Privacy Policy

Effective as of: 24 May, 2018

1. General Provisions

1.1 This document uses the same terminology and abbreviations as our Terms of Use document. This Privacy Policy governs the collection, use and storage of Information obtained from Users through the use of our Site.

1.2 The Information on Users is divided into personally identifiable and non-personally identifiable Information depending on whether Information can identify the User as a specific person. Information about legal persons does not fall within the scope of Information as defined in our Terms of Use and Privacy Policy documents.

1.3 Festination Ltd, company number 11006758 with registered headquarters at 77 High Street, Littlehampton, BN17 5AG, United Kingdom, has a position of a ‘controller’ as defined in EU GDPR and he shall be responsible for, and be able to demonstrate compliance with, the principles relating to processing of personal data. We can be contacted by sending an E-mail to [email protected].

2. Collection and Use of Personally Identifiable Information

2.1 We may obtain some of your personal Information in order to provide our Services. The Information we collect is necessary to provide our Services, and we shall not collect any Information which is not required by the nature of our Services. We may collect some of the following personal Information:

(A) Email address

2.2 We will collect your email address on a basis of your consent and in the interest of providing our Services. We will collect your email address in the following cases:

2.3 We use a Third-Party data processor for sending the emails called SendGrid, Inc. We may transfer your email address to SendGrind to process your Information on our behalf. SendGrind has a position of a “data processor” within the meaning of the EU GDPR while we still remain data controllers with regard to your Information. SendGrid adheres to the US-EU Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework. You can find their policies and procedures with regard to your Information on the following link https://sendgrid.com/policies/privacy/services-privacy-policy/.

(B) Social Media ID

2.4 We will collect your social media ID on a basis of your consent and in the interest of providing our Services. When you choose to register with your social media account we will collect your Social Media ID to create an account for you and to connect your Festination account password and email with the right ID.

(C) IP Address

2.5 If you provide consent we will also use your IP address in order to assess your location and provide you with the content that corresponds to your location. If you provide consent we may connect your IP address with other information we have about you in order to provide you with the content we believe you might find interesting. We will collect your IP address on a basis of your consent and in the interest of providing our services.

2.6 We integrate security systems on our Site to prevent malicious attempts and exploits of the Site. We use Fail2ban to scan IP address and to ban IP addresses that show malicious signs such as too many password failures, seeking exploits and similar. We process this information in the interest of protecting the integrity of the Site and of the databases connected with it, including database of Information obtained from Users.

(D) Location

2.7 We will collect your location information on a basis of your consent and in the interest of providing our Services. We will only use this information to provide you with the list of events and festivals that are organized near you and to provide other information and services which are connected to your location information.

(E) Phone number

2.8 We will collect your phone number on a basis of your consent and in the interest of providing our Services. We may collect your phone number if you choose to receive notifications about festivals through phone. We will only use this information to send you notifications about festivals and we will not use it for any other purpose.

(F) Session ID

2.9 Sessionid cookie usually does not collect your personal Information. However, if you access the Site through your User account, we will connect a session ID to a User account making the session information personally identifiable. This Information is necessary for the performance of the Site, performance of the Services, and to allow Users to log-in into their accounts.

(G) General

2.10 Some Services will not be available to you if you do not provide requested Information. We may keep records of any questions, complaints or compliments made by you and the response if any. Whenever you contact us, we shall collect any information which you chose to provide. We shall store and use this information only for the purpose of responding to your inquiries. Information contained within the inquiry, free from any personally identifiable Information, will be stored on our servers for the purpose of improving our Services and providing the best customer support possible.

2.11 We do not sell or rent personal Information to any Third-Party. We use collected Information for our internal and marketing purposes, as necessary by the nature of the Services, and only in accordance with this Privacy Policy. In some instances, we are obliged to comply with court orders and government requests and provide Information or parts of it to authorized bodies.

2.12 We have implemented security procedures and measures in order to ensure appropriate protection of the Information we process, against any misuse, unauthorized access, disclosure or modification. We will remove any Information about you upon your request no later than twenty four (24) hours after the request has been made.

2.13 We acknowledge that the safety of your Information is one of the highest priorities and therefore only authorized processors have access to your information. Although we take all appropriate measures in respect to keeping your information secure, you understand that no data security measures in the world can offer 100% protection. If we ever find or suspect a personal data breach we will without delay, within seventy-two (72) hours after becoming aware of it, notify the appropriate supervisory authority about the breach and Users where necessary.

2.14 The processing of the information is being performed automatically, without human intervention. However, whenever you contact us through email, the Information within the email will be handled and processed by a real human in order to provide you with the answer to the email.

2.15 Users may request access to, modification and erasure of personal Information and the exercise of the right to object. Such requests are submitted to [email protected].

3. Collection and Use of Non-Personally Identifiable Information

3.1 The Site collects a series of general data and information when a User or automated system calls up the Site. This general data and information are stored in the server log files. Collected may be (1) Cloudflare IP Addresses (2) the browser types and versions used, (3) the operating system used by the accessing system, (4) the website from which an accessing system reaches our website (so-called referrers), (5) the sub-websites, (6) the date and time of access to the Internet site, (7) the Internet service provider of the accessing system, and (8) any other similar data and information that may be used in the event of attacks on our information technology systems.

3.2 We collect this information for breach investigation purposes. When using this information, we do not draw any conclusions about the User. Rather, this information is needed to (1) deliver the content of our Site correctly, (2) optimize the content of our Site as well as its advertisement, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

4. Storage and transfer of Information

4.1 Information will be stored on secure servers hosted by DigitalOcean LLC located in Netherlands. Hosted servers are controlled and maintained in accordance with sufficient privacy safeguards. We may store or transfer Information to servers located in countries deemed adequate by the European Commission, or in countries which European Commission has not deemed inadequate, provided that such countries implement appropriate and suitable safeguards regarding the security of personal information.

4.2 Individual independent contractors performing services on our behalf will be the recipients of User's personal information insofar where such disclosure is necessary to provide the Services or to administer the Site. Any independent contractor will have to sign and abide to a strict confidentiality agreement before getting access to any personal information.

4.3 Information is stored on the servers only for the duration necessary for providing the Services and maintaining the integrity of our databases. We will maintain records of processing activities for the purpose of demonstrating compliance with EU GDPR.

5. Information retention period

5.1 If you register an account with us we will store your Information for as long as you have an active account. As soon as you delete your account we will remove all Information we have collected about you. We may keep your information for up to 30 days in our backup in order to maintain the integrity of our backup storage data.

5.2 If you do not have an account with us, but have chosen to provide some personal Information, we will delete this information after two weeks of obtaining such Information.

6. Right of access

6.1 Users can request free information about his or her personal Information stored at any time and a copy of this Information. Furthermore, Users have a right to obtain information as to whether personal Information is transferred to a third country or to an international organisation. Where this is the case, Users shall have the right to be informed of the appropriate safeguards relating to the transfer.

7. Right to rectification

7.1 Users have the right to obtain without undue delay the rectification of inaccurate personal Information concerning him or her. Taking into account the purposes of the processing, Users shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

8. Right to erasure

8.1 Users have the right to obtain the erasure of personal Information concerning him or her without undue delay, and we have the obligation to erase personal Information without undue delay where one of the following grounds applies, as long as the processing is not necessary:

9. Right of restriction of processing

9.1 Users have the right to obtain restriction of processing where one of the following applies:

10. Right to data portability

10.1 Users have the right to receive the personal Information concerning him or her, which was provided to a controller, in a structured, commonly used and machine-readable format. Users have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, as long as the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

10.2 Furthermore, in exercising his or her right to data portability pursuant to Article 20(1) of the GDPR, the User shall have the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.

11. Right to object

11.1 Users have the right to object, on grounds relating to his or her particular situation, at any time, to processing of personal Information concerning him or her, which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions.

11.2 We will no longer process the personal Information in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the User, or for the establishment, exercise or defence of legal claims.

11.3 If we process personal Information for direct marketing purposes, the User shall have the right to object at any time to processing of personal Information concerning him or her for such marketing. This applies to profiling to the extent that it is related to such direct marketing. If the User objects to the processing for direct marketing purposes, we will no longer process the personal Information for these purposes.

11.4 In addition, Users have the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

12. Right to lodge a complaint with a supervisory authority

12.1 Users may without prejudice to any other administrative or judicial remedy, lodge a complaint with supervisory authority, in particular in the Member State of his or her habitual residence or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the GDPR.

13. Right to withdraw consent

13.1 Whenever we request some personal Information from you we will provide you with the consent box and an explanation on why we need that particular Information.

13.2 You may withdraw your consent at any time by visiting our Consent Panel, by deleting your account or by informing us through e-mail [email protected]. Some services may not available if we do not have access to your Information and you understand that withdrawing your consent may cause some services to stop functioning. Please refer to section 2 of this Privacy Policy to see which services require which Information.

14. Cookies and similar technologies

14.1 Cookies help us optimize and improve the user experience of the Site by helping us deliver crucial functionalities. The cookies we use may vary over time as we continuously update and improve our Site.

14.2 By visiting the Site we may use cookies to store some non-identifiable Information in your browser regarding your computer or mobile device and your activities in order to help improve the User experience. Users can deny access to cookies through their browser settings.

14.3 We use the following cookies:

15. Third Party Websites, Services, and Cookies

15.1 The Site or e-mails may contain links to other external websites that do not fall under our domain. We are not responsible for the privacy practices or the content of such external websites. If you choose to follow such links to external websites, you do so at your risk.

15.2 We sometimes embed content from third parties, including but not limited to, YouTube, Vimeo, Facebook, Mixcloud, Soundcloud, Giphy, Google Maps, Stay22 and Kiwi.com (also known as Skypicker) into the site for better user experience. Pages with this embedded content may set a cookie from these third party websites, furthermore additional third party services may be included by these embedded contents, such as Mixpanel and Google Analytics. Festination.com does not control the setting of these cookies and the included third party services. You should check the relevant third party website for more information about these.

15.3 Festination Site uses third-party services, such as Google Analytics. Google Analytics is used to monitor and analyze web traffic and to keep track of User behavior. IP Anonymization feature is enabled in Google Analytics for privacy reasons. Any data collected will be used in accordance with our Privacy Policy and Google's Privacy Policy. More information on how users may opt out of Google Analytics's use of cookies can be found at the Google Analytics Opt-out Page. For more information about cookies used by Google Analytics please see the original document: Google Analytics Cookie Usage on Websites

15.4 Cloudflare uses cookies to identify trusted web traffic. It does not correspond to any user id in the Site, nor does the cookie store any personally identifiable information. They use the following cookie:

16. Changes to the Privacy Policy

16.1 We reserve the right to change our Privacy Policy at any time. The current version of Privacy Policy is available on the Site, indicating the effective date. You are encouraged to periodically check our Privacy Policy.

17. Contact Information

17.1 If you have any queries or concerns regarding our Privacy Policy and how the information is handled, or you wish to access, retrieve, amend, or update your Information feel free to contact us at [email protected]