We're sorry but your browser is no longer supported. We recommend installing Microsoft Edge, or the latest version of either Google Chrome, or Firefox.

Privacy Policy

 

Data Processing Agreement

BY AND BETWEEN:

 

  1. SBE LIVE, a limited liability company with registered office at Dane John Works, Gordon Road, Canterbury, England, CT1 3PP, and registered with the Crossroads Bank for Enterprises under enterprise number 11065875, hereby legally represented by Max Weston, in his capacity as Director;

 

Hereinafter referred to as the “Customer”;

 

  1. PLAYPASS, a limited liability company (naamloze vennootschap or NV) with registered office at Lange Gasthuisstraat 29, 2000 Antwerp, Belgium and registered with the Crossroads Bank for Enterprises (Kruispuntbank van Ondernemingen or KBO) under enterprise number 0501.728.738, hereby legally represented by Ron Schuermans, in his capacity as CFO;

 

Hereinafter referred to as “Playpass” or the “Supplier”;

The Customer and Playpass/Supplier are hereinafter individually referred to as a “Party” jointly as the “Parties”.

 

WHEREAS:

 

  1. PlayPass has developed software enabling events to handle their access control, create interactive brand activation campaigns and create a cashless environment ("Services”). In connection with and for the purpose of the performance of the Services under the Agreement, Personal Data will be processed in accordance with the provisions of the present data processing agreement (the “Data Processing Agreement”). A more detailed description of the purposes for the Processing of Personal Data is contained in Article 3 of Annex 1 hereto;
  2. The Agreement necessitates the processing by the Supplier of Personal Data; and
  3. This Data Processing Agreement and its annexes set forth the terms and conditions pursuant to which Personal Data will be processed in the framework of the Agreement.

 

THE PARTIES AGREE AS FOLLOWS:

 

ARTICLE 1 DEFINITIONS                                                                                                                                                                                

For the purpose of this Data Processing Agreement, the following terms will have the following meaning. In case of any doubt or differences with the terms defined in the Data Protection Legislation, the definitions stipulated in the relevant Data Protection Legislation will prevail.

“Agreement”

means the Agreement, as applicable, entered into between Playpass and the Customer, containing the mutual rights and obligations.

“Contact Person”

means the individual(s) assigned by a Party and communicated to the other Party as point of contact and representing the Party for (a part of) the Services.

“Data Controller”

 

means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the Processing of Personal Data.

“Data Processor”

means a natural or legal person, public authority, agency or any other body which processes Personal Data on behalf of the Data Controller.

“Data Protection Legislation”

 

means (A) (i) until 24 May 2018, Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the implementation thereof in the relevant national legislation, and (ii) as from 25 May 2018, EU Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), (B) together with the codes of practice, codes of conduct, regulatory guidance and standard clauses and other related legislation resulting from such Directive or Regulation, as updated from time to time.

"Data Subject”

means an identified or identifiable natural person to whom the Personal Data relates. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. The relevant categories of Data Subjects are identified in Annex 1.

“Personal Data”

means any information relating to a Data Subject. The relevant categories of Personal Data that are provided to the Supplier by, or on behalf of the Customer are identified in Annex 1.

“Personal Data Breach”

means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed in connection with the provisioning of the Services.

“Processing", “Process(es)” or “Processed”

means any operation or set of operations which is performed upon Personal Data or on sets of Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Standard Contractual Clauses”

means the standard contractual clauses of which the European Commission on the basis of Article 26 (4) of Directive 95/46/EC decided that these offer sufficient safeguards for the transfers of personal data to a third country, or the data protection clauses adopted by the European Commission or by a supervisory authority and approved by the European Commission in accordance with the examination procedure referred to in Article 93(2) of EU Regulation 2016/679. In the event of any such data protection clauses adopted in accordance with EU Regulation 2016/679, such clauses will prevail over any standard contractual clauses adopted on the basis of Directive 95/46/EC to the extent that they intend to cover the same kind of data transfer relationship.

“Sub-processor”

means any subcontractor engaged by Supplier to perform a part of the Services and who agrees to receive Personal Data intended for Processing on behalf of the Customer in accordance with the Customer’s instructions and the provisions of the Agreement.

ARTICLE 2               INTERPRETATION

  • This Data Processing Agreement forms an integral part of the Agreement. The provisions of the Agreement therefore apply to this Data Processing Agreement. All capitalized terms not defined in this Data Processing Agreement will have the meaning set forth in the Agreement.

 

  • In case of conflict between any provision in this Data Processing Agreement and any provision of another part of the Agreement, this Data Processing Agreement will prevail.

 

ARTICLE 3               SCOPE AND PURPOSE

 

In connection with and for the purpose of the performance of the Services under the Agreement, the Customer commissions the Supplier to process Personal Data in accordance with the provisions of the present Data Processing Agreement.

article 4               Specification of the Data Processing

4.1.        Any Processing of Personal Data under the Agreement will be performed in accordance with the applicable Data Protection Legislation.

 

  • For the performance of the Services, the Supplier is a Data Processor acting on behalf of the Customer. As a Data Processor, Supplier will only act upon the Customer’s instructions. The Agreement, including this Data Processing Agreement, is the Customer’s complete instruction to Supplier with regard to the Processing of Personal Data. Any additional or alternate instructions must be jointly agreed by the Parties in writing.

 

  • A more detailed description of the subject matter of the Processing of Personal Data in terms of the concerned categories of Personal Data and of Data Subjects (envisaged Processing of Personal Data) is contained in Annex 1

ARTICLE 5               Data Subjects’ Rights

5.1.        With regard to the protection of Data Subjects’ rights pursuant to the applicable Data Protection Legislation, the Customer will facilitate the exercise of Data Subject rights and will ensure that adequate information is provided to Data Subjects about the Processing hereunder in a concise, transparent, intelligible and easily accessible form, using clear and plain language.

5.2.        Should a Data Subject directly contact the Supplier wanting to exercise his individual rights such as requesting a copy, correction or deletion of his data or wanting to restrict or object to the Processing activities, the Supplier will inform the Customer of such request within two (2) business days and provide the Customer with full details thereof, together with a copy of the Personal Data held by it in relation to the Data Subject where relevant. The Supplier will promptly direct such Data Subject to the Customer. In support of the above, the Supplier may provide the Customer’s basic contact information to the requestor. the Customer agrees to answer to and comply with any such request of a Data Subject in line with the provisions of the applicable Data Protection Legislation.

 

  • Insofar as this is possible, the Supplier will cooperate with and assist the Customer by appropriate technical and organizational measures for the fulfilment of the Customer’s obligation to respond to requests from Data Subjects exercising their rights.

ARTICLE 6               Consultation and Correction of Personal Data

The Supplier will provide the Customer, in its role of Data Controller or Data Processor, with access to Personal Data Processed under the Agreement, in order to allow the Customer to consult and correct such Personal Data.

ARTICLE 7               Disclosure

7.1.        The Supplier will not disclose Personal Data to any third party, except (1) as the Customer directs, (2) as stipulated in the Agreement, (3) as required for Processing by approved Sub-processors in accordance with article 10 or (4) as required by law, in which case the Supplier will inform the Customer of that legal requirement before Processing that Personal Data, unless that law prohibits such information being provided on important grounds of public interest.

 

  • Supplier represents and warrants that persons acting on behalf of Supplier and who are authorized to Process Personal Data or to support and manage the systems that Process Personal Data (i) have committed themselves to maintain the security and confidentiality of Personal Data in accordance with the provisions of the present Data Processing Agreement, (ii) are subject to user authentication and log on processes when accessing the Personal Data and (iii) have undertaken appropriate training in relation to Data Protection Legislation. Supplier will inform the persons acting on its behalf about the applicable requirements and ensure their compliance with such requirements through contractual or statutory confidentiality obligations.

ARTICLE 8               Deletion and Return of Personal Data

8.1.        At the latest within 30 days upon termination of the Agreement, the Supplier will sanitize or destroy any Personal Data that it stores in a secure way that ensures that all Personal Data is deleted and unrecoverable. Data used to verify proper data processing in compliance with the assignment and data that needs to be kept to comply with relevant legal and regulatory retention requirements may be kept by the Supplier beyond termination or expiry of the Agreement only as long as required by such laws or regulations.

 

  • Upon written request submitted by the Customer no later than fourteen (14) calendar days prior to termination of the Agreement, the Supplier will provide the Customer with a readable and usable copy of the Personal Data and/or the systems containing Personal Data prior to sanitization or destruction.

ARTICLE 9               Location of Processing

9.1.        The Supplier will store Personal Data at rest within the territory of the European Union. 

  • Any Processing of Personal Data by Supplier personnel or subcontractors not located within the European Union may be undertaken only following prior written approval of the Customer and the execution of one of the then legally recognized data transfer mechanisms, such as an additional data processing agreement governed by the Standard Contractual Clauses.

ARTICLE 10             USE OF SUB-PROCESSORS

 

10.1.       The Customer acknowledges and expressly agrees that the Supplier may use third party Sub-processors for the provision of the Services as described in the Agreement.

 

10.2.       Any such Sub-processors that provide services for the Supplier and thereto Process Personal Data will be permitted to Process Personal Data only to deliver the services Supplier has entrusted them with and will be prohibited from Processing such Personal Data for any other purpose. The Supplier remains fully responsible for any such Sub-processor’s compliance with Supplier’s obligations under the Agreement, including the present Data Processing Agreement. The Supplier will, prior to the entrusting of services to such Sub-processor, carry out any relevant due diligence on such Sub-processor to assess whether it is capable of providing the level of protection for the Personal Data as is required by this Data Processing Agreement, and provide evidence of such due diligence to the Customer where requested by the Customer or a regulator.

 

10.3.       The Supplier will enter into written agreements with any such Sub-processor which contain obligations no less protective than those contained in this Data Processing Agreement, including the obligations imposed by the Standard Contractual Clauses, as applicable.

 

10.4.       The Supplier will make available to the Customer the current list of Sub-processors for the Services identified in Annex 2 to this Agreement. Such Sub-processors list will include the identities of those Sub-processors and their country of location. The Supplier will provide the Customer with a notification of a new Sub-processor before authorizing any new Sub-processor(s) to Process Personal Data in connection with the provision of the Services under this Agreement.

10.5. If the Customer objects to the use of a new Sub-processor that will be processing the Customer’s Personal Data, then the Customer will notify Supplier in writing within twenty-one (21) calendar days after receipt of Supplier’s written request to that effect. In such a case, the Supplier will use reasonable efforts to change the affected Services or to recommend a commercially reasonable change to the Customer’s use of the affected Services to avoid the Processing of Personal Data by the Sub-processor concerned. If the Supplier is unable to make available or propose such change within sixty (60) calendar days, the Customer may terminate the relevant part of the Agreement regarding those Services which cannot be provided by the Supplier without the use of the Sub-processor concerned. To that end, the Customer will provide written notice of termination that includes the reasonable motivation for non-approval.

ARTICLE 11             Technical and Organizational Measures

11.1.       The Supplier will maintain appropriate technical and organizational measures intended to protect Personal Data or the systems that Process Personal Data against accidental, unauthorized or unlawful access, disclosure, alteration, loss or destruction. These measures will take into account and be appropriate to the state of the art, nature, scope, context and purposes of Processing and risk of harm which might result from unauthorized or unlawful Processing or accidental loss, destruction or damage to Personal Data. These measures will include the following measures:

  • the prevention of unauthorized persons from gaining access to systems Processing Personal Data (physical access control)
  • the prevention of systems Processing Personal Data from being used without authorization (logical access control)
  • ensuring that persons entitled to use a system Processing Personal Data gain access only to such Personal Data as they are entitled to accessing in accordance with their access rights, and that, in the course of Processing, Personal Data cannot be read, copied, modified or deleted without authorization (data access control)
  • ensuring that Personal Data cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or storage on storage media, and that the target entities for any transfer of Personal Data by means of data transmission facilities can be established and verified (data transfer control)
  • ensuring the establishment of an audit trail to document whether and by whom Personal Data have been entered into, modified in, or removed from systems Processing Personal Data (entry control)
  • ensuring that Personal Data Processed are Processed solely in accordance with the instructions (control of instructions)
  • ensuring that Personal Data are protected against accidental destruction or loss (availability control)
  • ensuring that Personal Data collected for different purposes can be processed separately (separation control)
  • The Supplier will adapt these measures systematically to the development of regulations, technology and other aspects and supplemented with the applicable technical and organizational measures of Sub-processors, as the case may be. In any event, the implemented technical and organizational measures will ensure a level of security appropriate to the risks represented by the Processing and the nature of the Personal Data to be protected, taking also into account the state of technology and the cost of their implementation.

 

  • Upon the Customer’s request, the Supplier must provide the Customer within fourteen (14) calendar days of receipt by the Supplier of the Customer's request with an updated description of the implemented technical and organizational protection measures.

ARTICLE 12             Personal Data Breaches

12.1.       In the event of a (likely or known) Personal Data Breach and irrespective of its cause, the Supplier will notify the Customer without undue delay and at the latest within forty-eight hours after having become aware of (the likelihood or occurrence of) such Personal Data Breach, providing the Customer with sufficient information and in a timescale, which allows the Customer to meet any obligations to report a Personal Data Breach under the Data Protection Legislation. Such notification will as a minimum specify:

  • the nature of the Personal Data Breach;
  • the nature or type of Personal Data implicated in the Personal Data Breach, as well as the categories and numbers of Data Subjects concerned;
  • the likely consequences of the Personal Data Breach;
  • as the case may be, the remedial actions taken or proposed to be taken to mitigate the effects and minimize any damage resulting from the Personal Data Breach;
  • the identity and contact details of the Data Protection Officer or another Contact Person from whom more information can be obtained.
  • The Supplier will without undue delay further investigate the Personal Data Breach and will keep the Customer informed of the progress of the investigation and take reasonable steps to further minimize the impact. Both Parties agree to fully cooperate with such investigation and to assist each other in complying with any notification requirements and procedures.

 

  • A Party’s obligation to report or respond to a Personal Data Breach is not and will not be construed as an acknowledgement by that Party of any fault or liability with respect to the Personal Data Breach.

 

 

ARTICLE 13             CUSTOMER RESPONSABILITIES

 

13.1       The Customer will comply with all applicable laws and regulations, including the Data Protection Legislation.

 

13.2.       The Customer remains responsible for the lawfulness of the Processing of Personal Data including, where required, obtaining the consent of Data Subjects to the Processing of his or her Personal Data.

 

13.3.       The Customer will take reasonable steps to keep Personal Data up to date to ensure the data are not inaccurate or incomplete with regard to the purposes for which they are collected.

 

13.4.       With regard to components that Customer provides or controls, including but not limited to workstations connecting to Services, data transfer mechanisms used and credentials issued to the Customer’s personnel, the Customer will implement and maintain the required technical and organizational measures for protection of Personal Data.

 

 

ARTICLE 14             NOTIFICATIONS

 

14.1.       Unless legally prohibited from doing so, the Supplier will notify the Customer as soon as reasonably possible, and at the latest within two (2) business days of becoming aware of the relevant circumstances, if it or any of its Sub-processors:

 

14.1.1. receives an inquiry, a subpoena or a request for inspection or audit from a competent public authority relating to the Processing;

 

14.1.2. intends to disclose Personal Data to any competent public authority outside the scope of the Services of the Agreement. At the request of the Customer, the Supplier will provide a copy of the documents delivered to the competent authority to the Customer;

 

14.1.3. receives an instruction that infringes the Data Protection Legislation or the obligations of this Data Processing Agreement;

 

14.2.       In this respect, the Supplier will co-operate as requested by the Customer to enable the Customer to comply with any assessment, enquiry, notice or investigation under the Data Protection Legislation, which will include the provision of:

 

14.2.1. all data requested by the Customer (which is not otherwise available to the Customer) within the reasonable timescale specified by the Customer in each case, including full details and copies of the complaint, communication or request and any Personal Data it holds in relation to the relevant Data Subject(s); and

 

14.2.2. where applicable, providing such assistance as is reasonably requested by the Customer to enable the Customer to comply with the relevant request within the Data Protection Legislation statutory timescales.

 

14.3.       Any notification under this Data Processing Agreement, including a Personal Data Breach notification, will be delivered to one or more of the Customer’s Contact Persons via email possibly supplemented by any other means the Supplier selects. Upon request of the Customer, the Supplier will provide the Customer with an overview of the contact information of the registered Customer’s Contact Persons. It is Customer’s sole responsibility to timely report any changes in contact information and to ensure the Customer’s Contact Persons maintain accurate contact information.

 

ARTICLE 15             PRIVACY POLICY

 

A template privacy policy is attached as annex 3 to this Data Processing Agreement, subject to further completion by the Customer. In the event the Customer does not timely submit its own privacy policy, the Supplier reserves the right to publish the privacy policy, as customized by the Supplier, on its website.

 

 

ARTICLE 16             TERM AND TERMINATION

This Data Processing Agreement enters into force on the date of its signing by all Parties and remains in force until Processing of Personal Data by the Supplier is no longer required in the framework of or pursuant to the Agreement.


 

IN WITNESS WHEREOF, the Parties have executed this agreement on ________________ in two (2) originals, each party acknowledging receipt of one original.

 

 

 

 

 

 

 

FOR AND ON BEHALF OF THE SUPPLIER

 

 

 

                 

PLAYPASS

Represented by Ron Schuermans (exntric bvba)

Capacity: CFO

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

FOR AND ON BEHALF OF THE COSTUMER

 

 

 

Represented by: Max Weston

Capacity: Director

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Annexe(s):

 

Annex 1:            Details of the Personal Data Processing;

 

Annex 2:            List of current Sub-processors; and

 

Annex 3:            Template privacy policy.

 

 

 

 

 

Annex 1 - Details of the Personal Data Processing

  1. Data Subjects
  • Present Service recipients;
  • Prospective Service recipients; and
  • Other Service recipients.
  1. Categories of Personal Data

 

The Supplier may Process (a subset of) the following categories of Personal Data:

  • Contact details (e.g. your name, place of residence, telephone number, date of birth, sex, e-mail address, job title, business name, VAT number);
  • Payment details (e.g. your bank card number, credit card number);
  • Data related to expenditure, consumption and location facilities on the festival sites;
  • Videos, images and other media that can identify you on the festival sites;
  • Data on the use of the website (e.g. browser and IP address);
  • Data on the use of apps (e.g. GPS location, or the unique identification code of the device);
  • Data of e-mails (e.g. number of times the e-mail was opened); and/or
  • In the case of crew registration: nationality, birthplace, shirt size, sex, preferred language and national register numbers.
  1. Purposes of Processing of Personal Data

 

Personal Data will be Processed for the purpose of the performance of the Services under the Agreement including the following purposes:

 

  • Informative purposes related to the use of the website;
  • Commercial purposes related to the purchase of your tickets, such as vouchers for restaurants, parking options and transport information;
  • Transport to and from the festival sites or to and from hotels or other places of residence;
  • Sending of informative e-mails;
  • Processing of payments;
  • Ensuring safety and health on the festivals sites;
  • Printing tickets or wristbands to grant access to the festival sites;
  • Customer service from Customer and its external partners;
  • Criminal registers of ticket holders may be screened by the Federal Police, and in case of a negative advice, access to the festival of these ticket holders may be denied;
  • Registration of the crew, guests, artists and all other acquaintances who have access to the festival sites;
  • Carrying out of electronic payments, electronic top-ups, and electronic refunds;
  • To comply with applicable laws or regulations;
  • If a law enforcement authority or other government agency so requests;
  • To maintain its general terms and conditions;
  • For investigating suspicious or fraudulent or illegal activities; and/or
  • To protect security and/or your rights or Customer.

 

 

 

Annex 2 – List of current Sub-processors

 

 

 

STORAGE AND PROCESSING

  

DigitalOcean

https://www.digitalocean.com/

Google Cloud

https://cloud.google.com/

Google Fabric

https://fabric.io

Amazon AWS

https://aws.amazon.com

Amazon S3

https://aws.amazon.com/s3

Hetzner

https://www.hetzner.com/

New Relic

https://newrelic.com/

HoneyBadger

https://www.honeybadger.io/

Twillio

https://www.twilio.com/

Mailchimp

https://mailchimp.com/

Famoco FMS

https://www.famoco.com/

Zoho

https://www.zoho.eu/
   

PAYMENTS

  

N26

https://next.n26.com/en-eu/

Paypal

https://www.paypal.com/be/home

Paypal / Braintree

https://www.braintreepayments.com

Stripe

https://stripe.com/be

Six Payments

https://www.six-payment-services.com/en/home.html

Checkout Finland

https://checkout.fi/

Telleroo

https://www.telleroo.com/

Redsys

http://www.redsys.es/en/

Yuki

https://www.yuki.be/

Isabel

https://www.isabel.eu

ING Bank

https://www.ing.be

BNP Paribas Fortis

https://www.bnpparibasfortis.be/
   

SUPPORT

  

Freshdesk

https://freshdesk.com/

Basecamp

https://basecamp.com/

Trello

https://trello.com/

Slack

https://slack.com/

Whatsapp

https://www.whatsapp.com/

 

 

 

Annex 3 – Template privacy policy

Privacy policy Organizer

Last revised on __________ 2018

Under Organizer is understood: ______________________________ with registered office at _______________________________________.

 

  1. General

The Organizer (“we”, “us”) collects data when you have purchased a ticket to attend an event, when you create an account (“Account”), when you send us an e-mail and/or when you use our website (“Website”), apps or social media (“Services”).

You may not always be aware of it, but using our Website implies sharing personal data. According to the legal definition, personal data means any information relating to an identified or an identifiable natural person (“Personal Data”). It is sufficient to be regarded as Personal Data if the data allows us to make a direct or indirect link between one or more data on the one hand and a natural person on the other hand.

We believe the protection of your privacy is very important and would like to provide clarity, and, hence, we have prepared this privacy policy (“Privacy Policy”). We will only use your Personal Data for the purposes stated in this Privacy Policy and we will not disclose your Personal Data to any natural person, legal person, or entity other than us (“Third Party”), unless set out in section 3 of this Privacy Policy.

The collection and processing of Personal Data is subject to strict legal conditions to give you, as a user, the necessary guarantees that your Personal Data will not be publicly disclosed in an unauthorized manner.

Each processing will therefore always be done in compliance with the applicable privacy legislation, more specifically (a) through 24 May 2018, the Belgian privacy legislation of 8 December 1992, and (b) as of 25 May 2018, the European Regulation on the protection of personal data (the “Privacy Legislation”).

This Privacy Policy applies to the relationship between you and us. We will only process, store and use your Personal Data in accordance with this Privacy Policy and in accordance with the provisions of the Privacy Legislation.

We assume that you have read this Privacy Policy before using our Services, as well as given your consent to the collection and processing of the Personal Data by us in accordance with this Privacy Policy.

 

  1. Personal data that we collect

We may collect various types of Personal Data and keep it on our servers, including among others:

 

  • Contact details (e.g. your name, place of residence, telephone number, date of birth, sex, e-mail address);
  • Payment details (e.g. your bank card number, credit card number);
  • Data related to expenditure, consumption and location facilities on the festival sites;
  • Videos, images and other media that can identify you on the festival sites;
  • Data on the use of the Website (e.g. browser and IP address);
  • Data on the use of apps (e.g. GPS location, or the unique identification code of the device);
  • Data of e-mails (e.g. number of times the e-mail was opened); and/or
  • In the case of crew registration: national register numbers.

We will only store your Personal Data on servers that are located in the European Economic Area.

 

  1. What are the purposes of data collection and processing?

Your Personal Data may be used for the following purposes (collectively, the “Purpose”):

 

  • Informative purposes related to the use of the Website;
  • Commercial purposes related to the purchase of your tickets, such as vouchers for restaurants, parking options and transport information;
  • Transport to and from the festival sites or to and from hotels or other places of residence;
  • Sending of informative e-mails;
  • Processing of payments;
  • Ensuring safety and health on the festivals sites;
  • Printing tickets or wristbands to grant access to the festival sites;
  • Customer service from the Organizer and its external partners;
  • Criminal registers of ticket holders may be screened by the Federal Police, and in case of a negative advice, access to the festival of these ticket holders may be denied;
  • Registration of the crew, guests, artists and all other acquaintances who have access to the festival sites; and/or
  • Carrying out of electronic payments, electronic top-ups, and electronic refunds.

During the provision of services, we may rely on Third Parties which take over a part of the aforementioned Purpose. In such case, we may rely on Third Parties which are active as payment processors, printing companies, ticketing companies, transport companies, healthcare providers, …

Furthermore, we have free access to your Personal Data, and we may freely save and publish your Personal Data in the following cases:

 

  • to comply with applicable laws or regulations;
  • if a law enforcement authority or other government agency so requests;
  • to maintain our general Terms and Conditions;
  • for investigating suspicious or fraudulent or illegal activities; and/or
  • to protect security and/or your rights or ours.

 

  1. User registration

To use the Website, we require that you create an Account. You remain in control of all information, data, messages and images that you upload on the Website or on your Account, including Personal Data (“Data”) in accordance with the general Terms and Conditions.

You can register on the Website by logging in via your e-mail.

 

  1. Safety

We shall take reasonable administrative, technical and organizational measures against unauthorized or illegal processing of Personal Data or unintentional loss, destruction or damage, unauthorized or illegal access, disclosure or use of Personal Data. In some cases, your Personal Data will be shared with Third Parties, which must also take reasonable administrative, technical and organizational measures to protect the Personal Data.

Access to Personal Data and processing of Personal Data may also take place outside the European Union. In the event that the Personal Data are transferred outside the European Economic Area, appropriate measures will be taken.

In the event and as a result of the discovery or notification of an infringement on the safety of the Personal Data, or access thereto by an unauthorized person, we are legally obliged to notify you, if the infringement is likely to violate your privacy.

 

  1. Cookies

When using the Website, we collect certain information through automated systems, including cookies (small text files stored in your browser) and similar technologies, including mobile app identifiers, to increase security, measure use and effectiveness of the Website, identify problems and then resolve them. We may also use cookies and other automated systems for other purposes including the management of the Website and other aspects of the commercialization of our company.

The information we collect in this way includes the IP address, browser properties, device properties, version of the operating system, information about actions taken on our Website (including use, activity logs and click-throughs), and dates and times of the visits to the website. Data logs are deleted on a regular basis.

You can check the use of cookies through your browser settings and other tools. You can configure your browser to disable, reset or block (the use of) cookies or similar technologies. However, it is possible that without our use of cookies, our Website does not work properly, or that not all features of the Website are available.

Third Parties may also use cookies to gather information about your activities on our Website in order to understand and continuously improve the functioning of the Website. For more information about the use of cookies by Third Parties, we refer you to the website of the relevant Third Party, as they will use cookies in accordance with their own cookie policy, which may differ from our own policy.

By continuing to use the Website you accept the use of cookies in your browser in accordance with this Privacy Policy.

 

  1. Notification to Third Parties

Unless this Privacy Policy provides otherwise, we will not sell, transfer or in any other manner disclose your Personal Data to Third Parties, without your prior explicit consent, unless this is necessary for the Purpose as set out in this Privacy Policy, or unless we are legally obliged to do so.

 

  1. What are my rights as a data subject?

We want to guarantee a safe and lawful processing of Personal Data, and we assure you that your Personal Data will be processed in a straightforward and lawful way. This implies that the Personal Data will only be processed for the aforementioned, explicitly stated and legal Purpose. We furthermore assure that the Personal Data will always be processed in an adequate, relevant and non-excessive manner.

My right for information

If you have questions or suggestions with regard to the processing of your Personal Data, provided you are able to prove your identity, you have the right to request information concerning the processing. We will then provide you with access to your Personal Data that we process as well as the source of these Personal Data.

My right of rectification or erasure

You have the right to have your Personal Data rectified, erased or amended, free of charge, to correct inaccuracies, in the event these Personal Data is incomplete or incorrect, or is being processed in an unlawful manner. You have the right to request the erasure of incorrect data or data that is not relevant in such manner.

You have the right to have your Personal Data erased without undue delay, free of charge, unless the Personal Data has to remain stored in accordance with a legal provision. The erasure is predominantly related to visibility, which entails the possibility that the erased Personal Data will remain stored temporarily. However, we will take any and all reasonable measures to erase all your Personal Data as fully and extensively as possible.

In case you fully exercise your right of erasure, notwithstanding the fact that you own a ticket for a future event, this ticket will be cancelled without reimbursement.

My right of transferability of Personal Data

You have the right to request your Personal Data in a structured format.

My right to object or restrict the processing

You can, at all times, object to the processing of your Personal Data, or request to restrict the processing of your Personal Data.

You can change your Account Information at any time via the settings on your Account.

If you have any questions regarding this Privacy Policy, or if you wish to exercise the above rights, this will be possible via a signed, written request addressed to the Organizer by mail or via e-mail on the data mentioned at the bottom of this Privacy Policy.

 

  1. Storage and removal of Data

We may store your Personal Data as long as reasonably required to provide you with the Services, and for the Purpose as described in this Privacy Policy. Afterwards, your Personal Data will be erased.

If you register an Account, we will store your Personal Data, even if you temporarily stop using your Account, until the moment you permanently remove your Account. Until you remove your Account, we are allowed to store and use your Personal Data.

 

  1. Websites or applications of Third Parties

You acknowledge and accept that by using the Website or the Account you can gain access to certain content or services provided by Third Parties. In such case, a separate privacy policy of such a Third Party may apply. We are not responsible for the privacy policy of Third Parties, nor for compliance therewith.

 

 

 

  1. Updates or changes to our Privacy Policy

If required, this Privacy Policy may be modified or updated to allow us to process your previously collected Personal Data for new purposes. In such case, you will be informed about this via a notification on our Website that the Privacy Policy has been amended and you will be requested to agree to this.

Responsible for processing:

___________________

___________________

___________________

___________________