VillageTix

Privacy Policy

Last updated: 3 June 2026

This policy explains what personal data VillageTix handles, why, and the rights you have under the UK GDPR and the Data (Use and Access) Act 2025 (DUAA).

Who is the controller?

When you buy a ticket, the event organiser is the data controller for your booking — they decide why and how your data is used to run their event. VillageTix is their processor: we run the platform on their behalf and only handle your data on their instructions.

When you sign up as an organiser, VillageTix is the controller for your account data (name, email, organisation details, login credentials).

What data we handle

  • Buyers: name, email address, ticket purchases, order history, and basic technical data (IP address, browser) needed to deliver tickets and prevent fraud.
  • Organisers: name, email, organisation details, event content you create, payout details (handled by Stripe, not stored by us).
  • Payment data: processed directly by Stripe. We never see or store full card details.

Why we use it (lawful bases)

  • Contract: to deliver tickets you bought and the platform services an organiser signed up for.
  • Legal obligation: to keep order records for HMRC (six years) and respond to lawful requests.
  • Legitimate interests: to keep the service secure, prevent fraud, and send essential service emails.

How long we keep it

  • Order and ticket records: 6 years (HMRC requirement).
  • Email suppression list (unsubscribes/bounces): 2 years.
  • Data-protection complaint records: 6 years.
  • Account data: until you delete your account, then up to 30 days.

Who we share it with

  • Stripe — payment processing (data may be transferred to the US under UK adequacy / SCCs).
  • The event organiser — for tickets you buy from them.
  • Email delivery providers — to send your confirmations and tickets.
  • No sale of personal data, ever. No advertising trackers.

Your rights

Under UK GDPR you have the right to access, correct, erase, port, and object to the use of your data. Under DUAA you also have the right to complain directly to a controller and receive a substantive response without undue delay.

To file a data-protection complaint with us, use the form at /complaints. We'll acknowledge it immediately and respond substantively as quickly as possible (and in any case within statutory timeframes). You can also contact the UK Information Commissioner's Office at ico.org.uk.

Contact

For any privacy question, email ku.bewnrevyw.xitegalliv@troppus.