DigiTickets GDPR Statement

31st March, 2018

Introduction

The General Data Protection Regulation (GDPR) comes into effect on 25^th May 2018. We’re pleased to confirm that DigiTickets will be GDPR compliant prior to the deadline, and we’ve set out some additional information below highlighting the changes that will shortly be taking effect within the DigiTickets software.

As your chosen Data Processor, we’ve always recognised the importance of the end-user personal data that you collect and to that end, we have always maintained strong data processing procedures and principles, combined with ensuring our solutions have exceptional security and infrastructure.

As part of the GDPR process, we have been busy reviewing, scoping and enhancing the DigiTickets software where required. We are in the closing stages of the final enhancements to provide you with the requisite functionality to allow you to comply with GDPR, and the below points summarise the key functionality applicable to GDPR.

Features & Functionality Relating To GDPR

• Customisable data collection during booking journey
  • You choose which end user personal data you collect during the sale process. Setup custom data collection fields to collect permissions required to process data under GDPR.
  • The ability to make data fields mandatory or optional.
  • The ability to fully customise any additional email content (eg pre, during and post visit emails).
     
• New Dynamic Privacy Policies (**)
  • Ability to upload your new GDPR compliant privacy policy and keep it up to date.
  • Option to use the (i) icons where data is collected from end-users to provide additional reasons about why you are collecting their data.
     
• New Customer Preferences Modules
  • Ability to manage end-user’s preferences.
  • Reporting functionality.
     
• Authorised Users
  • The ability to restrict access to functionality within DigiTickets as required, controlling which employees deal with end-user data.
  • You will be able to produce a full audit log of each employee.
     
• Ability to anonymise / pseudonymise end-user data
  • Once you have processed the data in line with the permissions obtained under GDPR the data can be set to be automatically permanently anonymised and no longer capable for being processed.
  • Pseudonymisation means that the end user data will be temporarily anonymised allowing you to deal with data queries from end-users in line with the requirements of GPDR.
     
• Revised Privacy Policy
  • We will shortly be releasing our updated privacy policy which will be located our on website once complete. In line with GDPR, you will need to update your own privacy policy prior to 25^th May 2018.

Security Measures & Data Storage

The security of your end-user data is of paramount importance to us and this is why our cloud-based software, and your end-user personal data, is stored on Amazon Web Services (AWS) – one of the world’s leading hosting infrastructures. We have been carefully watching AWS’ progress with GDPR and on 26 March 2018 they confirmed that all their services were GDPR ready. AWS have confirmed that they have developed functionality that allows for:

• Encryption of personal data.
• Ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services.
• Ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.
• Processes for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of processing.

See here for further information https://aws.amazon.com

We can confirm that DigiTickets does not store any data outside of the EU. However, in the event that you have requested that we transfer data to third parties who you directly contract with (such as mail providers or payment gateways), you will need to check directly with the third parties in question as to where they store your data.

GDPR Administrative Changes

We have also been ensuring that our internal procedures and processes comply with GDPR and the following documents will be shortly ready for release:

• New Privacy Policy for the DigiTickets website.
• New Cookie Policy for the DigiTickets website.
• GDPR addendum to our standard contracts.
• New Data Protection Policy.

We have been busy training our staff and ensuring that their knowledge in respect of GDPR is up to date. You will see some changes in the way in which data handling / processing requests are dealt with by our team to ensure that the end-user data is kept secure. These will be detailed in our New Data Protection Policy which will be released shortly.

GDPR Advice

We pride ourselves on being helpful and going that extra mile with our service, but unfortunately, we cannot provide you with any advice about how you need to comply with the requirements under GDPR because we do not have the ability to fully audit your business and to determine how you process your end-user data.

We have been working hard to update the functionality within DigiTickets as required and we believe that we have an adaptable product to meet all GDPR needs of each of our clients. However, you will need to take your own advice in respect of GDPR as DigiTickets cannot accept any liability or responsibility for how you approach or comply with GDPR.

We will of course provide you with all of the necessary guidance and explanation about the functionality DigiTickets offers but suggest that if you are unsure on how to comply with GDPR that you seek your own legal advice.