Promoter Data Processing and Data Sharing Terms
These terms form part of the Promoter Terms of Service and set out the data-protection roles and responsibilities of eTickets and promoters. They should be read with our Privacy Policy.
Data roles
For platform operation, payment records, security, support, fraud prevention, compliance, and account administration, eTickets acts as an independent controller. For customer and guest-list data collected on behalf of a promoter so the promoter can run an event, the promoter is normally the controller and eTickets acts as processor.
PayPal is an independent controller for its own payment-service processing. eTickets and PayPal each process personal data for their own responsibilities under applicable payment and partner arrangements.
Event data processed for promoters
- Buyer name, email address, phone number, selected tickets, order amount, booking fee, and payment status.
- Ticket-holder names, membership numbers, guest-list data, QR-code ticket and scan status.
- Refund records, dispute records, order notes, and support context where relevant to the event.
Promoter instructions
eTickets processes promoter event data to provide the ticketing service, issue and validate tickets, support refunds, provide guest lists and sales records, and meet legal or payment obligations. Promoters must not instruct eTickets to process data unlawfully or in a way that conflicts with eTickets platform security, PayPal obligations, or legal requirements.
Promoter use of data
Promoters may access customer and guest data needed for event operation. Promoters must use it lawfully, protect it, restrict access to staff who need it, and avoid using it for unrelated marketing unless they have a separate lawful basis and any required consent. eTickets controller-role data is strictly functional unless a user separately opts in to a future notification service.
Special-category or sensitive data
No current event fields are intended to collect dietary, accessibility, health, or other sensitive information. If a promoter needs these fields in future, the event setup, wording, legal basis, access controls, and retention will be separately reviewed before the fields are enabled. Sensitive event-response data will be deleted from eTickets systems after the event once it is no longer needed for event operation, disputes, or legal obligations.
Security
eTickets uses portal roles and server-side sessions to restrict access. Promoters must assign roles carefully, remove users who no longer need access, protect exported data, and report suspected compromise promptly.
Sub-processors and providers
eTickets may use hosting, database, email, PayPal, Google Wallet, Cloudflare Turnstile, logging, support, professional, or operational providers as needed to provide the service. eTickets remains responsible for its processor obligations where it uses sub-processors for promoter-controlled event data.
Retention and deletion
Event data is retained only for as long as needed for ticketing, entry, accounting, support, refunds, disputes, fraud prevention, audit, and legal obligations, and is then deleted or anonymised. Our Privacy Policy describes our retention approach, and more detail on specific periods is available on request. Promoters must not keep exported customer or guest data longer than needed for lawful event purposes.
Assistance
Where legally required and reasonably practical, eTickets will help promoters respond to data-subject requests, security incidents, or regulatory queries relating to promoter-controlled event data.