Privacy policy


INFORMATION ON THE PROCESSING OF PERSONAL DATA

Ticketzeta — UNIBLANCO srl Sole Shareholder Company

Pursuant to Art. 13 of EU Regulation 2016/679 (GDPR) and Legislative Decree 196/2003

Effective from May 21, 2026

1. Data Controller and Scope of Application

This information is provided by UNIBLANCO srl Sole Shareholder Company (hereinafter "UNIBLANCO" or the "Data Controller"), with registered office at Via De Nicola 29/O, 92021 Aragona (AG), VAT No. 03038250845, acting as the Data Controller of personal data pursuant to Art. 13 of EU Regulation 2016/679 ("GDPR") and Legislative Decree 196/2003 as amended by Legislative Decree 101/2018.

This policy applies to all individuals interacting with the websites ticketzeta.it and ticketzeta.com (hereinafter the "Site") and with the connected private label platforms, whether they register or browse without registering. It also applies to purchases made through connected platforms of partner Organizers.

This privacy policy does not apply to third-party websites that may be accessed via links on the Site, which provide their own privacy policies. The Site is not intended for children under 16 years of age. Minors under 16 must not provide personal data without the prior consent of a parent or legal guardian. For minors under 18 intending to make purchases, please refer to the General Terms and Conditions.

For contacts regarding the processing of personal data: support@ticketzeta.com

2. IT Security and Site Operation

To ensure the proper functioning, stability, and security of the Site, UNIBLANCO automatically processes the following technical data:

  • IP address of the user's device;

  • Browser and device data (user agent, operating system, device type);

  • Site access logs;

  • Technical cookies necessary for the operation of the Site.

The legal basis for this processing is UNIBLANCO's legitimate interest pursuant to Art. 6(1)(f) of the GDPR, consisting of the need to ensure IT security, prevent fraud and cyberattacks, and guarantee the proper provision of the service.

To protect the Site from unauthorized automated access, bots, and cyberattacks, UNIBLANCO uses internal anti-bot systems and may utilize third-party services such as Google reCaptcha or equivalent tools. These systems may collect technical data from the device and browser (so-called fingerprinting) to distinguish human users from automated bots. The legal basis is UNIBLANCO's legitimate interest (Art. 6(1)(f) GDPR) and the fulfillment of obligations under secondary ticketing regulations (Art. 6(1)(c) GDPR). Where these services involve data transfers outside the EU, the safeguards detailed in Article 16 of this policy apply.

Technical data and access logs are retained for the periods prescribed by current legislation. For the use of cookies, please refer to the Cookie Policy available on the Site.

3. Registration and MyTicketzeta Personal Area

When the user registers on the Site or creates an account, UNIBLANCO processes the following personal data: name, surname, email address, phone number, and any additional optional data entered in the profile.

The legal basis is the execution of a contract pursuant to Art. 6(1)(b) of the GDPR, as well as UNIBLANCO's legitimate interest in ensuring account security (Art. 6(1)(f) GDPR).

During registration or purchase, UNIBLANCO may require identity validation via a One Time Password (OTP) sent by SMS or email. For events subject to secondary ticketing regulations, this validation is mandatory under Law No. 145 of December 30, 2018, with the legal basis being the fulfillment of a legal obligation (Art. 6(1)(c) GDPR). Where UNIBLANCO requires OTP validation at its discretion for security purposes, the legal basis is legitimate interest (Art. 6(1)(f) GDPR). Phone numbers and OTP data are retained for the periods prescribed by current law.

Data in the MyTicketzeta personal area is retained for the entire duration of the contractual relationship. In the event of an account deletion request, personal data is deleted within 30 days of the request, except for data necessary to fulfill tax, accounting, and legal obligations, which are kept for the applicable statutory terms.

4. Purchase of Admission Tickets and Contract Management

When the user purchases an Admission Ticket, UNIBLANCO processes the personal data provided at the time of purchase for the following purposes:

  • Execution of the purchase contract and delivery of Admission Tickets;

  • Management of service communications related to the purchased event (e.g., order confirmation, event information, variations);

  • Fulfillment of nominative obligations provided by secondary ticketing legislation (Law No. 145/2018 and Ministerial Decree June 6, 2005, for sporting events), processing name, surname, and, where required, place and date of birth;

  • Management of refunds, cancellations, name changes, and resales, including processing the new holder's data in the event of a name change;

  • Management of virtual queues during high traffic, processing IP addresses and browser data.

The legal basis is the execution of a contract (Art. 6(1)(b) GDPR) and, for nominative tickets, the fulfillment of a legal obligation (Art. 6(1)(c) GDPR). Data relating to purchases, issued tickets, and transaction logs are retained for the terms set by current tax and civil regulations.

5. Third-Party Data Provided by the Buyer

When a user purchases an Admission Ticket on behalf of another person or provides third-party data (e.g., for ticket nominativity, delivery, or refunds), UNIBLANCO processes this third-party personal data solely for the execution of the contract, based on Art. 6(1)(b) GDPR.

The user providing third-party data is responsible for ensuring that these individuals are adequately informed about the processing of their data by UNIBLANCO and that the user is authorized to provide it. UNIBLANCO declines any responsibility for third-party data provided without the necessary information or authorization.

If the Admission Ticket was purchased by someone other than the ticket holder and the event is canceled, UNIBLANCO may collect the data of the ticket holder requesting the refund via official channels, processing it to manage the refund based on Art. 6(1)(b) GDPR.

6. Payments and Transaction Security

To manage payments, UNIBLANCO uses certified payment service providers. Credit card data never passes through UNIBLANCO's servers and is not stored by it. Payment data processing occurs via a 128-bit encrypted SSL connection and a 3D-Secure procedure in compliance with the PSD2 Directive (2366/2015). The legal basis is the execution of a contract (Art. 6(1)(b) GDPR).

For fraud prevention purposes, UNIBLANCO may ask the user for a copy of a valid identity document. The legal basis is the fulfillment of a legal obligation (Art. 6(1)(c) GDPR) and UNIBLANCO's legitimate interest in preventing fraud (Art. 6(1)(f) GDPR).

In the event of non-payment or outstanding debts, UNIBLANCO may initiate debt collection procedures, transferring the necessary data to collection service providers acting as data processors. The legal basis is the execution of the contract and UNIBLANCO's legitimate interest (Art. 6(1)(b) and (f) GDPR).

7. Data Communication to Organizers

UNIBLANCO acts in the name and on behalf of Event Organizers in the sale of Admission Tickets. Buyers' personal data may be communicated to the Organizer to the extent necessary for the execution of the contract and the management of the event. The legal basis is the execution of the contract (Art. 6(1)(b) GDPR).

For processing operations related to event management, the Organizer acts as an independent Data Controller under the GDPR. UNIBLANCO is not responsible for the processing carried out by the Organizer in this capacity. For information regarding the Organizer's processing, please consult their specific privacy policy.

UNIBLANCO may also provide Organizers with statistical and analytical data regarding the sales of their events, both in aggregated and anonymous form and, upon specific contractual request, in nominative form within the limits necessary for event management. UNIBLANCO reserves the right to communicate the user's data to the Organizer if there is a well-founded suspicion of a violation of the terms and conditions, based on legitimate interest (Art. 6(1)(f) GDPR).

8. Marketing, Profiling, and Commercial Communications

8.1. Newsletters and Marketing Communications

Subject to the user's optional consent, UNIBLANCO may process personal data to send commercial communications, offers, promotions, and event updates via email, SMS, or other electronic communication channels. The legal basis is consent pursuant to Art. 6(1)(a) GDPR and Art. 130 of Legislative Decree 196/2003.

Consent is optional, can be given during registration or updated at any time via MyTicketzeta, and can be withdrawn at any time via MyTicketzeta, by contacting UNIBLANCO, or by clicking the unsubscribe link present in every commercial communication. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal. Data processed for marketing purposes is retained for 36 months from the last purchase or the last renewal of consent.

8.2. Profiling and Personalized Recommendations

Subject to the user's consent, UNIBLANCO may process data regarding purchases and preferences to build a commercial profile, aiming to send personalized communications and event recommendations of specific interest. The legal basis is consent (Art. 6(1)(a) GDPR). Consent can be withdrawn at any time via MyTicketzeta. Data processed for profiling purposes is retained for 24 months from the last purchase.

8.3. Soft Spamming

UNIBLANCO may use the email address provided by the user during a purchase to send commercial communications related to products and services similar to those already purchased, pursuant to Art. 130(4) of Legislative Decree 196/2003. The legal basis is UNIBLANCO's legitimate interest (Art. 6(1)(f) GDPR). Every communication includes an unsubscribe link allowing the user to object to this processing at any time. Objections can also be made by contacting UNIBLANCO at support@ticketzeta.com.

8.4. Abandoned Cart

If the user starts a purchase process without completing it, UNIBLANCO may send a reminder via email or notification regarding the abandoned cart. The legal basis is UNIBLANCO's legitimate interest (Art. 6(1)(f) GDPR). The user may object to this processing at any time by contacting UNIBLANCO or via the link in the communication.

8.5. Push Notifications

If the user installs a UNIBLANCO mobile application and consents to receiving push notifications, UNIBLANCO may send service and commercial communications through this channel. Consent can be withdrawn at any time via the device settings.

8.6. Post-Event Reviews and Feedback

UNIBLANCO may invite the user to leave reviews or participate in surveys regarding the purchased events to improve its services. The legal basis is UNIBLANCO's legitimate interest (Art. 6(1)(f) GDPR). Participation is always optional.

8.7. Surveys and Polls

UNIBLANCO may contact the user to invite them to participate in surveys aimed at improving the products and services offered. The legal basis is UNIBLANCO's legitimate interest (Art. 6(1)(f) GDPR). If the collected data is used for marketing purposes, the legal basis will be consent.

9. Tracking Pixels and Retargeting

UNIBLANCO may use, subject to the user's consent via the Cookie Policy, its own tracking pixels and technologies for retargeting and advertising activities on third-party platforms (e.g., social networks, search engines). The legal basis is consent (Art. 6(1)(a) GDPR). The use of such tools may involve data transfers to third countries, including the USA; in this case, the safeguards set out in Article 16 apply.

Event Organizers may also install their own tracking pixels on the event pages hosted on the Site. In such cases, the Organizer acts as an independent Data Controller for the data collected via their pixels. Users are invited to consult the Organizer's privacy policy for information regarding their processing.

Users can manage or withdraw consent for tracking pixels at any time via the cookie management tool available on the Site.

10. Statistical Analysis and Service Improvement

UNIBLANCO processes navigation and Site usage data for internal statistical and analytical purposes to improve its products and services. These analyses are predominantly carried out on aggregated and anonymous data. Where personal data is processed, the legal basis is the user's consent (Art. 6(1)(a) GDPR), managed via the Cookie Policy, or UNIBLANCO's legitimate interest (Art. 6(1)(f) GDPR) for aggregated analyses. To this end, UNIBLANCO uses an email service provider based in the European Union to manage communications and web analytics tools, the use of which is governed by the Cookie Policy.

11. Customer Support and AI Bot

When a user contacts UNIBLANCO Customer Service via email or the AI assistance bot available on the Site, UNIBLANCO processes the personal data provided by the user in the context of the request. The legal basis is the execution of a contract (Art. 6(1)(b) GDPR), the fulfillment of legal obligations (Art. 6(1)(c) GDPR), or UNIBLANCO's legitimate interest in managing user requests (Art. 6(1)(f) GDPR).

The AI assistance bot is managed by UNIBLANCO with the support of AI technology providers acting as Data Processors. Conversations with the bot are not retained beyond 30 days from the date of the conversation. Customer Service data is retained for 24 months from the closure of the request.

12. Images at the Event

As stated in the General Terms and Conditions, by accessing the event, the user acknowledges that photographs, audio, and video recordings may be taken by the Organizer or UNIBLANCO. UNIBLANCO may use these images for promotional and documentary purposes. The legal basis is the legitimate interest of UNIBLANCO and the Organizer (Art. 6(1)(f) GDPR). Should the images allow for the user's identification and be used for direct marketing purposes, the legal basis will be consent.

13. Compliance, Audits, Legal Disputes, and Automated Decisions

UNIBLANCO may process personal data for compliance with applicable laws, internal audits, fraud prevention, and the establishment, exercise, or defense of legal claims. The legal basis is UNIBLANCO's legitimate interest (Art. 6(1)(f) GDPR) and, where applicable, the fulfillment of legal obligations (Art. 6(1)(c) GDPR).

Pursuant to Art. 22 of the GDPR, UNIBLANCO informs the user that the order management system may adopt automated decisions regarding the refusal or suspension of suspicious orders, based on predefined parameters aimed at preventing fraud, abuse, and violations of the General Terms and Conditions (e.g., use of bots, false data, credit card fraud). The legal basis is UNIBLANCO's legitimate interest (Art. 6(1)(f) GDPR). The user has the right to obtain human intervention, express their point of view, and contest the automated decision by contacting UNIBLANCO at support@ticketzeta.com.

14. Data Communication to Public Authorities

UNIBLANCO may communicate users' personal data to competent public authorities (including Judicial Authorities, Law Enforcement Agencies, the Revenue Agency, SIAE, the Italian Data Protection Authority, and other administrative authorities) when required by law or an authority's order. The legal basis is the fulfillment of a legal obligation (Art. 6(1)(c) GDPR).

15. Data Recipients and Data Processors

Users' personal data may be shared with the following categories of recipients:

  • Event Organizers, acting as independent Data Controllers, strictly necessary for event management;

  • Certified payment service providers, acting as Data Processors;

  • SMS sending service provider for OTPs, based in the EU, acting as a Data Processor;

  • Transactional email and newsletter service provider, based in the EU, acting as a Data Processor;

  • AI technology providers for the assistance bot, acting as Data Processors;

  • Statistical analysis and web analytics service providers, acting as Data Processors;

  • Couriers and freight forwarders for the physical delivery of Admission Tickets, acting as Data Processors;

  • TicketPlan – AGS pier GmbH, for managing the optional Ticket Protection service, acting as a Data Processor;

  • WhatsApp (Meta Platforms Ireland Ltd.) for ticket delivery via WhatsApp message, where chosen by the user, acting as an independent Data Controller for data processed on its platform;

  • Companies or professionals responsible for managing, maintaining, and updating UNIBLANCO's IT systems, acting as Data Processors;

  • Public authorities, where required by law;

  • Debt collection service providers, in case of outstanding debts, acting as Data Processors.

Should the user choose to save the Admission Ticket on third-party digital wallets (e.g., Apple Wallet, Google Wallet), the processing by these entities is governed by their respective privacy policies, over which UNIBLANCO has no control. Please consult Apple and Google's privacy policies for information on their processing.

An updated list of Data Processors appointed by UNIBLANCO is available upon request at support@ticketzeta.com.

16. Extra-EU Data Transfers

Users' personal data is stored on servers located in Italy and, generally, within the European Union. UNIBLANCO does not systematically transfer personal data to countries outside the European Economic Area (EEA).

However, in relation to specific activities, data transfers to third countries may occur, specifically:

  • Regarding the use of WhatsApp for ticket delivery, data may be transferred to the USA where Meta Platforms Inc. is based;

  • Regarding the use of tracking pixels and third-party advertising tools, if enabled via consent in the Cookie Policy;

  • Regarding the use of AI technologies for the assistance bot;

  • Regarding the use of third-party anti-bot systems (e.g., Google reCaptcha).

In all these cases, UNIBLANCO ensures that such transfers occur in compliance with Chapter V of the GDPR, using Standard Contractual Clauses adopted by the European Commission under Art. 46 of the GDPR, or based on other adequate safeguard mechanisms recognized by the GDPR, guaranteeing a level of protection equivalent to that provided in the European Union.

The user may request specific information regarding extra-EU transfers by contacting UNIBLANCO at support@ticketzeta.com.

17. Data Retention Periods

Personal data is kept for the time strictly necessary to achieve the purposes for which it was collected, and in any case within the following terms:

  • Contractual data, issued tickets, and transaction logs: for the periods established by current tax and civil regulations (generally 10 years for tax obligations);

  • Data for marketing purposes: 36 months from the last purchase or the last renewal of consent;

  • Data for profiling purposes: 24 months from the last purchase;

  • Data for anti-fraud and security purposes: 12 months;

  • Customer Service and assistance data: 24 months from the closure of the request;

  • AI bot conversations: 30 days from the date of the conversation;

  • OTP data and phone numbers: for the periods prescribed by current law;

  • MyTicketzeta account data: for the duration of the contractual relationship; upon cancellation, personal data is deleted within 30 days, except for data required to fulfill tax and legal obligations;

  • Site access logs: for the periods prescribed by current law;

  • Data for legal defense: for the entire duration of the dispute and until the expiration of statutory limitation periods.

Once the retention periods have expired, the data is irreversibly deleted or anonymized.

18. Data Subject Rights

As a data subject, the user has the right to exercise the following rights toward UNIBLANCO at any time:

  • Right of Access (Art. 15 GDPR): to obtain confirmation as to whether or not personal data is being processed, and to access the data and relevant information, including obtaining a copy;

  • Right to Rectification (Art. 16 GDPR): to obtain the correction of inaccurate data or the completion of incomplete data;

  • Right to Erasure (Art. 17 GDPR): to obtain the erasure of personal data when it is no longer necessary, consent has been withdrawn, an objection has been raised, or the processing is unlawful, provided there are no overriding legal obligations;

  • Right to Restriction of Processing (Art. 18 GDPR): to limit the processing in specific cases outlined by the GDPR;

  • Right to Data Portability (Art. 20 GDPR): to receive personal data in a structured, commonly used, and machine-readable format, and to transmit it to another data controller, where technically feasible;

  • Right to Object (Art. 21 GDPR): to object to processing based on legitimate interest, including processing for direct marketing, soft spamming, and profiling;

  • Right to Withdraw Consent: to withdraw previously given consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;

  • Rights related to Automated Decision-Making (Art. 22 GDPR): to obtain human intervention, express a point of view, and contest decisions based solely on automated processing.

These rights can be exercised by sending a request to UNIBLANCO at support@ticketzeta.com. UNIBLANCO will respond without undue delay and, in any event, within 30 days of receiving the request, subject to justified extensions for complex requests.

The user also has the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali, www.garanteprivacy.it), as the competent Supervisory Authority in Italy.

19. Contacts

For any requests regarding the processing of personal data, the user may contact UNIBLANCO srl Sole Shareholder Company:

  • By Mail: Via De Nicola 29/O, 92021 Aragona (AG), Italy

  • By Email: support@ticketzeta.com

  • Via the assistance bot in the "Support" section on ticketzeta.it or ticketzeta.com

20. Policy Updates

This privacy policy may be updated due to regulatory, technological, or organizational changes. In the event of substantial modifications, UNIBLANCO will notify registered users via email. The date of the latest effective version is always indicated at the top of this document. Previous versions of the privacy policy are available upon request at support@ticketzeta.com.

21. Definitions

For the purposes of this privacy policy, the following definitions apply in accordance with Art. 4 of the GDPR:

  • Personal Data: any information relating to an identified or identifiable natural person, such as name, email, IP address, and purchase data.

  • Processing: any operation performed on personal data, such as collection, recording, storage, use, communication, or deletion.

  • Data Controller: the entity that determines the purposes and means of the processing of personal data. In this specific case: UNIBLANCO srl Sole Shareholder Company.

  • Data Processor: the entity that processes personal data on behalf of the Data Controller, based on a contract or other legal act.

  • Data Subject: the natural person to whom the personal data refers.

  • Consent: any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they accept the processing of their data.

  • Legal Basis: the lawful foundation that legitimizes the processing of personal data pursuant to Art. 6 of the GDPR.

  • GDPR: EU Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data.

  • Guarantor (Garante): the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali), reachable at www.garanteprivacy.it.


Come back