Privacy and Cookie Policy
For the purposes of applicable data protection and privacy laws, SISTIC.COM PTE LTD ("SISTIC", "us", "we"), with its registered office at 6 Changi Business Park Avenue 1, #06-22, ESR BizPark @ Changi (North Tower) Singapore 486017, is considered the “Data Controller” in respect of the personal data that it collects, uses and manages in accordance with this Privacy Policy. Where SISTIC processes collects, uses and manages personal data on behalf of a third party such as a Provider or Venue Host (both as defined below), it will be considered a "Data Processor” under applicable data protection and privacy laws.
SISTIC respects the privacy of all our customers, business contacts and other visitors to and users of our Site, and is committed to safeguarding the personal data you provide to us. Please read this Privacy Policy to learn more about the ways in which we collect, use and protect your personal data. We want you to fully understand our privacy practices. If you have any questions, please send an email to our data protection team at dataprotection@sistic.com.sg.
Overview
This Privacy Policy applies to the services available on or through SISTIC's website at www.sistic.com.sg and all related domains and sub-domains ("Site").
This Privacy Policy describes the data that we collect from you, how we may deal with that data, in the course of our normal business operations and the rights you have in relation to your personal data.
Please note that our Site may contain links to other websites. These third party sites are not subject to this Privacy Policy and we recommend that you check the privacy and security policies of each website that you visit. We are only responsible for the privacy and security of the data that we collect and have no control over the actions of any third parties in relation to your data.
Privacy Policy
1. Data Collection and Use
1.1 Whose personal data we collect and how we collect it
1.1.1 SISTIC collects personal data from a range of individuals in the context of its business activities, including our customers, representatives of our suppliers, Providers, Venue Hosts and other business contacts; contractors; users of the Site; individuals who contact us by any means; and job applicants.
1.1.2 We collect personal data voluntarily provided by you when you: visit our Site and/or complete one of our web forms; register with our Site; contact our customer service team or request information from us in any other way; visit our premises and kiosks; submit an order for any of the Services, or make a Ticket booking for any event, whether through physical kiosks, our Site, or selected sales channels of SISTIC, our Providers or other third parties (including through selected third party platforms linked to our ticketing system); attend any events organised or managed by us or our Providers, or enter any premises of ours or our Venue Hosts; communicate with us, including via social networking websites, third party applications or similar technologies; or subscribe to our newsletters or emails.
1.1.3 We receive personal data from third party sources including API sales channels and promoter sales channels.
1.2 For whom do we collect your personal data
In relation to your booking or enrolment for tickets, etickets, vouchers, memberships, or packages, or your donation (each a “Ticket”) for a specific event, show, performance, screening, exhibition, conference, transport service, attraction, food and beverage, place of interest, ride, venue access, membership programme, product, service, or charitable or beneficial cause (each a "Service"), to be hosted or provided at a physical venue, virtual venue, online platform or website (each a “Venue”), we collect your personal data for use and disclosure in accordance with this Privacy Policy, as follows:
1.2.1 For SISTIC’s use:
We collect your personal data in our own capacity as Ticket seller, for use and disclosure by SISTIC and its agents, for the purpose of Ticket sale processing and issuance..
1.2.2 For the Provider’s & Venue Host’s use:
We also collect your personal data as ticketing agent and data intermediary on behalf of:
(i) the entity or entities operating, managing, producing, promoting or providing the Service and their agent(s) (each a "Provider"), for the Provider’s use and disclosure for the purposes of Ticket sales, Service management and administration, providing Service-related services, processing bookings or Tickets for admission to the Service, or other related activities (collectively “Service Administration”);
(ii) the entity or entities owning, operating, or managing the Venue hosting the Service and their agent(s) (each a “Venue Host”), for the Venue Host’s use and disclosure for the purposes of managing Venue admission, seating, and/or access (collectively “Venue Administration”).
Where you have consented to receiving marketing materials from SISTIC, Provider, and/or Venue Host, and their respective marketing agents, your personal data will be used and disclosed for such marketing purpose in accordance with Section 2 below.
It is the Provider’s and/or Venue Host’s obligation to notify you and to obtain any legally required additional consents if it wishes to use your personal data for any other purpose, or if it wishes to share your personal data with any third party.
1.3 What personal data we collect and why we collect it
1.3.1 We collect and use your personal data to allow us to provide services and features to meet your needs, and to customize and improve our services to make your experience more secure and convenient and for the other purposes in Section 1.2. We only collect personal data about you that we consider necessary for achieving these purposes.
1.3.2 If you choose to use our services, we may require you to provide contact and identity information, including your name, address, email address, phone number and other personal data as indicated on the forms throughout the Site, or which you choose to provide us with. Where relevant, we will indicate which fields are mandatory and which fields are optional.
1.3.3 In general, we collect and use your personal data to facilitate our provision of the services requested by you. We will maintain records about your use of our services. We will collect, use and retain the data in your records, and such other data that we may obtain from time to time in connection with your current and past activities on the Site, for as long as the purpose for which the data is collected continues or where otherwise necessary for legal purposes or the purposes of our normal business operations where permitted by applicable law. Thereafter, we will destroy or delete the data, or remove the means by which the data can be associated with you such that the data is fully anonymised. We process your personal data for the following purposes and such other purposes as detailed in this Privacy Policy: providing you with Tickets and information relating to Services ordered or requested by you, including any sales, refunds, or exchanges; notifying you of any changes to the Services you have ordered, including changes relating to any events for which you have made Ticket bookings; improving our services; resolving disputes; troubleshooting problems; helping promote secure trading; collecting fees owed to us; conducting surveys, obtaining customer feedback and measuring consumer interest in our products and services; communicating with you (including on behalf of Providers and Venue Hosts); administering the Site and customising and optimising your experience on the Site; providing your personal data to Providers for Service Administration and to Venue Hosts for Venue Administration, as detailed in Section 1.2 above; marketing purposes as further detailed in Section 2 below; complying with applicable laws and regulations; detecting and protecting us against error, fraud and other criminal activity; other business purposes including managing accounts and records, legal, regulatory and internal investigations and debt administration and such other purposes as may be notified to you before or at the time of collection or use of the data.
1.3.4 We may also look across multiple users to identify problems or resolve disputes, and in particular, we may examine your personal data to identify users using multiple user-IDs or aliases. We may also compare and review your personal data for errors, omissions and/or accuracy.
1.3.5 Under some circumstances, we may require certain financial information from you. We use your financial information (including credit card information) only to verify the accuracy of your name, address, and other information, to detect any fraud or other criminal activity, and to bill you for your use of our services.
1.3.6 We may take photographs or video recordings at a Service, event, Venue or premises of ours or our Providers or Venue Hosts. We take these photographs or video recordings for publicity and promotional purposes or for such other purposes notified to you at the Service, event, Venue or premises. Where we do so, we may capture your image or likeness as part of the wider crowd of attendees at the event. If you do not wish for your image to be used in this way, or would like us to remove a photo that contains your image, please contact us using the methods detailed in Sections 9 and 11 below. In situations where we intend to take more close up or individual photos or video recordings of you, we will always seek your consent before doing so.
1.4 Cookies and Similar Technologies
1.4.1 Our Site uses cookies and similar technologies to distinguish you from other users. This helps us to provide you with a good experience when you browse our Site and enables us to improve our Site.
1.4.2 Cookies are text files which are downloaded to your device when you visit a website, allowing your device to be recognised.
1.4.3 For more information on how we use cookies, please see our Cookie Policy.
1.4.4 When you use our Site, we collect certain standard information that is sent by your browser to our Site. This includes technical information, such as your IP address, browser type, operating system, language, time zone setting, access times, country and any referring website addresses.
1.4.5 If you access a YouTube video through an API link on our Site, cookies may be used on your device in accordance with the Google Privacy Policy. Please note as well, the apps which will have access to your YouTube and Google account in your Google Security setting page.
2. Marketing opt-in and opt-out provisions
2.1 When you register for a SISTIC account or purchase Tickets for a Service, you may opt-in to receive marketing information via email from: SISTIC, Providers, Venue Hosts, and/or such parties’ marketing agents. This information will include the latest news on Services, including shows, events, promotions, contests and/or lucky draws.
2.2 If you opt to receive marketing information from SISTIC and its marketing agents:
2.2.1 We will use your email address to inform you about online and offline offers, products, services, and updates, and send you our e-newsletters and/or electronic direct marketing materials such as the SISTIC Buzz and SISTIC Buzz Special, which provide information on Services that are jointly promoted by SISTIC. The SISTIC Buzz features multiple Services organised by various Providers, while the SISTIC Buzz Special features one or more Services organised by a single Provider. We may also display event-related content and advertising on our Site where we believe this may be of interest to you.
2.2.2 We collect your personal data in our own capacity and for our own use, and such use of your personal data by SISTIC shall be governed by the terms of this Privacy Policy. We may also use marketing agents and disclose your email address to our marketing agents for the purposes of carrying out the above marketing activities on our behalf.
2.2.3 If you change your mind at any time and wish to un-subscribe from SISTIC’s marketing material, you may easily do so via the unsubscribe link found on each email, or through our hotline at +65 6348 5555. Alternatively, you may also log into "My Account" at www.sistic.com.sg and opt out directly by editing your email preferences.
2.3 If you opt to receive marketing information from a Provider, Venue Host, and/or their marketing agent(s), as applicable (each a “Marketing Entity”):
2.3.1 SISTIC will, as ticketing agent and/or data intermediary of such Provider and/or Venue Host, disclose to such Marketing Entity, your email address and other personal data relevant to such marketing purpose, and such Marketing Entity will be contractually bound to SISTIC to only use such personal data for marketing purposes within the scope of your consents, and to comply with the provisions of the Personal Data Protection Act (No. 26 of 2012) (“PDPA”) and any other laws relating to privacy and data protection that may apply in your jurisdiction. Any marketing or other communication sent to you by the Marketing Entity may be subject to its own privacy policy. The Marketing Entity is responsible for contacting you for obtaining any required additional consents if it wishes to use your personal data for any other purpose.
2.3.2 If you change your mind at any time and wish to un-subscribe from any Marketing Entity's marketing material, please contact the Marketing Entity to do so. If you wish to obtain the contact particulars of the Marketing Entity, you may call our hotline at +65 6348 5555.
3. The legal basis for SISTIC processing your personal data
3.1 If you are located outside of the UK and the EU
Access to and use of the services available on or through the Site is conditional upon acceptance of SISTIC's Conditions of Access. By accessing and/or using the services available on or through the Site, you hereby acknowledge you have read SISTIC's Conditions of Access and this Privacy Policy, and that you are expressly agreeing to the Conditions of Access and expressly consenting to our collection, use and disclosure of your personal data in accordance with this Privacy Policy. If you do not agree to the Conditions of Access and/or do not consent to such collection, use and disclosure of your personal data, please do not access or use the services available on or through the Site.
3.2 If you are located in the UK or the EU
In order to comply with applicable data privacy laws, SISTIC is required to set out the legal basis for the processing of your personal data. In accordance with the purposes for which we collect and use your personal data, as set out above, the legal basis for SISTIC processing your personal data will typically be one or more of the following:
3.2.1 your consent;
3.2.2 the performance of a contract that we have in place with you or other individuals;
3.2.3 SISTIC or our third parties' legitimate business interests as an event organising and/or ticketing platform (for example, to protect the security and integrity of our systems, to provide you with customer service, to promote and publicise our services to other customers); or
3.2.4 compliance with our legal obligations.
4. Sharing with and Disclosure to Third Parties
4.1 There are certain circumstances in which we may disclose, transfer or share your personal data with certain third parties without further notice to you, as set forth in this Privacy Policy. We may disclose your personal data to our third party service providers (including any third party service provider which hosts or manages data from this Site) who process your personal data on behalf of SISTIC; credit, debit and charge card companies, banks and other entities processing payment instructions given by you through this Site; our marketing agents (where you have opted to receive marketing from us); lawyers and other professional advisors; auditors; our ticketing outlets and agents and any other agents or subcontractors acting on our behalf), government or regulatory authorities, Providers and/or Venue Hosts for the purpose of Service Administration and/or Venue Administration, to the extent required in the normal course and scope of our business in the provision of our services, and where required or permitted by applicable law, statute, stock exchange regulation or by-law, regulatory or governmental order or court order. Our Providers and Venue Hosts may in turn disclose your personal data to their third party service providers to the extent required for Service Administration and/or Venue Administration.
4.2 We may share your personal data with people within our organisation, including people within our group companies, who have a “need to know” that data for business or legal reasons, for example, in order to carry out an administrative function such as processing an invoice, or to direct a query that you have submitted to the relevant department within SISTIC.
4.3 We may disclose your personal data to third parties in the event that we sell, buy or merge any business or assets, including to the prospective seller or buyer of such business or assets.
4.4 Finally, we may share non-personal data with other third parties that are not described above. When we do so we may aggregate, anonymise, or de-identify the information so that a third party would not be likely to link data to you, your computer, or your device.
4.5 When you purchase a Ticket or otherwise register for a Service, the relevant Provider and Venue Host will receive the personal data that you provide. Other third parties involved in the Service may also receive your personal data. We are not responsible for the actions of these Providers, Venue Hosts or other third parties, with respect to your personal data. It is therefore important that you review the applicable policies of the Providers and Venue Hosts, and if applicable and available, their appointed third party service providers or other business contacts, before providing personal data or other information in connection with your purchase of or registration for a particular Service.
5. Transfers of Personal Data if you are based in the UK or the EEA
5.1 Please note that any person to whom SISTIC may disclose your personal data under this Privacy Policy may be situated in a country other than your own and that such country may provide a lower level of data protection requirements than your own country. By agreeing to this Privacy Policy, you consent to the transfer of your personal data to a country other than your own.
5.2 Whenever we transfer personal data across borders, we take legally required steps to ensure that adequate safeguards are in place to protect your personal data and to make sure it is treated in accordance with this Privacy Policy. If you are located in the EEA or the UK, you can request a copy of the safeguards which we have put in place to protect your personal data and privacy rights in these circumstances, via email at dataprotection@sistic.com.sg. You can also write to us at 6 Changi Business Park Avenue 1, #06-22, ESR BizPark @ Changi (North Tower) Singapore 486017.
6. Social Media
6.1 You can connect your SISTIC account to your accounts on third party services like Facebook, in which case we may collect, use, disclose, transfer and store/retain information relating to your account with such third party services in accordance with this Privacy Policy. For example, if you connect with Facebook, we store your Facebook ID, first name, last name, email, location, friends list and profile picture and use them to connect with your Facebook account to provide certain functionality on the Services, like recommending events that your Facebook friends are interested in and sharing the events you are interested in, or attending, with certain groups of people like your Facebook friends.
6.2 When you “like” or “follow” us on Facebook or other social media sites, we may collect some information from you including your name, e-mail address, and any comments or content you post relevant to us. We likewise may collect your personal data if you submit information to us through social media sites.
6.3 SISTIC’s own website may contain links to Facebook or other social media sites, such as through the Facebook “Like” button. When you interact with these links, your browser will establish a direct link with the Facebook (or other social media site’s) servers. Using the example of the Facebook ‘like’ button, Facebook will then receive information about your browser and activity, and may link it to your Facebook user account. For more information about how Facebook and other social media sites use data, please see their own policies.
6.4 SISTIC may provide you with opportunities to contract directly with third parties, and/or to integrate with third party services or applications, through our Site. In such instances, we will disclose your personal data to other entities in order to fulfill a request by you, or to provide services you have requested.
7. Security
7.1 Your privacy is important to us. We put in place reasonable security arrangements (which shall at least be equivalent to industry standard practices) to protect your privacy and personal data, in such manner and to such extent as we deem reasonably appropriate to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. However, there is no such thing as "perfect security" and we do not guarantee in any way, and you should not expect, that your personal data or private communications will always remain private and/or safe from any abuse or misuse by third parties.
7.2 Your personal data to be used by SISTIC is stored on SISTIC's servers located in Singapore. We use such organisational, procedural and technical safeguards as we deem reasonably necessary to protect your privacy and to protect your personal data against loss, theft and unauthorised access, collection, use, disclosure, copying, modification or disposal. Such safeguards include but are not limited to the use of encryption, firewalls and Secure Socket Layer technology. We will also employ the appropriate security techniques to reasonably protect data against loss, theft, and unauthorized access, collection, use, disclosure, copying, modification or disposal by users inside and outside SISTIC.
7.3 SISTIC protects the personal data it collects in a secure database with important data being encrypted, and the database servers are hosted in a protected data centre. SISTIC employees are required, as a condition of their employment, to treat personal data held by SISTIC as confidential, and to maintain the confidentiality of that personal data.
7.4 As "perfect security" does not exist, SISTIC does not represent or warrant that there will not be, and hereby disclaims any responsibility or liability directly or indirectly arising out of or in connection with, any loss, theft, or unauthorised access, collection, use, disclosure, copying, modification, disposal or similar actions with regard to any data held or maintained by us.
7.5 You are advised to contact the relevant Provider and/or Venue Host if you wish to find out how it stores your personal data. If you wish to obtain the contact particulars of the Provider or Venue Host, you may call our hotline at +65 6348 5555.
8. Records retention
8.1 Your personal data is not kept for longer than is necessary for the purposes for which it is collected, or where permitted by applicable law, no longer necessary for legal purposes or the purposes of our normal business operations. This means that data and records (including personal data) are destroyed or erased from our systems when no longer required. The amount of time that records are kept for varies depending upon the type of personal data they contain.
9. Accessing and Updating your Data
9.1 Applicable data privacy laws give rights to individuals in respect of personal data that organisations hold about them. If you wish to access, correct, update, delete, limit or object to the processing of or otherwise change or remove any personal data that you provide for SISTIC’s use, please contact us at: our hotline +65 6348 5555 for assistance. You will also be able to change it directly after logging in under "My Account" at www.sistic.com.sg.
9.2 You may also request to receive a copy of any personal data that you have provided to SISTIC for SISTIC’s use, and to transmit such personal data to another organisation of your choosing, where such personal data is processed by SISTIC by automated means, and is based on your consent, or on a contract to which you are a party.
9.3 We will consider and respond to all requests under this Section 9 in accordance with applicable law.
9.4 If you initiate a data deletion request, SISTIC is authorised to delete or anonymize your personal data even if that means rendering it unavailable to the Provider and Venue Host. However, you understand that even if we delete or anonymize your personal data upon your request or pursuant to this Privacy Policy, your personal data may still be available in the Provider's and Venue Host’s own databases if transmitted to the Provider and/or Venue Host prior to us receiving or taking action on any deletion or anonymization activity.
10. Changes to the Privacy Policy
10.1 SISTIC reserves the right to amend its prevailing Privacy Policy at any time and will place any such amendments on this Site. It is your responsibility to review this Privacy Policy every time you submit information to us.
11. Contact SISTIC
11.1 If you have further questions about this Privacy Policy or wish to contact us regarding our privacy practices and policies, please do not hesitate to contact us at: dataprotection@sistic.com.sg. You can also write to us at 6 Changi Business Park Avenue 1, #06-22, ESR BizPark @ Changi (North Tower) Singapore 486017.
11.2 You may also contact the Personal Data Protection Commission of Singapore via their website at https://www.pdpc.gov.sg, or if you are in the UK or the EU, you may contact your local supervisory authority for data protection, to lodge a complaint on personal data protection concerns.