Back

Information clause regarding data processing

  1. Who is your personal data controller?

    Controller of data provided by the User is Eventim sp. z o.o., with registered office in Warsaw, Mokotowska 49, 00-542 Warsaw, registered in the commercial register kept by the District Court for the capital city of Warsaw, 12th Commercial Division under number KRS 0000213454, NIP: 526-277-47-51, share capital PLN 4,106,000 (hereinafter referred to as the “Data Controller”).

  2. Who may provide you with additional information on the processing of your personal data?

    You may contact the Data Controller at: iod@eventim.pl.
    You may also write about any and all issues concerning the processing of personal data and use of rights connected with data processing to an indicated data protection officer at: iod@eventim.pl or by mail to: Michał Iwaszko Inspektor Ochrony Danych Eventim sp. z o.o., Mokotowska 49, 00-542 Warsaw.

  3. What is the purpose and legal basis for the processing of your personal data?

    The Data Controller may process personal data:

    1. on the basis of your consent – in such a case your personal data will be processed for the purposes for which the consent was provided. A detailed description of the purpose is provided at the moment the consent is collected. On the eventim.pl website you may grant your consent for the processing of data in connection with:

      1. Ticket Alarm subscription – data is processed for the purpose of transferring the selected Ticket Alarm notifications;

      2. Waiting list subscription – data is processed for the purpose of transferring ntofications about the availability of additional tickets or additional dates of events from the Controller's offer;;

      3. Newsletter subscription – data is processed for the purpose of transferring a newsletter;

      4. setting up an account on the eventim.pl website – data is processed for the purpose of setting up and keeping the account on the eventim.pl website;

      5. FanBonus programme subscription – data is processed for the purpose of calculating the bonus value and creating and forwarding the voucher;

      6. transferring Fan’s Report (Raport Fana) – data is transferred for the purpose of publication of the Fan’s Report and in order to forward information about its status;

      7. transferring a contact form – data is transferred for the purpose of establishing contact or providing information in connection with the sending of the contact form;

      8. on the basic of consent from people who have agreed to receive a personalized eventim.pl Newsletter, i.e. tailored to individual interests, are subject to profiling to determine individual preferences and provide these people with an appropriate Eventim offer. The basis of the processing is the consent. Profiling includes data on preferences as to the type of events for which tickets are selected on the eventim.pl website and allows to send newsletters corresponding to the above-mentioned interests of the recipients of personalized newsletters. Eventim has implemented appropriate measures to protect the rights, freedoms and legitimate interests of the data subject;

      9. based on the given consent to receive notifications, in order to use the Favorites service, which consists of the User receiving personalized notifications about artists, venues, event categories or cities added by the User to the Favorites list by marking them with a heart icon. Notifications within the Favorites service are sent: (i) in the form of notifications about Favorites displayed in connection with the personalization of the Eventim homepage after logging in by the User to the Eventim System; and (ii) in the form of personalized notifications in the Eventim PL app (if displaying notifications by the app on the User's device has been activated). To use the Favorites service, you need to have an account in the Eventim System. The basis for data processing is given consent. Consent is given once. To personalize notifications within the Favorites service, the data is profiled. Profiling includes data regarding preferences for the type of artists, venues, event categories or cities that the User has added to Favorites and allows sending personalized notifications (in the forms indicated above) corresponding to the above interests of the User. Eventim has implemented appropriate measures to protect the rights, freedoms and legitimate interests of the data subject.

      Legal basis for the processing is Article 6 (1) a) of the GDRP (i.e. data subject has given consent to the processing of his or her personal data).

    2. in order to perform an order, as submitted, which concerns tickets available at eventim.pl, merch (t-shirts, hats, cups etc.) or gift vouchers (data of gift vouchers recipients is processed exclusively for the purpose of voucher delivery and execution). Legal basis for the processing is Article 6 (1) b) of the GDRP (i.e. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract).

      In case of acquisition of bearer tickets, the data controller of personal data which appears on the ticket i.e. provided for ticket personalisation, is an organizer of an event the tickets concern. Detailed information can be found at the event’s webpage.

      In the case of purchasing tickets in Eventim.pass format, personal data included in the order are also processed in order to make such Ticket available and to generate a Ticket to be scanned at the entrance to the event (data of recipients of tickets in Eventim.pass format are processed in order to provide and generate such Ticket). Legal basis for the processing is Article 6 (1) b) of the GDRP (i.e. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract).

      In the case of purchase of Admission Ticket Insurance, the Controller of your data is the insurer and your data are processed for the purpose of performing the contract. Basis: article 6(1) b) of the GDPR. More information can be found here: https://www.ergo-ubezpieczeniapodrozy.pl/polityka-prywatnosci/.

    3. necessary for the purposes resulting from the legitimate interest of the Data Controller, i.e. to consider claims, for the purpose of responding to the contact made by the customer, for the purpose of solving technical problems, for the purpose of ensuring the quality of the provided services and for analytical and statistical purposes, as well as for the purpose of direct marketing. The legal basis for the processing is Article 6 (1) f) of the GDRP (i.e. processing is necessary for the purposes of the legitimate interests pursued by the data controller).

    4. Personal data processed in connection with contacting Eventim/by Eventim, in person or using means of electronic communication (e.g. e-mail, telephone, instant messaging, Teams application) are processed in connection with the matter to which the contact relates or correspondence conducted, including for the purpose of maintaining business relations with Eventim customers. The legal basis for the processing of personal data is Article 6(1)(f) of the GDPR (processing is necessary for the purposes of legitimate interests pursued by the controller or by a third party). In the case of correspondence or other personal contact or with the use of electronic communication means (e.g. telephone, instant messaging, Teams application) in relation to the performance of a contract concluded with Eventim, personal data shall be processed pursuant to Article 6(1)(b) of the RODO (processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract).

      If you have any questions or concerns, please contact us at the address indicated in point 2.

  4. Is it necessary to provide us with your personal data?

    You are free to provide us your personal data, however, such data is necessary in order to perform the above mentioned purposes.

  5. How long do we store your personal data?

    The Data Controller will not store your personal data longer than necessary, in order to achieve the purposes for which it was collected or longer than stipulated under the law.

    Depending on the legal basis of processing, your personal data will be stored:

    • 1. on the basis of your consent – personal data will be stored until the moment you withdraw your consent or the purpose of processing for which the data was obtained ends, depending on whichever is earlier.

    • 2. on the basis of a contract made – personal data will be processed for the duration of the agreement, and after its termination, the necessary scope of data will be processed until the expiration of claims arising from the agreement, based on point 3.3 above.

    • 3. on the basis of legitimate interest of the data controller – by the time the interest is met or until any objection is submitted in relation to such processing, unless there appear legitimate grounds for further processing.

  6. What are your rights in respect of data processing?

    Based on the principles of the GDRP you have the right to demand access to your data and to seek data rectification, deletion or blocking their processing. Upon your request data controller will provide you with the copies of personal data subject to processing, while any further copies may be obtained subject to a reasonable fee as a result of administrative costs.
    In the event of data processing on the basis of your consent, you have the right to withdraw the consent at any time. Such withdrawal does not influence compliance with the law of the processing, which was performed based on the consent prior to its withdrawal. To withdraw your consent contact iod@eventim.pl.

    To the extent to which your data is processed by automated means in order to conclude and perform the agreement or based on the consent granted – you may transfer your personal data, i.e. receive your personal data from the controller of your data, using a structured commonly used format in a machine-readable form. You may sent such data to another data controller.

    In the event of data processing on the basis of legitimate interest of the Data Controller you have the right to raise at any time an objection for the reasons connected with your specific situation. If your personal data are also processed for direct marketing purposes, you have the right to object to the processing of your personal data to the extent that the processing is related to such direct marketing, at any time and without giving reasons.

    You may also pursue a claim with the supervisory body responsible for the protection of personal data (President of the Office of Personal Data Protection).

    In order to use the above mentioned rights you should contact your data controller or data protection officer. Contact details are as above.

  7. Who may be your data recipient?

    We are providing your personal data only to such entities which must have access to the same in order for us to guarantee the high quality of services. Data is transferred on the basis of an agreement concluded with the Data Controller and exclusively upon the instructions of the Data Controller. We do not make available your data to any third parties for their own use – we do so solely to perform our services. All partners engaged in the processing of personal data of our users ensure data security and abide by all personal data protection obligations.
    Data importers may be entities providing services to Data Controller such as: bookkeeping, marketing, IT, legal services and entities supporting the Data Controller in the provision of services as well as those which provide the services connected with the events and IT services providers, post and mobile operators and couriers. In case of data of persons acquiring the tickets for events, data importers may be also events’ organizers. Moreover, personal data may be disclosed to competent authorities according to applicable provisions of law. Your data may also be transferred for marketing purposes to event organizers, but only on the basis of your consent.



Online Services and Cookies

Using cookies files (so-called cookies), which are files recorded by your internet browser on a hard drive of your computer, Eventim collects data related to the manner, in which you use Eventim’s websites, in order to optimize our services offered to the visitors and users of our company’s websites. Cookies do not allow identification of your identity. Data recorded in cookies contain information as to which websites were visited by you, the date and time of the visit and other information concerning your activity on the websites.

Eventim uses various software solutions in order to optimize its online services. These solutions allow analysing the use of websites and collecting valuable information on the needs of the users in order to constantly enhance the intuitiveness and the quality of online services. In order to conduct such analysis, aggregate and anonymous statistical data are intercepted. These data are the data of anonymised connection and data on the sequence of launched links (clickstream data), related to the used browser, a number of visits/entries on the website and the behaviour of the given users visiting the Eventim.pl website. Within the course of collecting and processing data, an abbreviated IP address of the visitor may also be viewed.

Data are analysed, in particular for the following purposes:

  1. calculating the number of website’s visitors,
  2. tracing these areas of the website which are particularly attractive for a particular visitor of the website,
  3. analysing where the visitors of the website come from in order to optimize the provided services.

Aforementioned process covers the use of cookies. By adjusting settings in their browsers, users may at any time block cookies or indicate that cookies may be set only, when they are expressly accepted by the user. At any time, the users may also block using their data at all, for all the implemented solutions, by choosing the “opt-out option” as presented in a particular solution. However, if the user wishes to opt-out, particular recommendations may not be further presented.

For analytical purposes, we use Google Analytics 360, a service provided by Google Ireland Ltd. ("Google"). Google Analytics 360 uses cookies to analyze the use of our websites. The information generated by the cookies about the use of our websites is transmitted and stored to Google Analytics 360 in the US via a server operated by us in Europe. This data transfer is carried out on the basis of EU standard contractual clauses. This ensures adequate protection of your personal data. More information can be found HERE.
For more information on the terms of use and data protection of Google Analytics 360, please click HERE.
If you are located in a member state of the European Union or countries operating under the Agreement on the European Economic Area, we abbreviate your IP address before it is transferred to the Google Analytics 360 server. The exception is websites that we operate on a joint responsibility basis with our partners, there your data will be transferred to Google Analytics 360 after IP anonymization is applied.

Eventim uses the following programme solutions in a meaning mentioned above:

Eventim also works with the Stay22.com affiliate network. Cookies in this cooperation are used to register the details of each click on the banner / widget or Stay22.com link and enable to assign conversion to the appropriate partner account. For more information, please read the Privacy Policy of www.stay22.com.

Eventim also uses the Frosmo platform, which collects data about website visitors in order to provide audience with new functionalities and services. To collect data, Frosmo uses different technologies, including browser cookies. By default, the Frosmo platform does not collect personal data that in itself enables the identification of an individual data subject. Frosmo never collects visitor data for its own purposes, nor for the purpose of selling it to a third party.

Note: The resignation is made using cookies. If the cookies are deleted, the opt-out option must be reactivated.

Retention Period

Eventim will not retain your personal data longer than it is necessary to attain purposes for which these data were collected or longer than as provided by the relevant law.

Right to Access, Modify or Object

You may address Eventim to access your personal data held by Eventim, and you may modify or delete invalid personal data. You are entitled to prohibit Eventim from collecting or disclosing your personal data.

In order to exercise this right, please inform us about this fact at iod@eventim.pl.

Data Security

Eventim undertook all measures in order to ensure confidentiality, security and integrity of your personal data. Communication between your computer and our server when we collect your personal data is encrypted using the SSL (Secure Socket Layer) protocol. Access to personal data is allowed only to persons, who need to know such data and who are expected to abide by these rules. Eventim pays great attention to ensuring that your personal data are not modified, infringed or inappropriately used by third parties, who are not authorised to have access to the data.

You can freely modify your own cookie settings through the Privacy Preferences Center, which you can access via the "Cookie settings" button in the lower left field of the page.

Information obligation of Eventim

In connection with the conclusion of the Agreement, within the performance of the obligations arising from Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ EU L 119, p.1) - hereinafter referred to as “GDPR", Eventim hereby informs that:

  1. Eventim sp. z o.o. with its registered office in Warsaw, ul. Mokotowska 49, 00-542 Warsaw (further: Eventim) is the data controller in relation to the personal data indicated by the Promoter as the persons competent to conclude and perform the Agreement, including to engage in contact.

  2. Personal data of persons referred to above shall be processed on the basis of:

    1. Article 6(1)(f) of the GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller), i.e. for the conclusion and performance of the Agreement and for the establishment, investigation or defence against any claims arising out of the implementation of the Agreement;

    2. Article 6(1)(c) of the GDPR (processing is necessary to fulfil the legal obligation of the controller), i.e. in connection with the obligations arising from accounting and tax legislation.

  3. The source of personal data of the persons referred to above shall be the Promoter i.e. the person that indicated the person.

  4. Eventim processes the following categories of personal data, i.e. identification data (name, surname, position) and contact details (e-mail address and telephone number).

  5. The provision of personal data is voluntary, however it is necessary for the purpose of the processing.

  6. Personal data will be processed by Eventim for the duration of the Agreement and after its termination or expiry - for the time period arising from applicable laws, including data storage obligations. These periods may be extended if it is necessary to establish, investigate or defend against claims associated with the performance of the Agreement.

  7. In the case of processing personal data in order to pursue the legitimate interests of the controller, the data shall be processed for the period necessary to pursue the purpose of the processing indicated above, i.e. until such time as it is completed or until an objection is raised to such processing, unless there are legitimate grounds for further processing.

  8. Recipients of personal data on behalf of Eventim shall be authorized employees/associates and entities with whom Eventim has concluded relevant agreements, such as: subcontractors cooperating in the performance of the Agreement, providers of IT systems and services, and an accounting firm. Courier companies and postal operators, as well as tax and legal advisors can also be recipients of data. In addition, personal data may be disclosed to competent authorities authorised under applicable law.

  9. The data subject has the following rights under the rules set out in the GDPR:

    1. the right to require access to, rectification and erasure of personal data from the data controller;

    2. the right to require the data controller to restrict the processing;

    3. the right of data portability;

    Furthermore, the data subject shall also have the right to object to the processing of his or her personal data on the grounds referred to in 3.(a) above for reasons connected with a particular situation. The aforementioned rights may be exercised through the contact point referred to in points 15 and 16 respectively.

  10. Irrespective of the above, data subjects also have the right to lodge a complaint with the President of the Personal Data Protection Office if they consider that the processing of their personal data violates the provisions of the GDPR.

  11. Data subjects are not subject to automated decision-taking, including profiling.

  12. Eventim shall not transfer personal data to a third country or an international organisation, provided that if such transfer proves necessary for the implementation of the Agreement, it may take place only subject to the appropriate safeguards indicated in the GDPR.

  13. Eventim has appointed a Data Protection Officer who can be contacted by e-mail (e-mail address iod@eventim.pl) or by post (postal address: Inspektor Ochrony Danych Eventim sp. z o.o., ul. Mokotowska 49, 00-542 Warsaw).