Privacy Policy
How we collect, use and protect your data when you book tickets, experiences and travel on tickets.uk.
Last updated June 2026
1. Who We Are
This Privacy Policy explains how your personal data is collected, used, shared and protected when you use tickets.uk and any related services (the βPlatformβ) to discover and book UK theatre tickets, experiences, attractions and travel.
tickets.uk is operated by tickadoo Inc., registered at 447 Broadway, New York, NY 10013, United States. tickadoo Inc. is the data controller responsible for your personal data, and handles bookings, payments and customer service for the Platform.
We comply with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), the California Consumer Privacy Act (CCPA) and other relevant legislation.
Our Data Protection Officer can be reached at dpo@tickadoo.com.
2. What Data We Collect
We collect the following categories of personal data depending on how you interact with the Platform β whether you are browsing things to do, booking West End tickets, building a trip, or managing your account:
Account and identity data
- Name, email address and phone number
- Account credentials (passwords are stored in hashed form only)
- Profile preferences, saved trips, language and currency settings
Booking and transaction data
- Experience booked, date, time, ticket type and number of participants
- Booking reference numbers and confirmation details
- Cancellation and refund history
Payment data
- Payment card details are processed directly by a PCI-DSS certified payment processor and are never stored on our servers
- We retain transaction records including amount paid, currency, payment method type and transaction identifiers
Usage and device data
- Pages visited, search queries and experiences viewed
- Device type, browser, operating system and screen resolution
- IP address and approximate geographic location derived from IP
- Referral source and attribution data
Communications data
- Messages sent to our customer support team
- Email interaction data (opens, clicks) for transactional and marketing emails
3. How We Use Your Data
We use your personal data for the following purposes:
- Fulfilling your bookings β processing payments, issuing e-tickets, sending confirmations and communicating booking updates (handled by tickadoo)
- Account management β creating and maintaining your account, saved trips, preferences and booking history
- Customer support β responding to enquiries, processing cancellation and refund requests, resolving disputes
- Fraud prevention and security β detecting and preventing fraudulent transactions, unauthorised access and payment disputes
- Analytics and service improvement β understanding how the Platform is used, identifying technical issues and improving our features and user experience (see Cookies, Analytics & Session Recording below)
- Marketing communications β sending promotional emails about deals, upcoming events and new destinations where you have consented or where we have a legitimate interest (with an easy opt-out)
- Legal compliance β meeting tax, accounting and regulatory obligations and responding to lawful requests from authorities
4. Legal Bases for Processing
Under the UK GDPR and EU GDPR, we process your personal data on the following legal bases:
- Performance of a contract β processing bookings, issuing tickets, processing payments and providing related customer support
- Legitimate interests β fraud detection and prevention, Platform security, analytics and service improvement, and direct marketing to existing customers (where permitted), balanced against your rights and freedoms
- Consent β marketing communications to non-customers and the placement of non-essential cookies
- Legal obligation β retaining transaction records for tax and accounting purposes and complying with court orders or regulatory requests
Where we rely on consent you may withdraw it at any time by contacting us or using the unsubscribe link in marketing emails. Withdrawing consent does not affect the lawfulness of processing carried out beforehand.
5. Who We Share Your Data With
We share your personal data only where necessary and with appropriate safeguards in place:
tickadoo (booking, payment and fulfilment)
When you book through tickets.uk, your booking, payment and fulfilment are handled by tickadoo under its own terms and privacy policy. Questions about orders, payments or ticket delivery should be directed to tickadoo.
Experience suppliers
We share the details needed to deliver your booking (such as your name, booking date and number of participants) with the supplier responsible for the experience. Suppliers are required to handle your data only for the purpose of fulfilling your booking.
Service providers
We use carefully selected third-party processors who handle data on our behalf: a PCI-DSS certified payment processor (card data never touches our servers); hosting, content delivery and security providers (including Cloudflare); secure database hosting (Supabase); product analytics (Google Analytics and PostHog); and email delivery (Resend). All are bound by data processing agreements.
Legal disclosure and business transfers
We may disclose your data where required by law, court order or regulator, or to protect our legal rights and prevent fraud. In the event of a merger, acquisition or sale of assets, your data may be transferred to the acquiring entity, and we will notify you of any such transfer.
6. Cookies, Analytics & Session Recording
We use the following categories of cookies and tracking technologies:
- Essential cookies β required for the Platform to function, including session management, security and your preferences. These cannot be disabled
- Analytics cookies β used to understand how visitors interact with the Platform (Google Analytics and PostHog), so we can identify and fix issues and improve the booking experience
- Attribution data β used to attribute bookings to the correct referral source
Session recording
To understand how the Platform is used and to diagnose problems, we use session-replay technology to record anonymised, masked interactions such as page views, clicks and scrolling. All form inputs are masked at the point of capture, automated and bot traffic is excluded, and we honour browser Do Not Track and Global Privacy Control signals. Recordings are processed on our own infrastructure (provided by tickadoo), not a third-party session-replay service, and are retained for a limited period before deletion.
You can control cookies through your browser settings and disable session recording by enabling Do Not Track / Global Privacy Control in your browser, though some functionality may be affected.
7. Data Retention
We retain your personal data only for as long as necessary:
- Booking and transaction records β 7 years, as required for accounting, tax and legal compliance
- Account data β for the duration of your account, plus 3 years after closure or a deletion request
- Analytics and session-recording data β identifiable session data is retained for a limited period (up to 24 months); aggregated and anonymised data may be retained indefinitely
- Marketing data β until you withdraw consent or request deletion
- Customer support records β 3 years from the most recent interaction
When retention periods expire, data is securely deleted or irreversibly anonymised, unless a legal obligation requires longer retention.
8. International Data Transfers
Your personal data may be transferred to and stored in the United States and other countries where our service providers operate. Where data is transferred outside the UK or the European Economic Area to a country without an adequacy decision, we rely on appropriate safeguards including Standard Contractual Clauses or the UK International Data Transfer Agreement. You may request a copy of the relevant safeguards at privacy@tickadoo.com.
9. Your Rights
UK and EEA residents (UK GDPR / EU GDPR)
- Access β request a copy of the personal data we hold about you
- Rectification β request correction of inaccurate or incomplete data
- Erasure β request deletion of your data where there is no compelling reason for continued processing
- Restriction β request that we limit processing in certain circumstances
- Data portability β receive your data in a structured, commonly used, machine-readable format
- Object β object to processing based on legitimate interests, including direct marketing
- Withdraw consent β where processing is based on consent, withdraw it at any time
- Lodge a complaint β with the Information Commissionerβs Office (ICO) at ico.org.uk, or your local supervisory authority in the EEA
California residents (CCPA / CPRA)
- Know β request disclosure of the categories and specific pieces of personal information we have collected
- Delete β request deletion of your personal information, subject to certain exceptions
- Opt out of sale β we do not sell your personal information as defined by the CCPA
- Non-discrimination β exercise your privacy rights without discriminatory treatment
To exercise any of these rights, contact privacy@tickadoo.com. We will respond to verified requests within 30 days (or the timeframe required by law) and may ask you to verify your identity first.
10. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (TLS/HTTPS) and at rest, access controls on a need-to-know basis, regular monitoring, PCI-DSS compliant payment processing (card data never touches our servers) and automated fraud detection. No system can guarantee absolute security; if you believe your account or data has been compromised, contact security@tickadoo.com immediately.
11. Childrenβs Privacy
The Platform is not directed at children under 16 (or the relevant minimum age in your jurisdiction) and we do not knowingly collect their personal data. If you believe a child has provided us with personal data without appropriate parental consent, contact privacy@tickadoo.com and we will take steps to delete it.
12. Third-Party Links
The Platform may link to third-party websites, including tickadoo, supplier booking pages and social media. We are not responsible for their privacy practices and encourage you to read their privacy policies before providing personal data.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes we will revise the βLast updatedβ date above and, where appropriate, notify you. Your continued use of the Platform after any changes constitutes acceptance of the updated policy.
14. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us:
- Data Protection Officer: dpo@tickadoo.com
- Privacy enquiries: privacy@tickadoo.com
- General support: support@tickadoo.com
tickadoo Inc., 447 Broadway, New York, NY 10013, United States.
UK supervisory authority: Information Commissionerβs Office (ICO) β ico.org.uk