This document lays out our procedures in managing and protecting your personal data, how we limit the risk of a data breach and how we comply with the new GDPR data protection laws.
Data protection responsibility lies with Eventim UK, the Data Controller. We can be contacted for any questions on Data Protection by emailing us on email@example.com, or by sending a letter to Eventim UK, PO Box 75668, London, WC1A 9QE.
Eventim UK holds and updates a record of its data processing activities in accordance with GDPR.
This Site has security measures in place to protect the loss, misuse and alteration of the information under our control. We use 128-bit industry standard Secure Server Software (SSL) for your transactions with us. It encrypts all your personal information, including your credit card number, name and address, so that it cannot be read as the information travels over the Internet.
2. Data sharing
When explicit consent is given by opting in, your personal information is shared between Eventim UK and the Promoter, Event Organiser or Venue for the event(s) for which you have bought tickets.
If consent is given as stated above, third parties will receive your name and email address and may contact you via email for marketing purposes.
We will not pass your data to third parties unless you provide your explicit consent.
For all processing involving outside data processors, Eventim UK implements contracts with the processors including (at the minimum) the requirements stated in article 28 of the GDPR, as well as instructions to be followed by the processor, a breach notification clause, an audit clause, a responsibility clause and provisions which the processor must follow at the end of the contract.
No data is transferred outside of the EU.
3. Data Processing
Where Eventim UK is the processor of data, either collected by us or shared with us as a third party, it acts only on the instructions of the Data Controller. Any data shared with us will only have been done so with your explicit consent to the original data collector.
Eventim UK implements the necessary processes as required by the law and by the applicable regulations, including the record of data processing activities.
4. Rights of data subjects
The data subjects (i.e. you) have rights around their personal data. These are:
- The right of access all data held
- The right to correct data (rectification)
- The right to be forgotten, subject to no active orders being present within your Eventim account (erasure)
- The right to restrict processing
- The right to object to processing
- The right not to be profiled
- The right to withdraw their consent
- The right to transmit their data to another controller (portability)
- The right to complain to the Information Commissioner’s Office
If you would like to enact your rights, this can be done by contacting Eventim UK via email on firstname.lastname@example.org, stating what you would like Eventim UK to enact.
5. Personal Data
Our Site’s registration forms, order forms and other forms require you to give us personal information. You must register on our site to order tickets and you will be asked to provide financial information, so your order can be processed. You may retrieve and modify data saved to enable your use of the Site via your user account at any time.
Eventim UK collects the following data to process a purchase:
- Postal Address
- Email Address
- Phone Number
- IP Address
- Date of Birth
- Payment Information
Eventim UK collects the following data when you create an Eventim account:
- Email Address
- Postal Address
- Phone Number
- Date of Birth
Eventim UK collects the following data when you sign up to marketing communications (weekly newsletter, TicketAlarm):
- Email address
Eventim UK may collect the following data when you contact us via social media, in order to manage your query:
- Social media username / handle – this is only stored as a note on the order you’re enquiring about.
Your personal information is used by us to contact you when necessary, in connection with transactions entered by you on the Site. We will not use your personal information for communications not associated with your transactions without your explicit consent – either by opting in during checkout, when creating an account or by updating the email preferences in your My Eventim account.
The service offered by Eventim UK may not be used by persons under the age of 16.
Financial information that is collected is used to authorise payment and bill you for products and services. When you make a purchase on the Site, you provide your financial or personal information to Eventim UK and accept that this data will be shared with those third parties necessary to process your transactions with us, such as credit card companies, banks and the companies that handle shipping on our behalf. This includes exchanging information with other companies and organisations for fraud protection and credit risk reduction.
Except as stated above, we will not share financial information with third parties without your prior consent.
In order to be able to process personal data it is necessary to identify the associated lawful basis for processing, such as:
Gaining consent of the data subject
This is where you give your explicit consent for us to process your data, as detailed in the above sections.
Fulfilment of a contract to which the data subject is party
This is where you place an order with Eventim UK.
Compliance with any legal obligation
Where Eventim UK are required to comply with any legal obligations, e.g. fraud investigation.
Legitimate interest of the data controller
When you’ve opted in to receive marketing communications from Eventim UK, we may contact you with upcoming events, presales and offers which we believe may interest you.
Consent for us to contact you via email for marketing purposes, is collected by:
- Clicking a check box during the purchase process
- Completing marketing registration in your My Eventim account
- Signing up for our weekly newsletter via our Site
These can be withdrawn at any time in your My Eventim UK account
We only collect data strictly necessary to meet the purpose of processing. In the event of any change in processing, Eventim UK will ensure that the data collected are still relevant to the updated process.
Eventim UK shares personal data only with the recipients necessary to fulfil the stated purpose(s) of processing. No data is transferred outside of the European Economic Area.
Eventim UK retains personal data for 15 years, unless you exercise your right to be forgotten (erasure). Data is retained for this period to ensure we can comply with any legal obligations that may arise where we are required to share historic data.
Personal data is stored securely in a central data centre.
8. Incident management
Eventim UK have implemented controls to ensure that regulatory obligations regarding data protection are followed. In the event of a personal data breach, Eventim UK will notify the competent supervisory authority within 72 hours. If the risk assessment is of a high risk for the data subjects, Eventim UK will communicate the breach of personal data to the data subjects.
9. Other websites
This Site may contain links to other websites, details of which are provided for information only. Eventim UK has no responsibility for such sites and nor does it have responsibility for the privacy practices or the content of such websites or for the privacy policies and practices of other third parties. You should ensure to read those websites’ privacy policies independently.
Eventim uses various software solutions to optimize our online services. This means that customer website usage information can be captured and analysed, allowing us to enhance the online user experience – for example, with personalised recommendations.
In order to achieve this, aggregated and anonymous statistical data is captured. This is anonymous connection and clickstream data, that relates to the browser being used, the number of visits/page impressions and the browsing behaviour of the respective visitor to a ticketing website. The shortened IP address of the visitor may also be visible to us during this process.
The data are analysed for the following purposes:
- Counting the number of visitors to our Site
- Tracking those areas of our Site that are particularly popular with users
- Analysing where users are from, in order to optimise the services provided
- Adapting recommendations to specific groups of customers
This process involves the use of stored cookies – namely ‘Perminfo’ and ‘Evisc’. By adjusting your browser settings, you can block these stored cookies at any time, or you can stipulate that cookies are allowed when explicitly accepted by yourself.
You can opt out from our personalised recommendations by clicking here.
After opting out, your specific recommendations will no longer be available.
Please note: the opt out is completed by using the stored cookies. The opt out has to be done before deleting or blocking the above-mentioned cookies, otherwise your opt in preference will still be active when using another browser which has these stored cookies enabled.
Eventim UK deploys the following software solutions within the meaning of the above (by clicking the respective provider below, the user will be redirected to the opt out option):
This website uses Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on the user’s computer and which allow an analysis of the use of the website. The information on the use of the website generated by the cookie is generally transferred to a Google server in the USA and stored there.
The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. In addition, Eventim UK has extended the Google Analytics code with “anonymizeIP” on this website. This ensures the masking of the user’s IP address so that all data is collected anonymously. Only in exceptional cases the full IP address will be transferred to a Google server in the USA and abbreviated there.
On behalf of Eventim UK, Google will use this information to evaluate the use of the website in order to compile reports on the website activities and to provide other services related to the website usage and the Internet usage for the website operator. The user can prevent the storage of the cookies by means of a corresponding setting of their browser software; in this case not all functions of this website may be fully utilised.
The user can also prevent Google from collecting the data (including IP address) generated by the cookie and its use of the website (including IP address) as well as the processing of this data by Google, by downloading the browser plug-in available under the following link and installed: https://tools.google.com/dlpage/gaoptout?hl=de
As an alternative to the browser add-on, particularly for browsers on mobile devices, the user can also prevent Google Analytics from being captured by clicking on this link. An opt-out cookie is then set which prevents the future collection of the user’s data when visiting this website. The opt-out cookie is only valid in the browser used and only for this website and is stored on the user’s device. If the user clears the cookies in this browser, the opt-out cookie must be set again.
Eventim UK also uses Google Analytics to evaluate data from double-click cookies and AdWords for statistical purposes. If the user does not want this, it can be disabled through the Ad Manager here.
Eventim UK uses Google Analytics, including the capabilities of Universal Analytics. Universal Analytics allows us to analyse the activities on our sites across devices (for example, when using a laptop and later by using a tablet). This is made possible by the pseudonym assignment of a user ID to a user. Such an assignment occurs, for example, when the user registers for a customer account or logs on to his customer account. However, no personal data will be forwarded to Google. Although adding additional features to Google Analytics with Universal Analytics, this does not mean that there is a limitation of data protection measures such as IP Masking or the browser add-on.
Eventim UK also uses the Frosmo platform, which collects data about website visitors in order to target them with customised content relevant to their needs and interests. To collect data, Frosmo uses different technologies, including browser cookies. By default, the Frosmo platform does not collect personal data that in itself enables the identification of an individual data subject. Frosmo never collects visitor data for its own purposes, nor for the purpose of selling it to a third party.
11. Social network plugins
When contacting us via social media regarding an order, you accept that we will make a note of your social media username / handle where relevant, in order to manage your query.
Our Site hosts social plug-ins for many social networks.
When a web page containing a social plug-in (such as the ‘Like/Recommend’ or ‘Tweet’ button) is accessed, the user’s browser connects to the social networks servers and the content required for the social plug-ins is downloaded. The operator of the social network receives the web address of the website accessed by the user and the date and time of access and the IP address of the user amongst other information. If the user is logged into their social network account, the social network may be able to relate the visit to that page to the user’s social network account. If the user clicks the social network button inside our website, this information may also be transferred to the social network and stored there. If the user does not wish this information to be sent to the social network, he or she must log out of their social network before visiting our website. If the user of the website is not a member of the social network, there is still a possibility that the social network will identify and store the user’s IP address.
Eventim UK has no control over the content of the plug-ins or of the information transferred to social networks. The purpose and scope of data collection, the further processing and use of the data by the social networks and the user’s rights and setting options to protect the user’s privacy can be found in the privacy policies of the networks, for example: