Link2Ticket collects and processes personal data when performing its service as a point of sale provider / agent for e-tickets. In addition to the ticket purchasing process, personal data is also stored if you use the contact forms. in the sense of the GDPR we are sometimes data processors, sometimes data controller and sometimes both at the same time. The processing of customer data is fully executed by Link2Ticket on behalf of the seller (organizer). The type of personal data stored during the ordering process will also be specified by the seller. These may include gender, name, email address, home address, telephone number, date of birth etc. The seller is obliged to manage this personal data according to the GDPR, as can be expected from a data controller. Therefore also consult the privacy statement of the seller. Link2Ticket is not responsible for any violations of rights by the seller.
In addition, Link2Ticket also manages personal data of consumers that are required to perform its services optimally. These include: gender, name, email address and IP address. The IP address is used to combat fraud, the remaining data is only used by customer service. Efficient customer service relies on being able to search by name and / or email address.
Link2Ticket manages the personal details of the seller as soon as they start working with Link2Ticket. In addition, bank account details and company details are stored. The name and email details are stored in a list at MailChimp of every person who subscribes to the newsletter, or has set this checkmark when filling in the contact form. The unsubscribe from this list is easy via the "unsubscribe" link at the bottom of the e-mail.
The retention period of these data extends as long as the service continues to the seller, and can always be removed at the request of the seller.
Link2Ticket will ensure that every person who is authorized to process its customer data (including its staff, agents and subcontractors) has an appropriate obligation of confidentiality (contractually or legally obliged).
As a data processor, Link2Ticket uses multiple sub-processors. We use hosting, data storage, email providers, insurance and social media tools (Facebook login). According to our agreement with the data controller, we have permission to use these sub-processors. All sub-processors are located in the EU or are affiliated with the Privacy Shield Framework. With all sub-processors there is an agreement that guarantees the requirements of the GDPR.
Right to forgetfulness
Link2Ticket will execute requests for the removal of personal data, and has permission to do so from the data controller (seller). The exercise the right offered by the AVG to consumers to be forgotten, you must send an e-mail to firstname.lastname@example.org. Please note that any chargebacks or resending lost tickets are no longer possible after that. An application for the removal of personal data must be submitted with a valid proof of payment, from the email address used in the order.
In the case of a data breach, Link2Ticket will report this immediately to the Dutch Data Protection Authority (AP) when it concerns personal information that it controls itself. We do this via the “Meldloket datalekken AP”. In case of a data breach that concerns personal information that is processed for a seller (data controller), this data breach will be reported to all data controllers involved.