Privacy Policy

The data controller for personal data collected through this Site is the operator of towerlondontickets.com. For any data protection enquiries, contact admin@headmastertickets.com.

We collect only the data necessary to process and deliver your order:

2.1.Information you provide at checkout: email address, first name, last name, phone number (if provided). This is the minimum data required to create your booking with the venue supplier and deliver your ticket voucher.

2.2.Order data: ticket type, date selected, number of guests, order total, payment status, order ID. This is generated during the checkout process.

2.3.Payment data: your payment is processed by Stripe, our payment processor. We do not receive, store, or have access to your full card number, CVV, or bank details. Stripe processes your payment in compliance with PCI DSS Level 1. For Stripe's privacy policy, see https://stripe.com/privacy.

2.4.Technical data automatically collected: we do not use cookies, tracking pixels, analytics tools, or marketing tags beyond what is strictly necessary for the Site to function. We do not track your browsing behaviour, build advertising profiles, or share your data with advertisers.

3.1.To process your order: we send your name, email, and phone number to our ticket supplier to create your booking. This is necessary to perform our contract with you.

3.2.To deliver your voucher: we send your ticket voucher PDF to the email address you provided. This is the primary purpose for collecting your email.

3.3.To provide customer support: if you contact us about your order, we use your order data and contact details to assist you.

3.4.To comply with legal obligations: we may retain order records for accounting, tax, and legal compliance purposes as required by applicable law.

3.5.We do not use your data for marketing, advertising, profiling, automated decision-making, or any purpose beyond those stated above.

4.1.Ticket supplier: we share your name, email, and phone number with our third-party ticket supplier (BeMyGuest Pte Ltd, Singapore) solely for the purpose of creating your booking and generating your voucher. The supplier processes this data as a data processor on our behalf.

4.2.Payment processor: Stripe, Inc. processes your payment. Stripe acts as an independent data controller for payment data. See Stripe's privacy policy for details.

4.3.Email delivery: your voucher is delivered via email through our email service provider, who processes your email address solely for the purpose of delivering the voucher.

4.4.We do not sell, rent, trade, or otherwise share your personal data with any other third parties, advertisers, data brokers, or marketing platforms.

5.1.We retain your order data (name, email, order details) for a period of 6 years from the date of purchase for accounting and legal compliance purposes, in accordance with HMRC requirements for business records.

5.2.After the retention period, your data is securely deleted.

6.1.Your data may be transferred to and processed in countries outside the UK and the European Economic Area, including Singapore (where our ticket supplier is based) and the United States (where our payment processor and email service operate).

6.2.Where data is transferred outside the UK/EEA, we ensure appropriate safeguards are in place, including standard contractual clauses approved by the UK Information Commissioner's Office.

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have the following rights:

7.1.Right of access: you may request a copy of the personal data we hold about you.

7.2.Right to rectification: you may request correction of inaccurate personal data.

7.3.Right to erasure: you may request deletion of your personal data, subject to our legal retention obligations.

7.4.Right to restrict processing: you may request that we restrict the processing of your data in certain circumstances.

7.5.Right to data portability: you may request your data in a structured, machine-readable format.

7.6.Right to object: you may object to the processing of your data in certain circumstances.

7.7.To exercise any of these rights, email admin@headmastertickets.com with the subject line "Data Protection Request". We will respond within 30 days.

7.8.You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at https://ico.org.uk if you believe your data protection rights have been violated.

8.1.We do not knowingly collect personal data from children under the age of 16. Orders must be placed by an adult aged 18 or over. If you are under 18, a parent or guardian must place the order on your behalf.

9.1.We may update this Privacy Policy from time to time. The version displayed on the Site at the time of your purchase applies to that transaction.