Terms

Welcome to RFID XRTICKETS!


By accessing or using our website and services, you agree to be bound by these Terms of Service (the "Terms"). These Terms apply to all users of our site and services. If you do not agree to these Terms, you must not access or use our services.


By purchasing eWallets through our online platform powered by Odoo.sh, using Stripe, Authorize.net, or PayPal as payment methods, you agree to these Terms and our Privacy Policy. There are no age restrictions for using our service; however, you acknowledge that you have the legal capacity to enter into this agreement. eWallet credits can be purchased through our website. These credits can be used to buy products or services offered by XRTICKETS. Please note the following:

- No Refunds: All purchases of eWallet credits are final and non-refundable. Please ensure you want to proceed before completing your transaction.

- Payment Processors: Transactions are processed through Stripe, Authorize.net, or PayPal. You must agree to their respective terms and conditions when making payments.

Use of Services:

You agree not to use the eWallet credits for any unlawful purposes or in a way that violates any local, state, national, or international law or regulation.

In no event will XRTICKETS, or its directors, employees, or agents, be liable for any direct, indirect, incidental, special, consequential, or punitive damages resulting from your use of our services or eWallets.

Privacy Policy

Privacy Policy for RFID XRTICKETS: This Privacy Policy describes how rfid.xrticketscr.com (the “Site” or “we”) collects, uses, and discloses your Personal Information when you visit or make a purchase from the Site.

Collecting Personal Information

When you visit the Site, we collect certain information about your device, your interaction with the Site, and information necessary to process your purchases. We may also collect additional information if you contact us for customer support. In this Privacy Policy, we refer to any information that can uniquely identify an individual (including the information below) as “Personal Information”. See the list below for more information about what Personal Information we collect and why.

Device information

  • Examples of Personal Information collected: version of web browser, IP address, time zone, cookie information, what sites or products you view, search terms, and how you interact with the Site.
  • Purpose of collection: to load the Site accurately for you, and to perform analytics on Site usage to optimize our Site.
  • Source of collection: Collected automatically when you access our Site using cookies, log files, web beacons, tags, or pixels
  • Disclosure for a business purpose: shared with our processor Odoo.sh, Google Analytics. 

Order information

  • Examples of Personal Information collected: name, birthdate, billing address, shipping address, payment information (including credit card numbers and Paypal), email address, and phone number.
  • Purpose of collection: to provide products or services to you to fulfill our contract, to process your payment information, arrange for shipping, and provide you with invoices and/or order confirmations, communicate with you, screen our orders for potential risk or fraud, and when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
  • Source of collection: collected from you.
  • Disclosure for a business purpose: shared with our processor Odoo.sh [Pinterest, Google (AdWords, Google Analytics, Tag Manager), Meta (Facebook, Instagram), Paypal, Stripe].

Customer support information

  • Examples of Personal Information collected: name, birthdate, billing address, shipping address, payment information (including credit card numbers and Paypal), email address, and phone number.
  • Purpose of collection: to provide customer support.
  • Source of collection: collected from you.
  • Disclosure for a business purpose: [Odoo.sh, Stripe, Paypal]


Account & Contact Data: 

When you register on our website to use or download one of our products, or to subscribe to one of our services or fill in one of our contact forms, you voluntarily give us certain information. This typically includes your name, company name, email address, and sometimes your phone number, postal address (when an invoice or delivery is required),your business sector and interest in Odoo, as well as a personal password.

We never record or store credit card information from our customers, and always rely on trusted third-party PCI-DSS-compliant payment processors for credit card processing, including for recurring payment processing.


Browser Data: 

When you visit our website and access our online services, we detect and store your browser language and geolocation in order to customize your experience according to your country and preferred language. Our servers also passively record a summary of the information sent by your browser for statistical, security and legal purposes: your IP address, the time and date of your visit, your browser version and platform, and the web page that referred you to our website.

Your browser may also be used to store and retrieve your current session data, with the help of a session cookie. 


Form protection: 

Some forms on our website may be protected by Google reCAPTCHA. This technology relies on heuristics that are based on technical characteristics of your browser and device, and may also use specific Google cookies. See also Google Privacy Policy and Terms of Use in the Third Party Service Providers section below..


In-App Purchase (IAP) Transaction Data: When you use Odoo on the Odoo Cloud or on your own self-hosted deployments, some optional "In-App Purchase" services may be active by default. This typically includes auto-completion features to help you quickly input client and supplier info, as well as integration with third-party service providers for sending and receiving SMS, paper letters, etc.

When you use these services, with or without payment, some necessary transaction data is transmitted to Odoo Cloud services and has to be communicated to third-party services for the purpose of executing the service. You can find the detailed privacy policy for each service on the IAP Privacy Policy. 

Sharing Personal Information

We share your Personal Information with service providers to help us provide our services and fulfill our contracts with you, as described above. For example:

  • We use Odoo.sh to power our online store. You can read more about how Odoo.sh uses your Personal Information here: https://www.Odoo.com/privacy.
  • Odoo.sh, Pinterest, Google (AdWords), Meta (Facebook, Instagram), Stripe, Paypal, Odoo.sh IAP,



Service Provider

Purpose

Shared Data

Paypal

PCIPrivacy & Security

Payment processing on Odoo.com.

Shared with Paypal: Order details (amount, description, reference), Customer name and email.

Only stored by Paypal: credit card info.


Stripe

PCIPrivacy & Security

Payment processing on Odoo.com.

Shared with Stripe: Order details (amount, description, reference), Customer name and email.

Only stored by Stripe: credit card info.


Google Analytics

Privacy & SecurityTypes of cookies

Anonymous website audience analysis.

Opt-out

Shared with Google Analytics: Non-personal browser data, anonymized IP, geolocation info, language (no identifiable information).

Google reCAPTCHA

Privacy & Security

Form protection.

Used by Google reCAPTCHA: Browser and device characteristics, Google cookies.


Service Provider

Purpose

Shared Data

Paypal

PCIPrivacy & Security

Payment processing on Odoo.com.

Shared with Paypal: Order details (amount, description, reference), Customer name and email.

Only stored by Paypal: credit card info.

Stripe

PCIPrivacy & Security

Payment processing on Odoo.com.

Shared with Stripe: Order details (amount, description, reference), Customer name and email.

Only stored by Stripe: credit card info.

Google Analytics

Privacy & SecurityTypes of cookies

Anonymous website audience analysis.

Opt-out

Shared with Google Analytics: Non-personal browser data, anonymized IP, geolocation info, language (no identifiable information).

Google reCAPTCHA

Privacy & Security

Form protection.

Used by Google reCAPTCHA: Browser and device characteristics, Google cookies.

CloudFlare

Security & PrivacyCookie Policy

Distributed caching of static resources and images of Odoo.com.

Used by CloudFlare: Browser and device characteristics, CloudFlare cookies.




Behavioral Advertising

As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For example:

  • We use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here: https://policies.google.com/privacy?hl=en.You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
  • [Pinterest, Meta (Facebook, Instagram), Google (AdWords), Twitter, TikTok]
  • We share information about your use of the Site, your purchases, and your interaction with our ads on other websites with our advertising partners. We collect and share some of this information directly with our advertising partners, and in some cases through the use of cookies or other similar technologies (which you may consent to, depending on your location).



For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.

You can opt out of targeted advertising by:


Data Protection

Processing of Personal Data

The parties acknowledge that the Customer’s database may contain Personal Data, for which the Customer is the Controller. This data will be processed by Odoo SA when the Customer instructs so, by using any of the Services that require a database (e.g. the Cloud Hosting Services or the Database Upgrade Service), or if the Customer transfers their database or a part of their database to Odoo SA for any reason pertaining to this Agreement.

This processing will be performed in conformance with Data Protection Legislation. In particular, Odoo SA commits to:

  • (a) only process the Personal Data when and as instructed by the Customer, and for the purpose of performing one of the Services under this Agreement, unless required by law to do so, in which case Odoo SA will provide prior notice to the Customer, unless the law forbids it ;
  • (b) ensure that all persons within Odoo SA authorized to process the Personal Data have committed themselves to confidentiality ;
  • (c) implement and maintain appropriate technical and organizational measures to protect the Personal Data against unauthorized or unlawful processing and against accidental loss, destruction, damage, theft, alteration or disclosure ;
  • (d) forward promptly to the Customer any Data Protection request that was submitted to Odoo SA with regard to the Customer’s database ;
  • (e) notify the Customer promptly upon becoming aware of and confirming any accidental, unauthorized, or unlawful processing of, disclosure of, or access to the Personal Data ;
  • (f) notify the Customer if the processing instructions infringe applicable Data Protection Legislation, in the opinion of Odoo SA;
  • (g) make available to the Customer all information necessary to demonstrate compliance with the Data Protection Legislation, allow for and contribute reasonably to audits, including inspections, conducted or mandated by the Customer;
  • (h) permanently delete all copies of the Customer’s database in possession of Odoo SA, or return such data, at the Customer’s choice, upon termination of this Agreement, subject to the delays specified in Odoo SA’s Privacy Policy ;

With regard to points (d) to (f), the Customer agrees to provide Odoo SA with accurate contact information at all times, as necessary to notify the Customer’s Data Protection responsible.

Accessing, Updating or Deleting Your Personal Information

Account & Contact Data: You have the right to access and update personal data you have previously provided to us. You can do so at any time by connecting to your personal account on Odoo.com. If you wish to permanently delete your account or personal information for a legitimate purpose, please contact info@xrticketscr.com to request so. We will take all reasonable steps to permanently delete your personal information, except when we are required to keep it for legal reasons (typically, for administration, billing and tax reporting reasons).

SMS

Information we collect:  The information we collect is directly provided by our users when they use the service. This information includes the identifier of the Odoo IAP account making the request, as well as the destination mobile phone number and the text of the SMS to send.

How we use this information:  This SMS text and the destination mobile phone number is transferred to our service provider in order to execute the request. The contents and destination of the SMS are stored on the Odoo IAP server for moderation purposes, and our server logs keep a temporary record of the IAP account and the destination mobile number for security and abuse prevention purposes.

Accessing, Updating or Deleting Your Personal Information:  You have the right to access and update personal data you have previously provided to us. You can do so at any time by connecting to your personal account on iap.odoo.com. If you wish to permanently delete your account or personal information for a legitimate purpose, please contact our  Helpdesk  to request so. We will take all reasonable steps to permanently delete your personal information on our servers and on the third-party service providers you have used, except when we are required to keep it for legal reasons (typically, for administration, billing and tax reporting reasons).

Third Party Service Providers:

Service Provider

Purpose

Shared Data

MessageBird

Legal Page

Privacy & Security

SMS processing through IAP services

Shared with MessageBird: Text of the message and destination mobile phone number.

SMS Factor

Legal Page

Privacy & Security

SMS processing through IAP services

Shared with SMS Factor: Text of the message and destination mobile phone number.


Data Retention:  The Odoo IAP server logs contain a one-way hash of the IAP account, the content and the destination mobile phone number, and are kept on our servers for security and abuse prevention purposes, for up to 12 months.

Transfer of Data:  The Odoo IAP servers are located in  Belgium  and  France . For service providers, please see the relevant entry in the table above.

Documents Digitization

Information we collect:  The information we collect is directly provided by our users when they use the service. This information consists in the document that the user is sending to the service and some information to help to discern the user in the document: the company name, the company VAT number, the language of the user and his email.

How we use this information:  Documents (PDF/image) are parsed and analyzed to return structured data to the user. Files are stored, along with their structured information, to be used in the continual improvement of our service. Other information like company name, company VAT number, user language and user email are only used to identify vendor and customer in invoice detection.

Accessing, Updating or Deleting Your Personal Information:  Document files stored, along with their structured information, can be accessed and deleted upon user request.

Third Party Service Providers:  Whenever a user submits a document file to this service, it can be sent to Google Vision to be parsed and converted to text. We make sure that Google uses this information in compliance with Data Protection legislation, and that the processing they carry out for us is limited to our specific purpose and covered by a specific data processing contract.
Google Vision deletes the images processed either immediately or within a few hours after processing.
More information can be found on the  Google Vision FAQGoogle's Data Processing Amendment  and  Privacy Framework .

Data Retention:  Submitted files, along with their structured data, are stored on our server for a duration of 6 months. After this period, submitted files will be deleted and structured data anonymized.

Transfer of Data:  Data is hosted on our servers which are located in  Belgium  and  France .
Some OCR data may be temporarily stored and processed by Google Vision. In order to make sure all processing is exclusively conducted on European Union territory, we have activated the  EU Regional Restriction  for the Google Vision API.
Images processed by Google Vision are deleted from Google servers within a few hours of processing. Google guarantees the region-restricted processing via Google Vision in their  Service Specific Terms.



Physical Data Location / Data Transfers

Hosting Services

Hosting Locations: customer databases are hosted in the Odoo Cloud Region closest to where they are based, and can request a change of region (subject to availability):

  • Americas: Canada , United States
  • Europe: France , Belgium 
  • Asia & Pacific: Singapore, Taiwan
  • Middle East & Southern Asia: India
  • Oceania: Australia

Backup Locations: backups are replicated on multiple continents in order to meet our Disaster Recovery objectives, and are located in the following countries, regardless of the original hosting region:

  • Canada 
  • France 
  • Belgium 
  • Netherlands 

Subprocessors

These third-party service providers are processing data for which Odoo is Controller or Processor, on behalf of Odoo.

Subprocessors

Purpose

Shared Data

OVHCloud SAS

Privacy & Security

Infrastructure and hosting of Odoo.com (production + backups), Odoo SaaS (production + backups), Odoo.SH (backups), DDOS Protection.

Currently hosted by OVHCloud: Production data from Odoo.com and its affiliate services, including Odoo Online (SaaS) Customer Databases, and the Odoo Database Upgrade services, including Customer databases currently being upgraded; Backup data for all Odoo cloud services.

Data Center Certifications: ISO 27001, SOC 1 TYPE II, SOC 2 TYPE II, PCI-DSS, CISPE, SecNumCloud, CSA STAR.

Google Cloud EMEA Ltd

Privacy & Security

Infrastructure and hosting of Odoo.com (production + backups), Odoo SaaS (production + backups), Odoo.SH (production + backups), DDOS Protection.

Currently hosted by Google: Production data from Odoo.com and its affiliate services, including Odoo Online (SaaS) and Odoo.SH (PaaS) Customer Databases and the Odoo Database Upgrade services, including Customer databases currently being upgraded; Backup data for all Odoo cloud services.

Data Center Certifications: ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2, SOC3, PCI-DSS, HIPAA, CISPE, CSA STAR .


Using Personal Information

We use your personal Information to provide our services to you, which includes: offering products for sale, processing payments, shipping and fulfillment of your order, and keeping you up to date on new products, services, and offers.

Lawful basis

Pursuant to the General Data Protection Regulation (“GDPR”), if you are a resident of the European Economic Area (“EEA”), we process your personal information under the following lawful bases:

[INCLUDE ALL THAT APPLY TO YOUR BUSINESS]

  • Your consent;
  • The performance of the contract between you and the Site;
  • Compliance with our legal obligations;
  • To protect your vital interests;
  • To perform a task carried out in the public interest;
  • For our legitimate interests, which do not override your fundamental rights and freedoms.

Retention

When you place an order through the Site, we will retain your Personal Information for our records unless and until you ask us to erase this information. For more information on your right of erasure, please see the ‘Your rights’ section below.

Data Retention

Account & Contact Data: we will only retain such data as long as necessary for the purpose for which it was collected, as laid out in this policy, including any legal retention period, or as long as necessary to carry out a legitimate and reasonable promotion of our products and services.


Browser Data: we may retain this data for a maximum of 12 months, unless we need to keep it in relation with a legitimate concern related to the security or performance of our services, or as required by law. Any server-side session information is kept only for 3 months when it is actively used, otherwise it is discarded after 7 days.

Automatic decision-making

If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.

We [DO/DO NOT] engage in fully automated decision-making that has a legal or otherwise significant effect using customer data.

Our processors use limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.

Services that include elements of automated decision-making include:

  • Temporary deny list of IP addresses associated with repeated failed transactions. This deny list persists for a small number of hours.
  • Temporary deny list of credit cards associated with a listed denied IP address. This deny list persists for a small number of days.

GDPR

If you are a resident of the EEA, you have the right to access the Personal Information we hold about you, to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information below.

Your Personal Information will be initially processed in Ireland and then will be transferred outside of Europe for storage and further processing, including to Canada and the United States. For more information on how data transfers comply with the GDPR, see online marketplace platform Shopify’s GDPR Whitepaper: https://help.shopify.com/en/manual/your-account/privacy/GDPR.

CCPA

If you are a resident of California, you have the right to access the Personal Information we hold about you (also known as the ‘Right to Know’), to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information below.

If you would like to designate an authorized agent to submit these requests on your behalf, please contact us at the address below.


Third Party Disclosure

Except as explicitly mentioned above, we do not sell, trade, or otherwise transfer your personal data to third parties. We may share or disclose aggregated or de-identified information, for research purposes, or to discuss trends or statistics with third-parties.


Cookies

A cookie is a small amount of information that’s downloaded to your computer or device when you visit our Site. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor.

Cookies are also used to help us understand your preferences based on previous or current activity on our website (the pages you have visited), your language and country, which enables us to provide you with improved services. We also use cookies to help us compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.


Cookies Necessary for the Functioning of the Store


Cookies are small bits of text sent by our servers to your computer or device when you access our services. They are stored in your browser and later sent back to our servers so that we can provide contextual content. Without cookies, using the web would be a much more frustrating experience. We use them to support your activities on our website, for example your session (so you don't have to login again) or your shopping cart.

We also use third-party services such as Google Analytics, who set and use their own cookies to identify visitors and provide their own contextual services. 

Here is an overview of the cookies that may be stored on your device when you visit our website:

Category of Cookie

Purpose

Cookies

Session & Security

Authenticate users, protect user data and allow the website to deliver the services users expect, such as maintaining the content of their cart, or allowing file uploads.


The website will not work properly if you reject or discard those cookies.

session_id (Odoo)

td_id (Odoo)

fileToken (Odoo)

__cfduid (CloudFlare)

Preferences

Remember information about the preferred look or behavior of the website, such as your preferred language, region and timezone. Your experience may be degraded if you discard those cookies, but the website will still work.

frontend_lang (Odoo)

cids (Odoo)

odoo_no_push (Odoo)

tz (Odoo)

Interaction History

Used to collect information about your interactions with the website, the pages you've seen, and any specific marketing campaign that brought you to the website. We may not be able to provide the best service to you if you reject those cookies, but the website will work.

im_livechat_history (Odoo)

im_livechat_previous_operator_pid (Odoo)

utm_campaign (Odoo)

utm_source (Odoo)

utm_medium (Odoo)

fs_uid (FullStory)

Advertising & Marketing

Used to make advertising more engaging to users and more valuable to publishers and advertisers, such as providing more relevant ads when you visit other websites that display ads or to improve reporting on ad campaign performance.


Note that some third-party services may install additional cookies on your browser in order to identify you.


You may opt out of a third-party's use of cookies by visiting the Network Advertising Initiative opt-out page. The website will still work if you reject or discard those cookies.

__gads (Google)

__gac (Google)

_fbp (Facebook)

Analytics

Understand how visitors engage with our website, via Google Analytics. Learn more about Analytics cookies and privacy information.


The website will still work if you reject or discard those cookies.

_ga (Google)

_gat (Google)

_gid (Google)

_gac_* (Google)

You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. Each browser is a little different, so look at your browser's Help menu to learn the correct way to modify your cookies, or look at the links below.



The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.

You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.

Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as https://www.allaboutcookies.org/ 

Additionally, please note that blocking cookies may not completely prevent how we share information with third parties such as our advertising partners. To exercise your rights or opt-out of certain uses of your information by these parties, please follow the instructions in the “Behavioural Advertising” section above.

Do Not Track

Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser. We do not currently support Do Not Track signals, as there is no industry standard for compliance.

Changes

We may update this Privacy Policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons.

Contact

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by info@xrticketscr.com or by mail using the details provided below:

San Jose, Costa Rica

Last updated: 04/1/2024