Privacy Policy
Last updated: 28 January 2026
Contents
1. Introduction
RavePass ("we", "us", or "our") is committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website at ravepass.co.uk and any associated services (the "Platform").
By using our Platform, you acknowledge that you have read and understood this Privacy Policy.
2. Who We Are
For the purposes of data protection law, RavePass is the data controller responsible for your personal data.
3. Information We Collect
3.1 Information You Provide
We collect information you provide directly to us, including:
| Data Type | Examples | When Collected |
|---|---|---|
| Identity Data | Full name | Account registration, ticket purchase |
| Contact Data | Email address, phone number | Account registration, ticket purchase |
| Transaction Data | Order history, ticket purchases, refund requests | When you make purchases |
| Account Data | Username, password (encrypted), account preferences | Account creation and management |
| Communications | Emails, support tickets, feedback | When you contact us |
3.2 Information Collected Automatically
When you use our Platform, we automatically collect:
- Device Information: IP address, browser type and version, operating system, device identifiers
- Usage Data: Pages visited, time spent on pages, links clicked, search queries
- Location Data: General geographic location based on IP address (we do not collect precise GPS location)
- Cookie Data: See our Cookies section below for details
3.3 Payment Information
Payment card details are collected and processed directly by our payment processor, Stripe. We do not store your full card number, expiry date, or CVV on our servers. We only receive and store:
- Last 4 digits of your card (for your reference)
- Card type (e.g., Visa, Mastercard)
- Payment confirmation and transaction IDs
Please refer to Stripe's Privacy Policy for information on how they handle your payment data.
3.4 Information from Third Parties
We may receive information about you from:
- Event Organisers: If they have relevant information about ticket holders
- Payment Providers: Transaction confirmation and fraud prevention data
4. How We Use Your Information
We use your personal information for the following purposes:
4.1 To Provide Our Services
- Process ticket purchases and send confirmation emails
- Deliver your electronic tickets
- Manage your account and provide customer support
- Process refund requests
- Verify your identity when required
4.2 To Communicate With You
- Send order confirmations and ticket delivery emails
- Notify you of changes to Events you've purchased tickets for
- Respond to your enquiries and support requests
- Send important service updates and security alerts
4.3 Marketing (With Your Consent)
- Send promotional emails about upcoming events (only if you've opted in)
- Personalise content and recommendations based on your interests
- Provide event recommendations from Event Organisers whose events you've attended
You can opt out of marketing communications at any time by clicking the unsubscribe link in any email or contacting us.
4.4 To Improve Our Services
- Analyse usage patterns to improve the Platform
- Conduct research and analytics
- Test new features and functionality
4.5 Legal and Security Purposes
- Detect and prevent fraud, abuse, and security incidents
- Comply with legal obligations and law enforcement requests
- Enforce our Terms and Conditions
- Protect the rights and safety of our users and third parties
5. Legal Basis for Processing
Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following:
| Purpose | Legal Basis |
|---|---|
| Processing ticket purchases | Contract: Necessary to perform our contract with you |
| Sending order confirmations and tickets | Contract: Necessary to perform our contract with you |
| Customer support | Contract: Necessary to perform our contract with you |
| Fraud prevention and security | Legitimate Interests: To protect our Platform and users |
| Analytics and service improvement | Legitimate Interests: To improve our services |
| Marketing communications | Consent: Only with your explicit opt-in consent |
| Legal compliance | Legal Obligation: To comply with applicable laws |
6. Sharing Your Information
We do not sell your personal data. We may share your information with:
6.1 Event Organisers
When you purchase tickets, we share your name and email address with the Event Organiser so they can:
- Verify your attendance at the Event
- Contact you with important Event updates
- Send you marketing about future events (if you've consented)
Event Organisers are responsible for their own use of your data. We encourage you to review their privacy policies.
6.2 Service Providers
We work with trusted third-party service providers who process data on our behalf:
- Stripe: Payment processing (PCI-DSS Level 1 certified)
- Email Service Providers: To send transactional and marketing emails
- Hosting Providers: To host our Platform and store data securely
- Analytics Providers: To understand Platform usage
All service providers are contractually bound to protect your data and only process it according to our instructions.
6.3 Legal Requirements
We may disclose your information if required by law, court order, or government request, or to:
- Comply with legal process or enforceable government requests
- Protect our rights, privacy, safety, or property
- Investigate fraud or security issues
- Protect against legal liability
6.4 Business Transfers
If RavePass is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you of any such change.
7. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:
| Data Type | Retention Period |
|---|---|
| Account information | Until you delete your account, plus 2 years |
| Transaction records | 7 years (for tax and legal compliance) |
| Support communications | 3 years from last contact |
| Marketing preferences | Until you withdraw consent |
| Website logs and analytics | 26 months |
After the retention period, data is securely deleted or anonymised for statistical purposes.
8. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include:
- Encryption: All data transmitted via HTTPS/TLS encryption
- Password Security: Passwords are hashed using industry-standard algorithms
- Access Controls: Strict access controls limiting who can access personal data
- Secure Infrastructure: Data stored on secure, access-controlled servers
- Payment Security: Card payments processed by PCI-DSS compliant provider (Stripe)
- Regular Monitoring: Systems monitored for security threats
However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
9. Cookies
9.1 What Are Cookies
Cookies are small text files stored on your device when you visit our website. They help us provide and improve our services.
9.2 Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential Cookies | Required for the Platform to function (login, shopping cart, security) | Session / 30 days |
| Preference Cookies | Remember your preferences and settings | 1 year |
| Analytics Cookies | Help us understand how visitors use our site | 26 months |
9.3 Managing Cookies
You can control cookies through your browser settings. Disabling essential cookies may affect the functionality of our Platform. When you first visit our site, you can choose to accept or reject non-essential cookies.
10. Your Rights
Under UK GDPR, you have the following rights regarding your personal data:
10.1 Right of Access
You can request a copy of the personal data we hold about you.
10.2 Right to Rectification
You can request correction of inaccurate or incomplete data. You can update most information directly in your account settings.
10.3 Right to Erasure ("Right to be Forgotten")
You can request deletion of your personal data in certain circumstances. Note that we may need to retain some data for legal or contractual reasons.
10.4 Right to Restrict Processing
You can request that we limit how we use your data in certain circumstances.
10.5 Right to Data Portability
You can request your data in a commonly used, machine-readable format.
10.6 Right to Object
You can object to processing based on legitimate interests, including direct marketing.
10.7 Right to Withdraw Consent
Where processing is based on consent, you can withdraw consent at any time without affecting the lawfulness of prior processing.
10.8 Exercising Your Rights
To exercise any of these rights, please contact us at privacy@ravepass.co.uk. We will respond within one month. We may request verification of your identity before processing your request.
10.9 Right to Complain
If you are not satisfied with how we handle your data or your request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Helpline: 0303 123 1113
11. Children's Privacy
Our Platform is not intended for children under 18 years of age. We do not knowingly collect personal data from children under 18. If you believe we have inadvertently collected data from a child, please contact us immediately and we will take steps to delete it.
12. International Transfers
Your data is primarily stored and processed in the United Kingdom and European Economic Area (EEA). Some of our service providers may process data outside the UK/EEA. When this occurs, we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses approved by the UK ICO
- Adequacy decisions by the UK government
- Binding corporate rules
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will:
- Post the updated policy on this page with a new "Last updated" date
- Notify you by email of significant changes (if you have an account)
We encourage you to review this policy periodically.
14. Contact Us
If you have any questions about this Privacy Policy or how we handle your data, please contact us:
- Privacy Enquiries: privacy@ravepass.co.uk
- General Support: support@ravepass.co.uk
- Website: ravepass.co.uk
We aim to respond to all privacy-related enquiries within 5 working days.