PRIVACY POLICY
of Close2Fan GmbH
It is particularly important to us to protect your data, which is why we comply with the applicable data protection regulations, in particular the GDPR and the DSG, when processing your personal data (e.g. master data).
Below you will find more detailed information about the data processing we carry out:
1. controller
Close2Fan GmbH
Josefstraße 100/3
3100 St. Pölten
E-mail: office@close2fan.com
As we are not legally obliged to do so, we have not appointed a data protection officer/notified the data protection authority.
2. rights of data subjects
2.1 You have the following rights vis-à-vis us with regard to your personal data
- Right of access (Art. 15 GDPR),
- Right to rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR),
- Restriction of processing (Art. 18 GDPR),
- Right to data portability (Art. 20 GDPR),
- Right to object to processing (Art. 21 GDPR).
Right to object: If the processing of your personal data is based on a balancing of interests (Art. 6 para. 1 lit f GDPR: legitimate interests), you have the right to object to the processing at any time for reasons arising from your particular situation. When exercising your right to object, we ask you to explain to us your reasons why we should not process your personal data as we have done. We will examine the situation and either discontinue or adapt the data processing or show you our compelling reasons worthy of protection and continue the data processing. We will also continue the data processing if it serves the assertion, exercise or defence of legal claims.
You can object to data processing for the purposes of direct advertising and data analysis at any time. In this case, we will stop processing the data.
Right of revocation: If you have given us your consent to process your personal data, you can revoke this consent at any time. Your revocation does not affect the legality of the data processing carried out until the revocation.
To exercise these rights, you must inform us in person, by telephone or in writing:
Close2Fan GmbH
Josefstraße 100/3
3100 St. Pölten
E-mail: office@close2fan.com
Please note that we can only provide you with information if you can identify yourself.
2.2 If you are of the opinion that the data processing violates applicable data protection law or we violate your data protection claims, you also have the right to lodge a complaint with the supervisory authority. Please address your complaint to:
Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna
Telephone: +43 1 52 152-0
E-mail: dsb@dsb.gv.at
Website: https://www.dsb.gv.at
3. information about the processing of your personal data
3.1 Visiting the website
Purpose: If you only use our website for information purposes (no registration, no ticket order or other purchase in the web shop and no transmission of other information), personal data is collected which is transmitted from your browser to our server (‘server log files’). This is technically necessary in order to display our website to you and to ensure the stability and security of the website. The data collected is only used to statistically analyse and improve our website.
Legal basis: legitimate interest in the stability and security of the website (Art. 6 para. 1 lit f GDPR).
The following data is processed IP address, date and time of the request, time zone difference to GMT, content of the request (specific page), access status/HTTP status code, amount of data transferred in each case, browser, operating system and interface, language and version of the browser software.
Storage period: The data is stored for a period of six months. In addition, we store the data until the end of any legal disputes in which the data is required as evidence.
3.2 Electronic contact requests via the website
You can contact us via our website using e-mail or the website contact form. We store your data for processing, responding to and handling your enquiry.
Purpose: Processing, responding to and handling contact enquiries via email or the website contact form.
Legal basis: Fulfilment of a contract necessary for the implementation of pre-contractual measures (Art. 6 para. 1 lit b GDPR), legitimate interest (Art. 6 para. 1 lit f GDPR)
The following data is processed Master data (in particular surname, first name, email address), content data of the enquiry.
Storage period: Until the enquiry has been answered. If there are statutory retention obligations, processing will be restricted until then.
Recipients/recipient categories: Processors, in particular IT service providers.
3.3 Orders in the web shop
You can place orders in our webshop without creating a customer account (‘Order as a guest’). We process all data that you enter during the ordering process. If you purchase tickets for other persons (third parties) for whom the organiser has provided ticket personalisation, we will also process the third-party data provided by you.
If you provide information on behalf of third parties, please ensure that they have been sufficiently informed about the data processing by us and that you are authorised to provide the data in question.
Purpose: Processing of personal data in the context of the business relationship with customers for the purpose of contract fulfilment.
Legal basis: Fulfilment of a contract, necessary for the implementation of pre-contractual measures (Art. 6 para. 1 lit. b GDPR), legitimate interest, in particular defence, exercise and assertion of legal claims (Art. 6 para. 1 lit. f GDPR),
The following data is processed: Surname, first name, title, gender, address, date of birth, payment information, email address. In the case of ticket personalisation, the surname and first name of third parties are also processed.
Storage period: We store the data provided until the end of the business relationship or until the expiry of the guarantee, warranty, limitation and statutory retention periods applicable to us (in particular BAO). In addition, we store the data until the end of any legal disputes in which the data is required as evidence.
Recipients/recipient categories: Organiser, transport or shipping company, bank and payment service provider, debt collection agency for debt recovery, tax office, courts and authorities, legal representatives and tax consultants, IT service providers.
The provision of your personal data is necessary for the fulfilment of the contract or the implementation of pre-contractual measures. We cannot conclude a contract with you without this data.
3.4 Registration on the website/creation of a customer account
You can create a customer account in our webshop in order to place orders via the customer account and to obtain an overview of orders placed and active order processes.
Purpose: Processing of personal data to create the customer account and as part of the business relationship with customers for the purpose of contract fulfilment.
Legal basis: Consent (Art. 6 para. 1 lit a GDPR), fulfilment of a contract, necessary for the implementation of pre-contractual measures (Art. 6 para. 1 lit b GDPR).
The following data is processed: Surname, first name, address, payment information, e-mail address.
Storage period: We store the data provided until the end of the business relationship or until the expiry of the guarantee, warranty, limitation and statutory retention periods applicable to us (in particular UGB and BAO). In addition, we store the data until the end of any legal disputes in which the data is required as evidence.
Recipients/recipient categories: Organisers, transport or shipping companies, banking institution and payment service providers, debt collection companies for debt recovery, tax office, courts and authorities, legal representatives and tax consultants, IT service providers.
3.5 Customer management, accounting, logistics and bookkeeping
Purpose: Processing of personal data in the context of any business relationship with customers and suppliers in the context of the exercise of a trade, including the systematic recording of all business transactions relating to income and expenditure.
Legal basis: Performance of a contract, necessary for taking steps prior to entering into a contract (Article 6(1)(b) GDPR), compliance with a legal obligation (Article 6(1)(c) GDPR), legitimate interest, in particular the defence, exercise and assertion of legal claims (Article 6(1)(f) GDPR).
Storage period: We store the data provided until the end of the business relationship or until the expiry of the guarantee, warranty, limitation and statutory retention periods applicable to us (in particular BAO). In addition, we store the data until the end of any legal disputes in which the data is required as evidence.
Recipients/recipient categories: Tax office, courts and authorities, suppliers, debt collection agencies, banking institutions and payment service providers, public accountants, legal representatives and tax consultants, payroll accountants, IT service providers.
3.6 Customer service and marketing (newsletter)
You can subscribe to our newsletter via our website to receive information about our products and services as well as event dates.
Purpose: Processing of customer and prospective customer data for the initiation of business relating to our own range of products or services and for the implementation of advertising measures and newsletter dispatch.
Legal basis: Consent (Art. 6 para. 1 lit a GDPR).
The following data is processed for the newsletter dispatch via our website Surname, first name, email address.
Storage period: The data will be stored until you withdraw your consent.
Recipients/recipient categories: IT service providers, newsletter marketing service providers, marketing agencies.
If you have given us your consent to process your personal data, you can withdraw your consent at any time. You can unsubscribe from our newsletter at any time by sending an email with your cancellation to office@close2fan.com or by unsubscribing via the link at the end of each newsletter. Your cancellation does not affect the legality of the data processing carried out up to the time of cancellation.
4 Use of cookies
Our website uses cookies. These are small text files that are stored on your end device with the help of the browser.
We use cookies to make our website and web shop user-friendly and to improve our range of services. Some cookies are deleted at the end of the session (‘session cookies’). Others remain stored on your end device until you delete them (‘persistent cookies’). They enable us to recognise your browser the next time you visit our website.
If you do not want this, you can set up your browser so that it informs you about the setting of cookies and you only allow this in individual cases.
Please note that deactivating cookies may limit the functionality of our web shop.
Legal basis: legitimate interest, in particular to improve our own services in favour of users (Art. 6 para. 1 lit. f GDPR) for technical cookies; consent (Art. 6 para. 1 lit. a GDPR) for other cookies.
5. contract processors
We pass on certain personal data to external service providers that we entrust in particular with contract processing, IT services, such as the provision of our ticket system and marketing services.
These service providers act as processors for us and may only process personal data within the scope of their contractual obligation to us or to comply with legal regulations. We ensure that all processors are contractually obliged to maintain the confidentiality and security of your personal data that they process on our behalf.
6 Organiser
We pass on certain personal data (name, address, email address) to the organiser of the event for which you have purchased tickets. The transfer of personal data to the event organiser takes place in particular for the organisation and implementation of the event as well as for administrative purposes in connection with the event. The transmission of personal data to the organiser enables the organiser to inform you in particular about changes to the venue and/or start of the event and about postponements or cancellations of the event. The data processing is based on our legitimate interest (Art. 6 para. 1 lit f GDPR) and that of the organiser to ensure that the event runs smoothly and to inform you appropriately.
7. vivenu
We use a plug-in from the provider vivenu GmbH, Kesselstraße 3, D-40221 Düsseldorf (vivenu) to handle our online ticketing process.
If you purchase tickets via our website, the data entered when ordering will be transmitted to vivenu. There is no obligation to provide your personal data. Nevertheless, it is not possible to use the online ticketing procedure without processing your personal data.
This processing of your personal data is based on our legitimate interest (Art. 6 para. 1 lit f GDPR) in promoting our business purposes of providing an online ticketing process on our website.
vivenu uses cookies. Functional cookies are necessary for the proper functioning of the online ticketing process. Performance cookies help to improve the functionality and performance of the online ticketing process.
The legal basis for the use of functional cookies is based on the legitimate interest of vivenu, in particular to improve the services in favour of the users (Art. 6 para. 1 lit. f GDPR), while the use of performance cookies is based on your consent (Art. 6 para. 1 lit. a GDPR).
Further data protection information from vivenu can be found at https://vivenu.com/de/data-privacy.
8. payone
We use the payment service provider PAYONE GmbH (Payone), Lyoner Straße 9, D-60528 Frankfurt/Main, Germany, to process cashless payment transactions for all payment options offered by us. For this purpose, we collect your personal data and transmit it to Payone to process the payment.
Payone is an independent controller in its area of responsibility in accordance with Art. 4(7) GDPR.
The legal basis for the processing of your personal data by Payone is the fulfilment of a contract or because it is necessary for the implementation of pre-contractual measures (Art. 6 para. 1 lit. b GDPR) and for legitimate interests (Art. 6 para. 1 lit. f GDPR). The legitimate interests lie in particular in ensuring a functioning payment process and avoiding payment defaults, etc.
Payone only ever processes the personal data that is required for the performance of the respective service:
During payment processing, the IBAN, card number, check digit and other transaction data (e.g. date and time of the transaction, amount) are processed, depending on the payment method;
fraud prevention is also primarily based on the processed transaction data;
for receivables management and debt collection, in particular details of the invoice and payment amount, due date and invoice recipient are processed;
credit checks are carried out in particular on the basis of address, account and card data, which are transmitted to the authorised credit agencies for this purpose;
information on the invoice recipient, bank details and payment amount is required in particular for invoicing.
It cannot be ruled out that Payone may transfer your personal data to third countries outside the EU or the EEA. Payone will only transfer your personal data to third countries if this is necessary for the fulfilment of contractual obligations or to protect legitimate interests or is otherwise required by law.
To ensure an adequate level of data protection in third countries, there is either an adequacy decision by the EU Commission or appropriate and suitable guarantees in the form of EU standard contractual clauses or Privacy Shield certifications or there is a legal exception (Art. 49 GDPR) that justifies data transfer even without the existence of an adequacy decision or suitable guarantees.
Further data protection information from Payone can be found at https://a.storyblok.com/f/64176/x/c90fa8e6ef/payone-information-zu-date… and at https://www.payone.com/DE-de/dsgvo.
9 TicketSwap
In order to be able to offer you the ‘SecureSwap’ services, we have entered into a joint controller agreement with TicketSwap B.V. (TicketSwap), Rocking 75, 1012KL Amsterdam, the Netherlands, in which we have jointly defined our respective responsibilities as well as the rights and obligations in the joint processing of your personal data within the meaning of Art. 26 GDPR.
TicketSwap is a secondary platform for the secure and fair resale of tickets. If you offer a ticket purchased from us for resale on the TicketSwap platform, the ticket purchased from us is invalidated using ‘SecureSwap’ and the buyer receives a new ticket. For this purpose, we provide TicketSwap with access to all relevant data via interface programming in order to check whether the ticket offered by you on the TicketSwap platform is valid and allow TicketSwap to invalidate the ticket offered by you and replace it with a new ticket.
Under the Joint Controller Agreement, TicketSwap is responsible for informing you about the processing of personal data for the provision of the SecureSwap services (Art. 13 and 14 GDPR) and the nature of the Joint Controller Agreement (Art. 26 GDPR).
Under the Joint Controller Agreement, TicketSwap is the first point of contact for the exercise of your data subject rights, and we will always provide assistance and support to fulfil your requests in a timely, complete and accurate manner.
Further data protection information from TicketSwap can be found at www.ticketswap.at.
10 Stay 22
We work with the affiliate network of Stay 22 Technologies Inc, 917 Mont-Royal Ave E., Montreal, QC H2J 1X3, Canada, and have integrated a map plugin from Stay 22 on our website.
If you click on the affiliate link contained in the map and subsequently use the services offered there, we may receive an affiliate commission from Stay22.
In order to be able to track whether a contract has been concluded that triggers the affiliate remuneration, it is necessary for Stay 22 to know that you have followed an affiliate link embedded on our website.
For this purpose, we use cookies or similar technologies to recognise you.
For more information, please refer to Stay 22's privacy policy at https://www.stay22.com/privacy.
The processing of your personal data takes place by confirming marketing cookies or by clicking on the affiliate link so that the legal basis for the processing is your consent in accordance with Art. 6 para. 1 lit a GDPR.
11. information on data transfers to third countries or international organisations
The data processed by us will not be transferred to recipients in third countries or to international organisations, except in the cases specified in this privacy policy. If personal data is transferred to recipients in third countries, we ensure that this transfer is carried out in accordance with the applicable data protection regulations, in particular Art. 44 ff GDPR, and that appropriate security precautions are taken to ensure an adequate level of protection for your personal data.