Stickets Logostickets

STICKETS – PRIVACY POLICY

Last Updated: 10.12.2025

STICKETS LLC ("STICKETS", "we", "our", "us") is committed to protecting your privacy and processing your personal data responsibly, transparently, and in compliance with the laws of Georgia, including the Law of Georgia on Personal Data Protection, as well as internationally recognized standards such as the GDPR.

This Privacy Policy explains what personal data we collect, how we use it, with whom we share it, how we protect it, and what rights you have.

By creating an account or using the STICKETS platform ("Platform"), you agree to this Privacy Policy.

1. WHO WE ARE

Company Name: STICKETS LLC

Registered Address: Georgia, Tbilisi, Vano Sarajishvili Street N32

Email: privacy@stickets.ge

STICKETS operates a digital platform used for primary ticket sales, NFT/blockchain-based tickets, event access, and a controlled secondary resale market.

STICKETS is the Data Controller for all personal data it processes. Event Organizers act as independent Data Controllers for attendee information shared with them through the Platform.

2. DATA WE COLLECT

We collect the following categories of personal data.

2.1. Data You Provide Directly

Account Registration

  • First name
  • Last name
  • Email address
  • Profile photo

Ticket Purchase & Use

We collect additional data as needed to complete your purchase or support event access:

  • Full name (for ticket issuance)
  • Email address (for ticket delivery and updates)
  • Transaction ID (payment reference)
  • Selected ticket type / seat

Organizer-Required Data (Event-Specific KYC)

For certain events (e.g., restricted-access, age-sensitive, or regulatory requirements), Organizers may require additional data such as:

  • Phone number
  • Date of birth
  • Personal identification number
  • Residency
  • Uploaded identity documents

STICKETS collects this data only when required by the Organizer.

2.2. Automatically Collected Data

When you use the Platform, we may automatically collect:

  • IP address
  • Browser and device information
  • Operating system
  • Language preference
  • Access time and duration
  • Login logs
  • Ticket activation logs
  • Crash/error logs
  • Essential cookies (for security, navigation, and authentication)

We do not use analytics or marketing cookies unless explicitly enabled later.

2.3. Blockchain & NFT Data

When you purchase or hold NFT tickets, we collect and process:

Wallet Data

  • Wallet address
  • Smart account identifier (if auto-created)
  • Transaction hashes
  • NFT ownership history (public blockchain data)

Off-chain Ticket Metadata

  • Event name
  • Ticket type
  • Seat number
  • Ticket design image
  • QR code
  • Activation state

Blockchain data is public, permanent, and cannot be modified or deleted by STICKETS.

3. HOW WE USE YOUR DATA

We process personal data for the following purposes:

  • Creating and managing your account
  • Selling and delivering primary tickets
  • Minting, transferring, and managing NFT tickets
  • Operating the resale marketplace
  • Processing payments and refunds
  • Ensuring security, fraud detection, and abuse prevention
  • Fulfilling legal obligations and dispute resolution
  • Providing customer support
  • Sending email notifications about purchases, updates, and platform activity
  • Sending marketing communications (soft opt-in)
    • Users may unsubscribe from marketing emails at any time.
  • Product development and service improvement (including aggregated, anonymized analytics)

4. LEGAL BASES FOR PROCESSING

STICKETS processes your data on the following legal grounds:

  • Your consent (e.g., marketing, newsletters)
  • Performance of a contract (ticket purchase, resale operations)
  • Legitimate interest (fraud prevention, platform security)
  • Legal obligations (tax, accounting, KYC when required)
  • Public blockchain operation (for NFT ticketing)

5. WHO WE SHARE YOUR DATA WITH

5.1. Event Organizers

For the proper operation of events, we share:

  • First & last name
  • Email address
  • Ticket type
  • Seat number
  • Attendance status

We do not share:

  • Wallet addresses
  • Payment card details

Organizers become independent Data Controllers for any data they receive.

5.2. Service Providers

We may share data with trusted partners, including:

  • Payment processors (e.g., PSP used by STICKETS)
  • Cloud hosting providers
  • Email delivery services
  • Blockchain infrastructure providers (RPC nodes)
  • Customer support systems

All service providers are required to protect personal data through appropriate safeguards.

5.3. Law Enforcement & Regulatory Bodies

We may share personal data:

  • When required by Georgian law
  • Upon request from competent authorities
  • To detect, prevent, or investigate fraud or illegal activity

We do not voluntarily share data without a legal obligation.

6. DATA TRANSFERS OUTSIDE GEORGIA

Because our service providers may store data in the EU, UK, or USA, your data may be transferred internationally.

We ensure such transfers comply with legal safeguards, including:

  • Standard Contractual Clauses
  • Adequacy decisions
  • Binding security requirements
  • Contractual protections

7. DATA RETENTION

We keep your data only as long as necessary:

  • Account data → for the duration of the account + 3 years
  • Ticket purchase history → 3 years after service completion
  • Refund records → 3 years
  • Customer support messages → 1 year
  • Email logs → 1 year
  • Cookies → session or up to 12 months
  • Blockchain/NFT data → permanent (not erasable)

After retention periods expire, we securely delete or anonymize personal data.

8. SECURITY MEASURES

We implement industry-standard protections:

  • HTTPS / TLS encryption
  • Encrypted passwords (e.g., bcrypt)
  • Firewalls and access controls
  • Monitoring for fraud and unauthorized activity
  • Role-based employee access
  • Non-custodial wallet architecture (we do not hold private keys)

No method of transmission is 100% secure, but we take all reasonable measures to protect data.

9. USER RIGHTS

Under Georgian law, you have the right to:

  • ✔ Access your personal data
  • ✔ Request correction or updating
  • ✔ Request account deletion
  • ✔ Request restriction or blocking of processing
  • ✔ Withdraw consent (for marketing communications)
  • ✔ Request a copy of your data (portability)
  • ✔ Object to processing based on legitimate interests
  • ✔ File a complaint with the Personal Data Protection Service of Georgia

Requests may be submitted to: privacy@stickets.ge

We respond within the legally required timeframe.

10. CHILDREN & AGE RESTRICTIONS

  • STICKETS is intended for users 18+.
  • Organizers may impose additional age limits on events.
  • We do not knowingly collect data from persons under 16.

11. COOKIES

STICKETS currently uses essential cookies only, for:

  • Login and authentication
  • Security and fraud prevention
  • Platform functionality

Future analytics or marketing cookies will be enabled only with user consent. More details can be found in our Cookies Policy.

12. CHANGES TO THIS POLICY

We may update this Privacy Policy periodically. Changes take effect upon publication on the Platform.

Your continued use of STICKETS after updates means you accept the revised terms.

13. CONTACT

If you have questions or want to exercise your rights, contact:

  • Email: privacy@stickets.ge
  • Address: Georgia, Tbilisi, Vano Sarajishvili Street N32
Privacy Policy | stickets | stickets