- Trycon Technologies Private Limited ("company") is fully committed to protecting the personal data of its products' users and end-users
- From Ticket Validator's users, the company collects personal information (user’s email address and password). This information is solely used by the company or authorized third-party applications to identify and authenticate the users only. This data is never used for unauthorized commercial gains in any way
- To use the features and services of Ticket Validator, the user will share both personal information (email) and non-personal information (password, ticket code). This information will be available to users only and they have the responsibility to make the data available only if they own the data or have the authorization to use the data
- The company shares or may share both personal and non-personal information with third-party applications and service providers only after ensuring that they employ the best practices in data security, privacy policies, and regulatory compliance (including GDPR)
- The company employs best-in-class data security strategies to ensure the protection of users’ and end-users’ data. However, in cases of breaches, the company will inform the regulatory authorities and affected users within 72 hours
- The company will retain the users’ and end-users’ data for a maximum period of 26 months after the user ceases to use the Ticket Validator mobile application (iOS, Android). However, the user will always have the right to either download all data or request permanent deletion
2. Data Collection, Processing & Purpose
During the lifecycle of using Ticket Validator mobile application (iOS, Android), the company collects both Personally Identifiable Information (PII) and non-Personally Identifiable Information (non-PII) either directly, or via a third-party application or service.
See complete list of data points collected by Ticket Validator and their classification.
As part of the company’s commitment to be transparent to its users and end-users, the company is sharing details on what data points are collected, at what stage, and for what purpose:
2.1 User Data
This section outlines the data collected on the users of the Ticket Validator mobile application i.e.Ticket Generator administrators and coordinators who validate tickets using the Ticket Validator mobile application.
To use the Ticket Validator mobile app (iOS, Android), the user must securely login to their Ticket Generator account (setup via the Ticket Generator application available at https://ticket-generator.com).
On the login screen, Ticket Validator collects the following data points:
- User’s email address [PII]
- Purpose: to identify the registered user accessing the mobile application
- Purpose: to authenticate the identified user and provide secure access to the Ticket Validator application and authorized data
2.1.2 Forgot Password
On the Forgot Password screen, Ticket Validator collects the following data points:
- User’s email address [PII]
- Purpose: to identify the registered user and send verification email with link to reset password
- Third-party application: the emailing tool Sendinblue is used to send the verification email and the email address of the user is securely shared with Sendinblue for only this purpose
2.2 Ticket Validation
This section outlines the data collected on the end-users of the Ticket Validator mobile application i.e. event guests whose tickets are validated by users of Ticket Validator mobile application (iOS, Android).
2.2.1 Ticket Validation
On the ticket validation screen, Ticket Validator collects the following data points:
- Ticket code [non-PII]: Ticket code is a unique and random numeric code assigned to a ticket held by the end-user. Ticket code is both printed on the ticket as well as encoded in a QR Code printed on the ticket
- Purpose: to validate if the ticket is valid, invalid, or duplicate
- Timestamp [non-PII]: Time and date of validation of ticket
- Purpose: this data is collected and stored in Ticket Generator application database to use for attendance data and other analytics, accessible to registered account users only
3. Disclosure Of Information To Third Parties
We may share with third parties’ certain pieces of aggregated, non-personal information (e.g., browsing analytics with Google Analytics), and personal information (e.g., email address with Sendinblue emailing service for password reset process).
In all cases, we ensure that the third party:
- Has a good reputation and trustworthy customers
- Has an approachable and responsive support team
- Has robust privacy policies that aim at data protection and security
- Has taken adequate measures to be GDPR compliant
Further, we restrict access to personal information to employees, contractors, and agents who need to know that information in order to operate, develop, or improve our services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution if they fail to meet these obligations.
4. Data Security
The company has implemented best-in-class security protocols to protect user’s and end-user’s data. This data is maintained on the company servers from loss, misuse, and unauthorized access, disclosure, alteration, and destruction.
Examples of these security mechanisms include:
- Encryption of transit data with SSL (HTTPS)
- Staff access to data on a need basis only (e.g. ticket raised by the user, etc.)
- Staff access to third-party apps via multi-factor authentication only
However, please keep in mind that no security system is impenetrable. It may be possible for third parties to intercept or access the company’s users’ data or end-user’s data in spite of these measures.
In the case of data breaches, the company will inform the regulatory authorities and affected users within 72 hours, as per GDPR guidelines.
However, the company cannot guarantee the complete security of your information and cannot be held responsible for unauthorized access to users’ accounts. It is the responsibility of the user to ensure that the account email address and password are not shared with any unauthorized personnel.
5. Data Retention, Portability & Deletion
Purpose: The data will be retained for this period to allow users to review their accounts within this period.
7. Contact Information
To keep your personal data accurate, current, and complete, please contact us as specified below:
Name: Gautam Garg
Address: Trycon Technologies Private Limited, A-130, Sector 63, Noida, Uttar Pradesh, India 201301
The terms and conditions along with privacy policies with all references constitute the sole and entire agreement of the parties to this agreement with respect to the subject matter contained herein and supersede all prior terms and conditions which were agreed upon by the user.