Last update: January 1, 2019
Responsible for data processing is Ravello Concert Society Ltd - Via Trinità, 3 84010 Ravello SA - Italy. This company is also meant if the terms 'we' or 'us' are used in the following.
You can contact our data protection officer at the above address and at firstname.lastname@example.org.
We have taken technical and organisational measures to ensure the security of your personal data. For example, we use the Transport Layer Security (TLS) for the transmission of data for encryption.
You are not obliged by law to provide us with the personal data stated in this Privacy Notice. Specifically, the contractual relationship that you have entered into with us by agreeing to our GTC does not imply any obligation to provide your personal data. However, the transmission of the contract information provided by you to us is a basic requirement for the conclusion of a contract with us. In addition, you may not use the website or only to a limited extent if you do not provide us with certain data or object to the use of this data.
1. Which personal data we process and from which sources:
When we make our website available to you, we process personal data from various sources. On the one hand, these are data that we automatically process for every visitor when the website is accessed. However, this may also be data that you have voluntarily provided to us or that we receive from the concert organisers.
Data that we automatically collect when you use our website:
As soon as you visit the website, you send technical information to our web servers. This happens regardless of whether you make a booking or subsequently register with an account with us to use the website. In any case, we collect the following access and web access data (which we call 'Usage data'):
- Date and time of the visit and the duration of the use of the website
- The anonymized IP address of your device
- the referral URL (the website from which you may have been referred)
- the visited sub-pages of the website or sub-pages of the app and
- more information about your device (device type, browser type and version, settings, operating system).
We process the Usage Data in order to enable you to use the website and to ensure the functionality of the website. In addition, we process the Usage Data to analyze the performance of the website, continuously improve the website and correct errors. . However, we also process usage data in order to guarantee IT security and the operation of our systems and to prevent or detect misuse, in particular fraud.
We store this usage data exclusively in anonymous form, so that it is no longer possible to draw any conclusions about your person.
Data that you yourself transmit to us:
In addition to the data we receive from all visitors, we also process other data. The exact amount of this data depends on how you use the website. You can use the website with or without a user account.
If you decide to create an account and/or make a booking or reservation, please let us know:
- Your name
- Your e-mail address
- Information on the payment method you have selected.
The data entered during registration will be used for the purpose of providing the website and for notification by e-mail of any information relevant to the website or registration, such as changes in the scope of the website or technical circumstances. If you give your separate consent, we will also save your e-mail address for sending our newsletter.
We process this information to complete your booking (including payment), inform you of the status of your reservation and issue you your e-ticket.
booking has already been paid in full and definitively.
If you contact Customer Service at email@example.com the written communication between you and service staff and notes on each transaction will be stored until it is completed in order to ensure smooth customer service at all times when the transaction is resumed by other service staff.
2. The purposes for which we also process your data:
We have already informed you above for which purposes we process your data in individual cases. In addition, we may process your data for further purposes. This includes, for example, the disclosure of your personal data to third parties if we are legally obliged to do so, but also the assertion of legal claims on our part or the defence against legal disputes.
3. The legal basis for processing:
When processing your personal data, we rely on various legal bases in accordance with the so-called General Data Protection Regulation, an EU-wide legal framework for standardising data protection laws ('GDPR'). These are in detail:
Your consent (Article 6 (1) a) GDPR):
By registering or making a booking with your account details, you expressly agree to the data processing described in detail in this Privacy Notice by ticking the box before sending the registration or booking form: If we process your data within the framework of booking or providing your user account, it is therefore because you have consented to this. Your consent is therefore the most important legal basis for the processing of your personal data by us.
Fulfilment of our contractual obligations towards you (Article 6 (1) b) GDPR):
At the same time, your data will also be processed for the provision of the website as part of the fulfilment of our contract with you. Accordingly, in most cases the processing is not only justified by your consent, but also because it is necessary to fulfil our contract with you. For example, if you book a concert ticket via the website, it is necessary to process the booking data to save your booking.
Our legitimate interests (Article 6 (1) f) GDPR):
There are also cases in which we would be entitled to process your data without your consent because it is necessary to protect our legitimate interests (or the interests of third parties). In this respect, the purposes described above, for which we process your data, also represent legitimate interests in many cases. This means that we may process the data necessary to guarantee the security of our IT systems in any case, even if you have not given or withdrawd your consent to this processing. This also concerns the prevention of abuse of our website or the personalisation of advertisements to your interests (so-called direct marketing).
Legal requirements (Article 6 (1) c) GDPR) or in the public interest (Article 6 (1) e) GDPR):
In addition, we are legally obliged to process certain data in individual cases in order to provide information to law enforcement authorities or tax authorities.
4. With whom we share your information:
With the exception of the service providers and partners described below, we will not pass on your data to third parties. Insofar as the respective listed recipients of the data receive data, these recipients will process your data solely on our instructions and have undertaken to comply with strict requirements for the security of your data.
In order to complete your booking and to secure your right to attend the respective concert, we will pass on your name and contact details (e.g. e-mail) as well as your ticket number to the staff at the concert venues.
In addition, we transmit data to our hosting service providers that enable us to provide the website. The providers listed in our information on cookies and tracking tools will only receive your anonymized data as further explained there.
In the case you submit a "feedback e-mail", we also send your e-mail address to the provider of the 'Elasticemail' newsletter service, which we use to enable our newsletter to be sent by e-mail. Provider is the Elastic Email Inc.- Unit 107, 1208 Wharf Street - Victoria, BC V8W 3B9 Canada.
5. Data processing outside the EEA:
We do not transfer your access and account data to countries outside the EEA (so- called 'third countries'). We do not host your data in third countries and all your data is located on the servers of our hosting service provider in Netherlands by SiteGround Spain S.L. - Calle de Prim 19 - 28004 Madrid.
In some cases, however, your data will be processed in third countries. This applies in particular to third party cookies provided by companies based in the United States. However, we will ensure that an adequate level of data protection is guaranteed at all times. We ensure that data recipients are either certified according to the so-called 'EU Privacy Shield' (as with Google, Elastic Email and Facebook) or that the so-called EU standard contract clauses are included in our contracts with these providers in order to guarantee the security of processing and an appropriate level of data protection.
6. Data retention periods:
We process and store your personal data insofar as this is necessary to fulfil our contractual or legal obligations. Therefore, we store the data for as long as our contractual relationship with you exists and after termination only to the extent and for as long as required by the law of the Italian Republic. All other data will be deleted when you log out of the website or are no longer needed to complete a booking. If the remaining data is no longer required to fulfil legal obligations (e.g. in accordance with tax or commercial law) after your deregistration or the closing of your booking (insofar as this took place without creating a user account), it will be regularly deleted, unless further processing is necessary to preserve evidence or to defend against legal claims against us. For the preservation of evidence, for example, your IP address and the exact time of issue are required if you have given us your consent (e.g. to receive the newsletter).
7. User profiles:
We don't use your data to create a user profile. This means that we don't use your information to provide you with a personalized website based on your personal preferences and interests, and/or to provide you with customized offers based on your past behavior. For example, your computer's IP address is not used to identify your geographic location and provide you with localized content in your local language.
8. Your legal rights under the GDPR:
You can assert the following rights against us within the scope of the GDPR with regard to your personal data:
Your right to information and access in accordance with Article 15 of the GDPR,
Your right to rectification under Article 16 GDPR,
Your right to erasure under Article 17 GDPR,
Your right to limitation of processing under Article 18 GDPR and
Your right to data portability under Article 20 GDPR.
You also have a right of appeal to the competent data protection supervisory authority (Article 77 GDPR in conjunction with § 19 BDSG).
You can also withdraw your consent to the processing of your personal data at any time. This also applies to the revocation of declarations of consent that we received before the GDPR became valid, i.e. before 25 May 2018. However, this revocation only applies to the future. Any processing that took place before the revocation remains unaffected by this.
9. Changes to this Privacy Notice