Privacy Policy: Tomorrowland presents Amber Broos
We consider the protection of your privacy to be extremely important. We want to inform you as much as possible, respect you and give you control over what happens to your personal data. Below you will find information about what data we collect, why we do this, how long we keep it, what your privacy rights are and how you can exercise them.
We are bound by and use your personal data in accordance with the General Data Protection Regulation 2016/679 of April 27th, 2016 (the “GDPR”) and its implementation into national law.
ARTICLE 1: WHO IS PROTECTED BY THIS PRIVACY POLICY
This privacy policy applies only to the personal data we process in our capacity of data controller (as defined under Article 2 below).
It applies to the processing of personal data of our (private and business) customers in relation to our products and services, as well as to the personal data of the end users who, through their relationship with our customer (for example: other people whom our customer buys tickets for), use our products and services.
For the sake of clarity, processing personal data of businesses is only relevant in the context of this privacy policy if the business represents is a natural person, or - if the business is a legal person - then this privacy policy only applies to the personal data of the natural persons which we process in the context of their relationship with such business (such as mandates, contact persons and/or end users).
ARTICLE 2: DATA CONTROLLER
WEAREONE.world BV, with registered offices at B – 2000 Antwerp, Korte Vlierstraat 6, VAT number BE0867239782 (hereafter “Tomorrowland”, “we” or “us”), is responsible for processing your personal data. This means that Tomorrowland determines the purpose and means for processing your personal data. This does not alter the fact that our customers have a number of obligations in connection with the processing of personal data of the end users whom they allow to use our products and services (for example: other people whom our customer buys tickets for)
Under Tomorrowland can be understood the organizer of ‘Tomorrowland presents Amber Broos’. Hereafter ‘event’.
ARTICLE 3: PERSONAL DATA PROCESSED ABOUT YOU
Processing activities
When using the term “processing personal data” in this privacy policy, we are talking about our use of personal information that identifies you or is able to identity you, either directly or in combination with other information that is held or obtained externally. Your personal data may include, for example, your name, your contact details, information on how you use our websites and apps and those of our partners and, generally, how you interact with Tomorrowland. The processing of personal data received from third parties is further explained in this policy.
Personal data is collected:
When you use our products and services and interact with us through different channels. This includes:
· When you make a purchase with us or one of our official (ticket) partners: your name, first name, postal and e-mail address, date of birth, phone number, details of the order you placed with us as well as your sex and nationality (optional);
· When you share your contact information to register for our newsletter or that of our partner;
· Ticket information we assign to you, linked to the ticket(s) you buy
· Transactional information about your purchase
· Bank information for reimbursement purposes;
· Interest in specific products and services on our websites;
· Video, images and other media that can identify you during the event, for security and in promotional media at our events;
From our partners, such as ticket agencies, the venues in which our events are held, artists who share your data with us, to be used by us for the purposes described in this privacy policy. Where required by law, your consent will be sought by the partner to have the data shared with us for use in accordance with this policy;
From government agencies (e.g. police forces);
and
From social media platforms such as Instagram, Google and Facebook, who collect your personal data in their capacity of data controller and obtain your consent (where legally required) to share such data with us in order to enable us to use that data for the purposes described in this policy. Please be aware that your use of social media platforms is governed by the privacy policy of such platforms. We are not responsible for the use of your data on such platforms
Sensitive “special category” personal data
Personal data that can be considered sensitive is not actively processed. However, your nationality, gender and special requests concerning injuries or disabilities might reveal sensitive data. This data is processed by our customer service team, which is trained to respect and handle this data carefully. Tickets containing sensitive data of this type will be flagged and deleted one year after the respective event.
Personal data of minors
Our event is intended for all age groups including minors. This results in us processing personal data of minors. This personal data will be collected after the parent purchases the ticket for the minor. By doing so, the parent gives its consent to process personal data of its child for the purposes stated in this Policy.
Minors who intend to use our products and services need to be supervised by the holder of parental responsibility over the child. The privacy of minors will be protected and holders of parental responsibility for the child will be encouraged to take an active part in their children’s (online) activities.
ARTICLE 4: HOW AND WHY IS YOUR PERSONAL DATA USED?
Proportionality
We process personal data for various purposes, whereby we only process the data that are necessary to achieve the intended purpose.
As such, we process your personal data when necessary:
· in the context of the preparation, execution or termination of our contract (sales agreement) with you;
· in order to comply with the legal or regulatory provisions to which we are subject; and/or
· In order to protect our legitimate interests (e.g. to continue to improve our products and services, to follow-up on our performances via anonymized reporting and statistics and to prevent fraud and other legal violations), in which case we always strive to strike a balance between that interest and respecting your privacy, especially when you are a minor.
If the processing of your personal data is not necessary for any of these three reasons, we will always ask your permission to process your personal data. If you choose not to give your consent, or if you withdraw your consent, you will not be able to take (full) advantage of the services offered.
Consent for commercial purposes
After explicit consent, you can receive commercial e-mails to inform you about all Tomorrowland-related events (such as Unite with Tomorrowland), artists (such as Dimitri Vegas & Like Mike or Lost Frequencies), People of Tomorrow (social platform), Tomorrowland surveys, Tomorrowland theme and videos and TML by Tomorrowland.
Processing activities
Your personal data can be used for the following purposes:
A. When making a ticket purchase
To execute your sales contract and eventually deliver your order, which includes several operational processes from us and our (ticket) partners, including:
· Order and payment processing;
· Booking and processing your purchased additional activities;
· Transactional e-mails (such as confirmation of purchase, your e-ticket or your payment confirmation);
· Customer service and dispute resolution
· Reimbursement
· Fraud prevention
Related Commercial Purpose
· After explicit consent, you can receive commercial e-mails to inform you about all Tomorrowland-related events (such as Unite with Tomorrowland), artists (such as Dimitri Vegas & Like Mike or Lost Frequencies), People of Tomorrow (social platform), Tomorrowland surveys, Tomorrowland theme and videos and TML by Tomorrowland.
B. When using our websites
· In order to guarantee the functioning of the websites;
· To enable the functionalities inherent to our website;
· To provide you with personalized content on our communication channels.
C. When visiting our event(s)
· Where permitted by law, e.g. in order to prevent crime, criminal records of ticket holders can be checked by government bodies and police forces. These parties may give us negative advice regarding the admission of a ticket holder to the festival or event. In the case of negative advice, we are obliged to block ticket holders from the festival. Such circumstances do not give rise to a refund of your purchase price. We will only provide first name, last name, date of birth and country of residence and will not do any profiling in this matter or look into any criminal records themselves;
· Security, safety and health procedures (incl. camera surveillance);
· Fraud prevention;
· Anonymized reporting and statistics about visitors (e.g. variety of nationalities)
Personal data shared with third parties
We do not give your personal information to third parties unless:
· To our legal successors and other companies within the Tomorrowland Group;
· To our IT and Business service providers
o Consultants
o Cloud service providers
o Software service providers
· This is necessary for the provision of our products and services, e.g.:
o Booking companies;
o Fulfillment and shipping companies;
o Payment processing companies;
· There is a legal obligation, e.g.:
o Tax and accountancy obligations;
o Police investigations;
o Local and federal government requirements
· There is a legitimate interest for us or the third party concerned, e.g.:
o Hospitality staff at check-in points;
o Operational staff on-site;
· You give us permission to share your data, e.g.
Your responsibilities towards end-users
If you, as our customer, allow end-users (such as family members, friends, visitors, and employees) to use the products and services covered by this privacy policy, you have the following responsibilities:
· You must adequately inform the end-users that we, by their use of our products and services, will process their personal data;
· You must obtain all legally required consents from the end-users before their personal data are communicated to us for processing within the framework of our products and services that you allow them to use;
· You must adequately inform end-users of the applicability of this privacy policy, in particular with regard to privacy rights and how they can be exercised;
· You may not use our products and services to collect personal data in violation of applicable privacy laws or to unlawfully gain access to the personal data of the end-users;
· You must obtain information from us about the level of security of our products and services and take appropriate technical and organizational measures in your sole discretion and ability to adequately protect personal data against unauthorized or unlawful processing and against unlawful or unintentional destruction, accidental loss, alteration, unauthorized disclosure, damage, alteration, unauthorized access or disclosure;
· You must take all reasonable steps to ensure the reliability of the end-users who have access to personal data. You must not do anything, cause anything or allow anything to be done that could in any way result in a violation of those privacy laws.
Your responsibilities with regards to third-party services
· Through our products and services, you can also use the services of other parties such as third-party activities through vouchers sale, third party websites, forums, Facebook, Twitter, newsgroups, and/or apps. We have no control over the information you place there and how it is processed, nor are we responsible for it. It is up to you to deal with this and to read the privacy policy of these third parties carefully.
ARTICLE 5: CONTROL YOUR DATA
Your privacy rights
You have the following rights to govern your personal data:
· Right to access your personal data
· Right to correct your personal data
· Right to erase your data in duly justified cases
· Right to request your personal data in a readable format for personal or portability purposes
· Right to restrict processing of your data
· Right to object against processing your data
If you want to exercise the right to be erased to the full extent and have purchased tickets for a future event, these tickets will be canceled without a refund. Your details are needed to fulfill all these services. Your personal data will be removed as soon as possible, except if it concerns information that needs to be kept in pursuance of the law or an agreement.
We will respond to your request as soon as possible, and in any case within 30 calendar days after receipt of your request and after your identity is checked. Depending on the complexity of the requests and the number of requests, this period can be extended by a further two months if necessary. If the period is extended, we will inform you of this within one month of receiving the request.
You can exercise your rights by sending an email to dpo@tomorrowland.com or write to the following address:
WEAREONE.world BVBA
Attn: Data Protection Officer
Vlierstraat 6
2000 Antwerp
Belgium
ARTICLE 6: COOKIES AND OTHER TECHNOLOGIES
While using our website, we may place cookies, originating from the domain tomorrowland.com or any tomorrowland.com subdomain.
A cookie is a small amount of data, which often includes an anonymous unique identifier that is sent to your browser from a website's computer and stored on your computer's hard drive.
We do not store any personal data in a cookie that can be used to identify individuals. We can, however, track your activity on online assets for statistical analysis and to enhance your experience.
Although cookies are required to be able to fully use the services and all of its features, you can always refuse to accept cookies by changing the related settings of your browser.
Certain cookies like first party functional cookies and performance cookies are mandatory, other cookies can be switched off in your browser.
You can find more details about the cookies we use and manage them here.
ARTICLE 7: SECURITY OF YOUR PERSONAL DATA
Technical and organizational measures
Appropriate technical and organizational measures are taken to protect your personal data against unauthorized or unlawful processing and against accidental loss, destruction or damage. When you provide your personal data through our websites or mobile apps, this information is transmitted across the internet securely using high-grade encryption.
As described in this privacy policy, in some instances your personal data will be shared with third parties, in which case that third party is required to have appropriate technical and organizational measures in place to protect your personal data.
However, in some instances, we may be compelled by law to disclose your personal data to a third party, such as a government body, and has limited control over how that data is protected by that party.
Processing of personal data inside/outside the EER
The information that you provide to us will be held in the systems located at the registered office in Antwerp or in those of an appointed third party (mentioned above) or our cloud service provider Zendesk.
We may also allow access to your information by other third parties who act for us for some of the purposes described in this privacy policy or for other purposes explicitly approved by you.
To the extent that personal data is processed outside the European Union, we will ensure through contractual or other measures that such data enjoy an adequate level of protection there, comparable to that which they would enjoy in the European Union, in accordance with the European regulations.
Privacy incidents
Data breaches can be reported by mail to: dpo@tomorrowland.com. We have an internal policy and regularly educates staff on preventing and reporting possible data breaches. Based upon the outcome of an impact assessment, we can notify affected data subjects and the Belgian Privacy authorities of the breach.
ARTICLE 8: DATA RETENTION
We will not retain your data longer than necessary: your personal data is retained for a period of 6 months after the end of the event and will be removed automatically when that period expires. Data that is processed based on your consent, will be processed until you revoke your consent.
ARTICLE 9: MISCELLANEOUS
This privacy policy is without prejudice to our right to take further actions vis-à-vis certain users of our products and services, based on an agreement, the law, regulations, etc and we implement Data Privacy, Data Protection and Data Security by design and by default where and whenever possible.
ARTICLE 10: COMPLAINTS
If we were unable to handle your data subject request optimally, you always have the right to file a complaint with our Data Protection Authority or your own local data protection authority.
ARTICLE 11: UPDATES
We may make changes to this privacy policy from time to time, including as part of the GDPR. The latest version of our privacy policy is always available on this website.
ARTICLE 12: CONTACT
Questions, comments, and requests regarding this privacy policy via dpo@tomorrowland.com or:
WEAREONE.world BVBA
Attn: Data Protection Officer
Korte Vlierstraat 6
2000 Antwerp
Belgium