Privacy Policy
Privacy Policy
Last updated: 18 June 2026
1. Introduction
Rave Essentials ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you visit our website at raveessentials.co.uk, purchase products, buy event tickets, or interact with our services in any way.
We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Please read this policy carefully. If you have any questions, contact us using the details in Section 16.
2. Data Controller
Rave Essentials is the data controller responsible for your personal data. This means we determine the purposes and means of processing your personal data.
Contact details:
- Email: support@raveessentials.co.uk
- Website: raveessentials.co.uk/contact
3. What Personal Data We Collect
We collect different types of personal data depending on how you interact with us:
3.1 Data You Provide Directly
- Account registration: Name, email address, password.
- Product purchases: Full name, email address, shipping address, billing address, phone number (optional).
- Ticket purchases: Full name, email address (required for ticket delivery and event entry).
- Contact forms and enquiries: Name, email address, and the content of your message.
- Newsletter subscription: Email address.
- SMS marketing (optional): Mobile number, if you opt in to receive marketing text messages.
- Promoter registration: Name, email address, company/organisation name, Stripe Connect account details. We also record the date, time, version of the agreement accepted, and the IP address of the request when a promoter accepts the Promoter Data Sharing & Joint Controller Agreement, as part of the clickwrap audit trail required for enforceability of online contracts under the laws of England and Wales.
- B2B/wholesale enquiries: Name, email address, company name, product interests, message content.
3.2 Data Collected Automatically
- Technical data: IP address, browser type and version, operating system, device type, screen resolution.
- Usage data: Pages visited, time spent on pages, links clicked, referring website, search terms used on our site.
- Cookie data: Information collected via cookies and similar technologies (see Section 10 and our Cookie Policy).
3.3 Data from Third Parties
- Stripe: Payment confirmation and transaction status (we do not receive or store your full card number).
- Google Analytics: Anonymised and aggregated browsing and usage data.
3.4 Special Categories of Data
We do not intentionally collect any special categories of personal data (such as health data, religious beliefs, or biometric data). If you voluntarily provide such data (for example, in a message to our support team), we will only process it to the extent necessary to respond to your enquiry.
4. How We Use Your Data
We process your personal data for the following purposes and on the following legal bases:
| Purpose | Legal Basis |
|---|---|
| Processing and fulfilling product orders (payment, shipping, delivery updates) | Performance of a contract |
| Processing and delivering ticket purchases (payment, QR code delivery, event entry) | Performance of a contract |
| Creating and managing your account | Performance of a contract |
| Responding to customer service enquiries and support requests | Performance of a contract / Legitimate interests |
| Sending order confirmations, shipping updates, and ticket delivery emails | Performance of a contract |
| Sending marketing newsletters and promotional emails | Consent, or our legitimate interest in marketing to existing customers (PECR soft opt-in). You can opt out at any time. |
| Sending marketing text messages (SMS) about our own events, ticket drops, and products, where you have opted in | Consent (PECR Regulation 22). You can opt out at any time by replying STOP. |
| Sending event-related notifications (e.g., on-sale alerts, event reminders) | Consent / Legitimate interests |
| Sharing attendee data with promoters/venues for event management and door entry | Performance of a contract / Legitimate interests |
| Analysing website usage to improve our services and user experience | Legitimate interests |
| Preventing fraud and ensuring the security of our platform | Legitimate interests / Legal obligation |
| Complying with legal and regulatory obligations (tax records, consumer law) | Legal obligation |
| Processing promoter registrations and managing the promoter marketplace | Performance of a contract |
| Facilitating ticket transfers and resales | Performance of a contract |
Where we rely on legitimate interests, we have conducted a balancing test to ensure that our interests do not override your fundamental rights and freedoms. You have the right to object to processing based on legitimate interests (see Section 11).
5. Who We Share Your Data With
We only share your personal data when necessary, and we do not sell, rent, or trade your data to third parties for their own marketing purposes. We share data with the following categories of recipients:
5.1 Payment Processors
Stripe (including Stripe Connect) processes all payments on our platform, for both product purchases and ticket sales. Stripe receives your payment card details, billing address, and transaction information. Stripe acts as an independent data controller for payment data. See Stripe's Privacy Policy.
5.2 Event Promoters and Venues
When you purchase a ticket, we share the following limited information with the event promoter and, where applicable, the venue:
- Your full name (as provided during ticket purchase).
- Your ticket type and order reference.
- Your ticket's QR code data (for door scanning and check-in).
This data is shared so that the promoter can manage event entry and maintain door lists. Promoters are required to handle your data in accordance with applicable data protection laws.
We do not share your email address, phone number, or payment details with promoters directly. Where we need to send you a message about your specific event (such as a change, cancellation, or safety notice), we send it to you ourselves on the promoter's behalf — we remain the data controller and the promoter never receives your contact details. If your ticket needs refunding, we may share the minimum information necessary to process that refund.
Where you have subscribed to our updates, or bought tickets from us and not opted out, we may also send you marketing from Rave Essentials about our own events, ticket drops, and gear. These messages are sent by us, and the promoter does not see your email address. You can opt out at any time from your account settings or by clicking the unsubscribe link in any message.
5.3 Email and SMS Marketing (Brevo and Twilio)
If you subscribe to our newsletter or opt in to marketing communications, your email address is shared with Brevo (formerly Sendinblue), our email marketing service provider. Brevo processes your data on our behalf (as a data processor) to deliver newsletters and promotional emails. See Brevo's Privacy Policy. You can unsubscribe from marketing emails at any time using the unsubscribe link in any email.
Our newsletter may include curated event guides featuring events from across the UK scene, some listed by third-party promoters. Where you book tickets through links in our emails, we may earn a commission, at no extra cost to you.
If you opt in to marketing text messages, your mobile number is shared with Twilio, our SMS delivery provider. Twilio processes your number on our behalf (as a data processor) to send the text alerts you asked for. See Twilio's Privacy Notice. You can stop these messages at any time by replying STOP to any marketing text, or through your account preferences.
5.4 Analytics (Google Analytics)
Google Analytics collects anonymised and aggregated data about how visitors use our website, including pages visited, time on site, and traffic sources. Google Analytics uses cookies. We have configured Google Analytics to anonymise IP addresses. See Google's Privacy Policy. You can opt out of Google Analytics by installing the Google Analytics Opt-Out Browser Add-on.
5.5 Shipping and Delivery Partners
For physical product orders, we share your name, shipping address, and phone number (if provided) with Royal Mail or other courier services to fulfil your delivery. These partners process your data as independent data controllers for the purpose of delivering your order.
5.6 Hosting and Infrastructure
Our website is hosted on secure servers. Your data may be processed by our hosting provider, content delivery network (Cloudflare), and cloud storage providers as part of delivering our services. These providers act as data processors and are bound by contractual obligations to protect your data.
5.7 Legal and Regulatory Authorities
We may disclose your personal data if required to do so by law, in response to a valid legal request (such as a court order or regulatory investigation), or to protect our rights, safety, or property.
6. International Data Transfers
Some of our third-party service providers are based outside the UK, including:
- Stripe (United States) - payment processing.
- Google (United States) - analytics and reCAPTCHA.
- Brevo (France/EU) - email marketing.
- Twilio (United States) - SMS delivery.
- Cloudflare (United States) - content delivery and security.
Where personal data is transferred outside the UK, we ensure that appropriate safeguards are in place, such as:
- The recipient country has been deemed to provide an adequate level of data protection by the UK government.
- Standard Contractual Clauses (SCCs) with the UK International Data Transfer Addendum, or the UK International Data Transfer Agreement (IDTA) issued by the Information Commissioner's Office (ICO), are in place.
- The recipient participates in a recognised certification scheme (such as the UK Extension to the EU-US Data Privacy Framework) or has Binding Corporate Rules.
You can contact us for more information about the specific safeguards in place for international transfers.
7. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our retention periods are:
- Order and transaction data (products and tickets): 6 years from the date of the transaction, as required for tax, accounting, and legal compliance under HMRC guidelines.
- Account data: Retained until you delete your account or request erasure. Inactive accounts may be flagged for review after 3 years of inactivity.
- Marketing consent and newsletter subscriptions: Retained until you unsubscribe or withdraw consent. Any mobile number you provided for SMS marketing is cleared when you opt out. After unsubscribing, we retain a record of your opt-out preference to ensure we do not contact you again.
- Customer support enquiries: 2 years from resolution, to handle follow-up queries and improve our service.
- Website analytics data: Up to 26 months (Google Analytics default retention period).
- Ticket and event data: 6 years from the event date, for the same tax and legal compliance reasons as other transaction data.
- Promoter data: Retained for the duration of the promoter's relationship with us, plus 6 years after the last transaction for legal compliance.
When retention periods expire, we securely delete or anonymise your data so that it can no longer be associated with you.
8. Data Security
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it, including:
- Encryption: All data transmitted between your browser and our servers is encrypted using TLS (HTTPS). Passwords are stored using industry-standard one-way hashing.
- Access controls: Access to personal data is restricted to authorised personnel who need it to perform their duties.
- Payment security: We do not store full payment card details. All payment processing is handled by Stripe, which is PCI DSS Level 1 certified.
- Infrastructure security: Our servers are protected by firewalls, DDoS protection (via Cloudflare), and regular security updates.
- Monitoring: We monitor our systems for suspicious activity and potential security incidents.
While we take all reasonable steps to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we will notify you and the ICO of any data breach that poses a risk to your rights and freedoms, in accordance with our legal obligations.
9. Children's Privacy
Our services are not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. Many events listed on our platform require attendees to be 18 or older.
If we become aware that we have collected personal data from a child under 16 without appropriate parental consent, we will take steps to delete that data promptly. If you believe we may have collected data from a child under 16, please contact us immediately.
10. Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your experience, maintain your shopping cart and session, analyse website usage, and deliver relevant content. Cookies we use include:
- Essential cookies: Required for core website functionality, including your session, shopping cart, CSRF protection, and cookie consent preferences. These cannot be disabled.
- Analytics cookies: Used by Google Analytics to understand how visitors use our site. These are only set with your consent.
- Marketing cookies: Used for advertising and personalisation. These are only set with your consent.
You can manage your cookie preferences at any time via the cookie banner or the "Manage Cookies" option on our site. You can also control cookies through your browser settings.
For full details about the specific cookies we use, their purposes, and durations, please see our Cookie Policy.
11. Your Rights Under UK GDPR
Under the UK GDPR, you have the following rights regarding your personal data. These rights are not absolute and may be subject to certain conditions and exemptions:
11.1 Right of Access
You have the right to request a copy of the personal data we hold about you (a "Subject Access Request"). We will provide this free of charge within one calendar month, unless the request is manifestly unfounded or excessive.
11.2 Right to Rectification
You have the right to request that we correct any inaccurate personal data, or complete any incomplete data we hold about you. You can update some information directly through your account settings.
11.3 Right to Erasure ("Right to Be Forgotten")
You have the right to request that we delete your personal data in certain circumstances, such as when it is no longer necessary for the purpose it was collected, or you withdraw your consent. We may need to retain some data for legal compliance (e.g., financial records for 6 years).
11.4 Right to Restrict Processing
You have the right to request that we limit how we use your data in certain circumstances, for example while we verify the accuracy of your data or consider an objection you have raised.
11.5 Right to Data Portability
Where processing is based on consent or contract performance, and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
11.6 Right to Object
You have the right to object to processing based on legitimate interests. If you object, we will stop processing your data unless we can demonstrate compelling legitimate grounds that override your interests. You have an absolute right to object to processing for direct marketing purposes at any time.
11.7 Right to Withdraw Consent
Where we process your data based on consent (e.g., marketing emails and text messages), you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal. You can withdraw consent by:
- Clicking the "unsubscribe" link in any marketing email.
- Replying STOP to any marketing text message.
- Contacting us at support@raveessentials.co.uk.
11.8 Rights Related to Automated Decision-Making
We do not currently use automated decision-making or profiling that produces legal effects or significantly affects you. If this changes, we will update this policy and provide appropriate safeguards.
How to Exercise Your Rights
To exercise any of these rights, please contact us at support@raveessentials.co.uk. We may need to verify your identity before processing your request. We will respond within one calendar month. If your request is complex or we receive a large number of requests, we may extend this by up to two additional months, but we will inform you of this within the initial one-month period.
12. Marketing Communications
We will only send you marketing communications (newsletters, promotions, event recommendations) if you have given your consent (for example by subscribing to our newsletter), or if you have bought from us and did not opt out at checkout. The second case is the "soft opt-in" for existing customers, and we only use it to tell you about our own events, ticket drops, and gear.
Every marketing email includes an unsubscribe link. You can also manage your preferences by contacting us. Opting out of marketing will not affect transactional communications (such as order confirmations, ticket deliveries, or event updates that are necessary for the performance of a contract).
Marketing text messages (SMS) work differently from our email marketing: we will only send them if you have given your explicit consent, by ticking the SMS opt-in box and providing your mobile number. We do not apply the soft opt-in to text messages. Every marketing text tells you how to stop them (reply STOP), and SMS marketing only ever covers our own events, ticket drops, and gear.
13. Event Data and Promoter Access
When you purchase a ticket through our platform, certain data is shared with the event promoter to enable them to manage their event. Specifically:
- What is shared: Your name, ticket type, ticket reference number, QR code data, and check-in status.
- Why it is shared: To verify your ticket at the door and manage attendee and guest lists.
- What is NOT shared: Your email address, phone number, payment details, and browsing history are not shared with promoters directly. Where a promoter needs to contact you about essential event information (such as venue changes, safety information, or cancellations), or send marketing to you with your consent, the message is delivered by Rave Essentials on the promoter's behalf — we remain the data controller and the promoter never receives your contact details. Email may be shared only to the extent strictly necessary to process a refund.
13.1 Joint controllership for door entry and attendee management
For the limited shared processing described above (door entry, guest-list management, and event operations), Rave Essentials and the event promoter act as Joint Controllers within the meaning of Article 26 UK GDPR. The respective responsibilities of the Parties are set out in a written Promoter Data Sharing & Joint Controller Agreement which every promoter must accept before being granted access to attendee data. The essence of that arrangement is:
- Rave Essentials is the primary point of contact for you in respect of all your rights under the UK GDPR (access, rectification, erasure, restriction, portability, objection). You can exercise those rights by contacting us at privacy@raveessentials.co.uk.
- The promoter is responsible for handling your name, ticket reference, and check-in status securely, only for the purposes of running their event, and for the duration their account remains active on the Platform. The promoter cannot use that data for direct marketing without going through our messaging tools or having your separate explicit consent.
- You may exercise your rights against either party as required by Article 26(3) UK GDPR; we recommend contacting us first because we hold the underlying contact details.
Promoters are contractually required to use attendee data only for event management purposes and to comply with applicable data protection laws. Promoters cannot send you marketing without your separate, explicit consent captured at checkout or in your account settings, and any consented marketing is delivered through our platform rather than by handing your contact details to the promoter. You can read the full Promoter Data Sharing & Joint Controller Agreement at any time.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our services, data practices, or legal requirements. When we make changes, we will update the "Last updated" date at the top of this page.
For significant changes that materially affect how we process your personal data, we will make reasonable efforts to notify you in advance, such as by email or a prominent notice on our website. We encourage you to review this policy periodically.
15. Right to Complain
If you are unhappy with how we have handled your personal data, we encourage you to contact us first so we can try to resolve your concern.
You also have the right to lodge a complaint with the UK's data protection supervisory authority:
- Information Commissioner's Office (ICO)
- Website: ico.org.uk
- Telephone: 0303 123 1113
- Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
16. Contact Us
If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have any concerns about how we handle your personal data, please contact us:
- Email: support@raveessentials.co.uk
- Website: Contact Us
We aim to respond to all data protection enquiries within 5 working days, and will formally respond to rights requests within one calendar month as required by law.