Politique de confidentialité

    Montreal cityscape at night

    Politique de confidentialité de Outbox

    Effective date: September 10, 2025

    Outbox fournit des technologies de billetterie et de billetterie aux lieux, aux promoteurs et aux organisateurs d'événements (notre »Clients»). Cette politique de confidentialité explique comment nous recueillons, utilisons, partageons et protégeons les renseignements personnels lorsque vous visitez nos sites Web, utilisez nos Services, interagissez avec nous pour des ventes ou du soutien, ou postulez à un emploi.

    Résumé rapide
    • Si vous êtes un visiteur ou prospect du site Web, cette politique explique ce que nous recueillons sur nos sites et à des fins de marketing.
    • Si vous êtes un Client ou utilisateur de la plateforme, nous utilisons vos informations pour fournir et sécuriser les Services.
    • Si vous êtes un acheteur de billets, nous agissons généralement en tant que processeur pour nos clients — Votre principale relation de confidentialité est avec l'organisateur de l'événement.
    • Vous avez le droit à la protection de la vie privée. Voir Vos droits à la vie privée ci-dessous pour les exercer.

    1) Qui sommes-nous et quel est notre champ d'action ?

    Cette politique couvre les renseignements personnels traités par Outbox par l'entremise de :

    • Sites : les sites Web, les pages et les formulaires de notre entreprise
    • Services : notre logiciel de billetterie et de billetterie et les outils connexes fournis aux clients.
    • Marketing et ventes : des événements, des webinaires, des publicités, des courriels et des médias sociaux.
    • Recrutement : lorsque vous présentez votre candidature pour un emploi avec Outbox.

    Rôle : Nous agissons en tant que contrôleur pour les données personnelles que nous recueillons directement (p. ex. les visiteurs du site, les prospects, les candidats, les utilisateurs du compte client). Nous agissons en tant que processeur (fournisseur de services) lors du traitement des données de l'acheteur de billets pour le compte des clients. Pour les activités de sous-traitance, les politiques de confidentialité de nos clients régissent ; nous traitons conformément à leurs instructions.

    2) Informations que nous recueillons

    A. Renseignements que vous nous fournissez

    • Contact & account data: name, business email, phone, company, job title, password, role.
    • Business records: contracts, orders, billing and invoicing details, support tickets.
    • Communications: emails, chats, call recordings (where permitted), survey responses.
    • Job applicant data: résumé/CV, cover letter, work history, education, references, immigration status, and any info you provide during interviews or assessments.

    B. Information collected automatically

    • Usage & device data: IP address, device identifiers, browser type, operating system, language, referring URLs, pages viewed, links clicked, session duration, and performance metrics.
    • Cookies & similar tech: pixels, tags, SDKs that help us remember your preferences, secure the Sites, understand usage, and personalize content/ads. See Cookies & Tracking.

    C. Information from third parties

    • From Clients: end-user/admin data needed to provision and support the Services.
    • From partners & vendors: lead info, analytics, ad engagement metrics.
    • From public sources: social media profiles, company websites, public directories.
    Ticket buyers: Event organizers (our Clients) may send us your data to fulfill purchases, manage seating, or support event operations. We handle this data as a processor per our contract with the organizer.

    3) How we use information

    We use information for the following purposes (and, where applicable, lawful bases):

    • Provide and improve the Services (perform a contract; legitimate interests): enable logins, configure accounts, process transactions for Clients, provide support, fix issues, develop features, maintain security, and analyze performance.
    • Operate our Sites (legitimate interests; consent for non-essential cookies): remember preferences, measure usage, debug, and keep our Sites secure.
    • Sales & marketing (consent where required; legitimate interests): send product updates, event invites, newsletters; personalize content and ads; measure campaign effectiveness. You can opt out at any time (see Marketing Choices).
    • Recruiting (consent; legitimate interests): evaluate candidates, schedule interviews, and onboard hires.
    • Compliance & protection (legal obligations; legitimate interests): comply with laws, enforce terms, detect and prevent fraud, security incidents, or misuse.

    We may aggregate or de-identify information so it can no longer reasonably be linked to you; we may use and share such information for any lawful purpose.

    4) How we share information

    We do not sell your personal information as the term “sell” is defined by many privacy laws. We may “share” data for cross-context behavioral advertising; see Your Privacy Rights for state law opt-out rights.

    We share information with:

    • Service providers/processors: cloud hosting, security, analytics, communications, payment/billing, recruitment platforms, and customer support tooling. They may only use data to provide services to us and must protect it.
    • Clients: if you are an admin/user of a Client account, we share info with your organization. If you are a ticket buyer, we process and share your data with the relevant Client/event organizer under their instructions.
    • Partners: with your consent or at your direction (e.g., co-marketing, integrations).
    • Legal & safety: to comply with law, lawful requests, or to protect rights, safety, and property.
    • Business transfers: as part of a merger, acquisition, financing, or sale of assets; your information may be transferred as permitted by law.

    5) Cookies & tracking

    We use cookies and similar technologies to:

    • Essential: authentication, security, load balancing.
    • Analytics: understand Site and Service usage.
    • Functional: remember preferences.
    • Advertising: deliver and measure ads on our Sites and third-party sites.

    Where required by law, we obtain your consent for non-essential cookies. You can manage cookies via our cookie banner, your browser settings, or the Do Not Sell/Share options (where applicable). Blocking cookies may impact Site functionality.

    6) Data retention

    We keep personal information only as long as necessary to:

    • provide the Services and operate the Sites,
    • comply with legal obligations (e.g., tax, accounting),
    • resolve disputes, enforce agreements, and protect our rights.

    When no longer needed, we delete or irreversibly de-identify data according to our retention policies. Typical retention examples: marketing leads (24–36 months of inactivity), support logs (12–24 months), contract/account records (during the relationship + 7 years), recruiting data (up to 24 months unless you consent to a talent pool).

    7) Security

    We implement administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit, access controls, network monitoring, and employee training. No system is 100% secure; if we detect a breach impacting your data, we will notify you and regulators as required by law.

    8) International data transfers

    We may process and store information in countries other than where it was collected. Where required, we use appropriate safeguards for cross-border transfers (e.g., EU/UK Standard Contractual Clauses, UK IDTA/Addendum, and additional measures as needed). You can request a copy of relevant transfer mechanisms via email contact@outbox.com.

    9) Your privacy rights

    Depending on your location, you may have the right to:

    • Access your personal information and obtain a copy.
    • Correct inaccurate or incomplete data.
    • Delete your information.
    • Portability: receive your data in a usable format.
    • Restrict or object to certain processing (including profiling and direct marketing).
    • Withdraw consent where processing is based on consent.
    • Appeal a decision if we deny your request (US state laws).

    You can exercise rights by emailing contact@outbox.com. We may need to verify your identity and will respond within the timeframes required by law.

    California & other US state privacy laws (e.g., CA, CO, CT, VA, UT):

    • We do not “sell” personal information for money. We may “share” identifiers and internet activity with advertising partners for cross-context behavioral advertising. You can opt out via our “Do Not Sell or Share My Personal Information” link or by using a browser-based opt-out signal (e.g., GPC), which we honor.
    • You may also request disclosure of categories of personal info collected, sources, purposes, and third parties, and request deletion or correction.
    • You may use an authorized agent to submit requests (subject to verification).
    • We do not discriminate for exercising your rights.

    EEA/UK/Swiss residents: Outbox CRB Inc. is the controller for Site/marketing data. Our legal bases include contract performance, legitimate interests (e.g., service improvement, security, marketing to business contacts), consent (where required), and legal obligations. You may lodge a complaint with your local supervisory authority, but we encourage you to contact us first.

    Brazil (LGPD): You have rights similar to those above (confirmation, access, correction, anonymization, portability, deletion, information about sharing, and revocation of consent).

    10) Marketing choices

    • Email & SMS: You can unsubscribe using the link in our messages or by contacting us.
    • Ads: Adjust cookie settings, use platform controls (e.g., Google/LinkedIn/Facebook ad preferences), or enable a browser opt-out signal where supported.
    • Analytics: You can use industry tools (e.g., Google’s opt-out add-on) and your browser settings to limit tracking.

    11) Ticket buyers: our role as processor

    When you purchase or manage tickets for an event using our technology, the event organizer (Client) is the data controller. We process your information on their behalf to deliver the Services (e.g., seating, payments via their chosen processor, access control, communications). To exercise your privacy rights as a ticket buyer, please contact the event organizer directly. We will assist our Clients in responding to such requests as required by law and our contracts.

    12) Children’s privacy

    Our Sites and Services are intended for business use and are not directed to children. We do not knowingly collect personal information from children under 16 (or a higher age where required by local law). If you believe a child has provided us personal information, contact contact@outbox.com and we will take appropriate steps to delete it.

    13) Third-party sites, platforms, and integrations

    Our Sites may include links to third-party websites, plug-ins, or integrations. We are not responsible for the privacy practices of those third parties. Review their policies before providing any personal information.

    14) Changes to this policy

    We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated version on our Sites and updating the “Last updated” date. Your continued use of the Sites or Services after changes become effective means you accept the updated policy.

    15) Region-specific addendum (optional to include on the same page or as a linked supplement)

    • California CPRA Notice (Categories Table):
      • Identifiers: name, email, IP address (sources: you, your device; purposes: service, security, marketing; sharing: service providers, advertising partners).
      • Customer records & commercial info: account, transactions (sources: you/Client; purposes: service, support, compliance; sharing: service providers, Client).
      • Internet activity: browsing, usage (sources: your device; purposes: analytics, security, ads; sharing: service providers, advertising partners).
      • Professional/employment info: job title, company (sources: you, public sources; purposes: sales, contracts; sharing: service providers).
      • Inferences: product interest segments (purposes: marketing; sharing: advertising partners).
      • We retain data as described above; we disclose for business purposes and may “share” for advertising. We do not knowingly sell or share data of consumers under 16.
    • EEA/UK Transparency (Art. 13/14 GDPR): contact details of controller/representative; legal bases listed in Section 3; recipients in Section 4; transfers in Section 8; retention in Section 6; rights in Section 9; whether provision of data is required (typically optional for Sites; necessary for Service accounts); existence of automated decision-making (we do not engage in solely automated decisions that produce legal or similarly significant effects).