1. Identity and Contact Information of the Data Controller
The Data Controllers attach great importance to your privacy and process your personal data in accordance with the European Regulation 2016/679 of April 27, 2016, regarding the protection of natural persons concerning the processing of personal data (hereinafter "GDPR"), as well as any future or additional legislation implementing it, where applicable.
For further questions or comments regarding how we handle your personal data, you can always contact us at email@example.com.
Our Data Protection Officer (DPO), known as Mr. Franklin BV (www.misterfranklin.be/dpo), can also be reached through the same contact information (with reference to 'Attention: DPO').
2. What Does "Processing Personal Data" Mean?
3. What Data Do We Process?
Below, we clarify which data we may process from you. Depending on the specific situation, your preferences, and how you contact us, we may not process all the data listed below from you.
Visitors to Our Events, Concerts, and Festivals
For visitors to our events, concerts, and festivals, we may process the following data:
- Name, identification information, and contact details (email address, phone number, place of residence);
- Ticket information (purchased ticket, seat location);
- Communication details (related to information provision or after-sales service);
- Personal characteristics (birthdate, preferences, behavior and purchase data at events, responses on our website or social media channels);
- Media (photos and videos from events);
- Payment and invoice details;
- Special personal data: In case you have a disability, we want to ensure that you can also enjoy an optimal experience at our events. To meet your accessibility needs, you can voluntarily (with your consent) provide your requirements so we can take them into account;
- Data of minors: It is possible that data of minor participants in our events are processed.
Website and Webshop Visitors
For visitors to our websites and webshops, we may process the following data:
- IP address, device data;
- Contact details and data entered on our contact pages;
- Order details;
- Payment details and invoices;
- Account details;
- Aftersale data;
- Analytical data with consent for our analytical cookies;
- Personal preferences with consent for our advertising cookies;
- Social media data with consent for our social media cookies.
For marketing purposes, we may process the following data:
- Contact details (email, address, phone number);
- Personal preferences.
Business Partners - Processors
For our customers and event visitors in the context of our commercial activities, we may additionally process the following data:
- Contact details;
- Communication data;
- Contracts, quotations;
- Ordering and payment data;
- Aftersale data.
For job applicants, we may additionally process the following data. Of course, this will largely depend on the data you choose to provide to us in connection with your job application:
- Name + contact details;
- Work-related data (CV, recommendation letter);
- Personal and personality data;
- Contact details;
4. For What Purposes Do We Process Your Data?
Personal data is exclusively processed within the scope of the company's activities, particularly for the following purposes:
- To carry out our services related to events in the broadest sense.
- For managing our customer administration.
- To provide you with information about offers, events, and other activities organized by the Greenhouse Talent group, for example, through mailings (email or postal mail).
- For the improvement of our services (e.g., through surveys).
- For the registration of visitor data from (parts of) our websites.
- To conduct market research.
- For the improvement and security of our websites.
- To promote our events, including sending newsletters or marketing communication, behavioral advertising, displaying specially designed advertisements for you, also on third-party sites via advertising networks.
- Analysis of event attendees.
- In the context of a job application process.
- In the context of legal disputes or proceedings.
- To comply with legal obligations, government requirements, and/or audit requirements.
- To develop and maintain relationships with potential or existing partners.
5. On What Legal Grounds Do We Process Your Data?
We only process your data to the extent based on one of the processing grounds listed in the GDPR, as outlined below. We do not process more or different types of data than those necessary for these purposes.
Certain data are processed by us to comply with legal or regulatory obligations that apply to us. For example, within the context of tax and accounting obligations, security requirements for organized events, or in the field of data protection.
Necessary for the Performance of a Contract:
Certain data are processed by us because it is necessary for entering into, performing, or terminating an agreement with you as the data subject. For example, for contacting, scheduling, responding to a request, or requesting information in connection with the use of our services, as well as for the actual execution of the contractual assignment within the scope of our main activity, in order to provide or receive our services.
Certain data are processed by us based on our legitimate interests, which, in specific cases, outweigh any potential detriment to your rights. These interests include:
- Conducting market research and analysis to improve our events and services.
- For our marketing purposes toward existing customers, providing information about offers, concerts, and other events. This may include emails with concert information or email alerts about similar events.
- Ensuring your safety and that of other attendees during our events.
- Preventing or detecting unlawful behavior, protecting or enforcing our legal rights, or in other cases permitted by law.
Certain data are processed by us based on your consent. For example, for promoting our activities for marketing purposes to non-customers, using analytical, marketing, and social media cookies, sharing data with partner companies, and subscribing to our newsletters. Medical data, such as accessibility requirements for an event, are processed only with your consent. Data of job applicants after the recruitment process will only be retained with their consent.
6. Source of Data
Most of the data we process from you have been obtained directly from you. Within the scope of our services, it is possible that we obtain data from you through external service providers or public sources.
7. With whom do we share your data?
We do not share your data with third parties unless strictly necessary for the purposes mentioned above or when required by law.
We may share your data within the Greenhouse Talent group and all companies affiliated with this group.
Where necessary, we rely on external service providers (processors) to support our operational purposes, such as managing our websites and IT systems. These external service providers may, if necessary, perform certain data processing on our behalf. We will only share your data with these external service providers to the extent necessary for the respective purpose. They may not use the data for other purposes. Furthermore, these service providers are contractually bound to ensure the confidentiality of your data through a "processor agreement" that has been entered into with these parties.
Specifically, this means that, to the extent relevant in your situation, we may share your data with the following third parties for the following purposes, with these third parties sometimes acting as processors on our behalf:
Co-promoters, event partners, partner companies, concert venues, security companies that organize or provide specific services at an event or for merchandising purposes;
- Postal companies, transport, and delivery companies if we need to send something to you by post;
- Payment service providers if we receive payments from you, or vice versa;
- External representatives and consultants or any other parties involved in our main or ancillary activities;
- Processors who assist us in the IT field in operating our organization, with a view to safe and efficient digital data management within our organization;
- Government bodies, judicial authorities, and practitioners of regulated professions such as accountants and lawyers, for the purpose of complying with our legal obligations and defending our interests, as required.
It is possible that general group data may be passed on to concert halls or other venues where our events take place, in order to create a demographic report. This data is anonymized and cannot be linked back to you.
8.How long do we retain your data?
We do not retain your data for longer than necessary for the purpose for which the data was collected or processed. Since the period for which data can be retained depends on the purposes for which the data was collected, the storage period may vary in each situation. Sometimes, specific legislation may require us to retain data for a certain period. Our retention periods are always based on legal requirements and a balance of your rights and expectations with what is useful and necessary to fulfill the purposes. After the retention period expires, your data will be deleted or anonymized.
9. Where do we store your data and how is it protected?
We implement appropriate security measures on a technical and organizational level to prevent, within the scope of our activities, the destruction, loss, falsification, alteration, unauthorized access, or unlawful disclosure to third parties, as well as any other unauthorized processing of this data.
We also ensure that the processors we rely on take appropriate security measures to minimize the risk of incidents.
If your data is processed outside the European Economic Area (EEA) when using specific services or software tools, this will only be done in/from countries that the European Commission has confirmed as providing an adequate level of protection for your data, or measures will be taken to ensure the lawful processing of your data in these third countries.
10. What are your rights?
Right of access and copy
You have the right to access your data and obtain a copy of it. This right also includes the ability to request further information about the processing of your data, including the categories of data processed and the purposes for which it is done.
Right to rectification
You have the right to have your data corrected if you believe that we hold incorrect information.
Right to erasure (right to be forgotten)
You have the right to request that we delete your data without undue delay. However, we will not always be able to comply with such a request, especially when we still need the data for an ongoing contract or when retaining certain data for a specific period is legally required.
Right to restriction of processing
You have the right to restrict the processing of your data. This temporarily suspends processing until, for example, accuracy is verified.
Right to withdraw your consent
If processing is based on your consent, you have the right to withdraw that consent at any time by contacting us. For marketing messages you receive from us via email based on your consent, you can easily withdraw consent by clicking the unsubscribe link at the bottom of such messages.
Right to object
You have the right to object to the processing of your data based on legitimate interests. This should be based on specific reasons related to your situation. You can also object to the use of your data for direct marketing purposes. For marketing emails, there will always be an opt-out option provided.
Right to data portability
You have the right to receive your data, which you provided to us with your consent or in the performance of a contract, in electronic form. This allows them to be easily transferred to another organization. You also have the right to request that we transfer your data directly to another organization, if technically feasible.
Right to lodge a complaint with your supervisory authority
If you believe that we are processing your data incorrectly, you have the right to lodge a complaint with your data protection supervisory authority.
For the Netherlands:
2509 AJ Den Haag
11. How can you exercise your rights?
You can exercise your rights by contacting us, either by email at firstname.lastname@example.org or by mail to one of the registered offices of our group, along with a copy of the front of your identity card or another document that can identify you. The copy will only be used to identify you in accordance with the GDPR.