Surtix is the safe and transparent way to buy and sell tickets. Sellers set their own prices, which may be above or below face value. Every order is verified and protected.

Privacy Policy

Key Information

Effective Date: 12 November 2025

Registered Office: 175A Bencoolen Street, #07-02 Burlington Square, Singapore 189650

Contact Email: privacy@surtix.com

Data Protection Officer (DPO) / Contact: Privacy Team (responsible for data-protection matters) – privacy@surtix.com

Where this Policy applies: This policy applies to the Controller’s operations in Singapore and to users of the Website / Platform wherever located

Jurisdiction / Applicable Law: Singapore / PDPA

Supervisory Authority: PDPC (Singapore)

Website / Platform: surtix.com

Cookie & Tracking Policy: Covered in the Cookies section below

Marketing Channels Used: Email

Analytics & Advertising Partners: Google Analytics

International Data Transfer Mechanism: Standard Contractual Clauses (SCCs)

Data Retention Period: Active + 2 years; 6 years for tax / legal records

Intended Audience / Age: Adults 18+

Privacy Request Form URL: None (currently handled via email)

Sensitive Data Collected: Yes – temporary ID & biometric data processed by Veriff; Controller retains only verification results (name, DOB, status)

Third-Party Marketing Sharing: No

Market Research & Surveys: Disabled

Corporate Transactions Clause: Enabled

1. Important information and who we are

This Privacy Policy explains how the Controller collects and uses personal data in connection with your use of the Website / Platform, including any data you provide when you register for an account, purchase a product or service, subscribe to updates, or otherwise interact with us.

The Website / Platform is intended for the audience described in the Intended Audience / Age field in the Key Information, and we do not knowingly collect data from anyone outside that group.

The Controller, as set out in the Key Information section above, is responsible for your personal data. When this Privacy Policy refers to “we”, “us” or “our”, it means the Controller.

If you have any questions about this Privacy Policy or wish to exercise any of your privacy rights, please contact us using the Contact Email provided in the Key Information. If a Data Protection Officer (DPO) has been appointed, their details are also included in that section.

2. The types of personal data we collect about you

Personal data means any information about an individual from which that person can be identified.

The Controller may collect, use, store, and transfer different kinds of personal data about you in connection with your use of the Website / Platform and our related products or services. We group this data into the following categories:

  • Identity Data — such as your first and last name, username or similar identifier, and, where relevant, date of birth or gender.
  • Contact Data — including your billing or delivery address, email address, and telephone number.
  • Financial Data — such as payment-card or bank-account details used to process transactions.
  • Transaction Data — including details about payments to and from you and the products or services you have purchased.
  • Technical Data — such as internet-protocol (IP) address, browser type and version, time-zone setting and location, operating system and platform, and other technology used to access the Website / Platform.
  • Profile Data — such as your username and password, account settings, preferences, and feedback.
  • Usage Data — information about how you interact with and use our Website / Platform, products, and services.
  • Marketing and Communications Data — your preferences for receiving marketing from us through the Marketing Channels Used and your communication preferences.

We do not collect Sensitive Data (as defined by applicable law) unless the Sensitive Data Collected field (for example, government ID, health, or biometric data) in the Key Information states otherwise.

We may also collect, use, and share aggregated or statistical data—such as analytics on traffic volumes or user engagement—which does not directly or indirectly identify you. For example, we may aggregate Usage Data to understand how people use particular Website / Platform features and to help improve our services.

3. How is your personal data collected?

We use different methods to collect personal data about you, including through:

Your interactions with us

You may provide personal data directly to the Controller by filling in online forms or corresponding with us by email or other digital channels. This includes data you provide when you:

  • register for an account on the Website / Platform;
  • subscribe to a service, newsletter, or updates;
  • make a purchase or payment;
  • request marketing via the Marketing Channels Used;
  • respond to a survey or provide feedback; or
  • contact us for support.

(b) Automated technologies or interactions

When you interact with the Website / Platform, we automatically collect Technical Data such as your IP address, browser type, and usage patterns.

This information is gathered using cookies and similar technologies to help us understand user behaviour and improve performance.

For more details, please see the Cookie Policy referenced in the Key Information.

(c) Third parties or publicly available sources

We may also receive personal data from trusted third-party sources that help us operate the Website / Platform, including:

  • analytics and advertising partners identified in Analytics & Advertising Partners (for example, Google Analytics);
  • payment and cloud-hosting providers who support our operations; and
  • publicly available sources such as business registries or social-media platforms (where lawful to do so).

These third parties collect data in accordance with their own privacy notices, and the Controller ensures that each provider meets the requirements of the applicable Jurisdiction / Applicable Law.

4. How we use your personal data

The Controller uses your personal data only for the purposes explained in this Privacy Policy and in line with the Jurisdiction / Applicable Law stated in the Key Information.

We collect and process personal data so that we can:

  • Provide and manage your account on the Website / Platform.
  • Deliver products or services you request and process related payments.
  • Communicate with you, including responding to enquiries or support requests.
  • Improve and personalise our Website / Platform, features, and user experience.
  • Send marketing or product updates through the Marketing Channels Used, where you have not opted out or have provided consent where required.
  • Comply with legal or regulatory obligations applicable to the Controller.
  • Carry out voluntary surveys or market research (if enabled in the Market Research & Surveys field in the Key Information, participation is always optional).

Legal bases for processing

Depending on the circumstances, we process your data on one or more of the following legal bases

  • Contract performance – where the processing is necessary to provide products or services you request
  • Legitimate interests – to operate, secure, and improve our business and Website / Platform in ways that do not override your privacy rights.
  • Consent – where required by law, for example before sending direct marketing communications.

Data retention

We retain personal data only as long as necessary for these purposes, in line with the Data Retention Period shown in the Key Information.

Further information

If we rely on consent, you may withdraw it at any time by contacting us at the Contact Email listed in the Key Information or by using the unsubscribe mechanism provided in our communications.

5.Direct marketing and opt-out

The Controller may send you product updates, service announcements, or other information through the Marketing Channels Used set out in the Key Information.

We do this only where permitted under the Jurisdiction / Applicable Law, based either on your consent or on our legitimate interest in keeping you informed about our services.

You can change your marketing preferences or opt out of marketing at any time by:

  • using the unsubscribe link or preference tools included in each message; or
  • contacting us at the Contact Email listed in the Key Information.

If you choose to opt out, we will stop sending marketing communications but will still send service-related or transactional messages that are necessary to provide the Website / Platform or fulfil a purchase.

We do not share your personal data with other companies for their own marketing unless the Third-Party Marketing Sharing field in the Key Information indicates otherwise. If enabled, we will only share your details for another company’s marketing with your prior consent.

6. Cookies

The Website / Platform uses cookies and similar technologies to recognise you, remember your preferences, and analyse how you interact with our services. These tools help the Controller improve site performance and deliver a more personalised experience.

You can manage or disable cookies at any time through your browser settings or by following the guidance in the Cookie Policy listed in the Key Information.

Where required by the Jurisdiction / Applicable Law, we will obtain your consent before placing non-essential cookies on your device.

7. Disclosures of your personal data

We may share your personal data with:

  • Service Providers – trusted third parties who support our operations, including cloud-hosting, analytics, payment, communication, and marketing partners listed under Analytics & Advertising Partners in the Key Information.
  • Professional Advisers – such as lawyers, accountants, and auditors who provide services to the Controller.
  • Regulators or Authorities – where disclosure is required by law or under the Jurisdiction / Applicable Law stated in the Key Information.
  • Corporate Transactions – as described in the Corporate Transactions Clause field in the Key Information (e.g., a merger or acquisition) and only to the extent necessary for evaluating or completing the transaction.

All recipients are required to protect personal data in line with this Privacy Policy and to use it only for the purposes for which it was disclosed.

The Controller does not sell or rent your personal data to third parties.

8. International Transfers

The Controller may transfer personal data outside the country in which you are located if required to operate the Website / Platform or provide its services. Whenever personal data is transferred internationally, we ensure that an appropriate safeguard applies in accordance with the Jurisdiction / Applicable Law listed in the Key Information.

In particular, we rely on the International Data Transfer Mechanism described in the Key Information — for example, approved Standard Contractual Clauses or another legally recognised safeguard — to ensure that personal data continues to receive a level of protection consistent with applicable privacy laws.

Where service providers are based overseas, the Controller takes reasonable steps to confirm that they handle data securely and only in accordance with our instructions.

9. Data Security

The Controller has implemented appropriate technical and organisational measures to protect personal data collected through the Website / Platform from unauthorised access, use, alteration, or disclosure. These measures include encryption, access controls, secure data storage, and other safeguards designed to protect the confidentiality and integrity of your information.

Access to personal data is limited to individuals who need it to perform their roles and who are bound by confidentiality obligations.

The Controller maintains procedures to detect, investigate, and respond to potential data breaches. If a breach occurs that may affect your rights or freedoms, the Controller will notify you and the relevant Supervisory Authority as required under the Jurisdiction / Applicable Law set out in the Key Information.

10. Data Retention

The Controller retains personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy, to comply with legal, regulatory, or accounting obligations, or to resolve disputes.

Unless otherwise required by law, we apply the Data Retention Period specified in the Key Information section. This period represents the standard timeframe for keeping active-account data, archived records, and any legally required retention (for example, tax or audit purposes).

When personal data is no longer needed, the Controller will securely delete, anonymise, or aggregate it so that it can no longer be associated with you. In some circumstances, aggregated or anonymised information may be retained for research, analytics, or statistical purposes.

11. Your Legal Rights

Under the Jurisdiction / Applicable Law set out in the Key Information, you may have certain rights in relation to your personal data. These typically include the right to:

  • Access – request a copy of the personal data the Controller holds about you;
  • Correction – ask us to correct or update any incomplete or inaccurate information;
  • Erasure – request deletion of personal data where there is no valid reason for us to keep it;
  • Restriction – ask us to suspend processing while we verify or resolve an issue;
  • Objection – object to processing where it is based on legitimate interests or used for direct marketing;
  • Portability – request to receive your data in a structured, machine-readable format or to have it transferred to another provider;
  • Withdraw consent – withdraw any consent you have given, for example for marketing, at any time

To exercise any of these rights, please contact us using the Contact Email provided in the Key Information. You may also submit a request through our online Privacy Request Form URL, if listed in the Key Information. We may need to verify your identity before fulfilling your request to protect your data.

The Controller aims to respond to all valid requests within one month, as required under the applicable law. If your request is complex or involves multiple records, we will notify you if additional time is needed. You will not be charged a fee unless your request is manifestly unfounded or excessive.

12. Contact Details

If you have any questions about this Privacy Policy, the way the Controller handles your personal data, or if you wish to exercise any of your rights, please reach out using the Contact Email provided in the Key Information.

You may also write to the Registered Office address listed in the Key Information.

If a Data Protection Officer (DPO) has been appointed, their contact details are also included there and may be used for privacy-related enquiries.

13. Complaints

If you have any concerns about how the Controller handles your personal data, please contact us first using the Contact Email provided in the Key Information. We take all privacy-related concerns seriously and will do our best to resolve them quickly and fairly.

If you are not satisfied with our response, you have the right to raise your concern with the Supervisory Authority listed in the Key Information, or with your local data protection authority where applicable under the Jurisdiction / Applicable Law.

14. Changes to this Policy

The Controller may update this Privacy Policy from time to time to reflect operational, legal, or regulatory changes. Any updates will take effect as soon as the revised version is posted on the Website / Platform.

The most recent version will always be dated as shown in the Effective Date within the Key Information. We encourage you to review this page periodically so you remain informed about how your personal data is handled.

15. Third-Party Links

The Website / Platform may include links to third-party websites, plug-ins, or applications. Clicking on those links or enabling such features may allow third parties to collect or share data about you.

The Controller does not control these third-party websites and is not responsible for their privacy practices. When you leave the Website / Platform, we encourage you to review the privacy notice or policy of every site you visit to understand how your personal data may be handled.

Contact

For any legal notices or support inquiries, contact us at support@surtix.com.