Privacy Policy for Event Organisers
Last updated: 22 November 2025
Who this policy applies to: This privacy policy applies to event organisers and their staff who use the Alpaca Tickets platform to sell tickets. If you are a ticket purchaser, please see our Customer Privacy Notice instead.
1. Who We Are
Alpaca Tickets is operated by Jak Spalding trading as Alpaca Tickets. We are the data controller for the personal information we collect from you as an event organiser.
Contact: Jak Spalding t/a Alpaca Tickets
Email: [email protected]
2. Information We Collect
Account Information
- Your name and email address
- Password (stored securely using industry-standard hashing)
- Your role within your organisation
Organisation Information
- Organisation name and contact details
- Logo and branding preferences
- Legal/business details (legal name, VAT number, registration number)
- Banking details for payouts (account name, account number, sort code)
- Venue information
Event Information
- Event details (name, description, dates, location, capacity)
- Ticket tiers, pricing, and variants
- Cover images and promotional content
Usage Data
- Login activity and session information
- Actions taken on the platform (tracked in audit logs)
- Browser type and device information
3. How We Use Your Information
| Purpose | Legal Basis |
|---|---|
| Providing the ticketing platform and services | Performance of our contract with you |
| Processing payouts to your bank account | Performance of our contract with you |
| Sending service notifications and updates | Performance of our contract with you |
| Maintaining audit logs for compliance | Legal obligation / Legitimate interest |
| Improving our platform and services | Legitimate interest |
| Preventing fraud and ensuring platform security | Legitimate interest / Legal obligation |
| Responding to your enquiries and support requests | Performance of our contract / Legitimate interest |
4. Sharing Your Information
We share your information with:
- Payment provider – To process payouts to your bank account and handle payment card transactions.
- Email provider – To send transactional emails such as order confirmations and notifications.
- Hosting providers – Our infrastructure providers who store data on secure servers.
- Professional advisers – Accountants, lawyers, or auditors where necessary.
- Law enforcement or regulators – Where required by law or to protect our legal rights.
We do not sell your personal information to third parties.
5. Customer Data Processing
When ticket purchasers buy tickets for your events, we collect their data (name, email, payment information) on your behalf. In this context:
- You are the data controller for your customers' personal data
- We act as your data processor, processing customer data according to your instructions and our agreement
You are responsible for ensuring you have appropriate privacy notices and legal bases for processing your customers' data. We provide a standard Customer Privacy Notice that covers our processing activities.
6. Analytics and Cookies
We use analytics cookies to help you understand how your event pages perform. Under the UK Data (Use and Access) Act 2025, analytics cookies used solely for statistical purposes are exempt from requiring prior consent.
Our analytics collect:
- Anonymous session identifiers
- Pages visited and referrer information
- Marketing campaign parameters (UTM tags)
- Conversion events (checkout started, purchase completed)
We do not collect IP addresses through our analytics. Users can opt out of analytics tracking via our Analytics & Cookies page.
7. Data Retention
- Account data: Retained while your account is active and for 7 years after closure for legal/tax purposes
- Order and transaction data: Retained for 7 years for legal/tax purposes
- Audit logs: Retained indefinitely for compliance purposes
- Analytics data: Retained for 2 years
8. International Transfers
Your data is primarily processed within the UK and European Economic Area. Where we use service providers outside these areas, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses or adequacy decisions).
9. Your Rights
Under UK data protection law, you have the right to:
- Access your personal data
- Rectify inaccurate or incomplete data
- Erase your data (subject to our legal obligations)
- Restrict processing in certain circumstances
- Data portability – receive your data in a structured format
- Object to processing based on legitimate interests
- Withdraw consent where processing is based on consent
To exercise any of these rights, contact us at [email protected].
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
10. Data Security
We implement appropriate technical and organisational measures to protect your data, including:
- Encryption of data in transit (HTTPS/TLS)
- Secure password hashing
- Role-based access controls
- Regular security reviews
- Audit logging of sensitive actions
11. Changes to This Policy
We may update this policy from time to time. We will notify you of significant changes via email or through a notice on our platform. The “last updated” date at the top shows when this policy was last revised.
12. Contact Us
For questions about this privacy policy or our data practices, contact us at:
Email: [email protected]