Regulation (EU) 2016/679, the General Data Protection Regulation ("GDPR"), is a European privacy legislation taking effect May 25, 2018. It replaces EU member state laws that implement the EU Data Protection Directive, in existence since 1995. Most organizations that collect, maintain, or process EU residents' personal data (regardless of the organization's global location) will be required to implement certain procedures and safeguards for that data.

Tixr is covered by GDPR in situations where personal data of Tixr customers is processed, including but not limited to customer end users, if those individuals are located in the EU. In preparation for the GDPR, Tixr has established a comprehensive compliance program and is committed to partnering with its customers and vendors in their GDPR compliance efforts.

Under the GDPR, "data controllers" (i.e. entities that determine the purposes and means of processing data) are required to enter into agreements with other entities that process data on their behalf (called "data processors"). Tixr offers its EU customers who are data controllers the option to enter into a robust data processing agreement that requires Tixr to safeguard personal data in accordance with GDPR requirements.

The GDPR gives individual data subjects in certain circumstances the rights to, among other things, access, delete, and make corrections to their data. Data subjects can make these requests directly to the data controllers of their information. With Tixr, it's easy for our customers who are data controllers to access and manage their team members' data in response to these requests. For example, customers can directly access, update, and modify data within the Tixr platform. Tixr also offers customers the ability to export organization member and guest information so that it can be sent outside of the platform.

At its core, the GDPR is focused on transparency, fairness, and accountability. Accordingly, the law requires organizations to maintain documentation about their privacy practices and their decisions about how they handle individuals' personal data. Tixr shares the GDPR's commitment to these principles, and has included within its ongoing GDPR compliance program documentation about Tixr's data collection and processing activities, and the various policies and guidelines it follows pursuant to the GDPR.

Securing our users' personal data continues to be a priority for Tixr as we prepare for the GDPR. The GDPR requires organizations to use appropriate technical and organizational measures to protect the security, confidentiality, and integrity of personal data. Tixr has implemented a variety of safeguards to protect the security of our platform, including encrypting web connections to protect data transmissions, replicating our databases to support reliability of the platform, and controlling access to our facilities and office network.

We value communication with our fans. As Tixr continues to evaluate and update its data protection program, we will keep you posted with important updates.