GDPR

GDPR commitments for Voodootix customers.

Voodootix applies the GDPR principles used in Redtaag's ticketing operations to tourism and leisure ticketing: limited processing, confidentiality, access control and secure cloud hosting.

Customer-controlled data

Personal data is collected and processed within the ticketing instance used by each customer, for the operation of their bookings, tickets, access control and reporting.

Authorized access

Access to personal data is restricted to authorized employees and users, with permissions designed to support least privilege and operational security.

Certified hosting

Voodootix relies on certified cloud infrastructure and security practices to protect hosted ticketing data, backups and service availability.

GDPR operating principles

  • Process personal data only for documented ticketing and customer-service purposes.
  • Maintain confidentiality of personal data and limit access to trained, authorized people.
  • Avoid personal-data transfers outside the EEA or Switzerland unless appropriate safeguards apply.
  • Notify affected customers without undue delay if a security breach affects their personal data.
  • Support customer requests related to data access, correction, deletion or portability where the platform can reasonably assist.