Privacy Policy

Last updated: Monday 12th January 2026

This Privacy Policy explains how Replika Festival and 25Eight Events Ltd collect, use, store, and protect your personal data when you visit our websites, purchase tickets, or otherwise interact with us.

This policy applies across all event websites operated or managed by 25Eight Events Ltd, where the same data processing activities apply.

1. Who We Are (Data Controller)

Event Brand: Replika Festival
Company Name: 25Eight Events Ltd
Company Registration Number: 14484808
ICO Registration Reference: ZB630163
Website: www.25eightevents.com
General Enquiries: info@25eightevents.com
Data Protection Contact: dataprotection@25eightevents.com

We are an events company based in the United Kingdom. We are the data controller for the personal data processed under this policy.

We are committed to protecting your personal data in accordance with:

• UK General Data Protection Regulation (UK GDPR)
• Data Protection Act 2018
• EU GDPR (where applicable for EU-based users)

2. Personal Data We Collect

We may collect and process the following categories of personal data:

a) TICKETING & EVENT REGISTRATION DATA

When you purchase tickets via our official ticketing partner, OnTick (www.ontick.co.uk), we may receive:

• Full name
• Email address
• Phone number
• Postal address
• Date of birth or age verification (where legally required)

This data is required to process ticket purchases, manage event entry, verify age where applicable, and provide customer support.

b) MARKETING DATA (WITH CONSENT)

• Name and email address
• Marketing preferences
• Consent and subscription history

c) TECHNICAL & USAGE DATA

When you use our websites, we may collect:

• IP address
• Browser type, device type, and operating system
• Pages visited and referring URLs

This data is collected via cookies and similar technologies. Please see our Cookie Policy for more information.

3. How We Collect Your Data

We collect personal data:

• When you purchase tickets via our official ticketing partner, OnTick
• When you subscribe to marketing communications through opt-in forms
• When you contact us via website forms or email
• Automatically through cookies and analytics tools when you browse our websites
• Through Mailchimp, a GDPR-compliant email marketing platform, where you have given explicit consent

You may unsubscribe from marketing communications at any time using the link in our emails or by contacting us at dataprotection@25eightevents.com.

4. Lawful Basis for Processing

We only process personal data where we have a lawful basis under Article 6 UK GDPR:

Consent (Art. 6(1)(a)) – for marketing communications

Contract (Art. 6(1)(b)) – to process ticket purchases and deliver events

Legal obligation (Art. 6(1)(c)) – for tax, accounting, safety, or regulatory compliance

Legitimate interests (Art. 6(1)(f)) – for event administration, website analytics, fraud prevention, and security

You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

5. How We Use Your Data

We use your personal data to:

• Process ticket purchases and manage event entry
• Send booking confirmations and important event updates
• Provide customer support
• Send marketing communications (where consent has been given)
• Improve our websites and services
• Meet legal, regulatory, and safety obligations

6. Data Sharing and Third Parties

We do not sell your personal data.

We may share data with trusted, GDPR-compliant third parties where necessary, including:

OnTick – ticket sales and event access management

Mailchimp – email marketing and subscription management

Squarespace – website hosting

Google Analytics – website performance and usage analytics

Regulators or law enforcement authorities – where legally required

All third-party processors operate under appropriate data processing agreements (DPAs).

International Transfers

If personal data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place, such as:

• UK or EU adequacy regulations, or
• Standard Contractual Clauses (SCCs)

7. Data Retention

We retain personal data only for as long as necessary:

Marketing data: Until consent is withdrawn or you unsubscribe

Ticketing and financial records: Up to 7 years (legal and accounting requirements)

Enquiries and correspondence: Up to 12 months

Technical and security data: Typically 30–90 days

8. Your Data Protection Rights

Under UK GDPR, you have the right to:

• Access your personal data
• Rectify inaccurate or incomplete data
• Request erasure ("right to be forgotten")
• Restrict processing
• Object to processing
• Data portability
• Withdraw consent at any time
• Lodge a complaint with a supervisory authority

To exercise your rights, please contact: dataprotection@25eightevents.com.

9. Data Security

We use appropriate technical and organisational measures to protect personal data, including:

• SSL encryption
• Secure access controls
• Encrypted storage where appropriate
• Regular security reviews and third-party compliance checks

10. Contact Details and Complaints

Data Protection Contact:
dataprotection@25eightevents.com

General Enquiries:
info@25eightevents.com

Complaints:
complaints@25eightevents.com

UK Supervisory Authority

Information Commissioner’s Office (ICO)
www.ico.org.uk
Tel: 0303 123 1113

EU residents may also contact their local Data Protection Authority:
https://edpb.europa.eu/about-edpb/board/members_en

11. Changes to This Policy

We may update this Privacy Policy from time to time. The most current version will always be available on our websites, with the effective date shown at the top of this page.