- The information we collect and why we collect it;
- How we use that information;
- How we share information; and
- The choices we offer.
1. Personal Data
When you use or interact with us through the Service, we collect Personal Data. Users must consent to us collecting their Personal Data before accessing the Service.
We gather Personal Data when you voluntarily give such data to the Service, for example, when you sign up for a workshop, send an enquiry, or interact with the Service in any other way. The Personal Data we may gather includes, but is not limited to, your name, address, email address and other data that empowers Users to be distinguished.
If you have queries or concerns about the personal information being collected or used please contact us at firstname.lastname@example.org.
2. How We Use Your Personal Data
PT Ersania collects and uses Users’ Personal Data and other information for the following purposes:
- To process transactions, including ticket purchases. We may use the Personal Data Users provide about themselves when placing an order only to provide service to that order. We do not share this information with outside parties except to the extent necessary to provide the service.
- To maintain marketing communications, Where it is in accordance with your marketing preferences, we may use your Personal Data to contact you in the future for our marketing and advertising purposes, including without limitation, to inform you about services or events we believe might be of interest to you, to develop promotional or marketing materials and provide those materials to you, and to display content and advertising on or off the Service that we believe might be of interest to you.
- To facilitate workshop organizer communications – If you registered for an event on the Service, your email address is available to the Company for the purpose of communicating with users about arrangements for and participation in a workshop.
- To provide support. We may use your Personal Data when providing you with customer support.
3. How We Protect Your Personal Data
- We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your Personal Data, username, password, transaction information and data, including Personal Data, stored on our Service.
- Sensitive and private data exchange between the Service and its Users happens over industry standard Secure Sockets Layer (SSL) encryption technology.
- Please note that while we endeavor to protect your Personal Data, we cannot guarantee the security or privacy of your Personal Data. You agree to transmit your Personal Data solely at your own risk.
- We shall investigate and report data breaches within 72 hours of becoming aware of such breach. When a breach of Personal Data is likely to result in a high risk to the rights and freedoms of individuals then the Company, as Controller, will notify the affected individuals without undue delay.
4. How We Disclose and/or Share Your Personal Data
We do not sell, trade, or rent Users’ Personal Data to others except as provided for herein:
- We may use third party service providers to help us operate our business and the Service or administer activities on our behalf, such as sending out newsletters or surveys. We may share your Personal Data with these third parties for those limited purposes.
- We may share Personal Data with our software developers, system integrators, and payment processors, subject to our safeguards and protective measures.
- We may disclose Personal Data if required by law or when we deem it necessary in an emergency situation.
5. How You Can Access, Update or Delete Your Personal Data
Users can request access to some of your Personal Data being stored by us. Users can also ask us to correct, update or delete any inaccurate Personal Data that we process about them.
If a Consumer initiates a data deletion request, the Company is authorised to delete or anonymize Personal Data of the requesting Consumer from the Service even if that means removing its availability to a workshop organizer through the Service.
Users may exercise these rights by contacting us directly at: email@example.com. We will consider and respond to all requests in accordance with applicable law.
6. How Long We Retain Your Personal Data
We may retain your Personal Data for as long as necessary to provide you with our Services. However, we may retain Personal Data for an additional period as is permitted or required under applicable laws. Even if we delete your Personal Data it may persist on backup or archival media for an additional period of time for legal, tax or regulatory reasons or for legitimate and lawful business purposes.
7. The EU General Data Protection Regulation (GDPR)
In May 2018, a new data privacy law known as the EU General Data Protection Regulation (or the “GDPR”) became effective for citizens of the EEA, Switzerland and England.
- you provided your consent;
- it is necessary for our contractual relationship;
- the processing is necessary for us to comply with our legal or regulatory obligations; and/or
- the processing is in our legitimate interest as an event organising and ticketing platform (for example, to protect the security and integrity of our systems and to provide you with customer service, etc.).
a. Personal Data retention
We retain your Personal Data for as long as necessary to provide you with our Services, or for other important purposes such as complying with legal obligations, resolving disputes, and enforcing our agreements.
If you have an account with us, we will typically retain your Personal Data for a period of 90 days after you have requested that your account is closed or if it’s been inactive for 7 years.
b. Your rights
Data protection law provides you with rights in respect of Personal Data that we hold about you, including the right to request a copy of the Personal Data, request that we rectify, restrict or delete your Personal Data and unsubscribe from marketing communications.
You can also request a copy of your data as set forth in Section 9. Please note that requests to exercise data protection rights will be assessed by us on a case-by-case basis. There may be circumstances where we are not legally required to comply with your request because of the laws in your jurisdiction or because of exemptions provided for in data protection legislation.
c. PT Ersania as a Data Controller and a Data Processor
EU data protection law makes a distinction between organizations that process Personal Data for their own purposes (known as “data controllers”) and organisations that process Personal Data on behalf of other organisations (known as “data processors”). If you have a question or complaint about how your Personal Data is handled, these should always be directed to the relevant data controller since they are the ones with primary responsibility for your Personal Data.
PT Ersania may act as either a data controller or a data processor in respect of your Personal Data, depending on the circumstances.
8. Information correction
If you believe the data we have collected on you is incorrect, you are encouraged to contact us to update it. Any data that is no longer needed for the purposes specified in this Policy will be deleted. You may request to have your data updated or deleted at any point by emailing us at firstname.lastname@example.org.
9. The rights of Users
Users have the right, at any time, to know whether their Personal Data has been stored and can consult the Data Controller to learn about their contents and origin, to verify their accuracy or to ask for them to be supplemented, cancelled, updated or corrected, or for their transformation into anonymous format or to block any data held in violation of the law, as well as to oppose their treatment for any and all legitimate reasons. Requests should be sent by email to email@example.com.
11. Children – Children’s Online Privacy Protection Act
12. Storage and Processing
If you are using our Services from outside the United States, please be aware that you are sending information (including Personal Data) to the United States where our servers are located. The Company may transfer information that we collect about you, including personal information, to affiliate entities, or to other third parties across borders and from your country or jurisdiction to other countries or jurisdictions around the world. If you are located in the European Union or other regions with laws governing data collection and use that may differ from United States law, please note that we will not transfer information, including personal information, to a country and jurisdiction that does not have the same data protection laws as your jurisdiction.
13. Governing Law
14. Contacting us