PRIVACY POLICY FOR AVICII EXPERIENCE
This Privacy Policy describes how Avicii Experience, operated by Pophouse Exhibitions AB, org. no. 559412-5691 and other companies that are at all times part of the Pophouse company group (“the Group” or “we”) process personal data about you when you use our services, e.g. purchase a ticket and visit Avicii Experience, make purchases from us, visit our website or if you are a current or prospective supplier or partner representative.
Your privacy is important to us. We have therefore drawn up this privacy policy (“Privacy Policy“) which describes how we collect, use, share and store your personal data. Read the Privacy Policy to familiarise yourself with how we handle your personal data and do not hesitate to contact us if you have any questions. Our contact details are available under the section ”Contact Information” below.
The data controller for the processing of personal data is responsible for ensuring the processing of your personal data takes place in accordance with the General Data Protection Regulation (GDPR) and national data protection legislation, which exists to protect the privacy of individuals. The data controller is the entity that determines why and how your personal data are being processed.
In most cases, Pophouse Exhibitions AB is the data controller. In other cases, the parent company of the Group, Pophouse Entertainment Group AB, or any other subsidiary companies within the Group may be the data controller, either alone or together with another Group company.
HOW WE PROCESS YOUR PERSONAL DATA
“Personal data” refers to all information that can be directly or indirectly linked to a natural person living today. We may ask you to provide personal data when you use our services. You do not have to provide the personal data we request, but if you choose not to do so, we may, in certain cases, not be able to provide you with our services.
From where is your personal data collected?
From you:
We collect the personal data that you yourself provide to us and which is relevant for the services we provide you. You can provide us with data in a number of ways, including: corresponding with us by e-mail, phone or otherwise, subscribing to newsletters, contacting customer support, make purchases etc.
From third parties:
In addition to the information you provide to us, we may collect information from third parties such as ticket providers or other operators through which you have booked your service, or through cookies on our website.
Personal data we process and why
We use your personal data to provide our services to you, which includes: offering products for sale, processing payments, shipping and fulfillment of your order, and keeping you up to date on new products, services, and offers. We may process your personal data for the following purposes:
1. Personal data
o Identity information such as name and social security number.
o Contact information such as address and telephone number.
o Work-related data such as job title and workplace.
o Payment information such as billing address and credit card number.
Purpose
o To perform and administer the agreement or relationship with an existing or potential customer or partner, e.g. provide our services, communication, purchases, payments and invoices.
o To provide customer support to you upon request.
o To improve our services for internal operations, monitor and analyse trends, usage and activities in connection with the service.
Legal basis
o The processing is necessary for the performance of a contract with you. If there is a contract between us.
o Our legitimate interest of manage the relationship with you or the organization that you represent (Processing is necessary for the purposes of the legitimate interests).
o Processing is necessary for our legitimate interest to provide customer support to you (Processing is necessary for the purposes of the legitimate interests).
o Processing is necessary for our legitimate interest to improve our services (Processing is necessary for the purposes of the legitimate interests).
2. Personal data
o Technical information, including IP address, login information, browser type and version, time zone setting, browser plug-in types and versions, operating system, platform, device type, hardware model, MAC address, unique device identifiers and mobile network information.
Purpose
o To ensure our website’s functionality.
o To develop and analyze our website based on how it is used, to analyze your online behaviour.
Legal basis
o Our legitimate interest to provide and develop our webpage (Processing is necessary for the purposes of the legitimate interests).
o Cookies that are not strictly necessary are used with your consent (Consent).
3. Personal data
o Identity information such as name.
o Contact information such as address and telephone number
o Work-related data such as job title and workplace
o Pictures taken at our events or similar.
o Other information you provide to us.
Purpose
o Marketing of our services e.g. by newsletters, social media, publications and events.
Legal basis
o When marketing to consumers, or where otherwise required by applicable law, we will target marketing to you only if you have provided your consent for marketing, unless marketing relates to the same or similar products and services which we have marketed to you previously and therefore received your contact information (Consent).
o Our legitimate interests in the marketing of our services. We may target marketing to companies if it has not explicitly denied such marketing (Processing is necessary for the purposes of the legitimate interests).
4. Personal data
o Identity information such as name and social security number
o Contact information such as address and telephone number.
Purpose
o To provide personal data at your request.
Legal basis
o To perform our responsibilities in accordance with privacy laws (Compliance with legal obligations).
5. Personal data
o Identity information such as name and social security number.
o Contact information such as address and telephone number.
o Work-related data such as job title and workplace.
o Financial details such as bank account and payment information.
Purpose
o To comply with legal obligations, e.g. in relation to archiving, accounting and tax requirements.
o Protect our legal interests, determine, claim or defend legal demands.
Legal basis
o E.g. To perform our responsibilities in accordance with the Anti-Money Laundering Act, the Accounting Act, the Whistleblowing Act etc (Compliance with legal obligations).
o Our legitimate interest of the establishment, exercise or defense of legal claims (Processing is necessary for the purposes of the legitimate interests).
In addition to the above, we conduct video surveillance at our premises at Sergelgatan 2, 111 57 Stockholm, for the purpose of preventing and discovering crime and consequently protecting our staff, visitors and premises. Video surveillance is deemed to be a justified mean for this purpose, and the surveillance is performed with support of legitimate interest. Visitors of our premises are notified of the video surveillance through information signs located at the premises.
Video images from the video surveillance are stored for 30 days but can be retained for longer time if needed for legal obligations. Access to the video surveillance is strictly limited to a small group of approved handlers. Video data is only reviewed where required for the purpose of the video surveillance.
DURATION OF PROCESSING
We process your personal data for the time that the processing is necessary to fulfil the purposes for which the data was collected and/or we have a legal obligation to retain the personal data. For example, it can be situations when we are in contact with you via e-mail, when we provide information at your demand or when we process information from cookies.
In certain cases, legal or regulatory obligations (for example in the case of tax related matters) require us to retain specific records for a set period of time. In the case of tax/bookkeeping related matters we are for example obliged to keep data concerning your remuneration for at least seven years.
We are using the following criteria to establish our retention period: (i) as long as we have an ongoing contractual relationship with you (or for a shorter period provided that the personal data is no longer necessary in relation to the purposes for which they were collected); (ii) as required by legal obligations to which we are subject (such as tax and accounting obligations); (iii) as necessary in light of our legal position in order to establish, exercise and defend against legal claims; and (iv) as necessary to meet our legitimate business needs (such as for planning, follow-up etc).
RECIPIENTS GIVEN ACCESS TO YOUR PERSONAL DATA
Where applicable, we may share your personal data with third parties. Your personal data is only shared with trusted third parties, such as authorities and partners, and we will never sell your personal data to anyone else. Sharing your personal data with third parties is based on the same purpose and legal grounds for which it was collected. Below are the categories of recipients with whom your personal data may be shared.
Companies within the Group and its affiliates: Personal data may be transferred between companies within the Group in relation to the purposes set out in this Privacy Policy.
Suppliers and partners:
The Group uses suppliers for, e.g., its computer operations and personal data may therefore be transferred to these suppliers. This may include suppliers of IT services, such as for software and data storage, financial service providers, as well as other business consultants and service providers, such as advertising and ticket agencies. Our suppliers and partners process your personal data only on behalf of the Group, in accordance with our instructions, and only after they have signed a personal data processing agreement in accordance with applicable law, in order for us to ensure a high level of protection for your personal data. We use Shopify to power our online store. You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.
Authorities:
The Group may disclose personal data to third parties if the Group is obliged to disclose such information on the basis of law or decision by a public authority.
Transaction:
If we intend to sell, reorganize or otherwise transfer all or part of our business, your personal data may be disclosed to a potential buyer.
TRANSFER OF PERSONAL DATA OUTSIDE THE EU/EEA
The Group may transfer data to partners and subcontractors outside the EU/EEA, a so-called “third country”. When we transfer personal data to a third country, we will take necessary measures to ensure that the personal data is processed in a secure manner by applying an appropriate safeguard, e.g. ensure that the transfer takes place primarily to organizations covered by the EU-US Data Privacy Framework from the European Commission, or by entering into the EU Commission’s standard contractual clauses. You have the right to obtain a copy of the standard contractual clauses by contacting us.
We may transfer your personal data outside the EU/EEA to the following categories of recipients:
Suppliers and partners:
In some cases, your personal data may be shared with suppliers and partners outside the EU/EEA. These may be suppliers of IT services as well as financial service providers to conduct our business with its registered office or server in a country outside the EU/EEA.
Social media:
When you visit or interact with us on social media such as Facebook, Instagram and LinkedIn, your personal data is also collected and processed by these companies. In connection with the receipt of personal data by these companies, the personal data may be transferred to the United States.
Which countries may be considered depends on the circumstances of the individual case. For more information, please contact us.
HOW WE PROTECT YOUR PERSONAL DATA
We take several technical and organizational measures to protect your personal data from unauthorized access, use, disclosure, change or erasure in accordance with the applicable data protection legislation. Such measures include, but are not limited to, shell protection, encryption, eligibility restrictions, policies, etc.
YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA
Right of access:
You have the right to receive information about whether we process personal data about you and in such cases receive a copy of the personal data including information on the purposes of the processing, categories of personal data processed, categories of recipients of the personal data, retention periods, your rights regarding the processing, the existence of automated decision-making (including profiling), information on the appropriate safeguards relating to the transfer of your personal data to countries outside the EU/EEA and, if the personal data has not been collected from you, from where the data is collected.
Right to rectification:
If the personal data we process about you is inaccurate, incomplete or outdated, you have the right to ask us to rectify or complete such personal data without undue delay.
Right to erasure:
You often have the right to request deletion of your personal data without undue delay. Such is the case when (i) the personal data is no longer necessary for the purposes for which they were processed, (ii) you withdraw your consent and there is no other legal basis for the processing, (iii) you have objected to the processing of your personal data for direct marketing purposes or to processing based on legitimate interest as legal basis and we cannot show definitive reasons for the processing which outweigh your interests, rights and freedoms, (iv) the processing does not take place to establish, exercise or defend legal claims, (v) the personal data has been unlawfully processed or (vi) the personal data has to be erased for compliance with a legal obligation.
Right to restriction of processing:
Under certain circumstances you have the right to request that we restrict the processing of your personal data. Such is the case when (i) you consider that the personal data is not correct and you are awaiting our verification of the accuracy of the personal data, (ii) the processing is unlawful and you, instead of deleting the personal data, wish the processing to be restricted, (iii) we no longer need the personal data for the purposes of the processing but you need them to establish, exercise or defend legal claims or (iv) when you have objected to processing based on a legitimate interest and you are waiting for a verification on whether our legitimate reasons outweigh yours.
Right to data portability:
When personal data you have provided to us is processed by automated means and based on your consent or on a contract with you as legal basis, you have the right to obtain your personal data in a commonly used and machine-readable format and request that such personal data is transmitted to another controller.
Right to object:
You have the right to object at any time to the processing of personal data based on legitimate interest as legal basis. We will then cease to process the personal data, unless we can demonstrate compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or if the processing takes place for the establishment, exercise or defense of legal claims.
Right to lodge complaints with a supervisory authority: If you believe that we are processing information about you in violation of the GDPR, you can lodge a complaint with the Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten), Box 8114, SE-104 20 Stockholm.
LINKS TO THIRD PARTY WEBSITES
Our Service, newsletters, email updates and other communications may, from time to time, contain links to and from the websites of others, including our partner networks, retail partners, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.
CHILDREN
By using our services, you agree to respond truthfully and accurately about your age if asked. We do not knowingly collect information from children who are 16 years old or younger. If you are 13 years old or younger, you may not submit any personal information to us. If you are the parent or guardian and believe your child has provided us with personal data, please contact us at the address below to request deletion.
USE OF COOKIES
When you visit our website, we may send and store a cookie on your computer, tablet or mobile phone. This cookie enables the website or web server to collect and store specific, but limited, information from your browser about how you use it and to improve your user experience. We may also collect information about your IP address, operating system, and which search engine you use for statistical and administrative purposes. Information about how we use cookies can be found in the cookie banner placed at the left bottom of our website.
UPDATES TO THIS PRIVACY POLICY
We are constantly improving and developing our services and the content of this Privacy Policy may therefore change over time. Changes to this Privacy Policy are announced by publishing an updated Privacy Policy on this website and we therefore recommend that you read these regularly.
CONTACT INFORMATION
If you have questions or concerns about this Privacy Policy or would like to make a complaint about our processing of your personal data, you can contact our data protection officer (DPO):
Email: DPO@pophouse.se.
Postal address: To: Data Protection Officer, Pophouse Entertainment Group AB, Mäster Samuelsgatan 45, 111 57 Stockholm.