With the introduction of the new European privacy legislation (GDPR) on May 25, 2018, our Privacy Policy has been expanded to comply with all legal obligations.
Link2Ticket collects and processes personal data when performing its service as a point of sale/agent for e-tickets. In addition to purchasing a ticket, personal data is also stored when you use the contact form. In terms of the GDPR, we are sometimes a data processor, sometimes a data controller, and sometimes both at the same time. The processing of customer data is carried out entirely by Link2Ticket on behalf of the provider (organizer). The type of personal data stored during the ordering process is also specified by the provider. This may include, among other things, gender, name, email address, home address, phone number, date of birth, etc. The provider is required to manage this personal data in accordance with the GDPR, as expected of a data controller. Therefore, also refer to the provider's privacy statement. Link2Ticket is not responsible for any violations of rights by the provider.
Additionally, Link2Ticket also manages personal data of consumers that is necessary to optimally perform its services. This includes gender, name, email address, and IP address. The IP address is used to prevent fraud, while the remaining data is used only by customer service. It is much easier to search by name and/or email address.
For providers, Link2Ticket manages the personal data of the director of the respective organization once they start working with Link2Ticket. Additionally, bank account details and company details are stored. The name and email data are stored in a MailChimp list for each person who signs up for the newsletter or checks this option when filling out the contact form. Unsubscribing from this list is easy via the "unsubscribe" link at the bottom of the email.
Link2Ticket does not use cookies to track individuals but only follows anonymous statistical data on its visitor traffic as a whole with Google Analytics. We have explicitly excluded the sharing of personal data by Google.
Providers have the option to add their own cookies to the sales process in the ticket shops. For information regarding this, you should refer to the provider's privacy policy.
The retention period of this data lasts as long as the service to the provider continues and can always be deleted upon request of the data controller.
Confidentiality
Link2Ticket will ensure that any person authorized to process its customer data (including its staff, agents, and subcontractors) has an appropriate confidentiality obligation (contractual or legally required).
Sub-processors
As a data processor, Link2Ticket uses multiple sub-processors. We use hosting, data storage, email providers, insurance companies, and Social Media tools (Facebook login). According to our agreement with the data controller, we have permission to use these sub-processors. All sub-processors are located in the EU or are affiliated with the Privacy Shield Framework. Agreements are in place with all sub-processors to guarantee compliance with the GDPR requirements.
Right to be forgotten
Link2Ticket will fulfill requests to delete personal data and requires permission from the data controller for this. The GDPR includes an article that grants the right to be forgotten. To request this, you must send an email to info@link2ticket.nl. Please note that refunds or resending of lost tickets will no longer be possible. A request for deletion of personal data must be submitted with valid proof of payment from the email address used for the order.
Data breaches
In the event of a data breach, Link2Ticket will immediately report this to the Dutch Data Protection Authority (AP) if it involves personal data for which Link2Ticket is the data controller. We do this via the AP's data breach reporting portal. In the case of a data breach involving personal data that Link2Ticket processes for providers, this will be immediately reported to the respective providers (data controllers).