Privacy Policy
Flippin tickets is an event marketplace where independent event managers and promoters can list their events and put tickets for sale.
Phone:
Email:
+263 78 970 1984
events@flippintickets.com
Personal Information
We prescribe to the Zimbabwe privacy laws. As a company that processes and stores personal information of customers, we subscribe to best practises to ensure data is used and stored in compliance with Protection of Personal Information Act(PoPI). We are an event marketplace where independent event managers and promoters can list their events and put tickets for sale. In performing our service, we collect information from customers in order to perform the following functions.
1. Processing of ticket purchase
2. Customer service and experience
3. Risk and fraud detection
4. Fulfilment of service provided by the ticket
5. Communication to customers when conditions and/or circumstances of ticket fulfilment have changed
6. Outbound marketing to our customers
As a rule, we only collect personal information directly from the customer, except as otherwise as outlined below.
1. Onboarding of customer data by a new Client from a legacy ticketing system where customer has provided consent.
2. Collection of the information from a new Client that allows us to fulfil its responsibilities which does not prejudice a legitimate interest of the customer.
We collect a range of personal data for the purpose of executing on its mandated service provided to the client. Moreover, we makes the customer aware that the data collected and processes will only be used for the purposes of fulfilling its mandate.
We expressly request the customer's consent to retain customer data to ensure the following.
1. Customer service
2. Improved user experience
We allow the customer to edit their customer data and provided for the customer to delete their information.
All customer data is located and processed in Zimbabwe.
Sharing of personal data
Our clients
We are an event marketplace and therefore host independent promoters selling tickets on their behalf.
We only share relevant customer data that is required for the fulfilment and execution of the ticket obligations. The customer data collected and shared is governed by the relevant regulations and laws in which the client operates.
Sharing of data is permission based.
Confidential information is not shared unless explicit permission from the customer has been received.
Our clients
We do not share personal data with 3rd unless compelled by the law or court action.
Use of personal data
Communication to customers
Fulfilment of ticket purchase
We only communicate to customers in the fulfilment of their ticket obligation and legal mandate. Should the ticket conditions and obligation change since the customer purchase the ticket, we will communicate directly with the customer to outline the changes.
The following are examples of ticket condition changing:
1. Cancellation of event
2. Outstanding information we may require to fulfil ticket mandate
3. Change in time, date and/or location of event
4. Information relating to refunds
Marketing and related services
We only send marketing communications to customers that have explicitly provided permission to contact them. Moreover, customers can decide any time to change permissions regarding if and how we are allowed to communicate to them.
Promoter based marketing is also permission based. Promoters shall be permitted to send marketing-based communications to customers only after explicit consent.
Use of third party service providers
We use the services of independent service providers that make use of personal customer data. We employ the following principles when engaging service providers:
1. We preforms a due diligence on service provider to understand the risk and data security measure undertaken by the service provider.
2. We can request service provider to complete a risk assessment and questionnaire to assess security of data and risks.
3. The measured understanding need to be a higher standard and risks need to be lower than a certain threshold to ensure use of service.
4. Only bare minimal of data is shared with service provider.
5. No confidential or sensitive information is shared without the permission of customer
6. Annual evaluation is performed to assess change in risks.
In some cases, a 3rd-party handles the in-store registrations who is acting on our behalf and governed by this Privacy Policy in terms of capturing your personal information.
PCI/RSS compliance
We, through our payment service providers subscribes to and is PCI/DSS compliant.
We use Pesepay and Paynow payment providers, which are both PCI level 1 certified for the following services.
1. Payment gateway/switch
2. Internet/e-commerce
3. Clearing and settlement
We do not store card details, ever.
Security governance and security management
We store and secure data making use of cloud-based infrastructure hosting by a third party service provider.
Access to cloud infrastructure is largely via VPN or Multi-Factor Authentication.
All sensitive data is encrypted and our staff only have data allowing them to perform the following functions
1. Customer support
2. Fulfilment of ticket
Access into the cloud environment is logged and all incident are logged and remedial action instituted.
All sensitive data is encrypted and not visible by any staff or third parties.
We regularly patch and deploy malware protection across our applications and database.
Personnel matters
All employees screened prior to employment and contracts include clauses relating to data confidentiality and/or data protection.
We conduct regular reviews and awareness training which covers information security principles and the procedures to protect customer data.
Warrantees and guarantees
We will use our best endeavours to ensure it is compliant with POPI.
Should there be a breach of data occur as envisaged by PoPI, we will immediately notify the relevant parties and data subjects of such a breach and where the Information Regulator needs to be informed.
Easily sell tickets, effectively market events, and use data to plan future events.