special offers or other promotions which we think will be of interest to you. If you have asked us by email or otherwise in writing not to contact you, we will not do so.
2. We may use aggregated information and statistics for the purpose of monitoring website usage in order to help us develop the website and our services and may provide such aggregated information for third parties. However, these statistics will not include any information that can be used to identify any living individual.
3. Tickets.Com is an international business and all its computer and information systems are web based. The servers housing the web based information are physically situated in the United States of America and in giving personal data to Tickets.Com you consent to the transfer of data out of the European Economic Area (EEA) in particular to the United States of America.
4. Web servers and other means of processing data used by Tickets.Com will have in place at all times appropriate technical and organisational security measures to ensure a level of security appropriate to the harm that might result from unauthorised or unlawful processing or the accidental loss of, destruction or damage to personal data.
5. Data stored on the web servers of Tickets.Com may be accessed by subsidiaries in other countries. Details of these countries and their Data Protection Policies are set out elsewhere in this Privacy Policy and most of those countries are either countries within the EEA or countries which adhere to data protection standards which are deemed to be sufficient by the EEA. The USA does not have the same standards of protection for personal data as in the EEA but there as elsewhere, Tickets.Com maintain standards of privacy in accordance with the International Standards set out at the commencement of this Privacy Policy.
6. For information regarding Privacy Policy as applied to the UK please contact us by email at UKPrivacyPolicy@tickets.com You can also obtain information from the office of the Information Commissioner who administers Data Protection on 01625 545745 or email data@dataprotection.gov.uk.

Data Protection in Australia

Back to Australia's home page

The Commonwealth Privacy Act 1998 implements strict privacy protection which Commonwealth and government agencies must observe when collecting, storing, using and disclosing personal information. Other Commonwealth laws contain privacy provisions relating to information about health insurance claims, data matching, information about old criminal convictions and personal information disclosed by telecommunications companies. The Privacy Act applies to the private sector only with respect to tax file numbers and consumer credit information. The Federal Privacy Commissioner has encouraged Australian businesses to develop voluntary industry codes of conduct to meet privacy standards. In February 1998, the Commissioner issued a document entitled "National Principles for the Fair Handling of Personal Information." The National Principles are based on the OECD Guidelines. These Principles address the collection, use, and disclosure of data; data quality and security; openness, access and correction; identifiers, anonymity, trans-border data flows and sensitive information. In December 1998, the Federal Government announced that it intends to enact legislation to strengthen self-regulatory privacy protection in the private sector. They also announced that the legislation that will be introduced would be based on the National Principles. The Company is committed to adherence to industry codes of conduct and/or legislation that will be required to process data in Australia and respects the privacy rights of the citizens of Australia.

For more information on our privacy practices or the privacy regulations in your country, you may contact:

PTYPrivacyPolicy@tickets.com

or the Privacy Commissioner's Office at:

Privacy Commissioner's Office

GPO

Box 5218

Sydney, NSW, Australia 1042

Phone: 1-300 363 992

Fax: 02 9284 9666

E-mail: privacy@hreoc.gov.au

URL: www.privacy.gov.au

Privacy in the Netherlands

Back to Netherlands' homepage

The Netherlands enacted the Data Protection Act (DPA or the Act) on July 1, 1989. The DPA promotes self-regulation, and provides consumers with certain rights, including notice, access to information, disclosure and correction of inaccuracies. It requires those in control of personal data files to take measures to assure only authorized disclosures and ensure informational accuracy. Lastly, the DPA allows consumers to seek and obtain compensation for damages. The Act applies to personal data files relating to living individuals. Collection of data for personal or private use is excluded from its provisions. When certain requirements are met, a corporation may bring an action under the Act's provisions, however, the Act itself does not apply to data concerning corporations.

The Act creates the Chamber of Registration which is responsible for:

• monitoring privacy development
• advising the cabinet on privacy matters
• enforcing the provisions of the Act

Your Rights as the Consumer

A consumer must be informed of the collection of data within one month in writing. Notice must contain the following:

• purpose of the file
• name and address of file controller

A consumer must be informed of their right to question the existence, accuracy, and origin of data.

Information Bureaus

Information bureaus may gather information that affects the rights of consumers. For example, a credit bureau may gather information relating to a consumer's creditworthiness. Consent is required for the issuance and dissemination of such information and such consent must be in writing. Data may be issued to a third party if in conjunction with the purpose of the file, on request for research or statistical purposes, or "on the grounds of urgent and important considerations." The Act applies to all civilian collections of personal data, regardless of residency status in the Netherlands. It also applies to foreign files having a Dutch file controller and containing personal data about Netherlands residents. There are certain limited exemptions that may be granted in trans-border data dissemination, however, exemptions are only granted to those countries with adequate data protection laws. The Act limits access to foreign data files dictated by a foreign controller. A total ban on the transfer of data can be issued if it is established that the privacy of an individual is threatened.

For more information on our privacy practices or the privacy regulations in your country, you may contact:

BVPrivacyPolicy@tickets.com

or the Registratiekamer at:

E-mail: mail@registratiekamer.nl

Registratiekamer

P.O. Box 93374

PrinsClauslaan 20

2595 AJ Den Haag

The Netherlands

Phone: +(31) 70 381 1300

Fax: +(31) 70 381 1301

Privacy in Canada

Back to Canada's homepage

The Canadian government passed two acts, the Access to Information Act (“AIA”) and the Privacy Act on July 1, 1983 to balance the need for data processing with the competing interests of Canadian citizens for protection of their privacy. Although the AIA received more media attention, it is the Privacy Act that guarantees citizens the right to privacy.

The Privacy Act - General Provisions

The Privacy Act ensures the right of every Canadian citizen and permanent resident:

1. to know (with certain exceptions) of the existence of files relating to him or her
2. to be able to examine, challenge and correct any information
3. to know the purposes of the information collected
4. to be consulted as to future use of any information

Personal information is deemed to include:

1. race, ethnic origin, religion, age or marital status;
2. educational, medical, employment, criminal or bank records;
3. address, fingerprints, blood type or any identifying number relating to the individual;
4. another individual's opinion about the individual;
5. the individual's opinions on proposals for a grant;
6. correspondence with a government institution; or
7. the individual's name, if attached to any personal information.

For more information on our privacy practices or the privacy regulations in your country, you may contact:

webfeedback@tickets.com

or the Privacy Commissioner of Canada at:

E-mail: clavoie@fox.nstn.ca

URL: infoweb.magi.com/~privcan

Privacy Commissioner of Canada

112 Kent Street, 3rd Floor

Ottawa, Ontario K1A 1H3

Phone: 1 800 267 0441

Fax: 613 947 6850

TDD 613 992 9190

Privacy in Hong Kong

Hong Kong enacted the Personal Data (Privacy) Ordinance (Ordinance) which entered into force December 20, 1996. The Privacy Commission Office is an independent statutory body set up to oversee the enforcement of the Ordinance. The Ordinance has as its core purpose the protection of privacy interests of living, identifiable individuals in relation to personal data. It also contributes to Hong Kong's continued economic well being by safeguarding the free flow of personal data to Hong Kong from restrictions by countries that already have data protection laws. The Ordinance binds the government to ensure the protection of privacy rights of its citizens. Where there is a conflict between the Ordinance and any other legislative action or ordinance, the Privacy Ordinance takes precedence. The Ordinance states its mission as: "A data user shall not do an act, or engage in a practice, that contravenes data protection principle unless the act or practice, as the case may be, is required or permitted under this Ordinance."

The Ordinance provides certain rights to consumers including:

• access
• correction or erasure
• copies of information held
• complaint procedures for denial of access
• compensation for damages suffered as a result of unauthorized disclosure or misuse.

Consumers must be informed of: the rights and obligations of compliance; penalties or consequences for failure to do so; purpose of the data collection; any anticipated third party disclosure; and rights of access and correction. Personal data should not be kept longer than necessary to the fulfillment of the purpose for which they are collected

Data transferred to Hong Kong from other jurisdictions will generally become subject to the requirements of the Ordinance. Section 33 of the Ordinance regulates the transfer of data out of Hong Kong. This section provides for an equivalence test of protection, rather than the adequacy test of the EU Directive. It permits transfers to jurisdictions lacking a data privacy regime where the interests of the consumer are otherwise adequately protected. Examples are where consent has been obtained or there are contractual assurances in place that the data protection principles will be respected.

For more information on our privacy practices or the privacy regulations in your country, you may contact:

webfeedback@tickets.com

or the Privacy Commissioner for Personal Data at:

E-mail: pco@pco.org.hk

URL: www.pco.org.hk

Privacy Commissioner for Personal Data

Privacy Commission Office

Unit 2001

20/F

Office Tower

Convention Plaza

1 Harbour Road

Wanchai, Hong Kong

Phone: 852 2827 2827

Fax: 852 2877 7026

Privacy in Germany

Back to Germany's homepage

Data protection in Germany has come in two phases. The Federal Data Protection Act (BDSG) was adopted January 27, 1977. The major provisions came into force January 1, 1978 and the technical and organizational measures became effective on January 1, 1979. The BDSG was then replaced in 1991 by a new data protection act which took advantage of the experiences and technical improvements of the previous years as well as judicial opinions of the Federal Constitutional court. Data protection in Germany centers around important concepts of general privacy, human rights and the balance between access to information and privacy concerns. Basically, the German data protection law embodies “informationelles Selbstbestimmungsrecht” - the basic right of the individual to decide on the use and communication of his or her personal data. This tenet is paramount, with the caveat of overriding social or public concerns. The main purpose of the Act is to “protect the individual against his right to privacy being impaired through the handling of his personal data.” The Act states that the “processing and use of personal data shall be admissible only if this Act or any other legal provision permits or prescribes them or the consumer's has consented.” But the Act may be superseded by the interests of the state. The Act states that insofar as “other legal provisions of the Federation are applicable to personal data, including their publication, such provisions shall take precedence over the provisions of this Act.”

Personal data is defined as “any information concerning the personal or material circumstances of an identified or identifiable individual.” Dissemination of personal data to third persons is limited but permissible, as long as there is no threat of harm to the consumer's or his interests.

A consumer has the right of notification of collection of data, notification of content, purpose and identity of recipients and the rights of correction, erasure or blocking. Blocking is defined as the labeling of stored personal data so as to restrict further processing or use. This information must be transmitted to the consumer in writing and free of charge. If a file controller refuses access, a consumer's has the right to appeal to the Federal Commissioner for Data Protection. In general, communication and storage of data is permissible if the business has identifiable and justifiable interests. There are no restrictions, for instance, on information regarding membership in a group, occupation, birth year, name, title, academic degree or address. These categories are not sensitive by their nature and may be of legitimate interest or use of a file controller. Restrictions do apply to sensitive data relating to health, criminal offenses, administrative offenses, or religious or political convictions.

For more information on our privacy practices or the privacy regulations in your country, you may contact:

GMBHPrivacyPolicy@tickets.com

or the Der Bundesbeauftragte für den Datenschutz at:

E-mail: de.bund400@bfd.posteingang

Der Bundesbeauftragte für den Datenschutz

Postfach 200112

53131 Bonn

Germany

Phone: +(49) 228 819 95 10

Fax: +(49) 228 819 95 50

Privacy in Belgium

Back to Belgium's homepage

Belgium enacted the Belgium Data Protection Act (BDPA) on December 8, 1992, to ensure that personal data may only be processed for clearly described and justified purposes and may not be used in a manner incompatible with these purposes.

With regard to sensitive personal data, there are more specific, more stringent rules that must be observed by the file controller. These rules apply to three categories of personal data: highly sensitive, medical and judicial data. Highly sensitive data refers to information on the subject's race, ethnicity, sexual orientation or behavior, political activity or opinion, religious and philosophical beliefs and membership in labor unions. Appropriate groups may, of course, keep membership lists.

The consumer's has the right to information, access, correction or deletion of inaccurate or illegally stored data, appeal and information about these rights. The BDPA refers to information collected both directly from and indirectly about the consumer's. This applies to all consumers in Belgium, including foreign consumers, even when further processing occurs outside of Belgium.

The consumer's has the right to access information directly or through the Privacy Commission. For direct access, the consumer's must submit a written request to the company and can be charged a fee. The company must respond within 45 days with the information. A consumer has a right to correct any misinformation collected free of charge. They must submit a request to the company who must respond within one month and inform any consumer of the correction or deletion. The company must keep the identity of any third consumer for at least one year. A consumer's has the right to appeal any adverse decision through a complaint to the Privacy Commission or before the Chairman of the Court of First Instance. A consumer has the right to be informed of these rights and their methods of exercise. The BDPA doesn't explicitly prohibit or restrict the merging of personal data from different

For more information on our privacy practices or the privacy regulations in your country, you may contact:

BVPrivacyPolicy@tickets.com

or the Commission de la Protection de la Vie Privée at:

E-mail address: privacy@infoboard.be

Commission de la Protection de la Vie Privée

Boulevard de Waterloo 115

Rue de la Regence 61

B - 1000 Brussels

Belgium

Phone: (32) 2 542 7200

Fax: (32) 2 542 7212

Privacy in Italy

Italy enacted the Processing of Personal Data Act (the Act) in September, 1993. The Act is designed to "ensure that the processing of personal data is carried out by respecting the rights, fundamental freedoms and dignity of natural persons, especially as related to privacy and personal identity..." Personal data is defined under the Act as "any information relating to natural or legal persons, bodies or associations that are or can be identified, even indirectly, by reference to any other information including by a personal identification number..." The law applies to the processing of personal data carried out by any person on Italian soil. It does not apply to data collected for purely personal use, provided that the data are not intended for systematic communication or dissemination. The Act applies to the processing, "on the State's territory, of personal data kept in a foreign country."

All data collected must be:

• Processed lawfully and fairly
• Collected and recorded for specific purposes
• Accurate and, when necessary, kept up to date
• Adequate, relevant and not excessive to the stated purpose of collection
• Kept in a form that permits identification of the consumer for no longer than is necessary for the purpose of collection.

A consumer has certain rights in regard to the collection of data including:

• The purpose of collection
• An opt in for data collection
• The consequences for failure to provide data
• Any third party transmission anticipated
• The name, denomination or trade name, domicile, residence or registered office of the company processing and/or storing the data

For more information on our privacy practices or the privacy regulations in your country, you may contact:

webfeedback@tickets.com

or the Data Protection Authority at:

E-mail: mc7796@mclink.it

URL: www.privacy.it

Data Protection Authority

Via Della Chiesa Nuova, 8

00186 Rome

Italy

Telephone: + (39) 6 6889 2135

Fax: + (39) 6 6889 2140

Privacy in Denmark

Unlike the other Scandinavian countries, Denmark has passed two acts relative to the protection of privacy and access to information: the Private Registers Act and the Public Registers Act. These acts were adopted by the Danish Folkerting (Parliament) in 1978 and became law January 1, 1979. Amendments were made in 1987. The acts affect "personal data" defined as "data that are referable to identifiable individuals even if such referral presupposes knowledge of the personal registration number or any particular means of identification of such individual." Personal data is data that permit, in any form, directly or indirectly, the identification of the natural persons to which they relate, irrespective of whether the processing is done by a natural or legal person.

A consumer now has the right to know what is registered about him and may submit a request of access once every 12 months. Response must be within four weeks and complaints regarding denial or delay are made to the DSA.

Tickets.com will ensure that:

• The purposes of data collection and processing are being clearly specified
• Only information that is relevant and necessary for the original purpose is being processed
• Our customers will be able to contact us to obtain what information we are storing to determine that the information is up to date and accurate
• Personal information is not kept any longer than required

Personal information will only be processed with the your consent. You are entitled to withdraw consent at any time.

Personal information may be transferred to other countries. The Company will obtain approval from the DSA prior to any transfer so that the DSA can determine if that country can secure adequate data protection. Adequate protection will be decided based on the type of data to be transferred, the purpose of the transfer, the country of (the data's) origin, the country of (the data's) destination, as well as data protection rules and guidelines in place in the receiving country. Data may be transferred with the your consent if the transfer is considered necessary for the completion of a purchase on our site.

In addition, Danish regulatory authorities may permit the transfer of personal data to countries lacking adequate protection, if the data controller can provide satisfactory guarantees for the protection of the data subject. The regulatory authorities will notify the European Commission and the EU member states about any data transfers under the latter rule.

Our Obligations to You and Your Rights

We are committed to protecting your right to privacy. We have demonstrated this commitment by agreeing to the following:

• We will always inform you is collecting and processing the data you provide
• We will always inform you about the purpose for which the data is being processed
• We will try to provide additional information that the Company determines necessary to protect your rights
• Upon request from you we will inform you about what kind of information is being processed, for what purpose, and who has access to the data
• You may, for valid reasons, object to the processing of specific data and request the correction or deletion of erroneous information
• You may, for any reason, object to the processing of data for marketing purposes

For more information on our privacy practices or the privacy regulations in your country, you may contact:

webfeedback@tickets.com

or the Registertilsynet at:

E-mail address: sekretariat@registertilsynet.dk

URL: www.registertilsynet.dk

Registertilsynet

Christians Brygge 28 4 sal

1559 Copenhagen V

Denmark

Phone: (45) 33 14 38 44

Fax: (45) 33 13 38 43

Privacy in Brazil

There are no existing privacy laws in Brazil. The Senate is considering a bill entitled SENATE BILL No. 61 which would place some limits on the collection and use of personal data.

The Company takes your privacy concerns very seriously. If you still have concerns about privacy issues after reading ticket·privacysm, please contact us at webfeedback@tickets.com.

ticket privacy^SM is effective as of November, 1999, and as amended from time-to-time. ticket privacy^SM is a statement of our current policy and is not intended to and does not create any contractual or other legal rights in or on behalf of any party.