Articles on: Legal
This article is also available in:

Privacy Policy

Privacy Policy


Last updated: July 6, 2026


This policy explains how PasseTonBillet collects, uses, stores and protects your personal data when you use passetonbillet.fr, your account, ticket purchase and resale services, alerts, customer support and related tools.


Summary


  • Data controller: NITO, a simplified joint-stock company publishing PasseTonBillet, 6 rue d'Armaillé, 75017 Paris, France, Paris Trade and Companies Register No. 513 007 880.
  • Personal data contact: support@passetonbillet.fr or the customer support chat.
  • Data processed: account data, contact details, ticket data, transaction data, data required for identity and payment checks, support data, technical data, cookies and alert preferences.
  • Main purposes: creating and managing your account, enabling ticket purchase and resale, managing alerts and waiting lists, securing transactions, preventing fraud, processing payments, responding to support requests, complying with legal obligations and improving the service.
  • Legal bases: performance of a contract, legal obligations, PasseTonBillet's legitimate interest and, where required, your consent.
  • Payments: Stripe processes certain data required for payments, payouts, refunds and transaction-related checks.
  • Recipients: authorized PasseTonBillet teams, technical providers, payment providers, organizers or ticketing providers where necessary, authorities or advisers where required by law or where rights need to be defended.
  • Your rights: access, rectification, erasure, objection, restriction, portability, withdrawal of consent and instructions regarding what happens to your data after your death.
  • Response time: one (1) month from receipt of your request, extendable by two (2) months in the event of a complex or numerous request, after you are informed within the initial period.
  • Complaint: you may contact the CNIL: https://www.cnil.fr.


1. Who is responsible for processing your data?


The data controller is NITO, the simplified joint-stock company that publishes PasseTonBillet.


Address: 6 rue d'Armaillé, 75017 Paris, France
Trade and Companies Register: Paris 513 007 880
Personal data contact: support@passetonbillet.fr


PasseTonBillet acts as data controller for processing operations required to operate its service: account management, ticket purchase and resale, payment, payout, refund, support, security, fraud prevention, dispute management, alerts and service-related communications.


For certain official ticket exchanges, an organizer may also process data for its own purposes, for example event management, access control, attendee relationship management or legal obligations. Where PasseTonBillet processes data on behalf of an organizer, such processing is governed by the organizer's instructions and the applicable agreements.


2. What data is collected?


PasseTonBillet only collects data that is necessary for the operation of the service, transaction security and compliance with its legal obligations.


The main categories of data concerned are:


  • identification data: last name, first name, date of birth, country of residence, postal address where necessary, identity document where required for verification;
  • contact data: e-mail address, phone number, exchanges with customer support;
  • account data: login credentials, preferences, activity history, settings and consents;
  • ticket data: event, date, venue, category, fare, price, uploaded file, information visible on the ticket, ticket status;
  • transaction data: purchase, sale, payout, refund, dispute, evidence and supporting documents relating to a transaction;
  • payment data: information required to process a payment, refund or payout, including information sent to the payment provider;
  • alerts and waiting list data: followed event, search criteria, notification preferences, registration date and alert status;
  • technical and security data: IP address, browser, device, connection logs, security logs, sensitive actions performed on the account;
  • cookies and trackers: data required for website operation, audience measurement, security or certain services subject to consent.


PasseTonBillet does not ask you to provide sensitive data that is not necessary to use the service. If a ticket, supporting document or message contains specific information, it is processed only to the extent necessary for the transaction, support, security or compliance with a legal obligation.


PasseTonBillet does not store full bank card numbers. Payments are processed by Stripe in accordance with Stripe's own security rules and privacy policy: https://stripe.com/fr/privacy.


3. Why is your data used?


Purpose

Examples of data concerned

Main legal basis

Indicative retention period

Creating and managing your account

Identity, e-mail, phone, preferences, account history

Performance of the contract

Duration of account use, then limited archiving

Ticket purchase, resale and follow-up

Ticket data, transaction, status, supporting documents

Performance of the contract

Time required to monitor the transaction, then legal or evidentiary archiving

Alerts and waiting lists

Followed event, criteria, notification preferences

Performance of the contract or consent depending on the case

Until deletion of the alert, expiry of the event or unsubscribe

Payments, payouts and refunds

Transaction, payment, payout and refund data

Performance of the contract and legal obligations

Applicable accounting, tax and regulatory periods

Identity, payment and security checks

Identity, verification document, payment information, logs

Legal obligations and legitimate interest

Time required for checks and applicable obligations

Fraud prevention and dispute management

Ticket, transaction, evidence, logs, support exchanges

Legitimate interest

Time required to handle the case, then evidentiary archiving

Customer support and request follow-up

Messages, attachments, contact history

Performance of the contract and legitimate interest

Time required to process the request, then limited archiving

Service-related communications

E-mail, phone, account, relevant event

Performance of the contract

Duration of the relationship with you

PasseTonBillet commercial communications

E-mail, preferences, consent, useful history

Consent or legitimate interest depending on the case

Until withdrawal of consent or expiry of the applicable period

Security, maintenance and website improvement

Logs, technical data, errors, browsing path

Legitimate interest

Limited period depending on the nature of the data

Compliance with legal obligations

Invoicing, accounting, authority requests

Legal obligation

Period required by applicable regulations


These periods may be adjusted where the law requires a longer period, where retention is necessary to establish, exercise or defend a right, or where a fraud, dispute or security case is ongoing.


4. Who may receive your data?


Your data may be disclosed only where necessary and proportionate:


  • to authorized PasseTonBillet teams;
  • to other users, only where certain information is necessary for a transaction or to resolve a dispute;
  • to Stripe and payment providers, to process payments, payouts, refunds, checks and regulatory obligations;
  • to PasseTonBillet's technical providers: hosting, security, customer support, e-mailing, internal tools, technical analysis and audience measurement;
  • to organizers, producers, venues, rights holders or ticketing providers, where necessary to manage an official ticket exchange, event security, access control, ticket issuance or cancellation, cancellation or postponement management, or compliance with the rules applicable to the event;
  • to tools or providers used by an organizer, for example a ticketing, access control or customer relationship management tool, where such transfer is necessary and governed;
  • to advisers, insurers, administrative or judicial authorities, where required by law or where a right must be defended.


Data sent to an organizer or ticketing provider may include your last name, first name, e-mail address, phone number where necessary, ticket information, transaction history relating to the event, ticket status and preferences or consents useful for event management.


Where an organizer uses your data for its own purposes, it acts under its own responsibilities and its own information documentation. PasseTonBillet limits transfers to data necessary for the operation of the ticket exchange, event security and compliance with applicable obligations.


PasseTonBillet requires its providers to process data with appropriate confidentiality and security guarantees.


5. Is data transferred outside the European Union?


Certain providers may process or make data accessible from a country outside the European Union, in particular for payment, security, customer support, hosting or certain technical tools.


Where this occurs, PasseTonBillet ensures that the transfer is based on a safeguard recognized by applicable regulations, for example an adequacy decision, standard contractual clauses approved by the European Commission or any other authorized mechanism.


6. How long is your data kept?


PasseTonBillet keeps your data only for the period necessary for the purposes described in this policy, then deletes, anonymizes or archives it where required by law.


As an indication:


Data category

Indicative period

Account data

During account use, then up to 3 years after the last activity or account closure, unless otherwise required

Transaction data

Time required to monitor the transaction, then up to 5 years for evidentiary purposes, unless a different legal period applies

Invoicing and accounting data

Up to 10 years where accounting or tax regulations require it

Payment and regulatory verification data

Time required for processing, then periods imposed on the payment provider or by applicable regulations

Support data

Time required to process your request, then limited archiving

Dispute, fraud or security data

Time required to handle the case, then appropriate evidentiary archiving

Alert and waiting list data

Until deletion of the alert, expiry of the event, unsubscribe or account closure

Technical and security logs

Short period adapted to security needs, which may be extended in the event of an incident, fraud or dispute

Cookies and trackers

Limited period depending on the tracker concerned and the choices expressed in the consent module


Certain data may be kept longer where necessary for a legal obligation, an authority request, a dispute, a fraud investigation or the defense of PasseTonBillet's rights.


7. What are your rights?


You have the following rights over your personal data:


  • right of access;
  • right to rectification;
  • right to erasure;
  • right to object;
  • right to restriction of processing;
  • right to data portability;
  • right to withdraw your consent where processing is based on consent;
  • right to define instructions regarding what happens to your data after your death.


You can exercise your rights by writing to support@passetonbillet.fr or via the customer support chat.


PasseTonBillet may ask you for additional information or proof of identity where necessary to confirm your identity. You will receive a response within one (1) month. This period may be extended by two (2) months if the request is complex or if the number of requests justifies it, provided that you are informed within the initial one (1) month period.


If you believe that your rights are not respected, you may lodge a complaint with the CNIL: https://www.cnil.fr.


8. How is your data protected?


PasseTonBillet implements technical and organizational measures designed to protect personal data against unauthorized access, loss, alteration or unauthorized disclosure.


These measures include in particular:


  • limiting access to authorized persons only;
  • application and hosting security measures;
  • encryption of exchanges where necessary;
  • monitoring of sensitive operations;
  • selection of providers offering appropriate security guarantees;
  • procedures for handling incidents, disputes, fraud and user requests.


In the event of a data breach likely to create a risk to your rights and freedoms, PasseTonBillet applies the obligations provided for by applicable regulations, including notification to the CNIL within seventy-two (72) hours where required. Where the breach is likely to create a high risk to your rights and freedoms, PasseTonBillet informs you under the conditions provided by applicable regulations.


9. Cookies and trackers


PasseTonBillet uses cookies and trackers that are necessary for the website to operate, for example to maintain your session, secure your connection, remember your preferences, enable ticket purchase or prevent fraud. These cookies are necessary for the service and do not always require your consent.


Other trackers may be used to measure audience, improve the service, analyze website operation or provide certain features. Where consent is required, a banner or management module allows you to accept, refuse or change your choices.


You can change your cookie preferences at any time from the consent module available on the website where it is displayed. You may also configure your browser to limit certain trackers, but blocking necessary cookies may degrade or prevent the use of certain services.


10. Minors


Payment, sale and identity verification services may be reserved for persons with legal capacity or subject to specific conditions.


If you are a minor, you must use PasseTonBillet with the consent of your legal representative and contact customer support before any sale or identity verification. PasseTonBillet may request additional information where necessary to verify the situation and secure the transaction.


11. Updates to this policy


This policy may be updated to reflect changes to the service, our providers, regulations or internal practices. The update date shown at the top of the page identifies the applicable version.


In the event of a substantial change, PasseTonBillet may inform you by e-mail, website notification, message in your account or any other appropriate means.

Updated on: 06/07/2026

Was this article helpful?

Share your feedback

Cancel

Thank you!