Effective as of: 24 May, 2018
1. General Provisions
1.3 Festination Ltd, company number 11006758 with registered headquarters at 77 High Street, Littlehampton, BN17 5AG, United Kingdom, has a position of a ‘controller’ as defined in EU GDPR and he shall be responsible for, and be able to demonstrate compliance with, the principles relating to processing of personal data. We can be contacted by sending an E-mail to [email protected].
2. Collection and Use of Personally Identifiable Information
2.1 We may obtain some of your personal Information in order to provide our Services. The Information we collect is necessary to provide our Services, and we shall not collect any Information which is not required by the nature of our Services. We may collect some of the following personal Information:
- E-mail address
- Social media ID
- IP address
- Phone Number
- Session ID
(A) Email address
2.2 We will collect your email address on a basis of your consent and in the interest of providing our Services. We will collect your email address in the following cases:
- When you contact us. We will collect your email address whenever you contact us through our email [email protected]. Whenever we collect your email address this way, we will only use it in order to respond to your inquiry.
2.3 We use a Third-Party data processor for sending the emails called SendGrid, Inc. We may transfer your email address to SendGrind to process your Information on our behalf. SendGrind has a position of a “data processor” within the meaning of the EU GDPR while we still remain data controllers with regard to your Information. SendGrid adheres to the US-EU Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework. You can find their policies and procedures with regard to your Information on the following link https://sendgrid.com/policies/privacy/services-privacy-policy/.
(B) Social Media ID
2.4 We will collect your social media ID on a basis of your consent and in the interest of providing our Services. When you choose to register with your social media account we will collect your Social Media ID to create an account for you and to connect your Festination account password and email with the right ID.
(C) IP Address
2.5 If you provide consent we will also use your IP address in order to assess your location and provide you with the content that corresponds to your location. If you provide consent we may connect your IP address with other information we have about you in order to provide you with the content we believe you might find interesting. We will collect your IP address on a basis of your consent and in the interest of providing our services.
2.6 We integrate security systems on our Site to prevent malicious attempts and exploits of the Site. We use Fail2ban to scan IP address and to ban IP addresses that show malicious signs such as too many password failures, seeking exploits and similar. We process this information in the interest of protecting the integrity of the Site and of the databases connected with it, including database of Information obtained from Users.
2.7 We will collect your location information on a basis of your consent and in the interest of providing our Services. We will only use this information to provide you with the list of events and festivals that are organized near you and to provide other information and services which are connected to your location information.
(E) Phone number
2.8 We will collect your phone number on a basis of your consent and in the interest of providing our Services. We may collect your phone number if you choose to receive notifications about festivals through phone. We will only use this information to send you notifications about festivals and we will not use it for any other purpose.
(F) Session ID
2.9 Sessionid cookie usually does not collect your personal Information. However, if you access the Site through your User account, we will connect a session ID to a User account making the session information personally identifiable. This Information is necessary for the performance of the Site, performance of the Services, and to allow Users to log-in into their accounts.
2.10 Some Services will not be available to you if you do not provide requested Information. We may keep records of any questions, complaints or compliments made by you and the response if any. Whenever you contact us, we shall collect any information which you chose to provide. We shall store and use this information only for the purpose of responding to your inquiries. Information contained within the inquiry, free from any personally identifiable Information, will be stored on our servers for the purpose of improving our Services and providing the best customer support possible.
2.12 We have implemented security procedures and measures in order to ensure appropriate protection of the Information we process, against any misuse, unauthorized access, disclosure or modification. We will remove any Information about you upon your request no later than twenty four (24) hours after the request has been made.
2.13 We acknowledge that the safety of your Information is one of the highest priorities and therefore only authorized processors have access to your information. Although we take all appropriate measures in respect to keeping your information secure, you understand that no data security measures in the world can offer 100% protection. If we ever find or suspect a personal data breach we will without delay, within seventy-two (72) hours after becoming aware of it, notify the appropriate supervisory authority about the breach and Users where necessary.
2.14 The processing of the information is being performed automatically, without human intervention. However, whenever you contact us through email, the Information within the email will be handled and processed by a real human in order to provide you with the answer to the email.
2.15 Users may request access to, modification and erasure of personal Information and the exercise of the right to object. Such requests are submitted to [email protected].
3. Collection and Use of Non-Personally Identifiable Information
3.1 The Site collects a series of general data and information when a User or automated system calls up the Site. This general data and information are stored in the server log files. Collected may be (1) Cloudflare IP Addresses (2) the browser types and versions used, (3) the operating system used by the accessing system, (4) the website from which an accessing system reaches our website (so-called referrers), (5) the sub-websites, (6) the date and time of access to the Internet site, (7) the Internet service provider of the accessing system, and (8) any other similar data and information that may be used in the event of attacks on our information technology systems.
3.2 We collect this information for breach investigation purposes. When using this information, we do not draw any conclusions about the User. Rather, this information is needed to (1) deliver the content of our Site correctly, (2) optimize the content of our Site as well as its advertisement, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
4. Storage and transfer of Information
4.1 Information will be stored on secure servers hosted by DigitalOcean LLC located in Netherlands. Hosted servers are controlled and maintained in accordance with sufficient privacy safeguards. We may store or transfer Information to servers located in countries deemed adequate by the European Commission, or in countries which European Commission has not deemed inadequate, provided that such countries implement appropriate and suitable safeguards regarding the security of personal information.
4.2 Individual independent contractors performing services on our behalf will be the recipients of User's personal information insofar where such disclosure is necessary to provide the Services or to administer the Site. Any independent contractor will have to sign and abide to a strict confidentiality agreement before getting access to any personal information.
4.3 Information is stored on the servers only for the duration necessary for providing the Services and maintaining the integrity of our databases. We will maintain records of processing activities for the purpose of demonstrating compliance with EU GDPR.
5. Information retention period
5.1 If you register an account with us we will store your Information for as long as you have an active account. As soon as you delete your account we will remove all Information we have collected about you. We may keep your information for up to 30 days in our backup in order to maintain the integrity of our backup storage data.
5.2 If you do not have an account with us, but have chosen to provide some personal Information, we will delete this information after two weeks of obtaining such Information.
6. Right of access
6.1 Users can request free information about his or her personal Information stored at any time and a copy of this Information. Furthermore, Users have a right to obtain information as to whether personal Information is transferred to a third country or to an international organisation. Where this is the case, Users shall have the right to be informed of the appropriate safeguards relating to the transfer.
7. Right to rectification
7.1 Users have the right to obtain without undue delay the rectification of inaccurate personal Information concerning him or her. Taking into account the purposes of the processing, Users shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
8. Right to erasure
8.1 Users have the right to obtain the erasure of personal Information concerning him or her without undue delay, and we have the obligation to erase personal Information without undue delay where one of the following grounds applies, as long as the processing is not necessary:
- The personal Information is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
- User withdraws consent to which the processing is based, and where there is no other legal ground for the processing.
- User objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or User objects to the processing pursuant to Article 21(2) of the GDPR.
- The personal Information has been unlawfully processed.
- The personal Information must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
- The personal Information has been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
9. Right of restriction of processing
9.1 Users have the right to obtain restriction of processing where one of the following applies:
- The accuracy of the personal Information is contested by the User, for a period enabling the controller to verify the accuracy of the personal Information.
- The processing is unlawful and the User opposes the erasure of the personal Information and requests instead the restriction of their use instead.
- The controller no longer needs the personal Information for the purposes of the processing, but they are required by the User for the establishment, exercise or defence of legal claims.
- The User has objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
10. Right to data portability
10.1 Users have the right to receive the personal Information concerning him or her, which was provided to a controller, in a structured, commonly used and machine-readable format. Users have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, as long as the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
10.2 Furthermore, in exercising his or her right to data portability pursuant to Article 20(1) of the GDPR, the User shall have the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.
11. Right to object
11.1 Users have the right to object, on grounds relating to his or her particular situation, at any time, to processing of personal Information concerning him or her, which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions.
11.2 We will no longer process the personal Information in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the User, or for the establishment, exercise or defence of legal claims.
11.3 If we process personal Information for direct marketing purposes, the User shall have the right to object at any time to processing of personal Information concerning him or her for such marketing. This applies to profiling to the extent that it is related to such direct marketing. If the User objects to the processing for direct marketing purposes, we will no longer process the personal Information for these purposes.
11.4 In addition, Users have the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
12. Right to lodge a complaint with a supervisory authority
12.1 Users may without prejudice to any other administrative or judicial remedy, lodge a complaint with supervisory authority, in particular in the Member State of his or her habitual residence or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the GDPR.
13. Right to withdraw consent
13.1 Whenever we request some personal Information from you we will provide you with the consent box and an explanation on why we need that particular Information.
14. Cookies and similar technologies
14.1 Cookies help us optimize and improve the user experience of the Site by helping us deliver crucial functionalities. The cookies we use may vary over time as we continuously update and improve our Site.
- sessionid: used by our Site to recognise you when you return to our site, also associates a session to you, which enables storing your consents, facilitates user login and makes your browsing experience more convenient
- cookieconsent_status: used by our Site to store your cookie consent status
15. Third Party Websites, Services, and Cookies
15.1 The Site or e-mails may contain links to other external websites that do not fall under our domain. We are not responsible for the privacy practices or the content of such external websites. If you choose to follow such links to external websites, you do so at your risk.
15.2 We sometimes embed content from third parties, including but not limited to, YouTube, Vimeo, Facebook, Mixcloud, Soundcloud, Giphy, Google Maps, Stay22 and Kiwi.com (also known as Skypicker) into the site for better user experience. Pages with this embedded content may set a cookie from these third party websites, furthermore additional third party services may be included by these embedded contents, such as Mixpanel and Google Analytics. Festination.com does not control the setting of these cookies and the included third party services. You should check the relevant third party website for more information about these.
- __cfduid: used by Cloudflare to identify visitors, and is necessary for Cloudflare's security features
17. Contact Information