In processing your data we will comply in compliance with the General Data Protection Regulations (EU) 2016/679 (from 25 May 2018), as well as the Data Protection Act 1998 (and any amendment of or replacement for that Act) and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (and any amendment of or replacement for those Regulations), as well as any other data protection laws that apply from time to time (together the "Data Protection Laws").
We want this data policy to be as clear, simple and fully transparent as possible. Your rights regarding your personal data are set out in the section “Your Rights” below.
Any questions concerning personal data should be addressed to the Privacy Manager by email to email@example.com or by post to Centro Forum, 74-80 Camden St, London NW1 0EG. Additionally, you can adjust your preferences at any stage via your online Festicket account.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
We reserve the right to modify or amend this Policy at any time and will display the effective date at the end of this Policy. Previous versions can be obtained by contacting us.
What personal data is collected from you?
Under the Data Protection Laws, personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical physiological, genetic, mental, economic, cultural or social identity of that natural person.
visit our website;
create and place an order;
sign up to create an account or log in to your account;
when you subscribe to Festicket Magazine newsletter or to mailing lists on Festicket festival guides; or
when you send a email, phone or online request to our customer service team;
we will collect certain identity and contact data such as:
First name and surname
Date of birth
Photo ID e.g passport or driver’s licence
When you browse our website, we automatically collect identifiers such as cookies and IP addresses and other technical data, such as browser type and version and operating system and platform, location data and login data, as well as usage data including information about how you use our website, products and services.
When you make a booking with us, our third party payment provider will collect your transaction data including the details of the purchases of festival packages or festival tickets that you make on our site, including your payment details – bank account and payment card.
We may also ask you for personal data when you enter a competition or promotion sponsored by Festicket.com
We may also ask you to complete surveys that we use for research purposes only, although you do not have to respond to them, and we will ask for you to provide personal data when you submit the survey.
If you contact us through our customer services department, we may keep a record of that correspondence as well as the identity and contact data that you provide to us.
If you tell us that you have a health concern or reduction in mobility that could affect your festival experience, we will ask you for details. We will ask for your explicit consent to collect and process this data.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree to us doing so. Cookies contain information that is transferred to your computer's hard drive.
How we use your personal data?
Answering your enquiries:
When you get in touch with us with an enquiry about festival tickets or a festival package, we will use your personal data to service your request and respond to your enquiry.
Arrangement and fulfilment of your festival booking:
When you purchase a festival ticket or festival package from us, we will use your personal data to make arrangements for your booking and otherwise as necessary to fulfil the contract for your booking. This may include identity and contact data as described in section 1. When required by the travel providers (such as the festival organiser, promoter, hotels, transport company) in order to confirm your booking and to fulfil their part of your festival contract, your personal data may be shared with them, as detailed in the section below entitled: ‘Who is my personal data shared with?’. We will also share your data with other third parties who provide services to us in connection with making your booking such as payment and ticketing providers.
In order to arrange your booking and fulfil your contract, the processing we will undertake includes:
processing your payment card through a third party payment provider.
processing your booking through our third party ticketing providers.
contacting you by email to confirm your booking.
contacting you to fulfil your booking, personalise your festival tickets by adding the names of your party, and delivering your tickets or coupons to you by email or post.
contacting you to make sure you receive the instructions and information to access the festival and any other service you’ve purchased with us.
contacting you to verifying your identity when you need to change your order details (traveller name, delivery address…).
contacting you to try to resolve your complaints and any requests made to our customer services: pre-sale enquiries for information, post-sale refund enquiries, cancellations, upgrades or modifications to the order details.
As a matter of fraud prevention, we may need to verify your personal data with your bank or credit card provider and to any relevant investigatory authority to ensure against fraudulent transactions.
In order to process your booking, we will use any health and mobility information that you provide to us to enable us (and the suppliers of your festival package) to ensure your health, safety and welfare during the event, which is our legal responsibility. We will ask for your explicit consent for our use of this information at the time of requesting it only for this purpose.
Where you provide names of children for the purpose of purchasing children’s tickets to festivals, we will use these only for the purpose of fulfilling your booking and for no other purpose.
Making contact to ensure you have completed your booking:
If you make a booking enquiry with us online but your checkout process was incomplete, we may use personal data that you have previously provided us in order to contact you to let you know that your booking was not completed. You do not need to take any action if it was intention not to proceed with a booking.
By contacting you we can ensure that we service your request and help you finalise the transaction.
Creating a customer profile and personalising our site in order to provide a better and more relevant service to our customers:
Site analytics: we may use personal data to analyse and optimise how our site is used to ensure that our customers have a good experience when purchasing our products and services.
Customer analytics: we may use personal data to analyse customers’ profiles and behaviour on our site you to ensure that we always offer the best products and services to you.
On-site personalisation: we may use personal data to ensure that content from our site is presented in the most effective manner for you and for your computer. The content that you see on our site may be personalised based on the user location, user language, user browsing history or purchase history.
Advertising our products and services:
Festicket uses your personal data for advertising our products and services to help grow our business. Festicket may use internal tools as well as technology partners to do this, as detailed in the section below entitled: ‘Who is my personal data shared with?”.
In order to advertise our products we may:
We may also use your personal data to tailor advertising or sponsored content on Festicket site on behalf of commercial partners.
We would like to contact you by email with the following marketing material:
the Festicket Magazine newsletter, a weekly digest of exclusive information about the latest festivals every Friday.
Email alerts based on your festival interests and favourites, on your purchase history or web behaviour.
On-sale and lineup announcements.
ticket pre-sales for festivals for which you have previously purchased tickets through Festicket.
details of other products and services.
Festicket may use internal tools as well as technology partners to do this, as detailed in the section below entitled: ‘Who is my personal data shared with?”.
If you are a new customer to Festicket from the date of this Policy, we will only use your personal data for direct marketing communications with your prior consent. You can provide your consent to email marketing communications by opting-in when you are confirming your booking, setting up an account, subscribing for our newsletters and email marketing communications on our website. If you have opted in for email communications, you can change your mind at any time by following instructions in the emails received.
Third party promotions:
We will not share your personal data with third parties for their own marketing and promotional purposes unless you have given us your explicit consent. If you opt in to any third party communications, you can opt out at any time by following instructions in the third party communications received.
If you have entered a competition or prize draw that we have organised, we will use the personal data that you have provided to us in order to contact you to let you know whether you have won a competition or prize draw that you have entered.
Who we need to share your personal data with?
In order to arrange your booking and to fulfil your contract, as detailed in the section entitled “How we use your personal data?” above, your personal data may be shared with external companies such as:
customer services providers;
administration services providers;
suppliers such as festival promoters/organisers, hotels and transportation companies.
When we use analytics and on-site personalisation to improve your customer experience, as detailed in the section entitled “How we use your personal data?”, your personal data may be shared with external companies such as:
technology partners who provide data analysis.
technology partners who provide data collection and processing.
technology partners who provide secure data storage.
As detailed in the section entitled “How we use your personal data?”, your personal data may be shared with marketing technology companies such as Facebook, Google, Twitter and Snapchat for Festicket’s own marketing and advertising purposes.
Before sharing any of your personal data with external providers, we require our providers to sign an agreement confirming that your data will be kept secure in accordance with the Data Protection Laws.
We will not share your personal data with any external company for that company’s marketing purposes without your prior consent.
When we share data with partners (see section “Who we need to share your personal data with?”), the data that we collect from you may be transferred to, and stored at, a destination outside of the European Economic Area ('EEA'). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the fulfilment of your bookings, the processing of your payment details, the provision of support services including marketing services.
Whenever we transfer your personal data outside of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
Please email us at firstname.lastname@example.org if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted. Certain parts of our site are password protected and where we have given you (or where you have chosen) a password that enables you to access such parts of our site, you are responsible for keeping this password confidential and you must not share it with any other person or service.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
How long is my personal data stored for?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us at email@example.com.
Your legal rights
Your rights under the Data Protection Laws in relation to your personal data include (but are not limited to) the following:
You have the legal right to ask us to supply you with a copy of the personal data that we hold about you at any time free of charge. This could include booking information relating to your festival tickets or festival packages that you have booked with us. Further copies may incur a reasonable fee and also if your request is clearly unfounded, repetitive or excessive (we may refuse to comply with your request in these circumstances).
You can also ask us to rectify any errors in your personal data or complete any incomplete data that we hold or you can update your own details at any time by accessing your online account.
Where you have given your consent to our processing of your data, you have the right to withdraw your consent at any time. If you withdraw your consent and there is no other legal ground for us to process your data, you can ask us to erase your personal data. You can also require us to erase your data if we have processed your data unlawfully or if the law requires us to erase your data. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
You may also restrict the processing of your data: This enables you to ask us to suspend the processing of your personal data if: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
You may request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
If you wish to exercise any of your legal rights, please file your request with our Help Centre by filing a request in our Help Centre at this link or writing to our Privacy Manager at firstname.lastname@example.org.
Third party websites
Our site may, from time to time, contain links to and from the websites of our partners and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
The last update to this data policy was published on the 5/24/2018.
© 2020 Festicket® Ltd.
All rights reserved.