---

1. Introduction

This Privacy Policy explains:

• What information we collect from users
• How we use that information
• How we may share that information
• How we protect your information
• Your choices regarding your Personal Information

By using our website or our app (collectively ‘The Platform’), you consent to our collection and use of your Information as described in this policy. Headfirst may occasionally update this policy - we will prompt you to re-read this policy whenever you make a purchase or any time we request additional data.

2. What information do we collect?

We try to collect the minimum amount of data required to provide a tailored but respectful service. We will collect and request this information in a variety of ways:

2.1 Information required to make a purchase

In order to process your order, it is necessary for us to collect some data. For example:

• Your name and email so the promoter can find your details if you arrive at the event without your ticket
• Your postcode for verifying your card purchase.
• A mobile number so you can login to your account.

2.2 Information we collect through your use of our services

A cookie is a small file which is stored by the browser on your computer's hard drive. Cookies store some basic information that helps us:

• Identify if a user of your computer has visited the site before and if you have provided us with some personalised information
• Deliver content specific to your interests, to save your password (if you have supplied us with one) so you do not have to re-enter it each time you visit our site
• Identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs.

Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Displaying content from external platforms The Platform uses content from external media platforms like Spotify, SoundCloud, YouTube, Vimeo and event location information from Google Maps. These services might still collect cookies and usage data for the pages where the service is installed, even when Users do not use it.

Please remember that when you use a link to go from our website or our app to another website, our Policy no longer applies. We do not control any Third-Party Sites, and is not responsible for any information they may collect.

3. How we use your information

In general, we use your Information as necessary or appropriate for our business purposes. These include:

• Fulfill orders, for example sending your tickets.
• Respond to account queries, for example finding your tickets if you’ve lost them.
• Personalise the features of Headfirst, for example event recommendations.
• Analyse, benchmark and conduct research on user interactions with the platform, for example detecting how many people use a certain feature and deciding whether to improve/remove/replace that feature.

4. Can I find out what information you are storing on me?

Users have know about their personal information, to verify its accuracy and to have it updated or corrected. You will not be charged for data requests under new GDPR regulations. Any requests of this nature should be sent to the Data Controller: [email protected] We are not responsible for updating or removing your Information contained in the lists or databases of third parties who have been provided with Information as permitted by this Policy.

5. When we disclose information to third parties

We are extremely careful to share as little information with third parties as possible. There are however situations when this is necessary, for example:

5.1 Sharing your information with promoters

When you buy a ticket from Headfirst, it is necessary to share some of your personal information with that event’s promoter.

• Your name and email address, so they can check you in at the event if you’ve lost your tickets.
• Your email address for sending any pre-event information for example door times, cloakroom info, for the event you have booked tickets for only.
• Aggregate (anonymised) demographic data on event history so they know what kind of guests to expect or to exclude audiences from their own email newsletters and reduce unwanted emails.

5.2 Sharing your financial information with our card processor

When you make a purchase on Headfirst, your consent is given to provide your financial or personal information to those third parties necessary to process your transactions with us.

Although users can submit credit card or other payment card information to pay for a service through Headfirst, we do not receive this information itself. Payment card information is transmitted directly to a third-party payment card processor, Stripe. Stripe's privacy policy is available here.

5.3 Legal requests

We may be required to reveal personal data upon request of public authorities. In these cases, your personal data may be used for legal purposes by us in court or in the stages leading to possible legal action arising from improper use of our services.

6. Where we store your information

The information that we collect from you may be transferred to and stored (typically on remote and backup servers) outside the European Economic Area. By submitting information to us, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this Policy and the Act.

6.1 Methods of processing

We process your data in a proper manner and take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of it. In addition to our data controller, in some cases, the data will be accessible to staff involved with the operation of the site (administration, sales, marketing, legal, system administration). The updated list of these persons may be requested from us at any time: [email protected]

6.2 Retention time

The data is kept for the time necessary to provide the service, you can contact us at any time and request your data is destroyed.

7. Data security

We have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. You may choose to restrict the collection or use of your personal information in the following ways: whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes if you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by emailing us.

If you believe that any information we are holding on you is incorrect or incomplete, please email us as soon as possible: [email protected]

8. Email newsletters

8.1 Who receives our newsletter emails

• Users can only join our mailing list by explicitly opting-in.
• You can join our mailing list here
• You can unsubscribe from our newsletters at any time by clicking the unsubscribe link in your email or in the Mailing Lists section of your Headfirst account

8.2 Newsletter content

• Like the editorial on our platform, the content of our newsletters is our own views, opinions and recommendations.
• Our newsletters do not and have never contained any paid-for content or advertisements. In the unlikely event we include paid content or advertisements in future, we will make this clear in the newsletter.
• Our newsletters include our recommendations for things we care about; this may include events, crowdfunds, protests, direct action, boycotts, political content ancouragement to support local businesses etc.

8.3 Newsletter frequency

We aim to send an email to our newsletter subscribers every week, however sometimes if our workload is high, we may not always have the staff resources to prepare a newsletter. At other times, we may send more than one email in a week if there is a news story we feel strongly about.