• Payment Processing Policy
• Support & Availability Policy
• Data Security & Management Policy
• Equipment & Third-Party Specifications

PAYMENT PROCESSING POLICY

The Transaction Fee includes a blended rate for the methods of payment based upon Ticketure's knowledge of aggregated credit card interchange rates as of the Effective Date of the Ticketure Master Services Agreement. If the credit card interchange rates materially increase such that the Transaction Fee is less than the actual processing fees paid by Ticketure, the Transaction Fee will be re-evaluated and adjusted by Ticketure to ensure that, at a minimum, the Transaction Fee is never less than the actual processing costs charged to Ticketure via the Payment Services Provider when reviewed on a not more than quarterly calendar year basis.

Licensees of the Software are required to establish and maintain an account with the Payment Services Provider (“Licensee Connected Account”).  The Parties agree the Licensee Connected Account will be used exclusively by the Parties for the purposes of the Ticketure Master Services Agreement.  Licensee agrees the Licensee Connected Account is required to be established and tested by Ticketure no later than seven (7) days prior to the Go Live Date. Licensee is solely responsible to provide complete, accurate and up to date Licensee and Customer information to Ticketure, the Payment Services Provider, and Third-Party Providers on an ongoing and continuing basis and as may be required by Ticketure, the Payment Services Provider or other Third-Party Providers from time to time.  Such information may include bank account information, ACH authorization and beneficial ownership information. Licensee authorizes Ticketure as its duly authorized agent to verify Licensee’s information at registration and periodically as required thereafter and conduct due diligence through third parties including without limitation by accessing public records and obtaining credit reports as necessary. Licensee agrees Ticketure, the Payment Services Provider and other Third-Party Providers may verify Licensee’s information as required by Applicable Law and to seek to reduce the risk of fraud, money laundering, terrorist financing, and the violation of trade sanctions. If Licensee does not promptly provide Ticketure, the Payment Services Provider or other Third-Party Providers with such requested information, or Ticketure, the Payment Services Provider and other Third-Party Providers are otherwise unable to verify the information Licensee has provided, Ticketure may refuse Licensee access to the Services and/or Software. Ticketure is not liable for any losses suffered by the Licensee attributable to the Licensee’s failure to provide accurate and up to date information to Ticketure, the Payment Services Provider, or any other Third-Party Providers.  Licensee acknowledges and agrees it must establish and maintain during the Term a minimum of one (1) Licensee bank account connected to the Licensee Connected Account for purposes of Ticketure initiating payouts from the Licensee Connected Account to Licensee’s bank account. Licensee is solely responsible and liable for the accuracy of the bank account and any other information provided to the Payment Services Provider when establishing the Licensee Connected Account.

Licensee acknowledges and agrees that Ticketure may, on a continuing and ongoing basis, share with the Payment Services Provider all relevant information in relation to the payment services, which Licensee provides to Ticketure for the performance of its obligations under the Ticketure Master Services Agreement. Licensee agrees it will provide all such relevant, up to date, complete and accurate information directly to the Payment Services Provider on the request of Ticketure and/or the Payment Services Provider. Ticketure  is not responsible or liable for any losses suffered by Licensee attributable to the Licensee’s failure to provide accurate and/or up to date information to the Payment Services Provider or Ticketure.

Any agreement between Licensee and any Payment Services Provider is incorporated by reference into the Ticketure Master Services Agreement.  Licensee warrants and represents it will comply with all requirements, terms, and conditions of any such agreements. Licensee acknowledges and agrees that Ticketure  does not and will not provide banking, deposit taking, stored value, insurance, or other financial services to Licensee and that Ticketure acts solely as a limited payments agent as set out in the Agreement.

To the extent applicable, Licensee appoints Ticketure as its limited payments agent for the sole purpose of managing and distributing payments to Licensee for purchases made through the Software using the Payment Services Provider. Ticketure will, through the applicable Payment Services Provider, payout funds that are actually received into the Licensee Connected Account, less any amounts owed to Ticketure, including, but not limited to, the Transaction Fee and any other Ticketure Fees in the Agreement. Licensee acknowledges and agrees that a payment actually or constructively received into the Licensee Connected Account, satisfies the Customer’s (Payor) obligation to make payment to Licensee for the purchase of the Item, regardless of whether Ticketure  or the applicable Payment Services Provider actually initiated the payout to Licensee.  If Ticketure does not payout any such payments as described in the Agreement to Licensee, Licensee will have remedies (if any) only against Ticketure (or the Payment Services Provider, as applicable) and not the Customer (Payor), as Licensee acknowledges payment is deemed made by Customer (Payor) to Licensee upon constructive or actual receipt of funds into the Licensee Connected Account. In accepting Ticketure ’s appointment as set out in this policy. Ticketure assumes no responsibility or liability for any acts or omission of Licensee and Licensee acknowledges and agrees that the obligation of Ticketure and the applicable Payment Services Provider to payout funds to Licensee is subject to and conditional upon the Customer’s (Payor’s) actual payment and Licensee’s compliance with the provisions of this Policy.

Licensee acknowledges and agrees the Transaction Fee will not cover the cost of processing or servicing any Dispute requests which may occur on the Licensee Connected Account, which shall be the sole responsibility and liability of Licensee. Licensee will have permissions to designate access to anyone it chooses in the Payment Services Provider Licensee Connected Account in order to respond to any Dispute using the online dashboard of the Payment Services Provider. Licensee is responsible for responding to all Disputes at their sole discretion. Licensee acknowledges and agrees that if it requires additional fraud protection offered by the Payment Services Provider, any costs and expenses associated with such service will be the sole responsibility of Licensee. If Licensee surpasses the industry-standard dispute rate of 0.40%, for any Licensee Connected Account, Ticketure may enroll the Licensee Connected Account in the additional fraud protection offered by the Payment Services Provider to avoid business disruption as a result of being placed in a card network monitoring program by the card networks. Any costs and expenses associated with such additional fraud protection will be the sole responsibility of Licensee.

Licensees of the Software acknowledge and agree that:

1. in certain cases, settlement of the funds could be temporarily delayed as a consequence of an issue or operational process of the Payment Services Provider or Licensee’s bank;
2. Bank holidays, where banks are closed for business on a day when they normally operate, may delay the settlement of funds to the Licensee bank account and Licensee acknowledges that this is not within Ticketure’s control and therefore Ticketure is not directly responsible for any resulting delay in funds being received by Licensee;
3. Ticketure is not obligated to refund any fees or reimburse any expenses due to delayed settlements unless such delay is directly caused by Ticketure;
4. in certain cases, Licensee’s bank’s holds and settlement procedures may at times cause delays in the settlement of funds to Licensee’s designated bank account, and Ticketure does not have control over these delays; and
5. Payment Services Provider may request additional information during the Term to ensure Licensee compliance with all Applicable Laws. Licensee understands that it must provide the requested information in a timely manner. Any delay of providing this information may result in the Licensee Connected Account moving to a restricted status which means Ticketure  will not be able to transfer funds to Licensee until such information is provided and accepted by the Payment Service Provider. For the avoidance of doubt, Ticketure  is not responsible for the delay in payments of funds if Licensee fails to provide Payment Services Provider the requested information.

LICENSEES ON WEEKLY PAYOUT:

 Ticketure shall be responsible for the recording and documenting of all revenues for all Items sold on behalf of Licensee through the Software for all sales channels and methods of payment including credit card, cash, account, and voucher payments processed by the Box Offices at Licensee’s Venues and any API Licensees, partners or resellers contracted to Licensee (all together “Gross Revenues”), as evidenced by reports generated by Ticketure (the “Sales Report”). The Sales Report shall be generated within five business (5) days from the end of every Reconciliation Period for any sales made within the previous Reconciliation Period. Licensee shall be responsible for ensuring all required taxes are properly input into the Software and collected in compliance with tax regulations.  Any taxes included in the Ticket Price will be paid to Licensee and Licensee shall be responsible for remitting the taxes to the appropriate fiscal authorities.  The Sales Report will present a clear calculation of the Ticketure Fees and the Transaction Fee due Ticketure for the same Reconciliation Period (the “Reconciliation Report”).

Based on the Reconciliation Report, Ticketure will ensure the Payment Services Provider pays out funds that are actually received into the Licensee Connected Account, less any amounts owed to Ticketure stated in the Ticketure Master Services Agreement to Licensee’s bank account between five (5) to ten (10) Business Days after the end of the Reconciliation Period via direct transfer from the Payment Services Provider subject to the terms of the Payment Services Provider.

 LICENSEES ON DAILY PAYOUT:

Licensee shall be responsible for the recording and documenting of all revenues for all Items sold on behalf of Licensee through the Software for all sales channels and methods of payment including credit card, cash, account, and voucher payments processed by the Box Offices at Licensee’s Venues and any API Licensees, partners or resellers contracted to Licensee (all together “Gross Revenues”), Licensee shall be responsible for ensuring all required taxes are properly input into the Software and collected in compliance with tax regulations.  Any taxes included in the Ticket Price will be paid to Licensee and Licensee shall be responsible for remitting the taxes to the appropriate fiscal authorities.  

Ticketure will ensure the Payment Services Provider pays out funds that are actually received into the Licensee Connected Account, less any amounts owed to Ticketure, including, but not limited to, the Transaction Fee, Hardware Fees and any other Ticketure Fees in the Ticketure Master Services Agreement, and, subject to this policy, transferred on a daily basis with a two (2) Business Day payout delay from the Payment Service Provider to Licensee’s appointed bank account as established by Licensee in the Licensee connected account. The expected payout schedule for the ordinary course of business for a week when no bank holidays occur is as follows:

Where the banks are closed on a day that would typically be a Business Day, the payouts will be delayed by one additional day for each day the bank is closed. 

To verify the Fees and Payment Service Provider Processing Fees as set forth on the Order Form, Licensee will have access to the Stripe reporting solutions. Licensee shall use the report on a self-service basis to verify the Credit Card Gross Revenues as set forth in this policy.

For the Term of the Ticketure Master Services Agreement, Licensee is responsible to ensure its bank account: (remains connected to Licensee Connected Account on a continuing basis; and (b) the bank account retains a cash reserve balance that is sufficient to cover refunds, chargebacks and any other fees associated with the continuing operation of the Licensee Connected Account. 

If Licensee discovers any discrepancies between Licensee's reports and calculations of the Ticketure Fees, the Transaction Fee and Hardware Fees due submitted by Ticketure, Licensee shall raise such discrepancies with Ticketure no later than thirty (30) Business Days after payment. Upon mutual agreement between the Parties, any resulting financial reconciliation difference shall be handled as follows: if the Ticketure Fees invoiced to (or withheld from) Licensee are less than the Ticketure Fees which should have been invoiced to (or withheld from) Licensee, the amount of the deficit shall be added to the next payment(s) to Licensee; or if the Ticketure Fees invoiced to (or withheld from) Licensee are more than the Ticketure Fees which should have been invoiced to Licensee and the funds have already been paid by Licensee (or withheld from Licensee), then Ticketure shall adjust the amount due to Licensee in the next payment(s).

SUPPORT AND AVAILABILITY POLICY

UPTIME SERVICE COMMITMENT

Ticketure will use commercially reasonable efforts to make the Software available with a monthly uptime percentage of at least 99.95% during a calendar month (“Uptime Service Commitment”). The Software is designed to handle a purchase volume of up to 200 transactions per minute (“Baseline Load”). The Software can also be configured to handle the purchase of up to 2000 transactions per minute (“High Load”) provided Ticketure is provided with a minimum of five (5) days advance notice. Ticketure  agrees to cooperate with the Licensee to use commercially reasonable efforts to enhance the performance of the Software available during High Load Events subject to Licensee providing the new event on sale information via an online portal with a minimum of five (5) Business Days’ notice in advance. Failure of Licensee to provide notification at least five (5) Business Days in advance may result in throttling of ticket buyers to the Licensee’s events. Ticketure, in its sole discretion, may choose to utilize a virtual waiting room in cases where there is an unexpected surge in demand from the usual Baseline Load. The Uptime Service Commitment does not apply to: (i) any unavailability, suspension, or termination of the Third-Party Providers; (ii) Licensee’s material breach of the Agreement; (iii) force majeure; (iv) any Equipment of Licensee; (v) Licensee’s usage of any optional third-party software services; (vi) partial unavailability or degradation of Software or Services; (vii) suspension of service; (viii) routine maintenance with at least seven (7) days written notice from Ticketure and (ix) Licensee’s failure to notify Ticketure of High Load events with less than five (5) Business Days’ notice

SUPPORT SERVICES

Ticketure will provide support services, including problem solving, bug reporting, documentation clarification and technical guidance for the Software and Services during regular business hours 10am – 6pm local time as outlined below.

Ticketure will use commercially reasonable efforts to resolve or correct the support issues as promptly as possible after notice is provided by Licensee.

For URGENT and HIGH PRIORITY items, 24/7 support is provided.

TICKETURE: URGENT or HIGH PRIORITY Issues: email support@ticketure .com with either Urgent-Priority or High-Priority in the subject line.

TICKETURE: For Normal or Low Priority Issues: email support@ticketure .com with either NORMAL or LOW in the subject line.

DATA SECURITY & MANAGEMENT POLICY

DATA SECURITY

Ticketure has in place security measures in relation to the provision of Software and Services which are more particularly set out in this policy and are incorporated by reference into the Ticketure Master Services Agreement. Pursuant to this policy and Applicable Laws, Ticketure classifies data in accordance with legal requirements, sensitivity, and business criticality in order to ensure that information is given the appropriate level of protection. THE PARTIES ACKNOWLEDGE AND AGREE THAT IT IS LICENSEE’S RESPONSIBILITY TO MANAGE CUSTOMER DATA IN ITS POSSESSION, CUSTODY OR CONTROL, IN ACCORDANCE WITH ALL APPLICABLE LAWS.  FOR THE AVOIDANCE OF DOUBT, TICKETURE SHALL NOT BE RESPONSIBLE OR LIABLE FOR ANY BREACH OR UNAUTHORIZED ACCESS TO THE CUSTOMER DATA IN LICENSEE’S POSSESSION, CUSTODY, OR CONTROL.

Each Party will maintain commercially reasonable administrative, technical, and physical controls designed to protect Customer Data in its possession, custody or under its control from unauthorized access, accidental loss, and unauthorized modification. Licensee is responsible for implementing administrative, technical, and physical controls that are appropriate for its business.

Ticketure  will maintain an information security program (including the adoption and enforcement of internal policies and procedures and other appropriate administrative, physical and technical safeguards) designed to (i) protect Confidential Information and Customer Data from accidental or unlawful loss, access or disclosure, (ii) identify reasonable foreseeable and internal risks to security and unauthorized access and (iii) minimize security risks, including through regular risk assessments and testing.

Ticketure is in compliance with SOC 2 Type 2, PCI-DSS Level 1, and UK Cyber Essentials and will continue to do so throughout the duration of the Agreement. All three credentials are audited by independent auditors.

1. SOC 2 Type 2 (Service Organization Control Type 2) is a cybersecurity compliance framework developed by the American Institute of Certified Public Accountants (AICPA). It is based on five trust service principles: security, availability, processing integrity, confidentiality, and privacy.

2. PCI-DSS Level 1 (Payment Card Industry Data Security Standard) is the most stringent certification available in the payment industry designed to prevent cybersecurity breaches and reduce the risk of payment fraud.

3. UK Cyber Essentials is a UK government-backed certification that helps organizations assess and mitigate common cybersecurity threats to their IT systems.

Additionally, Ticketure is registered with and committed to the EU-US Data Privacy Framework (formerly Privacy Shield), which facilitates the lawful transfer of personal data from the EU, UK, and Switzerland to the United States. In the event of a confirmed security breach, each party shall provide written notification to the other party within 48 hours of the breach. 

DATA MANAGEMENT

Ticketure classifies data and information systems in accordance with legal requirements, sensitivity, and business criticality in order to ensure that information is given the appropriate level of protection. Ticketure is responsible for identifying any additional requirements for specific data or exceptions to standard handling requirements.

Ticketure data, Customer Data and Business Data shall be classified according to the highest classification of data that they store or process.

CONFIDENTIAL CLASSIFICATION

Highly sensitive data requiring the highest levels of protection; access is restricted to specific employees or departments, and these records can only be passed to others with approval from the VP of Cybersecurity or a higher-level company executive. Examples include Customer Data and Confidential Business Data.

CONFIDENTIAL DATA HANDLING

Confidential data is subject to the following protection and handling requirements:

1. Access for non pre-approved roles requires documented approval from the VP of Cybersecurity or a higher-level company executive;

2. Access is restricted to specific employees, roles and/or department;

3. Confidential systems shall not allow unauthenticated or anonymous access;

4. Confidential Customer Data shall not be used or stored in non-production systems/environments that are less secure than production;

5. Confidential data shall be encrypted at rest and in transit over public networks;

6. Mobile device hard drives containing confidential data, including laptops, shall be encrypted;

7. Mobile devices storing or accessing confidential data shall be protected by a log-on password (or equivalent, such as biometric) or passcode and shall be configured to lock the screen after ten (10) minutes of non-use;

8. Backups shall be encrypted;

9. Hardcopy paper records shall only be created based on a business need and shall be avoided whenever possible;

10. Ticketure owned hard drives and mobile devices used to store confidential information must be securely wiped prior to disposal or physically destroyed; and

11. Transfer of Confidential data to people or entities outside the company shall only be done in accordance with a legal contract, and the explicit written permission of Licensee

DATA RETENTION

Ticketure shall retain data as long as the company has a need for its use, or to meet regulatory or contractual requirements. Once data is no longer needed, it shall be securely disposed of or archived. Ticketure, in consultation with legal counsel, may determine retention periods for their data. Personal Data shall be deleted or de-identified as soon as it no longer has a business use. 

DATA & DEVICE DISPOSAL

Data classified as Confidential shall be securely deleted when no longer needed. Ticketure shall assess the data and disposal practices of subcontractors. Only subcontractors who meet Ticketure  requirements for secure data disposal shall be authorized to store and/or process Confidential data. Ticketure shall ensure that all Confidential data is securely deleted from company devices prior to, or at the time of, disposal. Confidential hardcopy materials shall be shredded or otherwise disposed of using a secure method.

 Personal Data shall be collected, used, and retained only for as long as Ticketure has a legitimate business purpose in its retention. Personal Data shall be securely deleted and disposed of following contract termination in accordance with company policy, contractual commitments and all relevant laws and regulations. Personal Data shall also be deleted in response to a verified request from Customer, where Ticketure does not have a legitimate business interest or other legal obligation to retain the data.

ANNUAL DATA REVIEW

Ticketure senior management shall review data retention requirements during the annual review of this policy. Data shall be disposed of in accordance with this policy.

LEGAL REQUIREMENTS

Under certain circumstances, Ticketure may become subject to legal proceedings requiring retention of data associated with legal holds, lawsuits, or other matters as stipulated by Ticketure legal counsel. Such records and information are exempt from any other requirements specified within this policy and are to be retained in accordance with requirements identified by the legal counsel. All such holds and special retention requirements are subject to annual review with Ticketure ’s legal counsel to evaluate continuing requirements and scope.

EQUIPMENT & THIRD PARTY SPECIFICATIONS