We take the necessary care of your personal data. With this policy, we would like to inform you about the personal data we collect, how we use it and how we protect it.
- Who we are?
We are “Eventim.BG” OOD, a company registered in Bulgaria under unique identification code (UIC) 131448006, with seat and registered address at 58, 6th September Str., Fl. 1, Sofia, Bulgaria /hereinafter referred to as “EVENTIM”/.
We are the administrator of your personal data and as such we are responsible for keeping and processing your data in a fair, transparent and secure manner.
- What personal data we collect?
When buying a ticket:
You provide us with the following personal data:
• Delivery address or Home address (optional);
• Phone number; • Email address; • Payment details - when your preferred payment method is via card / bank payment. We need this information so we can make the sale and deliver the ordered ticket to you, i.e. personal data is necessary for the conclusion and performance of the ticket sale agreement between you and EVENTIM. Customers who purchase tickets for the first time enter this information when they create their own personal account at www.eventim.bg.
Information for persons with disabilities
Some events may provide specialized wheelchair accommodation.
Should you need such specialized accommodation, you may contact our team at email@example.com or call 02 961 53 70 to provide you with the necessary information and guidance.
We assure you that all information shared about your health and disability will be treated as confidential. Such information can only be obtained from EVENTIM if it is sent at your initiative in order to purchase the special ticket.
When creating personal account (profile) on www.eventim.bg
Along with all data listed above, we store the following information about your purchases in your personal account:
• Which events you have purchased tickets for - name, location and date of events;
• Ticket information: number of tickets, location of seats, ticket price.
All listed information will be stored in your personal account at www.eventim.bg, which can be used for marketing / advertising purposes, including profiling for direct marketing purposes. You have the right to object to such processing at any time, including profiling, insofar as it relates to direct marketing.
If you decide to get your ticket from a physical location (for example, from our office or on partner's premises), you may be subjected to video surveillance to ensure the security of the premises. Automated data processing at www.eventim.bg Additionally, we process information about the usage of our website that helps us understand how you use our services, including searches and search preferences, keeping track of your searches and the way you browse our website (which may include your IP address, visit time, visited pages, page interactivity, limited location information, used device and software, initial or re-visit of the page, traffic source information). We collect this information automatically by using cookies. For more information, please see our Cookies Policy.
- For what purposes do we use your data? By ordering a ticket through www.eventim.bg we sign a ticket sale agreement with you. The primary purpose of collecting and using the above personal data is to make it possible to perform this contract - including sending of tickets to you, respectively - to organize the receipt of tickets in our network of partners. Your contact details can be used by our team in the event of changes to or cancellation of certain events. Your payment data may also be used by EVENTIM in the case of a refund.
The email address presented to us in the context of the ticket purchase when creating your account can be used for direct marketing purposes, in which case the legal grounds for the processing would be our legitimate interest. You have the right to object to such processing at any time, including profiling, insofar as it relates to direct marketing. We use information for common usage to improve your stay on our website and increase the quality of the services we provide to you, as well as to protect ourselves from abuse and fraudulent activities. Your personal data may also be processed in connection with various formal proceedings, including pre-trial, judicial and administrative proceedings related to consumer claims and disputes, ticket fraud, etc.
- On what grounds the Company processes your personal data?
We collect your data on grounds permitted by the European and the Bulgarian legislation, and in particular: In the process of contract performance: We collect your personal data so that we can confirm that you have made a payment permitting you to receive your ticket, deliver or transfer your tickets to you and to inform you of any changes to forthcoming events, cancellations or claims based on our return policy. For the purpose of fulfilling our obligations under the purchase agreement, we may transfer your personal data to courier companies and financial institutions / payment processing institutions (such as banks, payment service providers, etc.).
We store the information you have entered into your account in the context of ticket purchase as we believe this is your and also our legitimate interest.
We have a legitimate interest in using this information for future marketing campaigns and to inform you of exciting future projects.
We also analyze statistical and technical data on our site‘s overall use, visits and user behavior for the functionality of the website as well as our products and services on the basis of these analyzes, as well as to protect ourselves against abusive practices and fraudulent activities. In addition, we will store data relating to your payments and purchases to ensure that this information is available in the case of formal proceedings such as civil cases (for example, if claims are filed against us for damages), administrative and criminal investigations (e.g. check or revision by the National Revenue Agency), consumer claims and disputes, ticket fraud, etc. Video surveillance of our commercial premises is done in order to ensure our security of theft and other potential crimes.
If you have not purchased a ticket from us but have subscribed to our newsletters, the necessary personal data will be processed based on your consent, which you can withdraw at any time by writing a short letter to firstname.lastname@example.org or click the „I do not want to receive more emails from Eventim.BG“ button in any email you receive from us. Withdrawal of consent does not affect the lawfulness of consent-based processing prior to its withdrawal.
- Natural and legal persons receiving your data
The Company is committed to preserving the confidentiality of your data and to comply with all legal requirements regarding the sharing and disclosure of this personal data. Such disclosure only occurs if there is good reason to do so and sufficient guarantees to ensure an adequate level of protection. The Company may disclose your personal data to the following recipients when it is legal and / or necessary, for example:
• Database service providers; website maintenance and analysis services and IT software maintenance services; • Providers of postal and courier services; • Ticket pick-up outlets; • Central and local authorities and other public authorities (eg NRA, NSSI); crime prevention and detection bodies and regulatory authorities which have the authority to request information from us; • Our lawyers, professional consultants and auditors. • Eventim Group companies.
Please note that for the safe and fast delivery of your tickets, we have integrated together with Speedy (www.speedy.bg) a platform (software solution) that automatically sends the courier company your contact and delivery data after completing your order. This is why Speedy is a joint data controller with respect to this data.
- Your personal data outside the European Economic Area
If the recipients of your data are outside the EU, we will provide reasonable assurance that your data will be handled with due care and attention that would be required by an EU-based recipient. Such transfers will be subject to binding corporate rules, standard data protection contractual clauses adopted by the European Commission, and any other data protection mechanism that takes your rights into account. Please note that the the website usage information collected automatically through some of the cookies used by us may be transferred to a Google server in the United States because we use Google Analytics - a Google LLC web service („Google“). On our behalf, Google will use this information to assess the use and compile reports on the functionality and attendance of the website and provide us with additional services related to its services. We should also note that we are also using social plugins („plugins“) provided by the social networks Facebook and Twitter. Those services are provided by: • Facebook Inc. 1601 Willow Road, Menlo Park, CA, 94025, USA. You can find an overview of these plugins and their appearance here: https://developers.facebook.com/docs/plugins; • Twitter Inc. 1355 Market St # 900, San Francisco, CA 94103, USA. You can find an overview of these plugins and their appearance here: https://developer.twitter.com/en/docs/twitter-for-websites/
When you visit our website, these plugins establish a direct connection between your browser and Facebook / Twitter servers. Plug-in content is delivered directly to your browser and integrated into the web page. By plugging in plugins, Facebook / Twitter gets the information that your browser has visited the relevant page of our website, even if you do not have a social networking account or you are not currently logged in. This information (including your IP address) is transferred directly to Facebook / Twitter servers and stored there.
If you‘re signed in to your social networking site, the platform can link your visit to our website with your account. For example, when you click on the „Like“ button (for Facebook), the relevant information will be sent to Facebook servers and stored there.
• Facebook: www.facebook.com/about/privacy
• Twitter: www.twitter.com/en/privacy If you do not want such automatic linking of the data collected by visiting our website on your Facebook / Twitter account, you must sign out of the network before visiting our website. Google LLC, Facebook Inc. and Twitter Inc. are parties to the „Privacy Shield in the EU-US Relations“ (Privacy Shield). This ensures an adequate level of protection for your data. The full text of the EU-US privacy framework can be found at the following address: privacyshield.gov/EU-US-Framework.
You can prevent Google Analytics to track usage data by using opt-out browser add-on that can be found here: tools.google.com/dlpage/gaoptout.You can also completely prevent plug-ins from plug-ins for your browser, such as the NoScript script blocker (noscript.net/).
- Period for which personal data is stored We will store and process your data for a period no longer than is necessary to achieve the purposes for which it was collected or to their compatible purposes. For example: • We process data based on your consent until you withdraw this consent; • We use your data based on our legitimate interests, insofar as such processing does not go beyond your rights and interests to be erased or anonymized; • We use your data for conclusion or performance of a contract for as long as the contractual relationship with you is in force or in accordance with the legal deadlines applicable in case of disputes regarding the services provided by us.
Also, personal information is stored in your personal account at www.eventim.com for indefinite period of time. You can easily edit your personal details at any time / besides the email that serves as the permanent identifier of the client in our system(s) / and you can request to deactivate your account at our website at any time by contacting our team at email@example.com.
Once your account is deactivated, we will delete all of your personal data stored in our web store. However, personal data from your account will be stored in our company archive for cases of possible legal claims or administrative procedures within a period of 5 years from the date of the event for which you purchased the last ticket through your account.
- How the Company protects personal data?
The Company will take all necessary action and measures to ensure the security of personal data and to prevent unauthorized access to, collection, use, disclosure, copying, modification, disposal, erasure or other unauthorized use of data by unauthorized persons. All your personal data will be transmitted through SSL (128 bit encryption) (RSA at 1024 data rate) and therefore third parties will not be able to abuse them.
Eventim.bg is certified by Thawte (www.thawte.com). A certificate from a licensed certification body guarantees the secure transfer of your data and the authenticity of our server.
- Your personal data protection rights
You, as a data subject, have the following rights:
Right to access your personal data: know whether we process your personal data, what categories, for what purposes and to whom we disclose it;
Right to request updating (correction) of incomplete, inaccurate, inappropriate or obsolete data. In addition, you may request to restrict the processing if: we process your personal data without legal basis; after fulfilling the purposes for which it was collected; if you have objected to the processing based on our legitimate interest. In this case, we will not process (except stotage) it until we verify this statement.
Right to object to: fully automated decision making, including profiling; if there is another legal basis; when processing takes place on our legitimate interest grounds or when it is proessed for direct marketing purposes.
You may request to delete your personal information, but we may be legally obliged to store this information and not to delete it (or to restrict the processing for a certain period of time, in which case we will comply with the request for deletion only once we have met these requirements).
A right to ask for the data we hold to be provided to you in a commonly used machine-readable format (e.g. a computer) and / or to be passed on to another organization but only when the processing of your data is based on a contract or your consent and that processing is done automatically.
If you believe that your rights in terms of privacy and data protection are violated, you can contact the Commission for Personal Data Protection.
How to exercise your rights?
In order to exercise some of your rights, you can contact us by phone, e-mail, regular mail or fill in a form in our office. We will respond to every request for access to personal data no later than one month after submitting it in electronic form unless you specify another preferred way.
You can also send your request to the Company‘s data protection officer (DPO). Our DPO is Mrs. Radost Dimitrova. Contact details: firstname.lastname@example.org.
Your written request should include:
• Your Name; • The email address you are registered with in your personal account; • Preferred form of communication (e.g., regular mail or e-mail); • Signature (in case of paper delivery); • Date of request; • Mailing address; • Power of attorney - if the request is filed on behalf of someone else.
The Company may ask you to provide additional information needed to verify your identity (eg by clicking on a confirmation link or by providing a verification code) to exercise your rights.
You may address any questions relating to your personal data to our team by email: email@example.com.
Last updated date: September 27, 2018