Privacy Policy

1. Introduction

LTickets is a South African online ticket marketplace where independent South African businesses and clients can list their tickets and or similar inventory to customers.
Customer Data Registration –
Information officers: Monica Booysen
Contact: 011 815 3000

2. Personal Information

LTickets prescribes to the South Africa privacy laws. As a company that processes and stores personal information of customers, we subscribe to best practise to ensure data is used and stored in compliance with PoPI. LTickets is a South African online ticket marketplace where independent South African businesses and clients can list their tickets and or similar inventory to customers. In performing its service, LTickets collects information from customers in order to perform the following functions.

  1. Processing of ticket purchase
  2. Customer service and experience
  3. Risk and Fraud detection
  4. Fulfilment of service provided by the ticket
  5. Communicating to customers when conditions and/or circumstance of ticket fulfilment have changed
  6. Outbound marketing to Webtickets customers

As a rule, LTickets only collects personal information directly from the customer, except as otherwise as outlined below.

  1. Onboarding of customer data by a new Client from a legacy ticketing system where customer has provided consent.
  2. Collection of the information from a new Client that allows LTickets to fulfil its responsibilities which does not prejudice a legitimate interest of the customer

LTickets collects a range of personal data for the purpose of executing on its mandated service provided to the client. Moreover, LTickets makes the customer aware that the data collected and processes will only be used for the purposes of fulfilling its mandate.
LTickets expressly requests the customer’s consent to retain customer data to ensure the following.

  1. Customer service
  2. Improved user experience

LTickets allows the customer to edit their customer data and provided for the customer to delete their information from LTickets.
All customer data is located and processed in South Africa.

3. Sharing of Personal Data.

LTickets Clients

LTickets is a ticket marketplace and therefore hosts many independent clients selling ticket on their behalf.
LTickets shares personal data of customers that purchase tickets hosted by the client on LTickets.
LTickets shares the relevant customer data that is required for the fulfilment and execution of the ticket obligations. The customer data collected and shared is governed by the relevant regulations and laws in which the client operates.
Sharing of Data is permission based.
Confidential information is not shared unless explicit permission from the customer has been received.

External parties

LTickets does not share personal data with 3rd unless compelled by the South African Law or court action.

4. Use of Personal Data

Communication to Customers

Fulfilment of ticket

LTickets shall only communicate to customers in the fulfilment of their ticket obligation and legal mandate. Should the ticket conditions and obligation change since the customer purchase the ticket,
LTickets will communicate directly with the customer to outline the changes.

The following are examples of ticket condition changing.

  1. Cancellation of event.
  2. Outstanding information require by LTickets to fulfil ticket mandate
  3. Change in time, date and/or location of event
  4. Information relating to refunds

Marketing and related services

LTickets shall only send marketing communications to customers that have explicitly provided permission for LTickets to contact them. Moreover, customers can decide any time to change permissions how LTickets is allowed to communicate to them.
Clients based marketing is also permission based. Clients shall be permitted to send marketing-based communications to customers only after explicit consent.

Use of 3rd Party Service providers

LTickets does use the services of independent service providers that make use of personal customer data. LTickets employs the following principles when engaging service providers

  1. LTickets preforms a due diligence on service provider to understand the risk and data security measure undertaken by the service provider.
  2. LTickets can request service provider to complete a risk assessment and questionnaire to assess security of data and risks
  3. The measured understand need to be a higher standard and risks need to be lower than LTickets for LTickets to ensure use of service
  4. Only bare minimal of data is shared with service provider
  5. No confidential or sensitive information is shared without the permission of customer
  6. Annual evaluation is performed to assess change in risks.

In some cases, a 3rd-party handles the in-store registrations who is acting on our behalf and governed by this Privacy Policy in terms of capturing your personal information.

PCI/DSS Compliance

LTickets, through their payment service providers subscribes to and is PCI/DSS compliant.
LTickets use iVeri Payment Technologies which is PCI level 1 certified for the following services.

  1. Payment Gateway/Switch
  2. POS/Card Present
  3. Internet/e-commerce
  4. Clearing and Settlement

LTickets does not store card details, ever.

Security Governance and Security Management

LTickets store and secure data making use of cloud-based infrastructure hosting by a 3rd party service provider.
Access to cloud infrastructure is largely via VPN or Multi-Factor Authentication.
All sensitive data is encrypted and LTickets staff only have data allowing them to perform the following functions

  1. Customer support
  2. Fulfilment of ticket

Access into the cloud environment is logged and all incident are logged and remedial action instituted.
All sensitive data is encrypted and not visible by any LTickets staff or 3rd parties.
LTickets regular patch and deploy malware protection across our applications and database.

Personnel Matters

All employees screened prior to employment and contracts include clauses relating to data confidentiality and/or data protection.
LTickets conducts regular reviews and awareness training which covers information security principles and the procedures to protect customer data.

Warrantees and Guarantees

LTickets will use its best endeavours to ensure it is compliant with POPI.
Should there be a breach of data occur as envisaged by PoPI, LTickets will immediately notify the relevant Clients and data subjects of such a breach and where the Information Regulator needs to be informed.