This Privacy Policy explains how Ticket Monkey Ltd (“Ticket Monkey”, “we”, “us”, “our”) handles personal data in the Ticket Monkey Check Ins mobile app, which event staff use to check attendees in at the door.
It is written for the door and gate staff who sign in to the app to scan tickets. It sits alongside our main Privacy Policy, which covers ticket buyers and our wider platform — please read both. Where this policy is silent, the main Privacy Policy applies.
Contents
Ticket Monkey Ltd is a private limited company registered in England & Wales (Company No. 16420115), with its registered office at Unit 1 Mill Rd Trading Estate, Barnstaple, Devon, EX31 1JH, United Kingdom. Our VAT registration number is GB4959360.
For any question about this policy or to exercise your data protection rights, contact us at support@ticketmonkey.co.uk or 0333 772 0726.
Our data protection role depends on whose data is involved:
If an attendee asks how their data is used at an event, direct them to the event organiser, or to our main Privacy Policy.
| Category | Examples |
|---|---|
| Staff account data | Your name and email address, your event assignments and the ticket types you are permitted to scan. You sign in through our secure identity service. |
| Attendee data (organiser’s data) | Ticket holder name, ticket type and product, order number, and whether the ticket has been checked in. Shown so you can admit the right person and search for a booking. |
| Scan and check-in records | The ticket scanned, the outcome (admitted / already used / not valid), the time, and which staff account performed it — kept as the event’s door log and audit trail. |
| Device and diagnostic data | Basic device and app information needed to operate the app, keep it secure and diagnose faults. |
The Ticket Monkey Check Ins app does not take payments and does not collect card details.
To check a ticket in, the app reads its code in one of three ways: the device camera (QR or barcode), a connected barcode scanner, or an NFC tap. These are used only at the moment of scanning to read the code on the ticket. We do not take or store photographs, and the camera and NFC reader are not used for any other purpose.
You can choose to lock the app with your device’s biometrics (face or fingerprint). If you do, the check is performed entirely by your phone’s operating system. Your biometric data never leaves your device and is never transmitted to or stored by Ticket Monkey. The app only ever receives a yes/no result from the operating system. This feature is optional and can be turned off in the app’s settings at any time.
So that the door keeps working without a reliable internet connection, the app can download the attendee list for an event you are assigned to and store it locally on the device. Check-ins made offline are stored on the device and then synchronised to our servers once a connection is available. This on-device data is held within the app’s private storage and is removed when it is no longer needed for the event, when you sign out, or when the app is uninstalled. Because organiser attendee data may be cached on the device, only authorised staff should use a device signed in to the app, and we recommend enabling biometric unlock.
For data we control as outlined in section 2, the main purposes and lawful bases under the UK GDPR are:
| What we do | Lawful basis |
|---|---|
| Authenticate you and control which events and ticket types you can scan | Legitimate interests (operating the service securely for organisers and staff) |
| Record check-ins and keep an accurate, auditable door log | Legitimate interests; and, for attendee data, performance of our contract with the event organiser |
| Operate, secure and maintain the app and diagnose faults | Legitimate interests (running and protecting the service) |
| Comply with our legal and regulatory obligations | Legal obligation |
For attendee data we process on the organiser’s instructions, the organiser is responsible for the lawful basis as the controller.
We share data only where necessary, with:
We do not sell personal data, and we do not use the data in this app for advertising.
Check-in and audit records are retained for as long as the event organiser requires them and as needed to meet our legal and accounting obligations, after which they are deleted or anonymised. Attendee data cached on a device is held only for the duration of the event and is removed as described in section 6. Your staff account exists while you are an authorised user and is removed or anonymised when access is no longer required.
| Permission | Why |
|---|---|
| Camera | To scan QR codes and barcodes on tickets |
| NFC | To read tickets presented by an NFC tap |
| Biometrics (Face ID / Touch ID / fingerprint) | Optional app lock; handled by your device, never sent to us |
| Network access | To sign in, download event data and sync check-ins |
You can review and change these permissions in your device settings. Declining camera or NFC will limit how you can scan tickets.
You have the right to access a copy of your personal data; have inaccurate data corrected; have your data erased where the law requires; object to or restrict certain processing; ask us to transfer your data; and withdraw consent where we rely on it. To exercise any of these, contact support@ticketmonkey.co.uk. We may need to verify your identity first, and we will respond within one month. Requests about attendee data are for the event organiser as controller — we will help direct your request.
We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse or alteration — including encryption in transit, secure authentication, access controls scoped to your assigned events and ticket types, and secure development practices.
We may update this policy from time to time. We will post the updated version with a new effective date and, where changes are significant, tell you through the app or by email.
If you have a concern about how we handle your data, please contact us first so we can try to resolve it. You also have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection, at https://ico.org.uk or on 0303 123 1113.