Australia App Privacy Policy

Legal Docs

Tixserve App Privacy Policy (Australia)

Tixserve

Document ID: IRP-013
Version: 2.0
Date: 26/01/2

Property of Tixserve – Controlled Document

Document ID

VDQ-013

Version

2  (Australia & ISO Aligned)

Owner

Head of Operations

Approved by

James Kirby

Next Review Date

26/06/2026

1. Introduction and Scope

We are committed to protecting your privacy and handling your personal information in a transparent, secure, and lawful manner.

This Privacy Policy explains how Tixserve (UK) Limited (“Tixserve”, “we”, “us” or “our”) collects, uses, shares, and protects your personal information when you use the Tixserve mobile ticketing application (the “App” or “Service”).

Compliance Framework

This policy is designed to comply with:

  • Australia: The Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
  • International Standards: Our privacy information management system (PIMS) aligns with ISO/IEC 27001:2013 (Information Security) and ISO/IEC 27701:2019 (Privacy Information Management) to ensure world-class data protection.

Scope of Application

This policy specifically applies to the Tixserve account on the Tixserve Australia mobile ticketing App. This App is used primarily for demonstration and sales purposes. It does not cover personal information processed by separate client accounts (white-label clients) on the App; for those, the respective client is the APP Entity.

2. Who We Are

Tixserve (UK) Limited, Greens Court, West Street, Midhurst, West Sussex GU29 9NQ, United Kingdom.

  • Under Australian Law, We are the APP Entity responsible for your personal information.
  • Under ISO 27701, We act as the PII Controller, meaning we determine the purposes and means of processing your personally identifiable information (PII).

3. What Personal Information We Collect

We adhere to the ISO principle of Data Minimisation, collecting only the information reasonably necessary for our business functions.

3.1 Data You Provide Directly

  • Account Details: Full Name, Phone Number, Email Address, Postal Address, Date of Birth, and Gender.
  • Consents: Records of your agreement to this policy and marketing preferences.

3.2 Data Collected Automatically

  • Device & Security Data: Device ID, unique device tokens (for push notifications), and device fingerprint (OS version, model, IP address) for security.
  • Usage History: Ticketing history, login activity, and interaction logs linked to your User ID.

3.3 Temporary Data (Ephemeral)

  • Contacts: With your explicit permission, we access your device contacts solely to help you select a recipient for ticket transfers. This data is processed in ephemeral memory and is not stored on our database.

4. How We Use Your Information (Purposes)

Under Australian Privacy Principle 6, we use your information for the Primary Purpose (the main reason you gave it to us) or a related Secondary Purpose you would reasonably expect.

Purpose: Account Management & Ticket Delivery: To verify identity, create accounts, and deliver digital tickets.

Information Used: Name, Phone, Email, Address, User ID

Australian Legal Classification: Primary Purpose: Necessary to provide the requested service.

Purpose: Security & Fraud Prevention: To detect bots, prevent abuse, and secure the platform.

Information Used: IP Address, Device Fingerprint, Typing Patterns (reCaptcha)

Australian Legal Classification: Secondary Purpose: Reasonably expected for maintaining App integrity.

Purpose: Service Improvement & Analytics: To diagnose crashes (via Sentry) and improve performance.

Information Used: Device ID, Crash Logs, Usage History

Australian Legal Classification: Secondary Purpose: Reasonably expected for quality assurance.

Purpose: Communication (Transactional): Sending OTPs (SMS/Email) for verification.

Information Used: Phone Number, Email

Australian Legal Classification: Primary Purpose: Integral to secure account creation.

Purpose: Push Notifications: Event updates and ticket info.

Information Used: Device Token

Australian Legal Classification: Secondary Purpose: With your explicit Consent.

Purpose: Direct Marketing: Promotional news and offers.

Information Used: Email, Device Token

Australian Legal Classification: Secondary Purpose: With your explicit Consent (Opt-in)

Purpose: Demonstration: Showcasing data collection features to clients.

Information Used: Address, DOB, Gender, Name, Mobile Number

Australian Legal Classification: Secondary Purpose: Commercial interest (Demonstration/Sales).

5. Sharing Your Personal Information

We do not sell your personal information. We share it only with trusted third parties ("Processors") who help us operate the App. All providers are bound by strict Data Processing Agreements (DPAs) ensuring they meet the standards of the Privacy Act and ISO 27001.

Service Providers (PII Processors)

  • Cloud Hosting: AWS (Infrastructure & Storage).
  • Fraud Detection: Google reCAPTCHA (Security).
  • SMS/Messaging: Vonage & WhatsApp (OTP delivery).
  • Email Services: SMTP2Go (Email verification).
  • Analytics & Stability: Sentry (Crash reporting).

Legal & Corporate

We may disclose information to professional advisers (lawyers, auditors), or to authorities (e.g., OAIC) if required by law.

6. International Data Transfers (APP 8)

As a UK-based company, your personal information is stored on servers in Australia (AWS) but is accessed and processed by support staff and systems in the United Kingdom and EEA.

  • Consent: By registering for the App, you expressly consent to the transfer of your information to the UK and other jurisdictions for the purposes outlined above.
  • Safeguards: We ensure that any overseas recipient is subject to a law or binding scheme that protects the information in a way that is substantially similar to the Australian Privacy Principles.

7. Data Security (ISO 27001)

We implement robust Technical and Organisational Measures (TOMs) to ensure the confidentiality, integrity, and availability of your data, complying with APP 11 and ISO 27001.

  • Encryption: Data is encrypted in transit (SSL/TLS) and at rest.
  • Access Control: Access is restricted to authorized personnel on a "need-to-know" basis, protected by Multi-Factor Authentication (MFA).
  • Vendor Management: All third-party processors are vetted for security compliance.
  • Data Breach: We have a documented Incident Response Plan. If a data breach is likely to result in serious harm, we will notify you and the OAIC as per the Notifiable Data Breaches (NDB) scheme.

8. Data Retention

We retain personal information only for as long as necessary, in line with ISO 27001 storage limitation principles.

  • Account Data: Retained for the duration of your active account plus 30 days after a deletion request.
  • Device Tokens: Retained for 6 months, then refreshed.
  • Contact Data: Not retained; processed in ephemeral memory only.

When data is no longer needed, we take reasonable steps to securely destroy or de-identify it.

9. Your Rights

Under the Privacy Act 1988, you have specific rights regarding your personal information:

  • Right to Access: You may request access to the personal information we hold about you.
  • Right to Correct: You may ask us to correct information that is inaccurate, out of date, incomplete, irrelevant, or misleading.
  • Right to Opt-Out: You may opt-out of direct marketing at any time via App settings.
  • Anonymity: While APP 2 provides a right to anonymity, it is impracticable for us to provide this specific Service (digital ticketing) without verifying your identity.

How to Exercise: Contact our Privacy Officer at info@tixserve.com. We will respond within a reasonable period.

10. Children

Our App is for demonstration purposes and is not intended for children. We do not knowingly collect data from individuals under 16.

11. Contact Us & Complaints

If you have questions or believe we have breached the Australian Privacy Principles, please contact us first so we can resolve the issue.

Tixserve (UK) Limited Email: info@tixserve.com

Privacy Officer: Liam Strevens (liamstrevens@tixserve.com)

You can view our App Terms and Conditions here.

Last updated: 26/01/26

Regulatory Authority

If you are unsatisfied with our response, you may lodge a complaint with the Australian regulator:

Office of the Australian Information Commissioner (OAIC) Website: www.oaic.gov.au

Phone: 1300 363 992