In processing your personal data we will comply with the General Data Protection Regulations (EU) 2016/679, the Data Protection Act 2018 (and any regulations made under that Act) and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (as amended), as well as any other data protection laws that apply from time to time (together the "Data Protection Laws").
1. Who we are
Festicket Ltd company is the data controller of your personal data under the Data Protection Laws in relation to personal data collected by our three brands. As data controller we determine the purposes and means of processing the personal data that we collect and are responsible for your data. We are registered with the Information Commissioner’s Office.
2. How is your personal data collected?- Personal data you give us through our websites and applications:
We collect your personal data through:
(b) Emails you send to us, or that we send to you;
(c) Our online conversations with you; and
(d) Your use of social media to follow us, including “like” buttons and similar functions made available by social media platforms.
We will collect your personal data when you:
create and place an order;
sign up to create an account or log in to your account;
when you subscribe to our newsletters or to mailing lists or Festicket and Ticket Arena event guides;
when you subscribe to a waiting list for an event; or
when you send an email, phone or online request to our customer service team;
The personal data we collect may include the following identity and contact data:
First name and surname
Postal and billing address
Date of birth
Photo ID (e.g passport or driver’s licence ID)
When you browse our website, we automatically collect identifiers such as cookies and IP addresses and other technical data, such as browser type and version and operating system and platform, location data and login data, as well as usage data including information about how you use our website, products and services (“Technical Data”).
When you make a booking with us, our third-party payment provider will collect and process your transaction data including the details of the purchases of festival packages or event tickets that you make on our site, including your payment details – bank account and/or encrypted payment card details.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree to us doing so. Cookies contain information that is transferred to your computer's hard drive.
If you contact us through our customer services department, we may keep a record of that correspondence as well as the identity and contact data that you provide to us.
If you tell us that you have a health concern or reduction in mobility that could affect your experience, we will ask you for details. We will ask for your explicit consent to collect and process this data.
We may also ask you for personal data when you enter a competition or promotion sponsored by Festicket or Ticket Arena
We may also ask you to complete surveys that we use for research purposes only, although you do not have to respond to them, and we will ask for you to provide personal data when you submit the survey.
3. How we use your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
In order to perform the contract we are about to enter into or have entered into with you.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal obligation.
We set out below how we use your personal data and our lawful basis for doing so:
When you get in touch with us with an enquiry about event tickets or a festival package, we will use your personal data to service your request and respond to your enquiry. Answering your enquiry is necessary to in order to steps at your request prior to entering into a contract;
We will notify you of important changes or developments to our sites, apps or services in order to keep you fully informed about our services. This is necessary in order to service your enquiry, contract with us or for our legitimate interests;
When you purchase an event ticket or package from us, we will use your personal data to make arrangements for your booking and otherwise as necessary to fulfil the contract for your booking. This may include identity and contact data as described in section 2 above. When required by the travel providers (such as the event organiser, promoter, hotels, transport company) in order to confirm your booking and to fulfil their part of your contract, your personal data may be shared with them, as detailed in the section below entitled: ‘Who is my personal data shared with?’. We may also share your data with our in-house ticketing agent, Event Genius, and/or with third parties who provide services to us in connection with making your booking such as payment and ticketing providers.
In order to arrange your booking and fulfil your contract, the processing we will undertake includes:
processing your payment card through a third-party payment provider;
processing your booking through our in-house or third-party ticketing providers;
contacting you by email to confirm your booking;
contacting you to fulfil your booking, personalise your event tickets by adding the names of your party, and delivering your tickets or coupons to you by email or post;
contacting you to make sure you receive the instructions and information to access the event and any other service you’ve purchased with us;
contacting you to verify your identity when you need to change your order details (traveller name, delivery address…);
contacting you to try to resolve your complaints and any requests made to our customer services: pre-sale enquiries for information, post-sale refund enquiries, cancellations, upgrades or modifications to the order details;
In order to process your booking, we will use any health and mobility information that you provide to us to enable us (and the organiser of your event) to ensure your health, safety and welfare during the event, which is our legal responsibility. We will ask for your explicit consent for our use of this information at the time of requesting it only for this purpose.
Where you provide names of children for the purpose of purchasing children’s tickets to events, we will use these only for the purpose of fulfilling your booking and for no other purpose.
As a matter of fraud prevention, we may need to verify your personal data with your bank or credit card provider and to any relevant investigatory authority to ensure against fraudulent transactions including identity theft. This is necessary to protect both ourselves and our customers against fraud and other criminal activity.
We may use your information to protect your security as well as the security of our company, employees, customers, third parties and/or our/their property (including events you may attend and our websites, networks and systems) as permitted by law. We will protect the integrity of your personal data, and the integrity of our business by backing up your data, and by securely destroying that data when we no longer need it. This is necessary to protect our legitimate business interests as well your interests.
If you make a booking enquiry with us online but your checkout process was incomplete, we may use personal data that you have previously provided via your enquiry in order to contact you to let you know that your booking was not completed. By contacting you we can take steps to ensure that we service your request and help you finalise the transaction
Site analytics: we may use personal data to analyse and optimise how our websites are used to ensure that our customers have a good experience when purchasing our products and services.
Customer analytics: we may use personal data to analyse customers’ profiles and behaviour on our sites to ensure that we always offer the best products and services to you.
On-site personalisation: we may use personal data to ensure that content from our sites are presented in the most effective manner for you and for your computer. The content that you see on our sites may be personalised based on the user location, user language, user browsing history or purchase history.
In order to advertise our products we may:
The basis of processing your data in this way is based on your consent. Festicket may use internal tools as well as technology partners to do this, as detailed in the section below entitled: ‘Who is my personal data shared with?”.
We would like to use your personal data to contact you by email with the following marketing material.
Email newsletters from Festicket and Ticket Arena - a weekly digest of exclusive information about the latest events published every Friday.
Email alerts based on your events interests and favourites, on your purchase history or web behaviour.
On-sale and lineup announcements.
Ticket pre-sales for events for which you have previously purchased tickets through Festicket.
Details of other products and services.
Festicket may use internal tools as well as technology partners to do this, as detailed in the section below entitled: ‘Who is my personal data shared with?”.
If you use our Apps, we may use push notifications to highlight when we have added new offers and promotions that may be of interest to you. Lawful Basis: your consent.
For customers who have booked or enquired about our event tickets or packages on or after 25/04/2018, we will only use your personal data for direct marketing communications with your prior consent. You can provide your consent to email marketing communications by opting-in when you are confirming your booking, setting up an account, subscribing to our newsletters and email marketing communications on our website. If you have opted in for email communications, you can change your mind at any time by following instructions in the emails received.
We may use data analytics (described above) to define types of customers for our services and to inform our marketing strategy as necessary for our legitimate business interests where the customer has consented to the cookies or other identifier.
We will not share your personal data with third parties for their own marketing and promotional purposes unless you have given us your explicit consent. If you opt in to any third-party communications, you can opt out at any time by following instructions in the third-party communications received.
If you have entered a competition or prize draw that we have organised, we will use the personal data that you have provided to us in order to contact you to let you know whether you have won a competition or prize draw that you have entered and so allow us to both perform the contract for the prize and as necessary for our legitimate interests to allow us to encourage customer demand and develop our business.
We will process your personal data to administer and protect our business and may include personal data in our internal reports and sales analysis, accounting, transactional and VAT records including auditing requirements as necessary for our legitimate business interests.
In limited circumstances we may use your information for other purposes where required or permitted by law, such as where we have a legal right or duty to use or disclose your information (for example an investigation by a public authority or in a legal dispute).
Whenever we rely on legitimate interests as a legal basis for processing, we will only do so if that processing is in your interests, our legitimate business interests or the interests of a third party. We must have carefully evaluated whether such interests are overridden by your interests, privacy and fundamental rights and freedoms and you have a right to object to such processing if you so wish. See the Legal Rights section below. Please bear in mind that if you object in this way, you may affect our ability to carry out these tasks, which may impact on your benefit.
4. Who we disclose your personal data to
Your personal data may be disclosed to and processed by our employees provided that they have a job-related need to know the personal data in order to carry out the processing for the purposes set out in this policy. Festicket, Ticket Arena and Event Genius are all brands owned by Festicket Ltd, the ultimate holding company of the Festicket group and accordingly personal data provided to one brand may be processed by employees of any of the three brands in line with this policy.
We will also share your personal data with:
(a) our third-party consultants, (sub-)contractors, suppliers or other service providers who may access your personal information when providing services (including but not limited to IT support services) to us e.g. for instance, we may share your data with email marketing companies who help us to email or mail our newsletter to you and other people who help us provide our websites, our apps, and related services to you. This includes information technology experts who design and host our websites and our apps, and general service companies.
(b) auditors or contractors or other advisers auditing, assisting with or advising on any of our business purposes;
(c) our successors in title or our prospective sellers or buyers of our business when we have a merger or re-organisation.
(d) with event organisers:
If you purchase a ticket from us, or any other services connected to an event, we may share your personal data with the event organiser (e.g. we will share your data with event organisers to enable them to allow entry to the events and to run the events).
If you have given consent to receive marketing communications from the promoter of the event at the moment of purchase, they may send you marketing communications and other promotional information by email, SMS, post, phone, social media.
Event organisers may also collect analytics and advertising cookies on the Festicket and Ticket Arena pages from their own events. They may use this data to track and analyse customer behaviour and retarget via display or search ads.
In order to arrange your booking and to fulfil your contract, as detailed in the section entitled “How we use your personal data” above, your personal data may be shared with external companies such as:
customer services providers;
administration services providers;
suppliers such as festival promoters/organisers, hotels and transportation companies.
tickets resale partners, to ensure that your booking is eligible for a resale listing (providing you decide first to resell it with them)
When we use analytics and on-site personalisation to improve your customer experience, as detailed in the section entitled “How we use your personal data?”, your personal data may be shared with external companies such as:
technology partners who provide data analysis.
technology partners who provide data collection and processing.
technology partners who provide secure data storage.
As detailed in the section entitled “How we use your personal data”, your personal data may be shared with marketing technology companies such as Facebook, Google, Twitter and Snapchat for Festicket’s own marketing and advertising purposes.
When you use our mobile applications: Our Apps run on third-party software platforms, for example, Apple’s iOS platform which powers Apple’s iPhone and Google’s Android platform which powers Android-based smartphones.
Before sharing any of your personal data with external providers, we require our providers to sign an agreement confirming that your data will be kept secure in accordance with the Data Protection Laws.
We will not share your personal data with any external company for that company’s marketing purposes without your prior consent.
Our site may, from time to time, contain links to and from the websites of our partners and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
5. Security of your personal data
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted. Certain parts of our site are password protected and where we have given you (or where you have chosen) a password that enables you to access such parts of our site, you are responsible for keeping this password confidential and you must not share it with any other person or service.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
When we share data with third parties (see section “Who we need to share your personal data with?”), the data that we collect from you may be transferred to, and stored at, a destination outside of the European Economic Area ('EEA'). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the fulfilment of your bookings, the processing of your payment details, the provision of support services including marketing services.
Whenever we transfer your personal data outside of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.
Please email us at firstname.lastname@example.org if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
6. How long we keep your personal data for
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us at email@example.com.
7. Your legal rights
Your rights under the Data Protection Laws in relation to your personal data include (but are not limited to) the following:
You have the legal right to ask us to supply you with a copy of the personal data that we hold about you at any time free of charge. This could include booking information relating to your tickets or packages that you have booked with us. Further copies may incur a reasonable fee and also if your request is clearly unfounded, repetitive or excessive (we may refuse to comply with your request in these circumstances).
You can also ask us to rectify any errors in your personal data or complete any incomplete data that we hold or you can update your own details at any time by accessing your online account.
Where you have given your consent to our processing of your data, you have the right to withdraw your consent at any time. If you withdraw your consent and there is no other legal ground for us to process your data, you can ask us to erase your personal data. You can also require us to erase your data if we have processed your data unlawfully or if the law requires us to erase your data. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
You may also restrict the processing of your data: This enables you to ask us to suspend the processing of your personal data if: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
You may request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
If you wish to exercise any of your legal rights, please file your request with our Help Centre by filing a request in our Help Centre at this link or writing to our Privacy Manager at firstname.lastname@example.org.
Any questions concerning personal data should be addressed to the Privacy Manager by email to email@example.com or by post to Centro Forum, 74-80 Camden St, London NW1 0EG. Additionally, you can adjust your preferences at any stage via your online Festicket account.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
We reserve the right to modify or amend this Policy at any time and will display the effective date at the end of this Policy. Previous versions can be obtained by contacting us.