Data Processing Addendum ("DPA")

Effective & Last Modified September 1st, 2023

1. Who:

   This Data Processing Addendum ("DPA") applies to all Ticketor Users (Site Owner) who require Ticketor to process Personal Data on their behalf as part of their service and who are subject to the EU GDPR (General Data Protection Regulation (2016/EC/679)), or equivalent legislation, including any amending or replacement legislation from time to time ("Applicable Data Protection Laws").

2. Definitions:

   You:

   means the Ticketor User (Site Owner)

   We, us, our:

   Refers to Narsis Dev. Inc (DBA Ticketor)

   Data Controller, Data Processor, Data Subject, Processing and Personal Data:

   shall have the meanings as described in Applicable Data Protection Laws;

   Data Security Breach:

   a breach of security that leads to the unlawful or accidental alteration, destruction, loss, unauthorized access to, or unauthorized disclosure of, Personal Data transmitted, stored or otherwise Processed

   Technical and Organizational Security Measures:

   Appropriate security measures implemented by Ticketor depending of the type of Personal Data being Processed and the Services being provided to protect that Personal Data against any Data Breach.

3. Overview:

   The terms of this DPA are hereby incorporated in to the Ticketor’s Terms of Use (the "Agreement").
   

4. Conflicts:

   With respect to provisions in regard to Processing of Personal Data, if there is a conflict between this DPA and the Agreement, the provisions of this DPA shall control. If there is a conflict between this DPA and any other provision of the Agreement between you and us, this DPA will control; except where Site Owner and Ticketor have individually negotiated data processing terms that are different from this DPA and which meet the requirements of Applicable Data Protection Law in full, in which case those negotiated terms will control.

5. Applicability of DPA and scope of data processing activities

   When using Ticketor’s services for the purposes of Applicable Data Protection Laws:

   1. The Site Owner is the Data Controller of the Personal Data associated with a Consumer that uses Ticketor’s Services through the User’s Website. Site Owner agrees to Process such Personal Data in accordance with Site Owner's obligations under Applicable Data Protection Laws and shall post proper terms of use, privacy policy, return policy, terms of purchase, cookie policy and any other terms and policies required by applicable law and that complies with all the applicable laws on their website. Site Owner consents that the terms that come by default with their User Website are just for illustration purpose and may not comply with their applicable laws and may not be relied on in any way.
   2. Ticketor, who Processes the Personal Data of Consumers on behalf of the Site Owner as part of the Services, is the Data Processor and performs such Processing for the Site Owner (the Data Controller). This processing includes when Ticketor collects Personal Data as a result of the provision of its core ticketing services such as when Ticketor process payments or facilitates the transmission of emails to Consumers at the request of Site Owners, or provides reports and tools for the Site Owners
   3. If the Consumer engages with certain features of Ticketor beyond those related to the User’s Website, Ticketor may act as Data Controller. For example, if the Consumer browses to pages on Ticketor outside of the User’s Website or if the Consumer opts in to receive updates, emails or recommended events from Ticketor.
   4. To the extent that Ticketor is the Data Processor on behalf of Site Owner, Section 6 of this DPA shall apply, however when Ticketor acts as the Data Controller of Consumers' Personal Data, Ticketor's Processing shall not be subject to this DPA.

   5. Here are the details about the Personal Data to be Processed by Ticketor and the Processing activities to be performed under the Agreement:

      1. Data subjects:

         Consumers

      2. Nature, purpose and subject matter:

         to enable Site Owner to build a User Website and promote events and sell and manage tickets

      3. Duration:

         as set out in the Agreement

      4. Data categories:

         First name, last name, phone number, email address, billing address, shipping address, payment information, IP, purchase history, and any other optional Personal Data that Site Owner requests of its Consumers

6. Data Processing clauses:

   Whenever Ticketor Processes Personal Data on behalf of Site Owner:

   1. Ticketor confirms that it is certified and in compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and will maintain its adherence throughout the duration of the Agreement or implement another data transfer mechanism which lawfully permits the transfer of Personal Data outside of the EU and United Kingdom.
   2. Ticketor agrees to Process Personal Data only on the documented instructions of Site Owner, unless it is required by the applicable law to do otherwise. In such case Ticketor shall inform the Site Owner of the legal requirement before Processing Personal Data other than in accordance with Site Owner's instructions, unless that same law prohibits Ticketor from doing so on important grounds of public interest.
   3. Site Owner hereby instructs Ticketor, and Ticketor hereby agrees, to Process Personal Data as necessary to perform Ticketor's obligations under the Agreement and for no other purpose;
   4. Ticketor shall have in place reasonably appropriate technical and organizational measures sufficient for the purposes of processing under this Addendum;
   5. Ticketor shall maintain appropriate technical and organizational measures for protection of the security, confidentiality, and integrity of Personal Data.
   6. In the event of a Personal Data Breach, Ticketor shall notify Site Owner without undue delay and assist Site Owner to enable them to comply with their obligations as a Data Controller in relation to data breach notification requirements
   7. Ticketor shall make sure that its employee and staff are subject to binding obligations of confidentiality with respect to Personal Data
   8. Ticketor shall be fully liable to Site Owner for any failure by a sub-processor to fulfil its obligations in relation to the Personal Data and shall impose obligations on its sub-processors that have access to Personal Data that are the same as or equivalent to those set out in this Section 6 by way of written contract
   9. Ticketor shall reasonably assist the Site Owner in responding to rights requests under Applicable Data Protection Laws, complaints, or other communications received from any Data Protection Authority or individual who is the subject of any Personal Data Processed by Ticketor
   10. If a Consumer submits a Personal Data deletion request to Ticketor, Site Owner hereby instructs and authorizes Ticketor to delete or anonymize the Consumer's Personal Data on Site Owner's behalf;
   11. Upon Site Owner's written request, make available to Site Owner all information reasonably necessary to demonstrate its compliance with the obligations set out in this Section 6 and allow for and co-operate with any audits. Any on-site audits shall be limited to once every three (3) years and only in order to evaluate a specific suspected deficiency after exhausting all other reasonable means as determined by Ticketor and requires reasonable advance notice to Ticketor and subject to appropriate confidentiality undertakings
   12. Ticketor shall return, delete, or destroy the Personal Data at Site Owner's request, unless applicable law requires the storage of such Personal Data. This does not apply to the Personal Data that Ticketor is the Data Controller for.
   13. Ticketor shall, upon Site Owner’s request, provide Site Owner with reasonable cooperation and assistance needed to fulfil Site Owner’s obligations under the GDPR to carry out a data impact assessment related to Customer’s use of Ticketor’s Services, to the extent Site Owner does not otherwise have access to the relevant information, and to the extent such information is available to Ticketor. Ticketor shall provide reasonable assistance to Site Owner in the cooperation or prior consultation with the Supervisory Authority in the performance of its tasks related to Section 6.13 of this DPA, to the extent required under the GDPR.
   14. Site Owner hereby consents to Ticketor's current sub-processors as listed on Ticketor’s site and on Ticketor’s Privacy Policy as of Effective Date of this DPA, ("Current SubProcessors") to Process Personal Data on its behalf.
   15. Site Owner hereby consents to Ticketor appointing additional and replacement sub-processors ("New SubProcessors") to Process Personal Data on its behalf. Ticketor shall give notice to Site Owner of the identity of New Sub-Processors via Ticketor's website and Site Owner is responsible for regularly checking and reviewing Ticketor's website for any such changes. Posting on Ticketor's website shall be the sole means of Ticketor communicating any New SubProcessor;
   16. Ticketor shall give Site Owner the opportunity to object to New SubProcessors in accordance with the below terms
       1. Site Owner shall raise any objection to the appointment of New SubProcessors within ten (10) days of Ticketor posting the changes on its website by sending an email to [email protected] and includes sufficient detail to support its objection and provide specific examples. Ticketor will then use commercially reasonable efforts to review and respond to Site Owner's objection within thirty (30) days of receipt of Site Owner's objection with Ticketor's determined method of accommodation. If Ticketor does not view the objection as providing sufficient supporting detail, the objection shall be deemed invalid and Ticketor has no further obligations.
          
          If Ticketor determines in its sole discretion that it cannot reasonably accommodate Site Owner's objection, upon notice from Ticketor, Site Owner may choose to terminate the Agreement by cancelling their account. No refund shall be provided for any pre-paid services or annual fees.