Privacy Notice in accordance with the European Data Protection Regulation 2016/679 (GDPR: General Data Protection Regulation)
This information applies to data processing carried out through the OOOH.Events Website and the OOOH.Events mobile app, both managed by Tixplan S.r.l..
Identity and contact details of the data controller
Tixplan S.r.l., Via Angelo Brofferio, 6 – 00195 Roma. Email: info@oooh.events
Purpose of treatment: why do we collect some data?
The User’s personal data is processed to provide services available on this Website / Mobile App (therefore: ticket sales, geolocation to show the nearest events, customer care service via chat and email). The purposes therefore intend to allow registration and access to the Website / Mobile App, access to the site via social login, interactions with social networks, statistics (anonymous), spam protection, limited geolocation for current session, contact management, messages and push notifications, content publishing on other platforms (ie YouTube in no-cookie mode).
Beyond this, we provide an email service to update customers on special offers and new events and a recurring newsletter, for which we require consent through double opt-in: the user requires the service and receives an email for which he will be asked to confirm his choice.
Enclosed to this document you will find a detailed description of each individual service, internal and external, involved in the treatment.
The purpose of the treatment is to allow you to use the online presale service and show you the events closest to your position. The geolocation data are deleted at the end of the session (when you logout or shut down the app).
Regarding the other data:
- the data we collect directly is limited to your email address and the name you indicate, which could also be a fantasy name;
- if you are using our booking service, we will also ask you for your fiscal information in order to issue a regular invoice, as required by law;
- if you access our site through one of the enabled social networks, such social network will pass us your email address and the registered name. To better clarify: if your name on Facebook is Zaphod Beeblebrox, that will be the name that Facebook will communicate to us (we are fine with it). Obviously, in case of purchase, when requested to input data for the receipt, you will need to provide real data;
- if you want to use our online ticketing service as an organizer, we will also ask you for the details of your company (or the natural or legal person organizing the event) in order to indicate them on the access rights purchased by the users.
If you buy a ticket for an event on this site, your data will be shared with the event organizer, who can use them to contact you in case of need and / or to prepare any tax receipts / invoices for services, goods or additional items that you have purchased. Consequently, the event organizer will act also as Data Controller: the consent you express on this site also applies as consent to the data processing fulfilled by the event organizer from which you are purchasing the ticket.
All data above described will never be disclosed to third parties (excluding the previously mentioned information shared between us and the organizer, if you use the pre-sale service).
All other data that we may collect directly (such as logs of sessions collected from the site / app) or external services that we use (push notifications, surveys, sharing on social networks, traffic analysis, etc.) can not identify the user univocally, so there is no possibility of recognizing the individual.
With regards to statistics, we use Google Analytics in “anonymous mode” (meaning that the last three digits of the IP address are obscured, making any identification impossible).
For credit card payments, Clients will be readdressed to Monetaonline payment page or Stripe or Coinpayments for BTC. Data is never communicated to us, but sent directly to the payment gateway: we neither keep nor record any credit / debit / prepaid or cardholder data.
legal basis
Data is processed exclusively on the basis of the optional consent expressed by the User. The treatment may be necessary for the provision of a specific service requested by the User (eg ticket purchase), to fulfill a legal or tax obligation (eg to allow the user who has purchased the ticket to access the event) o for the legitimate interest of the Data Controller (eg spam protection or verification of correct functioning of the website / mobile app).
The User can deny consent or can withdraw it at any time: however, in this case some services may not work.
processing methods, recipients
Personal data collected by us as Data Controller are shared, only in case of ticket purchase, exclusively with the relevant Organizer of the specific event, who therefore becomes Data Controller himself.
With this exeption, all other data is not subject to disclosure to third parties.
Other data collected through the external services used by our Website are, where possible, treated at the source in order to be anonymous and therefore do not allow users identification; such data may not necessarily be anonymous (such as email, for the services offered by Mailjet, Email List Verify and Tawk.To) are processed through services within the European Union (see below details of the individual services) or outside but in any case consistent with the Privacy Shield.
Therefore for the treatment process – which is carried out through appropriate and structured IT tools to ensure maximum security – other subjects connected to the management of this Website / Mobile App may be involved (collaborators, administrative, commercial, marketing, legal, system operators, employees to security, developers) or external subjects such as technical service providers, hosting providers, couriers, communication agencies, customers who, if necessary, may in turn be Data Processors appointed by the Data Controller: the updated list of the latter can always be requested by the Owner.
retention period
Data is kept for the time strictly required for the purposes for which they were collected.
If collected for the provision of a service (pre-sale tickets), then with the User’s consent, data is retained until revocation of consent. Obviously, the retention period could be further extended by legal obligations (ie: 5 years for billing data).
For all other data, most of which is collected anonymously, retention is set for minimum period for each service.
The data will be deleted at the end of the retention period: as a consequence, after this deadline it will no longer be possible for the User to exercise the right of access, deletion, rectification and portability of data.
user rights
We confirm your rights as per articles 15 and following of the Rules::
- the right to request the Data Controller to access personal data and to rectify or cancel them or limit their processing or to oppose their processing, in addition to the right to data portability;
- the right to withdraw the consent at any time without prejudice to the lawfulness of the treatment based on the consent given prior to the revocation;
- the right to lodge a complaint with a supervisory authority;
- the right to transfer your data to another service, obtaining the same in a clear and readable form by an automatic device;
- the communication of personal data is optional but is a necessary requirement for the provision of the services offered by this Website / Mobile App, for which the lack of consent necessarily implies the impossibility to provide such services;
- there is no automated decision making process or even a profiling.
How users can request data deletion
Users can send an email to info@oooh.events, asking for the deletion of their data from oooh.events.
minor
Since we have no way of ascertaining whether consent to treatment is authorized by a parent, please do not register with this site if you are under 16.
Services detail
Website/Mobile App access services
name: Amazon Login
application: website
description: registration and authentication service through the Amazon account, provided by Amazon.com, Inc.
collected data: email, username, profile photo
place of treatment: USA
privacy policy: https://www.amazon.com/gp/help/customer/display.html/ref=hp_rel_topic?ie=UTF8&nodeId=468496
name: Facebook Authentication
application: website
description: registration and authentication service through the Facebook account, provided by Facebook, Inc.
collected data: email, username, profile photo
place of treatment: USA
privacy policy: https://www.facebook.com/help/405977429438260
name: Google OAuth
application: website
description: registration and authentication service through the Google account, provided by Google Ireland Limited.
collected data: email, username, profile photo
place of treatment: European Union
privacy policy: https://policies.google.com/
name: Linkedin OAuth
application: website
description: egistration and authentication service through the Linkedin account, provided by Linkedin Corporation.
collected data: email, username, profile photo
place of treatment: USA
privacy policy: https://privacy.linkedin.com/
name: Direct Registration
application: website
description: function to allow the User to register directly on this Website / Mobile App, providing their own e-mail and a name (even fancy).
collected data: email, name
place of treatment: European Union
privacy policy: this document
name: Twitter OAuth
application: website
description: registration and authentication service via the Twitter account, provided by Twitter, Inc.
collected data: email, username, profile photo
place of treatment: USA
privacy policy: https://twitter.com/en/privacy
Anti-Spam
name: Google reCAPTCHA
application: website
description: spam protection service, provided by Google Ireland Limited.
collected data: cookies, usage data
place of treatment: European Union
privacy policy: https://policies.google.com
Contacts and Messages
name: Email List Verify
application: website
description: service for checking the existence and correctness of email addresses
collected data: email
place of treatment: European Union
privacy policy: https://www.emaillistverify.com/privacy.html
name: Gmail
application: website
description: e-mail management service (e-mail), used by the organization of the owner to receive and send e-mails. Provided by Google Ireland Limited.
collected data: email
place of treatment: European Union via web or mobile access; USA
privacy policy: this document and Google, Inc. as the service provider https://policies.google.com
name: Contact Form
application: website
description: form that allows the User to contact the Organizer/Promoter for any need related to the services offered by the latter.
collected data: email, nome
place of treatment: European Union
privacy policy: this document
name: SendPulse
application: website
description: WEB push notification sending service, provided by SendPulse, Inc.
collected data: browser, operating system, IP address, IP location, cookies. To activate the push notifications, further explicit confirmation by the User is required, provided directly to the service provider, while to disable them, it is possible to use the browser functions.
place of treatment: USA
privacy policy:
Content from External Providers
name: Google Fonts
application: website
description: typo fonts, provided by Google Ireland Limited.
collected data: usage data, preferences, cookie
place of treatment: European Union
privacy policy: https://policies.google.com/
name: Google Maps
application: website/app mobile
description: service that displays a map, provided by Google Ireland Limited.
collected data: cookie, usage data
place of treatment: European Union
privacy policy: https://policies.google.com/
name: YouTube no-cookie
application: website/app mobile
description: video display service in “no-cookie” mode (cookies and usage data are not recorded unless the user plays the video), provided by Google Ireland Limited.
collected data: usage data
place of treatment: European Union
privacy policy: https://policies.google.com/
Script Management
name: Google Tag Manager
application: website
description: script management service, which allows to publish on the site a single invocation code for all external scripts, which will be recalled by the Tag Manager, provided by Google Ireland Limited.
collected data: cookie, usage data
place of treatment: European Union
privacy policy: https://policies.google.com/
Social Network Interaction
name: AddThis
application: website
description: service that allows User interaction with social networks and the sharing of content on the Website, provided by Oracle Corporation
collected data: cookie, usage data
place of treatment: USA
privacy policy: https://www.addthis.com/privacy/privacy-policy
name: Facebook Account Access
application: website
description: integration service with the Facebook user’s account, to perform operations such as “share on Facebook”
collected data: basic user information such as name, profile picture, language, location
place of treatment: USA
privacy policy: https://www.facebook.com/about/privacy/
name: Twitter Account Access
application: website
description: integration service with the Twitter profile of the User, to perform operations such as “share on Twitter”
collected data: basic user information such as name, profile picture, language, location
place of treatment: USA
privacy policy: https://twitter.com/en/privacy#update
Posizione
name: Geolocation limited to the session
application: website
description: User’s localization service based on data provided by the Internet, for the purpose of presenting film programming based on the geographical location of the User. The User grants or denies authorization through the specific functions of each browser; alternatively, you can indicate your position by writing the address or the location in which it is located. Location data is used only for the duration of the session.
collected data: geographical position
place of treatment: European Union
privacy policy: this document
Statistiche
name: Google AdWords conversions tracking
application: website
description: service that links the ads published on the Google AdWords network by the Owner with the operations performed by Users on the Website, in order to evaluate the effectiveness of the promotions of this Website. Provided by Google Ireland Limited.
collected data: cookies, usage data
place of treatment: European Union
privacy policy: https://policies.google.com/
name: Google Analytics with anonymized IP (REMOVED)
application: website/app mobile
description: service of analysis of the traffic and use of this Website / Mobile App by the Users, configured in “anonymised IP” mode so as not to be able to identify the User in a precise manner and collect anonymous browsing data. Provided by Google Ireland Limited.
collected data: cookie, usage data
place of treatment: European Union
privacy policy: https://policies.google.com/
