Australia App Privacy Policy

Legal Docs

Tixserve App Privacy Policy (Australia)

Tixserve

Document ID: IRP-013
Version: 2.0
Date: 26/03/2026

Property of Tixserve – Controlled Document

Document ID

VDQ-013

Version

2  (Australia & ISO Aligned)

Owner

Head of Operations

Approved by

James Kirby

Next Review Date

26/06/2026

1. Introduction and Scope

We are committed to protecting your privacy and handling your personal information in a transparent, secure, and lawful manner.

This Privacy Policy explains how Tixserve (UK) Limited (“Tixserve”, “we”, “us” or “our”) collects, uses, shares, and protects your personal information when you use our mobile ticketing applications published under this developer account, specifically the Tixserve Australia app or any authorised white-label versions for trial, evaluation, or test event services (collectively, the “App” or “Service”).

Compliance Framework

This policy is designed to comply with:

  • Australia: The Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
  • International Standards: Our privacy information management system (PIMS) aligns with ISO/IEC 27001:2013 (Information Security) and ISO/IEC 27701:2019 (Privacy Information Management) to ensure world-class data protection.

Scope of Application

This Privacy Policy applies to the mobile ticketing applications developed, published, and maintained by Tixserve (UK) Limited, including the Tixserve Australia demonstration app and any authorised white-label or client-branded applications provided to our clients for trial, evaluation, or test event services. Where an app is branded for a specific client (the "Event Organizer"), Tixserve acts as the technical developer and the APP Entity responsible for the technical infrastructure and security of your data during the evaluation phase.

2. Who We Are

Tixserve (UK) Limited, Greens Court, West Street, Midhurst, West Sussex GU29 9NQ, United Kingdom.

  • Under Australian Law, We are the APP Entity responsible for your personal information.
  • Under ISO 27701, We act as the PII Controller, meaning we determine the purposes and means of processing your personally identifiable information (PII).

White-Label Disclosure: For applications published by Tixserve (UK) Limited that feature third-party branding (e.g. a specific sports team or event), Tixserve remains the legal developer of record. In these instances, data is collected by Tixserve on behalf of the Event Organizer. While Tixserve manages the technical delivery of digital tickets, the Event Organizer may act as a separate entity for marketing purposes; their specific policy will be linked within App settings or on their website.

3. What Personal Information We Collect

We adhere to the ISO principle of Data Minimisation, collecting only the information reasonably necessary for our business functions.

3.1 Data You Provide Directly

  • Account Details: Full Name, Phone Number, Email Address, Postal Address, Date of Birth, and Gender.
  • Consents: Records of your agreement to this policy and marketing preferences.

3.2 Data Collected Automatically

  • Device & Security Data: Device ID, unique device tokens (for push notifications), and device fingerprint (OS version, model, IP address) for security.
  • Usage History: Ticketing history, login activity, and interaction logs linked to your User ID.

3.3 Temporary Data (Ephemeral)

  • Contacts: With your explicit permission, we access your device contacts solely to help you select a recipient for ticket transfers. This data is processed in ephemeral memory and is not stored on our database.

4. How We Use Your Information (Purposes)

Under Australian Privacy Principle 6, we use your information for the Primary Purpose (the main reason you gave it to us) or a related Secondary Purpose you would reasonably expect.

Purpose: Account Management & Ticket Delivery: Account Management, Ticket Delivery & Evaluation Services: To verify identity and deliver digital tickets on behalf of Tixserve or our designated "Event Organizer" (client) for test events.

Information Used: Name, Phone, Email, Address, User ID

Australian Legal Classification: Primary Purpose: Necessary to provide the specific ticketing or demonstration service requested.

Purpose: Security & Fraud Prevention: To detect bots, prevent abuse, and secure the platform.

Information Used: IP Address, Device Fingerprint, Typing Patterns (reCaptcha)

Australian Legal Classification: Secondary Purpose: Reasonably expected for maintaining App integrity.

Purpose: Service Improvement & Analytics: To diagnose crashes (via Sentry) and improve performance.

Information Used: Device ID, Crash Logs, Usage History

Australian Legal Classification: Secondary Purpose: Reasonably expected for quality assurance.

Purpose: Communication (Transactional): Sending OTPs (SMS/Email) for verification.

Information Used: Phone Number, Email

Australian Legal Classification: Primary Purpose: Integral to secure account creation.

Purpose: Push Notifications: Event updates and ticket info.

Information Used: Device Token

Australian Legal Classification: Secondary Purpose: With your explicit Consent.

Purpose: Direct Marketing: Promotional news and offers.

Information Used: Email, Device Token

Australian Legal Classification: Secondary Purpose: With your explicit Consent (Opt-in)

Purpose: Demonstration: Showcasing data collection features to clients.

Information Used: Address, DOB, Gender, Name, Mobile Number

Australian Legal Classification: Secondary Purpose: Commercial interest (Demonstration/Sales).

5. Sharing Your Personal Information

We do not sell your personal information. We share it only with trusted third parties ("Processors") who help us operate the App. All providers are bound by strict Data Processing Agreements (DPAs) ensuring they meet the standards of the Privacy Act and ISO 27001.

Service Providers (PII Processors)

  • Cloud Hosting: AWS (Infrastructure & Storage).
  • Fraud Detection: Google reCAPTCHA (Security).
  • SMS/Messaging: Vonage & WhatsApp (OTP delivery).
  • Email Services: SMTP2Go (Email verification).
  • Analytics & Stability: Sentry (Crash reporting).

Legal & Corporate

We may disclose information to professional advisers (lawyers, auditors), or to authorities (e.g., OAIC) if required by law.

6. International Data Transfers (APP 8)

As a UK-based company, your personal information is stored on servers in Australia (AWS) but is accessed and processed by support staff and systems in the United Kingdom and EEA.

  • Consent: By registering for the App, you expressly consent to the transfer of your information to the UK and other jurisdictions for the purposes outlined above.
  • Safeguards: We ensure that any overseas recipient is subject to a law or binding scheme that protects the information in a way that is substantially similar to the Australian Privacy Principles.

7. Data Security (ISO 27001)

We implement robust Technical and Organisational Measures (TOMs) to ensure the confidentiality, integrity, and availability of your data, complying with APP 11 and ISO 27001.

  • Encryption: Data is encrypted in transit (SSL/TLS) and at rest.
  • Access Control: Access is restricted to authorized personnel on a "need-to-know" basis, protected by Multi-Factor Authentication (MFA).
  • Vendor Management: All third-party processors are vetted for security compliance.
  • Data Breach: We have a documented Incident Response Plan. If a data breach is likely to result in serious harm, we will notify you and the OAIC as per the Notifiable Data Breaches (NDB) scheme.

8. Data Retention

We retain personal information only for as long as necessary, in line with ISO 27001 storage limitation principles.

  • Account Data: Retained for the duration of your active account plus 30 days after a deletion request.
  • Device Tokens: Retained for 6 months, then refreshed.
  • Contact Data: Not retained; processed in ephemeral memory only.

When data is no longer needed, we take reasonable steps to securely destroy or de-identify it.

9. Your Rights

Under the Privacy Act 1988, you have specific rights regarding your personal information:

  • Right to Access: You may request access to the personal information we hold about you.
  • Right to Correct: You may ask us to correct information that is inaccurate, out of date, incomplete, irrelevant, or misleading.
  • Right to Opt-Out: You may opt-out of direct marketing at any time via App settings.
  • Anonymity: While APP 2 provides a right to anonymity, it is impracticable for us to provide this specific Service (digital ticketing) without verifying your identity.

How to Exercise: Contact our Privacy Officer at info@tixserve.com. We will respond within a reasonable period.

10. Children

Our App is for demonstration purposes and is not intended for children. We do not knowingly collect data from individuals under 16.

11. Contact Us & Complaints

If you have questions or believe we have breached the Australian Privacy Principles, please contact us first so we can resolve the issue.

Tixserve (UK) Limited Email: info@tixserve.com

Privacy Officer: Liam Strevens (liamstrevens@tixserve.com)

You can view our App Terms and Conditions here.

Last updated: 26/01/26

Regulatory Authority

If you are unsatisfied with our response, you may lodge a complaint with the Australian regulator:

Office of the Australian Information Commissioner (OAIC) Website: www.oaic.gov.au

Phone: 1300 363 992