Privacy Notice

About This Policy

This Privacy Notice explains how SecureMyBooking.com Limited (“we”, “our”, “us”) collects, uses, shares, and stores personal information in our capacity as a Data Controller.

We comply with applicable data protection laws, including:

  • The UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018
  • The California Consumer Privacy Act of 2018 (CCPA) and the California Privacy Rights Act (CPRA) amendments
  • The Data Use and Access Act 2025 (DUAA)
  • The Personal Information Protection and Electronic Documents Act (PIPEDA) (Canada)

What Personal Data Do We Process?

We collect and process personal data necessary to administer ticket refund protection and related services. This may include:

  • Name, address, and contact details
  • Financial information such as bank account details
  • Health information where essential to process a refund application
  • Other information related to your ticket refund protection cover

We only collect what is necessary and proportionate to the purposes set out below.

How We Collect Personal Information

We obtain personal data:

  • Directly from you (via online forms, email, telephone, or written correspondence)
  • From third parties such as ticketing partners or venues, where necessary to process your application
  • Automatically, when you use our website (limited to essential cookies and analytics, where applicable)

How We Use Your Information

We use your information to:

  • Process and manage your ticket refund applications
  • Comply with legal and regulatory obligations
  • Establish, exercise, or defend legal claims
  • Fulfil legitimate business interests, such as fraud prevention and process efficiency

When processing sensitive data such as health information, we do so only when necessary and on lawful grounds other than consent (for example, for contractual necessity or substantial public interest).

Who We Share Information With

We share your data only as required to deliver our services or meet legal obligations. This may include:

  • Agents, brokers, and reinsurers
  • Loss adjusters and sub-contractors
  • Regulators, auditors, and law enforcement agencies
  • Fraud prevention and detection bodies
  • Compulsory insurance and industry databases

We never sell your personal data or share it for marketing purposes.

For industry context, see the London Market Group Information Notice.

International Transfers

We may transfer personal data outside the UK, EEA, Canada, or United States where necessary. Safeguards such as Standard Contractual Clauses, UK Addenda, or equivalent protection frameworks are applied to ensure your information remains secure.

All payment and banking information is encrypted. While no transmission is completely secure, we use robust procedures and access controls to protect your data once received.

Data Retention

We retain personal data only for as long as necessary to fulfil our stated purposes, meet regulatory obligations, or defend legal claims. Typically, data is retained for six years after the end of our business relationship unless otherwise required by law.

Jurisdiction-Specific Privacy Rights

1. GDPR (UK/EU)

If you are located in the UK or European Economic Area (EEA), you have the following rights under the GDPR:

  • The right to access your personal data
  • The right to rectification of inaccurate or incomplete data
  • The right to erasure (“right to be forgotten”)
  • The right to restrict or object to processing
  • The right to data portability
  • The right to withdraw consent (where processing is based on consent)

We process your data under one or more lawful bases defined in Article 6 of the GDPR, such as contractual necessity, legal obligation, legitimate interest, or consent (where applicable).

You may contact our Data Protection Officer (DPO) to exercise these rights via the contact form at www.securemybooking.com/help/.

You also have the right to complain to the Information Commissioner’s Office (ICO): www.ico.org.uk

2. CCPA (California)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) grant you the following rights:

  • The right to know what personal information we collect, use, or disclose
  • The right to request deletion of your personal information
  • The right to correct inaccurate information
  • The right to opt out of the sale or sharing of personal information
  • The right to non-discrimination for exercising your privacy rights

We do not sell or share personal data as defined under the CCPA.

To exercise your rights or submit a request, please contact us through our secure form at www.securemybooking.com/help/.
Verification of your identity may be required before processing your request.

If you are an authorised agent submitting a request on behalf of another individual, you must provide proof of authorisation.

3. DUAA (Data Use and Access Act 2025)

If you reside in a US state covered by the DUAA (2025), you have additional rights to transparency and control over automated and cross-context data uses, including:

  • The right to opt out of automated decision-making and profiling
  • The right to review and appeal decisions made by automated systems
  • The right to access meaningful information about how automated tools process your data
  • The right to limit use of your data for secondary purposes

We currently do not use automated decision-making for refund approvals. Should such tools be introduced, they will operate under strict human oversight and transparency safeguards.

4. PIPEDA (Canada)

If you are located in Canada, under PIPEDA you have the right to:

  • Know why we collect, use, and share your personal data
  • Access the information we hold about you
  • Request correction or deletion of inaccurate information
  • Withdraw consent where applicable
  • Challenge our compliance with PIPEDA through our DPO or the Office of the Privacy Commissioner of Canada

Complaints may be directed to the Office of the Privacy Commissioner of Canada at www.priv.gc.ca.

Automated Decision-Making and Profiling

We do not use profiling or automated systems that produce legal or significant effects on individuals. All refund assessments involve human review.

Children’s Privacy

Our services are not directed at children under 16. We do not knowingly collect data from minors. If such data is discovered, it will be deleted immediately.

Contact Information

Data Controller:
SecureMyBooking.com Limited
34 Lime Street, London EC3M 7AT

Data Protection Officer: Julian Berry
Contact via www.securemybooking.com/help/

Complaints and Oversight Authorities

  • UK & EU: Information Commissioner’s Office – www.ico.org.uk
  • Canada: Office of the Privacy Commissioner of Canada – www.priv.gc.ca
  • California/US: California Privacy Protection Agency – www.cppa.ca.gov

Updates to This Notice

We may update this notice periodically to reflect legal or operational changes. The most recent version will always be available on www.securemybooking.com.

Last Updated: October 2025
© 2026 Secure My Booking.

SecureMyBooking.com Limited
Registered Office: The White House, Castle Road, Saltwood, Kent, CT21 4QY Registered in England. Company Number: 06389683