1. The purpose of the document 1.1. This document will explain what personal data we collect relating to our customers, suppliers, business customers, website visitors and job applicants, how we collect it, where do we store it, how do we use it and when and why do we delete it. We are required to notify you of this information under data protection legislation.
1.2. Eventim SI is compliant with the GDPR principles when gathering and using the customer data. Please read the policy in order to understand the processing of your personal information.
1.3. Eventim SI is the ‘data controller’ – we gather and use your information.
2. What information are we collecting? 2.1. Personal data, or personal information relating to an identified of identifiable natural person. There are special categories of more sensitive personal data which require a higher level of protection.
2.1.1. For Customers we will collect, store and use the following categories of personal information about you:
126.96.36.199. Your name, surname, addresses, telephone numbers, personal email addresses and information whether you are, or you are over the age of 16. We need this information to be able to provide the services you expect from us, such as ticket sales, experience, and to inform you about the new interesting events. This helps us to tailor our service so that you can benefit from it.
188.8.131.52. When visiting our website www.eventim.si, we collect your IP address, data showing when you visited, which pages you looked at, information about your operating system, device and browser version. This data is gathered using cookies. You can select which cookies you will enable or disable on our website (http://www.eventim.si/en/cookie_policy/).
184.108.40.206. If you should login with your Facebook profile (via Facebook plug-in), only your Facebook personal data will be processed. Please review and update your Facebook privacy settings if you choose the mentioned option to login.
2.1.1,4. Your card number will not be collected and stored by Eventim SI. It will be collected by our payment system KPS Payment GmbH & Co. KG. This is so they can safely process your payments you choose to make online.
220.127.116.11. For our business partners, we collect, store and use minimum amount of personal data (name, surname, email and telephone) in order to provide our services to you, such as the lease of out ticket sale system and the inclusion into the ticket sale system.
2.1.2. For our job applicants, we collect, store and use the following categories of personal data:
18.104.22.168. Name, surname, telephone number, email, sex, date of birth, prior work history, references and other information you choose to share with us in your CV. This type of data helps us to enter into a contractual relationship with you.
3. Special categories of data We process special categories of personal information in the following circumstances:
3.1 We process health information, including information relating to any disability to make reasonable adjustments to our services, for example, if the organizer or venue need to make, or have made special arrangements.
3.2 Also, we process information regarding sensitive group of people, i.e. children to make reasonable adjustments to our services, for example, if the organizer or venue need to make, or have made special arrangements
3.3 We only process special category information with your explicit consent, i.e. when you buy the tickets dedicated to the special categories of data (people with disabilities or children).
4. How we collect your personal information? We collect personal information from you directly when you register with us or contact us about our services or when we make contact with you. This may be by telephone, email or social media accounts.
5. Why do we need your personal information? 5.1 When you register with us, we will use your personal information to perform our contract with you, i.e. provide you with the tickets you wish to purchase. To do this, we will process your personal information in the following manner:
5.1.1. to provide our services to you. Our services consist of providing you with the desired tickets, charging your order and sending the tickets to your address, email or phone.
5.1.2. to contact you about any other suitable and interesting events so that you do not miss the tickets. We will use an automated process to evaluate your personal information against the upcoming offers and consider whether you would be interested for them. We will send you a promotional email containing the new offer(s) based on this process.
5.1.3. To inform you about any changes regarding the events (change of the venue/date, cancellation) and fulfill your expectation from our service
5.1.4. To manage your loyalty subscription if you have subscribed to Event.card – this means sending you promotional offers for which you have applied.
5.1.5. To protect you from identity and card fraud.
6. What are the legal bases for us to use your personal information? We will only use your personal information to fulfill the contract, where we have legitimate interest to do so, where you have given us consent by opting in any services we provide and when the law allows us to do so. We are allowed to do this as long as our activities do not disproportionately intrude your privacy. We will use your personal information:
6.1.1. where we need to perform the contract we have entered into with you – provide you with the tickets.
6.1.2. where we need to comply with a legal obligation;
6.1.3. where it is necessary for our legitimate interests:
22.214.171.124. We want to fulfill your expectations as our client and customer
126.96.36.199. We do not want you to miss the new upcoming events and offers;
188.8.131.52. We want to ensure the running of our business as a ticket distributing company
6.1.4. Where it is necessary for the interest of a third party, such as promoters with special packages and offers for their events. We will process your personal data to fulfill your expectations as our client and customer.
7. If you don’t provide us your personal information If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (provide you with the tickets), inform you about the changes regarding the event or inform you about the suitable event and offer.
8. Change of purpose Please note that we may process your personal information without your knowledge or consent, where this is required or permitted by law, such as fraud investigation.
9. Profiling 9.1. We will use an automated process to evaluate your personal information against the upcoming offers and consider whether you would be interested for them.
9.2. We will send you a promotional email containing the new offer(s) based on this process.
10. Who are we going to share your personal data with and for what purpose will they use your personal information? 10.1. We will share your personal information with the following third parties:
10.1.1. to the promoters who need your personal data in order to provide you with the service (i.e., special packages which include offers other than just the ticket – meet&greet, merchandise, early entrance…);
10.1.2. When required by law or other regulation, we will share your data with tax, audit, or other authorities.
10.2 All of our third-party service providers and other entities in the Eventim Group are required to take appropriate security measures to protect your personal information in line with our policies and the GDPR. We do not allow our third-party service providers to use your personal data for their own purposes.
10.3 The categories of these recipients and confirmation data is not transferred outside the EU.
11. Where we process your personal information 11.1. We process your information on several processors for different purposes (providing the service, i.e. fulfilling the contract, and where we have legitimate interest to do so):
11.1.1. our central database, which is held on secure servers within the Eventim Group. Information on our database may be accessed by the companies of our Group from offices in Germany and Austria at our request in order to perform specific processing activities (e.g. to erase your data at your request).
11.1.2. Our website developers; Dhimahi d.o.o., Tržaška 202, SI-1000 Ljubljana, Slovenia, email@example.com .
11.1.3. Our newsletter processor; Episerver AB, Regeringsgatan 67, Box 7007, 103 86 Stockholm, Sweden, firstname.lastname@example.org .
11.1.4. Ticket development; Nolock software solutions (nolock Softwarelösungen GmbH), Strobachgasse 6, 1050 Wien, Österreich, email@example.com .
11.1.5. Payment facilitator: KPS Payment GmbH & Co. KG, Contrescarpe 75A, 28195 Bremen, firstname.lastname@example.org .
11.1.6. For postal services; Pošta Slovenije d.o.o., Slomškov trg 10, 2000 Maribor, email@example.com in DHL Ekspres (Slovenija), d.o.o., Špruha 19, 1236 Trzin, firstname.lastname@example.org .
12. Data Security We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way. All of your personal data will be transferred by SSL (Secure Socket Layer) at a 128 Bit encryption (high) (RSA with a 1024 Bit rate) and can therefore not be misused by third parties. This is the most current security standard on the internet at the moment. We have put in place procedures to deal effectively and in a timely manner with any suspected or actual personal data breach and will notify you and the local regulator of such a personal data breach where we are legally required to do so.
13. Data Retention and Erasure We will only keep your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal requirements.
13.1. For fulfilling our services, we will keep your personal data (name, surname, address, contact) in our main system for five years from the date of your last order. Afterwards, it will be deleted.
13.2. For accounting reasons, we will keep your personal information (name, surname, address, contact) on our main server for 10 years from the date of your last order. Afterwards, it will be deleted.
13.3. For marketing reasons (e.g. newsletter, information about what events you were interested in), we will keep your personal data (name, surname, address, contact) with our processors for five years from the date of your last order. Afterwards, it will be deleted.
13.4. If you have any questions in relation to the retention and deletion of your personal data, please contact email@example.com.
14. Your rights in relation to our processing of your personal data 14.1. Please, inform us of any changes regarding your personal information. It is important that the personal information we hold about you is accurate and current. If you fail to update your personal information, it can result in the service not being provided. For example, if you do not inform us about a change of your address, you might not get the ticket.
14.2. You have the right to be informed about what we are doing with your personal data. If we change what we are doing, we will provide you with an updated version of this policy.
14.3. You have the right to object to the processing of your personal data.
14.4. You have the right to request access to your personal information and to check that we are lawfully processing it.
14.5. You have the right to request us to correct and complete any incorrect or incomplete data related to you.
14.6. You have the right to request us to delete the information we hold about you. If you ask us to delete your personal information, you can still use our services as a guest. Unfortunately, we will not be able to provide our full services to you, such as sending you the important information about the event (change of venue or date, cancellation), or the information about the new and exciting events and offers.
14.7. You have the right to restriction of processing in certain situations and you have a right to object to processing based on our legitimate interests and for direct marketing purposes. We will not be able to process your personal data relying on a legitimate interest anymore, meaning you might miss our new offers and events.
14.8. You have a right to receive the information you gave to us back in a ‘machine-readable’ format and you may have the right to request the transmission of those data to another entity without hindrance from us, if such transmission is technically feasible.
14.9. If you want to exercise your rights, please contact firstname.lastname@example.org.
14.10. We will need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights where we need to be satisfied the request is genuine).