Data Security is of paramount importance to us.
In terms of what we do with data, we simply hold it, store it and present it to perform the tasks our software does. If you are someone buying tickets from an organiser who uses Tito, you can do so safe in the knowledge that we are not doing anything with your data: we don’t share it, we don’t sell it, and we don’t try to claim it as our own.
GDPR aligns with our core philosophy at Tito when it comes to data: respect people’s data.
In GDPR terms, for anyone who signs up to our service—event organisers and their teams—we act as a data controller. This means we are responsible for how the data is used, and for getting permission on how we use it.
For anyone who registers a ticket via Tito, we are the data processor for their data. Anything we do with this, we do on behalf of our customers, who act as the data controller.
GDPR will have an effect on how event organisers run their events. Both organisers in the EU and organisers outside of the EU who have EU-based customers. A lot of this boils down to transparency and being clear about what is done with data once it is submitted, and crucially, getting consent from the person submitting it.
We have created “A Helpful Guide to GDPR For Conference Organisers” which you can download for free here: https://ti.to/gdpr.
Is Tito GDPR compliant?
Yes. We and our data are located within the EU, in Ireland. All access to our web services is over a secure https connection.
As long as you have a Tito account, your data is retained, and we will delete personal data on request by contacting email@example.com.
Our Terms of Service can be found here: https://ti.to/terms
Our Security Policy can be found here: https://github.com/teamtito/tito-gdpr-compliance/blob/master/security-policy.md
Our list of 3rd Party Services can be found here: https://github.com/teamtito/tito-gdpr-compliance/blob/master/third-parties.md
If you would like to find out more about our data protection policies you can contact us at firstname.lastname@example.org.
Edit your Data Protection settings
To help with the GDPR compliance for organisers we’ve added a number of fields that will be shown on a public page. These should be filled by all organisers.
You can add these for each Tito account you are an admin of and the information can be overridden at the event level if there are any differences for specific events.
Click on your account name, and then on
Account Settings and finally on
Data Protection to get set up. You will need to be an admin on the account to edit this data.
Once you have populated the information, your public data protection page will be available at:
It looks like this:
Organiser and Data Protection Contact
These are straightforward and give your customers contact information in the case they need to get in touch. The organiser can also act as the Data Protection Contact for smaller event teams.
This is the most important part of your compliance, giving your customers a clear statement of how their data will be used. We propose the following text:
The data that is collected will be used by the Organiser to plan and manage the event for which you registered, as well as email you relevant details about the event.
When a customer registers a ticket they will need to consent to this statement once when placing the order, and once when assigning a ticket.
Data Retention Policy
GDPR states that you should only hold on to information as long as you have a legal business case for holding it. Please ensure that you have communicated clearly with your customers how long you are holding on to their data, and what you are using it for.
Terms & Conditions
At the very minimum, we recommend having a code of conduct for your event that your attendees agree to. The one at Conf Code of Conduct is a great starting point. If you wish to get more formal, we recommend contacting a legal advisor to tailor terms of service specific to your events.
Third Party Services
As part of GDPR you will be required to list any third party services that your customer data is passed to. This might be a Customer Relationship Manager, such as Salesforce, an email marketing tool, such as MailChimp, or a workflow automation service, such as Zapier. It’s fine to use these tools so long as you name them. If you are using some of our in-built tracking options (Google Analytics, Facebook, etc.) you should list them here too.
This covers data that is exported manually via our .csv and .xlsx exports, shared via our Webhooks, or shared via our API.
Need help with something specific? Search our FAQs section to find instant answers.
If you can’t see what you need, drop us a line at email@example.com or chat with us in-app and we’ll get back to you as quickly as we can.