All our servers communicate using state-of-the-art encryption and reject any unencrypted connections. We monitor our servers both automatically and manually for any irregularities. If something still goes wrong, we're public and transparent about it in the news section of this site.
All data stored by pretix is located in Germany on servers in datacenters operated by German companies.
Our company is certified according to ISO/IEC 27001.
If you buy a ticket, we will only process the data to process the ticket sale and forward your data to the organizer of the event. We do not use your data ourselves and we do not correlate your data with other events. To get an exact picture of what happens wo your data, you need to contact the event organizer who legally is the controller of your data. We act as a data processor for them.
Our team has access to your data to be able to look into technical problems and answer support requests. We will only use this access to assist you and the event organizer and we log and audit all such data access.
Some organizers choose to use external tracking like Google Analytics or Facebook Pixels. Those are disabled by default. If you click the "Privacy" link at the bottom of every event page, you will see what tracking features are activated for the particular event.
If you pay for your ticket using a service like PayPal, Stripe, Mollie, Wirecard, or Sofort, we transfer only the minimal necessary amount of data to these services. We do not know or control which additional data is obtained by these services.
If you specify an email address from Outlook or similar providers, we might route all email to you via rapidmail, a German email provider, since Outlook tends to reject direct emails from us as spam.
We do not share your customer data with anyone else. Ever. We use the data of your event only to organise the ticket sales and to calculate and process pretix's fees.
In order to be compliant with GDPR, we recommend that you sign a Data Processing Agreement if you use pretix Hosted. To do so, head to the "Data protection" section of your organizer profile settings to generate and download such a contract.
Our team has access to your data to be able to look into technical problems and answer support requests. We will only use this access to assist you and your customers and we log and audit all such data access.
We use Rapidmail to send you emails about important product or service announcements, as well as optional newsletters.
We might use stricly anonymous numbers about your event for our internal statistics, but only if there is no way to track them back to you. We do this to improve our service on the legal grounds of Art. 6(1) lit. f GDPR.
If you use our mobile apps like pretixSCAN, pretixPOS, pretixPRINT, or pretixLEAD, we usually only use data that is required to provide the app's functionality.
We will obviously store all inputs you make in the app where storing such input is part of the app's functionality, such as scanned tickets, sold tickets, or other types of input. The only data we store about your device is the type of device (e.g. "Samsung Galaxy Tab A") as well as the version of our app. This data will be submitted to the pretix server you connect to. If you use an installation of pretix Community or pretix Enterprise, this is not us and we will not have access to the data.
The only exception is if the app crashes or shows an internal error. To allow us to fix these errors and help with support requests, reports about these errors will be submitted to our servers. In this case, the app will transmit a technical description of the error, together with information about the environment of the app. This includes a device ID, the connected server URL, app version, free disk space, battery level, screen resolution, and the version of the operating system. This data is deleted after 90 days.
You have a right to know what we know about you. If you enter your email address here, we'll send you a file with a report on all data we could find about you.
Please note that this only includes emails you sent to our support team and backend user accounts. For information on your ticket purchases, you need to directly contact the respective event organizers. We are legally not allowed to give you information about this, as we're not the controller of that data.
The file will be automatically generated and should arrive within 30 minutes. If not, please contact us at firstname.lastname@example.org. Please note that email is an unencrypted medium. If you wish that we transfer the data to you in a different way, please get in touch at the same address.
Data deletion is hard in the scope of ticket sales. We (or, the organizers) are forced to keep lots of data around in original form to comply with regulations of tax authorities, since nearly all data collected by us is directly related to a sale.
If organizers still want to remove personal data from our servers, we provide a tool to anonymize all data from an event, while keeping all numbers intact. Please contact us for more information. As a ticket buyer, please contact the organizer of the event you bought tickets for.
The following applies only to this website about pretix, as well as to the blog behind.pretix.eu, not to the specific event pages themselves.
When you visit our website, we need to process data about your request, such as the specific site you requested, your IP address and browser, and similar metadata in order to deliver the website to you. We log this data only in anonymized form, i.e. we do not log any IP adresses or anything else that can be traced back to you.
On this website, we have integrated the Matomo component. Matomo is an open-source software tool for web analysis. It therefore collects data on your website usage and is mainly used for the optimization of our website. In particular, we store: The first bytes of your IP address (i.e. 220.127.116.11 instead of 18.104.22.168), the website you requested, the website you are coming from (so-called referrer), the requested sub-pages, the duration of the user's stay on the website, the number of requests to the website, and information about your system (e.g. browser version, operating system, screen size). Cookies are not in use for this.
The software is operated on our own servers and the data is not shared with third parties. The software is configured to anonymize any IP addresses by stripping the last half of bytes from them. This way, we cannot trace the data back to an individual device or connection. Matomo sets a cookie on your computer.
Legal basis for this processing is Art. 6(1) lit. f GDPR. By anonymizing IP addresses, we comply with the user's interest to protect their data reasonably. We will delete all individual datasets after 90 days. After this time, we will only archive daily averages and sums, but nothing that can be analyzed for individual visitors.
You can object to a collection of through Matomo. For this, you must set an opt-out cookie by clicking on the checkbox in the next paragraph. The opt-out cookie that is set for this purpose is placed on your device. If the cookies are deleted on your system, then you must call-up the link again and set a new opt-out cookie.
The data controller for this website as well as organizer data as well as the data processor of all ticketing data can be reached at the following address:
Phone: +49 6221 32177-50
Our data protection officer is happy to assist you with any questions:
Phone: +49 6221 32177-13
If we process your data, you are a data subject under the terms of GDPR and you are entitled to the following rights:
Right to access: You can request access to a copy of your personal data through the automated form above.
Right to erasure, rectification, restriction of processing, objection to processing, data portability: You can execute these rights by writing us to email@example.com.
Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the terms of the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.
We're happy to tell you more. Just get in touch at firstname.lastname@example.org!