Privacy Policy

This Privacy Policy explains how UTIX collects, uses, discloses, and protects personal data when you use our Platform.

We aim to comply with applicable data protection laws, including the UK GDPR and the Data Protection Act 2018 where they apply. Requirements may vary depending on where you are located.

2.1 UTIX as controller (Platform operations). UTIX acts as a controller for personal data we process to:

• create and manage accounts;
• deliver Tickets and access credentials;
• provide customer support;
• secure the Platform and prevent fraud;
• operate communications relating to Platform usage.

2.2 Organisers as independent controllers (Events). When you buy/register for an Event, the Organiser receives attendee data and is an independent controller for that data. Organisers decide how they use attendee data for Event delivery and must provide their own privacy disclosures where required.

2.3 UTIX as processor for certain Organiser tools. Where we provide Organiser tools that process attendee data on the Organiser’s instructions (e.g., Organiser messaging, export tools), UTIX may act as a processor for those specific processing activities.

We collect personal data from you, from your use of the Platform, and from Organisers and payment partners.

Account and identity

• Email address
• Name (first/last, display name)
• Account identifiers (user ID, organiser membership IDs)

Contact and profile

• Phone number (if provided)
• Billing address (if provided)
• Country, timezone, home city (if provided)

Ticketing and event data

• Ticket details (ticket ID, tier, event, status)
• Order information (amount, currency, discounts, taxes, timestamps)
• Attendance/check-in logs (scan time, result, gate/device identifiers)

Payment and financial

• Payment references (e.g., Stripe PaymentIntent IDs)
• Connected account identifiers for Organisers and sellers (e.g., Stripe account IDs)
• Refund/chargeback/dispute metadata

Device and technical

• IP address (security/rate limiting/audit)
• Browser user agent, OS/device type
• Device identifiers used for scanning/check-in
• Logs relating to authentication and security events

Communications

• Email delivery events (delivered/bounced/complaint)
• Unsubscribe/suppression records
• Support communications you send to us

On-chain / wallet data (where enabled)

• Wallet address
• Wallet provider user identifiers
• Token IDs and transaction hashes related to ticketing

Custom registration responses

• Answers to Organiser-defined questions (which may include sensitive information depending on what the Organiser asks)

Where UK GDPR applies, we rely on the following lawful bases:

Contract (Article 6(1)(b))

• Create and manage your UTIX account
• Process Orders and deliver Tickets
• Provide Ticket access, transfer/resale tools, and check-in functionality
• Send essential service communications (OTP, confirmations, ticket notices)

Legitimate interests (Article 6(1)(f))

• Secure the Platform, prevent fraud and abuse, and enforce Terms
• Monitor reliability and diagnose technical issues
• Improve product usability and performance using first-party measurement
• Send non-essential operational reminders (where permitted), with opt-out controls

Consent (Article 6(1)(a))

• Certain marketing communications where required by e-marketing rules
• Optional features requiring explicit opt-in where applicable

Legal obligation (Article 6(1)(c))

• Comply with lawful requests, tax/accounting obligations, and fraud prevention requirements
• Respond to valid data subject rights requests

5.1 You will receive essential messages needed to operate the service (e.g., login codes, tickets, refunds, event changes).

5.2 For non-essential reminders and Organiser marketing:

• we provide unsubscribe controls in emails;
• we maintain suppression lists (including hard bounce and complaint-based suppression);
• you can opt out where applicable without affecting core ticket delivery.

We share personal data only as necessary to operate the Platform and Events.

6.1 Organisers. When you buy/register for an Event, we share relevant attendee data with the Organiser (name, email, ticket details, and registration answers). Organisers are responsible for their own processing.

6.2 Payment processing. We use payment partners (primarily Stripe) to process payments, refunds, and payouts. Payment partners process payment information under their own terms and privacy policies.

6.3 Email delivery. We use email delivery providers to send authentication codes and transactional communications and (where applicable) Organiser communications.

6.4 Wallet and blockchain providers (where enabled). We use wallet providers for embedded wallets and blockchain-related operations.

6.5 Error monitoring and logging. We may use error monitoring tools in production to detect and fix issues. Error data may include technical identifiers like IP address and user agent.

6.6 Hosting and infrastructure. We use cloud hosting and database providers to run the Platform and store data securely.

6.7 Legal and safety. We may disclose data to law enforcement, regulators, courts, or other parties when legally required or to protect rights, safety, and Platform integrity.

Some service providers may be located outside the UK. Where UK GDPR applies and data is transferred internationally, we use appropriate safeguards such as:

• UK International Data Transfer Addendum / Standard Contractual Clauses (as applicable);
• adequacy regulations where available;
• and additional contractual and technical measures where appropriate.

We retain personal data only as long as needed for the purposes described, including legal and operational requirements.

Typical retention (may vary by context and legal requirements):

• Account data: retained while your account is active; limited retention after inactivity or deletion request
• Orders and payment records: retained for accounting/tax compliance (often several years)
• Tickets: retained for Event delivery and post-Event dispute handling
• Check-in logs: retained for operational integrity and dispute resolution
• Security logs: retained to investigate fraud, abuse, and security incidents
• Suppression/unsubscribe records: retained to respect your preferences

If you request deletion, we may anonymise certain records rather than delete them where we must retain information for compliance or fraud prevention.

Where UK GDPR applies, you may have rights including:

• Access — request a copy of your personal data
• Rectification — correct inaccurate or incomplete data
• Erasure — request deletion of your personal data
• Restriction — request restricted processing
• Data portability — receive your data in a machine-readable format
• Objection — object to processing based on legitimate interests
• Withdrawal of consent — where processing is based on consent

To exercise rights: info@utix.co.uk

We may request verification to protect your account and prevent unauthorised access.

You may also complain to the UK Information Commissioner’s Office (ICO) if UK GDPR applies: ico.org.uk

10.1 Essential cookies. We use essential cookies (including httpOnly secure cookies) to support authentication, security, and core Platform operation.

10.2 No third-party advertising cookies by default. We do not aim to use third-party ad tracking cookies for behavioural advertising.

10.3 First-party measurement. We may use limited first-party analytics to measure performance and improve the Platform.

10.4 Email measurement. Some emails may include measurement (opens/clicks). You can reduce this by unsubscribing from non-essential emails and blocking remote images in your email client.

The Platform is not intended for children. We do not knowingly collect personal data from children under 18. If you believe a child has provided data, contact info@utix.co.uk.

We use technical and organisational measures designed to protect personal data, including encryption in transit, access controls, and monitoring. More detail is provided on our Security page.

We may update this policy from time to time. We will update the “Last updated” date and may provide additional notice for material changes.

For privacy questions or requests: info@utix.co.uk