Privacy and Cookie Policy

Our website address is: https//tickets.heart-events.co.uk

This privacy and cookie policy sets out how this website uses and protects any information that you give this website.

We are committed to ensuring that your privacy is protected. Should we ask you to provide certain information then you can be assured that it will only be used in accordance with this privacy statement.

We may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 30th May 2023.

We respect your right to privacy. None of the information we collect is passed on to other parties, except when required as part of the business services we provide for you, or as required under UK law.

What personal data we collect and why we collect it

We request information about you when you place an order or send us an enquiry. You consent to us using your data at the point at which you give it to us. You can ask us to delete all of your personal data by request.

What we do with the information we gather

  • We use it to process requests to buy items listed on our website.
  • To answer an enquiry.
  • Internal record keeping.
  • We may use the information to improve our services.
  • If you have given us consent we may periodically send marketing emails and this consent may also be withdrawn by you.

Cookies

Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user’s device. Cookies do lots of different jobs, like remembering the items you put in your cart, your preferences, and generally improve the user experience. Also to help us understand visitor habits and to enable us to market our website.

Cookies can be deleted by clearing your browser cache/deleting web history.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

E-commerce software

We collect information about you during the checkout process on our store.

While you visit our site, we’ll track:

  • Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
  • Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
  • Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!

We’ll also use cookies to keep track of cart contents while you’re browsing our site.

This website uses the WooCommerce e-commerce software to display, manage and take orders for products.

PLEASE NOTE: In order for the e-commerce software to work its cookies need to be enabled in your browser. If you disable them you cannot place an order.

To keep track of cart data, WooCommerce makes use of 3 cookies:

  1. woocommerce_cart_hash
  2. woocommerce_items_in_cart
  3. wp_woocommerce_session_

The first two cookies contain information about the cart as a whole and helps WooCommerce know when the cart data changes. The final cookie (wp_woocommerce_session_) contains a unique code for each customer so that it knows where to find the cart data in the database for each customer. No personal information is stored within these cookies.

When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:

  • Send you information about your account and order
  • Respond to your requests, including refunds and complaints
  • Process payments and prevent fraud
  • Set up your account for our store
  • Comply with any legal obligations we have, such as calculating taxes
  • Improve our store offerings
  • Send you marketing messages, if you choose to receive them

If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.

We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for 6 years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses.

We will also store comments or reviews, if you choose to leave them.

Who on our team has access

Members of our team have access to the information you provide us. For example, both Administrators and Shop Managers can access Order information like what was purchased, when it was purchased and where it should be sent, and Customer information like your name, email address, and billing and shipping information. Our team members have access to this information to help fulfill orders, process refunds and support you.

Firewall

Our website is protected by a firewall. Our firewall performs a capability check for users creating or who have created an account which can be logged in to. The cookie is called wfwaf-authcookie-(hash). This cookie allows the firewall to detect logged in users and allow them increased access. It also allows the firewall to detect non-logged in users and restrict their access to secure areas. The cookie also lets the firewall know what level of access a visitor has to help the firewall make smart decisions about who to allow and who to block.

By using our website, you agree that we can place these cookies on your device.

Payments

We accept payments through the Square payment gateway. When processing payments, some of your data will be passed to Square, including information required to process or support the payment, such as the purchase total and billing information.

Analytics

Performance cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how a website works. We use cookies for Google Analytics so that it can track visitor quantities, locations and browsing habits and thus they help us to improve our website and services.

Google Analytics uses the following cookies on this website:

Cookie nameDefault expiration timeDescription
_ga2 years2 years
_ga_<container-id>2 yearsUsed to persist session state.

If you follow this Google link you can opt out of Google Analytics performance cookies

Who we share your data with

Your personal data is not shared with any third parties except our payment provider when you place an order. Non-personal data is shared with Google Analytics.

How long we retain your data

For users that place an order and/or register on our website, we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information. We keep user information for record keeping purposes for 6 years or more.

What rights you have over your data

If you have an account on this site and or have placed an order, or have sent a message via our contact form, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us.

Controlling your personal information

You may choose to restrict the use of your personal information in the following ways:

Marketing emails

If you have subscribed to our marketing emails you can easily unsubscribe from them by following the link at the bottom of our marketing emails.

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law. You may request details of personal information which we hold about you under the Data Protection Act 1998. If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible. We will promptly correct any information found to be incorrect.

We use MailChimp in order to subscribe users and retrieve information about email lists and groups. When processing subscriptions, some of your data will be passed to MailChimp, including information required to target your account, such as the billing information and the product(s) you’re purchasing.

Erasing personal data

You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes. See below for contact details.

Data Controller

HE Ticket Shop is the controller and responsible for your personal data (collectively referred to as “we”, “us” or “our” in this privacy notice).

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the Data Protection Officer using the details set out below.

Contact information

alex @ heart-events.co.uk

Where we send your data

The personal data mentioned above is stored on our Hosting provider’s servers. Orders are processed in England. Only non-personal data is sent outside the EU to Google Analytics.

Security

How we protect your data

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

Our website is HTTPS secure and has been validated to have a secure SSL certificate which provides industry standard data encryption of information transferred from your computer to the website.

All our website pages are secured with SSL 256 bit encryption. Our SSL Digital Certificate is provided by DigiCert Inc and has the SHA-256 Hash Signature Algorithm with Asymmetric RSA Encryption.

Our Payment Gateway Provider is fully PCI DSS/CISP certified, meaning it exceeds industry standards in solidifying hardware and hosting facilities. We do not see or retain any card numbers on our website because you are directly providing payment details to the Payment Gateway Provider.

The computers used to access customer orders in order to process them are protected by a firewall and anti-virus and are not removed from company premises.

The only staff that have access to customer data are Order Processors, and they have been trained in Data Protection.

Security Logs

The IP address of visitors, user ID of logged in users, and username of login attempts are conditionally logged to check for malicious activity and to protect the site from specific kinds of attacks. Examples of conditions when logging occurs include login attempts, log out requests, requests for suspicious URLs, changes to site content, and password updates. This information is retained for 14 days.

This site is scanned for potential malware and vulnerabilities by Sucuri’s SiteCheck. We do not send personal information to Sucuri; however, Sucuri could find personal information posted publicly (such as in reviews) during their scan. For more details, please see Sucuri’s privacy policy.

This site is part of a network of sites that protect against distributed brute force attacks. To enable this protection, the IP address of visitors attempting to log into the site is shared with a service provided by ithemes.com. For privacy policy details, please see the iThemes Privacy Policy.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy and cookie policy. You should exercise caution and look at the privacy statement applicable to the website in question. We are in no way liable for any problems you may have when on another website that is not ours or under our control.

YouTube

Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited. If you’re logged in to your YouTube account, YouTube allows you to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account. YouTube is used to help make our website appealing. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.

Google Web Fonts

For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. For this purpose your browser has to establish a direct connection to Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our plugin. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO. If your browser does not support web fonts, a standard font is used by your computer.