PRIVACY POLICY OF EVENTIM.BG ЕOOD

INTRODUCTION

We care about your personal data. With this policy we want to inform you what personal data we collect, what we use it for and how we handle it.

We are EVENTIM.BG ЕOOD, a company registered in Bulgaria under company number 131448006, with seat and management address at 58, September 6th str., Floor 1, Sofia, Bulgaria /hereinafter in this Policy briefly referred to as EVENTIM/.

We are the data controller for your personal data and as such we are responsible for processing and storing your data in a fair, transparent, and secure manner, taking into account your best interest.

Тhe Personal Data Protection Commission (PDPC) supervises how we handle your personal data. The PDCP is an independent government authority, which monitors the lawfulness of data processing activities. All data subjects are entitled to bring a complaint before PDPC in regard to the processing of their personal - contact information and more about the procedure may be found at https://www.cpdp.bg/ .

We have also appointed a data protection officer (DPO), who oversees our data processing activities in our company.

Our Data Protection Officer /DPO/ is Ms Radost Dimitrova Contact details: wolfwellsinternational@gmail.com

You can direct any queries related to your personal data to our team at privacy@eventim.bg.

This version of EVENTIM’s Privacy Policy has been extended and modified in accordance with the requirements of the General Data Protection Regulation - GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council).

Section 1 PERSONAL DATA WE COLLECT

When you buy a ticket from us, you provide us with the following personal data: • Name; • Delivery address; • Residential address /optional/;

• Telephone number; • Email • Payment details - when the preferred payment option is card/bank payment

We need this information, so that we can sell and deliver the ordered ticket to you, i.e. the personal data is needed for the conclusion and execution of the contract for sale of tickets between you and EVENTIM.

Customers who buy tickets for the first time enter this information when creating their personal account at www.eventim.bg. All personal data, listed above, we store in your personal account the following information about your purchases: • For which events you bought tickets - name, location, and date of the events; • Information about purchased tickets: number of tickets, location of the seats, price of the tickets.

All the above listed information will be stored in your personal eventim.bg account, which might be used for marketing / advertising purposes.

If you choose to get your ticket from a physical location (e.g. our office or the premises of a partner company), the physical location may be subject to video surveillance for the purposes of ensuring the security of the premises.

Section 2 DISABILITY INFORMATION

Certain events can provide for special wheelchair accommodation.

If you need such accommodation, you can contact our team via email at privacy@eventim.bg or call us at 02 961 53 70, so that we can provide you with the information and directions you may need.

We assure you that all information shared in regard to health condition and disabilities would be treated as confidential. Such information may be received by Eventim only if sent by initiative of the end customer requesting the purchase of the special ticket.

Section 3 PURPOSES OF DATA PROCESSING

By ordering a ticket via www.eventim.bg, you conclude with us a contract for sale of tickets. The main purpose we collect and use the aforementioned personal data is to make the execution of this contract possible - including sending the tickets to you, respectively arranging the pick-up of the tickets in out retail network.

Your contact details may be used by our team in cases of changes in certain events or their cancellation. Your payment details except for carrying out the payment, also in cases of price refund.

Your email, presented to us in the context of the ticket purchase, while creating your account, may be used for the purposes of direct marketing, in which case the legal bases for the processing would be legitimate interest as per Art. 6, para 1, letter “f” of GDPR.

Your personal data may also be processed if a state authority needs Eventim’s cooperation in relation to various official proceedings, including court, administrative and investigation proceedings related to consumer claims and disputes, ticket fraud etc.

Section 4 PERIOD FOR WHICH PERSONAL DATA IS STORED

Personal data, as listed in Section 1 above, is stored in your personal account in www.eventim.bg for indefinite period of time. You can easily edit your personal details any time /except for the email, which serves as customer’s constant identifier in our system/, and you can request the termination of your account in our webshop anytime by simply contacting our team at nfo@eventim.bg.

After your account has been terminated, we are going to erase all your personal data stored in our webshop. However, the personal data from your account will be stored in our company’s archive for cases of possible court claims or administrative proceedings within a period of 5 years as of the date of the Event for which you purchased your last ticket through your account.

Section 5 AUTOMATIC COLLECTION OF INFORMATION VIA COOKIES

We may also collect personal data via cookies. For more details, please consult our cookie policy

Section 6 LEGAL BASIS FOR PROCESSING

We collect your data on grounds allowed by the European and Bulgarian legislation (esp. EU Regulation 2016/679, also known as the GDPR, and the Personal Data Protection Act, adopted and amended by the Bulgarian Parliament).

We collect your data on the following grounds:

  1. Performance of a contract We collect and use your personal data in order to deliver your tickets to you, to keep you informed of any changes of upcoming events, cancellations, or claims on the basis of our return policy.

We also process your payment information, so that we can verify that you made a payment that allows you to get your ticket.

For the purpose of performing our obligations to you, we may share your personal data with courier companies and financial / payment processing institutions (such as banks, money transfer service providers etc.).

  1. Legitimate interest We store the information entered by you into your personal account in the context of a ticket purchase, as we consider that this is yours and ours legitimate interest. We have legitimate interest to use that information for future marketing campaigns and to keep you informed of exciting future projects.

In addition, we will store the data related to your payments and purchases in order to make sure that this information is available in case of official proceedings such as civil litigation (e.g. if we are sued for damages), administrative and criminal investigations (e.g. if we are audited by the Revenue Agency), consumer claims and disputes, ticket fraud etc.

Video surveillance on our business premises is conducted with the goal of ensuring our security from theft and other potential crimes.

  1. Consent If you did not buy a ticket from us but subscribed to our newsletters and other bulletins, the necessary personal data will be processed on the basis of your consent, which you can revoke at any time by writing a short email to privacy@eventim.bg or click on the “I don’t want to receive any more emails from Eventim.BG” button in every email you receive from us.

Section 7 OTHER COMPANIES AND INDIVIDUALS RECEIVING YOUR INFORMATION

  1. Payments In order to process your payment, your payment data is be shared with our money transfer service providers.
  • When entering your payment card details in EVENTIM’s webshop, the latter are received directly by the money transfer service providers. EVENTIM’s employees do not have access to the full payment information used in this payment operations - only partial and restricted information is viewable for your protection.
  1. Ticket delivery / pick-up We would share any personal information in relation to your order with the courier company handling the delivery of your ticket, resp. with our partners, providing the pick-up of the tickets at a particular desk.

  2. Official authorities and legal advice Your personal data may be transferred or made accessible to various state authorities /investigation and administrative authorities, tax authorities, court/ in relation to official proceedings, including court, administrative and investigation proceedings related to consumer claims and disputes, ticket fraud etc.

If necessary, in such or similar cases your data may also be made available to companies or individuals, providing the respective legal services and advice to EVENTIM in the course of these proceedings.

  1. Complaints and disputes Except for the cases under item 3 above, In case of disputes or claims, for the purposes of refunds or for in order to provide you with support in setting other problematic matters, your personal data may be communicated to the entities, acting as promoters of certain event, or to other entities in EVENTIM’s group.

If necessary, in such or similar cases your data may also be made available to companies or individuals, providing the respective legal services and advice to EVENTIM in the course of these proceedings.

Other entities in Eventim’s group may receive your data also for the purposes of reporting of the process of court trials / paid refunds or other compensation payments.

  1. Video surveillance Video surveillance recordings from our offices could be collected by or shared with a licensed private security company in strict compliance with the video surveillance legislation of Bulgaria.

Section 8 YOUR DATA OUTSIDE OF THE EU

If the recipients of your data are located outside of the EU, we will provide appropriate safeguards that your data is processed with care and diligence that would be required of any EU-based recipient.

Such transfers will be subject to binding corporate rules, standard data protection clauses adopted by the EU Commission, and other data protection mechanism that take into account your rights.

Section 9 YOUR RIGHTS REGARDING DATA PROTECTION

According to GDPR уou have the right to: • Right to access; • Right to rectification; • Right to erasure (right to be forgotten); • Right to restrict processing; • Right to data portability; • Right to object against the processing; • Right to withdraw consent at any time.

Right to access You have the right to obtain access to the personal data held about you by your request; you also have the right to request a copy of the personal data undergoing processing.

Right to rectification You have the right to ask for incorrect, inaccurate or incomplete personal data to be corrected; Depending on the purposes of the processing, you may have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to erasure (right to be forgotten) You have the right to request personal data to be erased when it’s no longer needed or if processing it is unlawful; Please note that Art. 17 of GDPR outlines the cases where we are obliged to erase your data. In some cases we would need to keep your data, even if erasure has been requested /for example for the purposes compliance with a legal obligation which requires processing by Union or Bulgarian Law/.

Right to restrict processing Under certain circumstances you may have the right to request from us the restriction of processing your personal data. For example, you may exercise this right, when we no longer need your personal data for the purposes of the processing, but we still need to store it in our systems and use it for situations like exercise or defense of legal claims.

Right to data portability Under certain circumstances you may have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format (i.e. in digital form) and you may have the right to request the transmission of those data to another entity without hindrance from us, if such transmission is technically feasible.

Right to object against the processing Under certain circumstances you may have the right to object against the processing of your personal data and we can be required to no longer process your personal data. You can exercise this right for example when we use your email address for direct marketing purposes - in such cases once you object, we will no longer be able to send you any marketing materials.

Right to withdraw consent When the processing of your personal data is based on your consent, you can withdraw your consent at any time without giving any reason to us. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

How to exercise your rights:

To exercise your rights, you can contact us with a written request at privacy@evenitm.bg or by regular mail to: Sofia 1142, 58 Shesti Septemvri Str., Floor 1. You may also address your request to the DPO of the company. We will respond to your requests without undue delay and at the latest within 1 month.

Your written request under this Section can be filed on paper or electronically and should include: • Your name; • The email address by which you are registered in your personal account /optional, but highly recommendable/; • Description of your request; • Preferred communication channel /e.g. regular or electronic mail/; • Signature /in case filed on paper/; • Date of the request; • Correspondence address; • Power of Attorney - if filed on somebody else’s behalf.

  • You may be asked to provide information to confirm your identity (such as clicking a verification link or providing a verification code) in order to exercise your rights.

Section 10 NOTIFICATION OF CHANGES TO THIS PRIVACY POLICY

You will be notified by email for any changes of this Privacy Policy and you will be able to object to any such changes. The changes can also be communicated to you, when you visit our website.

Section 11 HOW WE ENSURE THE SECURITY OF YOUR DATA

All of your personal data will be transferred by SSL (Secure Socket Layer) at a 128 Bit encryption (high) (RSA with a 1024 Bit rate) and can therefore not be misused by third parties. This is the most current security standard on the internet at the moment.

Eventim.bg is Thawte (www.thawte.com) certified. A certificate from an authorized certifying authority guarantees a secure transfer of your data and the authenticity of our server.