Who we are
1. The purpose of the document
1.1 This document will explain what personal data we collect relating to our customers, suppliers, business customers, website visitors and job applicants, how we collect it, where do we store it, how do we use it and when and why do we delete it. We are required to notify you of this information under data protection legislation.
1.2 Eventim HR is compliant with the GDPR principles when gathering and using the customer data. Please read the policy in order to understand the processing of your personal information.
1.3 Eventim HR is the ‘data controller’ – we gather and use your information.
2. What information are we collecting?
2.1 Personal data, or personal information relating to an identified of identifiable natural person. There are special categories of more sensitive personal data which require a higher level of protection.
2.1.1 For Customers we will collect, store, and use the following categories of personal information about you:
18.104.22.168 Your name, surname, addresses, telephone numbers, personal email addresses and information whether you are, or you are over the age of 16. We need this information to be able to provide the services you expect from us, such as ticket sales, experience, and to inform you about the new interesting events. This helps us to tailor our service so that you can benefit from it.
22.214.171.124 When visiting this website, we collect your IP address, data showing when you visited, which pages you looked at, information about your operating system, device, and browser version. This data is gathered using cookies. You can select which cookies you will enable or disable on our website (https://www.eventim.hr/en/cookie_policy/).
126.96.36.199 If you should login with your Facebook profile (via Facebook plug-in), only your Facebook personal data will be processed. Please review and update your Facebook privacy settings if you choose the mentioned option to login.
188.8.131.52 Your card number will not be collected and stored by Eventim HR. It will be collected by our payment system Corvus Pay d.o.o. This is so they can safely process your payments you choose to make online.
2.1.2 For our business partners, we collect, store, and use minimum amount of personal data (name, surname, email and telephone) in order to provide our services to you, such as the lease of out ticket sale system and the inclusion into the ticket sale system.
2.1.3 For our job applicants, we collect, store, and use the following categories of personal data:
184.108.40.206 Name, surname, telephone number, email, sex, date of birth, prior work history, references, and other information you choose to share with us in your CV. This type of data helps us to enter a contractual relationship with you.
3. Special categories of data
We process special categories of personal information in the following circumstances:
3.1 We process health information, including information relating to any disability to make reasonable adjustments to our services, for example, if the organizer or venue need to make, or have made special arrangements.
3.2 Also, we process information regarding sensitive group of people, i.e. children to make reasonable adjustments to our services, for example, if the organizer or venue need to make, or have made special arrangements
3.3 We only process special category information with your explicit consent, i.e. when you buy the tickets dedicated to the special categories of data (people with disabilities or children).
4. How we collect your personal information?
4.1 We collect personal information from you directly when you register with us or contact us about our services or when we contact you. This may be by telephone, email, or social media accounts.
5. Why do we need your personal information?
5.1 When you register with us, we will use your personal information to perform our contract with you, i.e. provide you with the tickets you wish to purchase. To do this, we will process your personal information in the following manner:
5.1.1 to provide our services to you. Our services consist of providing you with the desired tickets, charging your order and sending the tickets to your address, email, or phone.
5.1.2 to contact you about any other suitable and interesting events so that you do not miss the tickets. We will use an automated process to evaluate your personal information against the upcoming offers and consider whether you would be interested in them. We will send you a promotional email containing the new offer(s) based on this process.
5.1.3 To inform you about any changes regarding the events (change of the venue/date, cancellation) and fulfill your expectation from our service
5.1.4 To manage your loyalty subscription if you have subscribed to Event.card – this means sending you promotional offers for which you have applied.
5.1.5 To protect you from identity and card fraud.
6. What are the legal bases for us to use your personal information?
6.1 We will only use your personal information to fulfill the contract, where we have legitimate interest to do so, where you have given us consent by opting in any services we provide and when the law allows us to do so. We are allowed to do this as long as our activities do not disproportionately intrude your privacy. We will use your personal information:
6.1.1 where we need to perform the contract we have entered into with you – provide you with the tickets.
6.1.2 where we need to comply with a legal obligation;
6.1.3 where it is necessary for our legitimate interests:
220.127.116.11 We want to fulfill your expectations as our client and customer
18.104.22.168 We do not want you to miss the new upcoming events and offers;
22.214.171.124 We want to ensure the running of our business as a ticket distributing company
6.1.2 Where it is necessary for the interest of a third party, such as promoters with special packages and offers for their events. We will process your personal data to fulfill your expectations as our client and customer.
7. If you don’t provide us your personal information
7.1 If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (provide you with the tickets), inform you about the changes regarding the event or inform you about the suitable event and offer.
8. Change of purpose
8.1 Please note that we may process your personal information without your knowledge or consent, where this is required or permitted by law, such as fraud investigation.
9.1 We will use an automated process to evaluate your personal information against the upcoming offers and consider whether you would be interested in them.
9.2 We will send you a promotional email containing the new offer(s) based on this process.
10. Who are we going to share your personal data with and for what purpose will they use your personal information?
10.1 We will share your personal information with the following third parties:
10.1.1 to the promoters who need your personal data in order to provide you with the service (i.e., special packages which include offers other than just the ticket – meet&greet, merchandise, early entrance…);
10.1.2 When required by law or other regulation, we will share your data with tax, audit, or other authorities.
10.2 All of our third-party service providers and other entities in the Eventim Group are required to take appropriate security measures to protect your personal information in line with our policies and the GDPR. We do not allow our third-party service providers to use your personal data for their own purposes.
10.3 The categories of these recipients and confirmation data is not transferred outside the EU.
11. Where we process your personal information
11.1 We process your information on several processors for different purposes (providing the service, i.e. fulfilling the contract, and where we have legitimate interest to do so):
11.1.1 our central database, which is held on secure servers within the Eventim Group. Information on our database may be accessed by the companies of our Group at our request in order to perform specific processing activities (e.g. to erase your data at your request).
11.1.2 Our website developers; Dhimahi d.o.o., Tržaška 202, SI-1000 Ljubljana, Slovenia, firstname.lastname@example.org
11.1.3 Our newsletter processor; Episerver AB, Regeringsgatan 67, Box 7007, 103 86 Stockholm, Sweden, email@example.com
11.1.4 Ticket development; Nolock software solutions (nolock Softwarelösungen GmbH), Strobachgasse 6, 1050 Wien, Österreich, firstname.lastname@example.org
11.1.5 Payment facilitator: Zagrebačka banka d.d., Trg bana Jelačića 10, 10000 Zagreb, tel.: 01 3773 333;
Corvus Pay d.o.o., Buzinski prilaz 10, 10010 Zagreb, tel.: 01 6389 441;
KPS Payment GmbH & Co. KG, Contrescarpe 75A, 28195 Bremen, email@example.com.
Erste&Steiermärkische Bank d.d., Jadranski trg 3a, 51000 Rijeka, tel. broj 0800 7890.
11.1.6 For postal services; Hrvatska pošta d.d., Zagreb, Jurišićeva 13 and DHL d.o.o., Utinjska 40, Hrvatska
General Logistics Systems Croatia d.o.o. (GLS), Stupničke Šipkovine 22, Donji Stupnik, 10225, tel: 2042 672.
12. Data Security
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way. All your personal data will be transferred by SSL (Secure Socket Layer) at a 128 Bit encryption (high) (RSA with a 1024 Bit rate) and can therefore not be misused by third parties. This is the most current security standard on the internet at the moment. We have put in place procedures to deal effectively and in a timely manner with any suspected or actual personal data breach and will notify you and the local regulator of such a personal data breach where we are legally required to do so.
13. Data Retention and Erasure
We will only keep your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal requirements.
13.1 For fulfilling our services, we will keep your personal data (name, surname, address, contact) in our main system for five years from the date of your last order. Afterwards, it will be deleted.
13.2 For accounting reasons, we will keep your personal information (name, surname, address, contact) on our main server for eleven years from the date of your last order. Afterwards, it will be deleted.
13.3 For marketing reasons (e.g. newsletter, information about what events you were interested in), we will keep your personal data (name, surname, address, contact) with our processors for five years from the date of your last order. Afterwards, it will be deleted. However, if you have signed up for notifications, your data will be kept until you unsubscribe or make a request to delete personal data.
13.4 If you have any questions in relation to the retention and deletion of your personal data, please contact firstname.lastname@example.org.
14. Your rights in relation to our processing of your personal data
14.1 Please, inform us of any changes regarding your personal information. It is important that the personal information we hold about you is accurate and current. If you fail to update your personal information, it can result in the service not being provided. For example, if you do not inform us about a change of your address, you might not get the ticket.
14.2 You have the right to be informed about what we are doing with your personal data. If we change what we are doing, we will provide you with an updated version of this policy.
14.3 You have the right to object to the processing of your personal data.
14.4 You have the right to request access to your personal information and to check that we are lawfully processing it.
14.5 You have the right to request us to correct and complete any incorrect or incomplete data related to you.
14.6 You have the right to request us to delete the information we hold about you. If you ask us to delete your personal information, you can still use our services as a guest. Unfortunately, we will not be able to provide our full services to you, such as sending you the important information about the event (change of venue or date, cancellation), or the information about the new and exciting events and offers.
14.7 You have the right to restriction of processing in certain situations and you have a right to object to processing based on our legitimate interests and for direct marketing purposes. We will not be able to process your personal data relying on a legitimate interest anymore, meaning you might miss our new offers and events.
14.8 You have a right to receive the information you gave to us back in a ‘machine-readable’ format and you may have the right to request the transmission of those data to another entity without hindrance from us, if such transmission is technically feasible.
14.9 If you want to exercise your rights, please contact email@example.com.
14.10 We will need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights where we need to be satisfied the request is genuine).
16. Contact us