GDPR Information

TixEvery GDPR Notice (Data Subject Rights & Handling) Effective date: 24 February 2026 Version: 1.0

This notice explains how to exercise your data rights and how TixEvery handles data protection requests.

Who is responsible for your data The Event Organiser is typically the Data Controller for customer data used to sell tickets and administer their Event and fulfil organiser Products/Add-ons. TixEvery may act as a Data Controller for platform security, fraud prevention, service improvement, analytics and account administration, and/or a Data Processor processing data on behalf of an Organiser to facilitate Orders and administer Events.

How to submit a GDPR request (DSAR) Email: privacy@tixevery.com

Subject line: GDPR Request – Your Name Include your full name, the email address used to purchase, the event name (if relevant), the request type, and any supporting details. We may request verification to protect your data.

Request types we handle Access to personal data Correction of inaccurate data Deletion where applicable Restriction of processing where applicable Objection to processing including marketing Portability where applicable Withdrawal of consent where processing relies on consent

Timescales We aim to respond within one month. Complex requests may take longer where permitted by law; we will explain any extension.

Marketing opt-out You can opt out of marketing at any time using unsubscribe links or by contacting privacy@tixevery.com. Where required, marketing senders must provide an opt-out at the point of data collection and in every marketing message, and may only rely on PECR soft opt-in where all legal conditions are met. Opt-outs will be honoured promptly and within legally required timeframes.

Complaints If you are unhappy, contact us first at privacy@tixevery.com. You may also complain to the UK Information Commissioner’s Office (ICO).

Request handling detail

Some requests relate to TixEvery-controlled processing, such as platform accounts, support records and service analytics. Other requests relate to organiser-controlled processing, such as event attendance lists or organiser marketing, which organisers must conduct only where permitted by law, including where consent has been obtained or PECR soft opt-in conditions are met. We may need to verify identity, authority or an authorised agent before acting on a request.

Rights such as access, rectification, erasure, restriction, objection and portability are not absolute and may depend on the lawful basis, legal retention duties, fraud prevention needs, payment records or organiser obligations. Where portability applies, we will provide information in a reasonably usable format.

If you are unhappy with our response, you can ask us to review it. You may also contact the UK Information Commissioner's Office or your local supervisory authority where applicable.