1.1 Controller
Ticketbutler ApS is the data controller of the processing of your personal data in relation to the personal data given to us when we deliver our products to you.
Automagical is acting as a data processor being the app provider.
1.2 Contact information
In case of inquiries regarding Ticketbutler ApSs processing of your personal data in relation to your transactions with us, you are welcome to direct your questions through the same channel you originally communicated with us or please contact us through [email protected].
2.1 Purpose of treatment of personal data
The main purpose of the processing of personal data is to be able to enter into contracts with you and provide you with our products and services.
An additional purpose also entails the compliance with legal requirements stemming from Anti Money Laundering- and Bookkeeping rulesets.
2.2 Legal grounds for treatment
The processing of your personal data is a necessity for Ticketbutler ApS being able to enter into contracts with you.
After the provision of services and products, the processing will furthermore be necessary for Ticketbutler ApSs legitimate interest in being able to assess, ascertain or defend current and future legal ramifications.
Finally, the processing of your personal data is done in accordance with legal requirements stemming from The Anti Money Laundering- and Bookkeeping Acts.
3.1 Categories of recipients
Your personal data is passed on to collaborative partners, hereunder financial institutions, accountants, attorneys, and data processors.
3.2 Categories of recipients in third countries
Your personal data is not transferred to third countries. A third country is a country outside the EU/EEA, such as the United States.
The data is not transferred to international organizations. An international organization is for instance UN, EU or NATO.
3.3 Types of personal data
The type of personal data we collect from you includes login information such as your email address. We do not collect sensitive user data.
4. Time frame for storage
Your personal data is ordinarily stored five years after the last login of the app.
5. Obligations
Submission of your personal data is a prerequisite for us to be able to do business with you.
6.1 Rights
Under the General Data Protection Regulation you have a number of rights in relation to the processing of your personal data.
If you wish to make use of your rights, please turn to us through [email protected].
6.1.1. Right of access
You have the right to access the personal data we process on your behalf, as well as to receive a copy of the data.
6.1.2. Right of rectification
You have the right to have incorrect data about yourself rectified.
6.1.3. Right to erasure
In special cases you have the right to request erasure of your personal data.
6.1.4. Right to restriction of processing
In certain cases you have the right to restrict the processing of your personal data. If you have the right to restricted processing, we cannot process your personal data, unless it is for storage, with your consent or for the establishment, exercise or defence of a legal obligation or to protect a person or important public interests of the European Union or of a Member State.
6.1.5. Right to objection
In specific situations cases you have the right to object to our processing of your personal data.
6.1.6 Right to data portability
Under certain circumstances, you have the right to receive your own personal data in a structured, commonly used and machine-readable format, as well as to transfer this data from one controller to another without hindrance.
7. Supervisory authority
You can read more about your rights in the Danish supervisory authority Datatilsynet guide which you can find on www.datatilsynet.dk where you also can file a complaint.
1.1 The Processor declares that it will implement the appropriate technical and organisational measures in such a way that the processing meets the requirements of the General Data Protection Regulation and ensures the protection of the data subjects’ rights.
2.1 The processing involves the fulfillment of the Terms and Agreement between the Processor Ticketbutler and the Controller the Exhibitor.
2.2 The duration of the processing activities is two years after last use of the Lead Retrieval App.
2.3 The processing consists of collection, storage, use, further processing, and erasure for the purpose of administering the Controller’s collection of leads in relation to events.
2.4 The processing includes Article 6 information in the form of contact information, including name, address, telephone number, and e-mail.
2.5 The is no processing of Article 9 information.
2.6 Personal information about the Controller’s current and former employees, customers, suppliers, and collaborators is processed.
3.1 The Processor may only process personal data in accordance with documented instructions from the Controller.
3.2 The requirement for the Controller’s documented instructions of The Processor’s procedures under clause 3.1 can only be set aside if this is required by EU or national law to which The Processor is subject.
3.3 If clause 3.2 applies, The Processor shall notify the Controller of this legal claim without undue delay before processing, unless the court in question prohibits such notification on important arounds of public interest in so far as this is possible.
4.1 Taking into account the nature of the processing, The Processor will assist the Controller as far as possible by means of appropriate technical and organizational measures, in fulfilment of the Controller’s obligation to respond to requests for exercising of the data subjects’ rights as laid down in Chapter III of the general Data Protection Regulation.
5.1 The Processor assists the Controller in ensuring compliance with the obligations pursuant to Articles 32 to 36, taking into account the nature of the processing and the information available to The Processor. The Processor is entitled to separate payment in relation to the assistance mentioned above.
5.2 The Processor takes all measures required pursuant to Article 32.
5.3 The Processor ensures the persons authorized to process the personal data have committed themselves to confidentiality in their employment contract or are subject to an appropriate statutory obligation of confidentiality.
6.1 The Processor is hereby granted general approval from The Controller to use sub-processors in relation to fulfilment of the Terms and Conditions.
The Controller is informed about the Processor’s sub-processors on this page, where the Processor also informs about changes in the choice of sub-processors. The Processor ensures that the overview of sub-processors is available at this page.
The current sub-processors are:
VikingC – Denmark – purpose: app development, data storage, and sending e-mails.
6.2 The Processor informs the Controller of any intended changes in sub-processors as soon as possible, as indicated under section 6.1.
6.3 If the Controller does not want the Processor to use an announced sub-data processor as notified, cf. section 6.2, the Controller must object in writing to the Processor against the use of such new sub-processor without undue delay after becoming aware of the replacement.
6.4 If The Processor makes use of a sub-processor in connection with the execution of specific processing activities on behalf of the Controller, the sub-processor shall be subject to the same data protection obligations as those set out in Article 28 of the General Data Protection Regulation.
6.5 If a Sub-Processor, as mentioned under 6.4, does not fulfill its data protection obligations, The Processor will remain fully liable to the Controller for the fulfilment of the Sub-Processor’s obligations.
7.1 The Processor makes available to the Controller all information necessary to demonstrate compliance with the requirements laid down in Article 28 of the general Data Protection Regulation.
7.2 With 30 days notice, the data processor allows for and contributes to audits, including inspections, conducted by the Controller or another auditor authorized by the Controller.
7.3 The Processor shall immediately inform the Controller if an instruction regarding clause 7.1 or 7.2, in the Processors opinion, infringes the general Data Protection Regulation or data protection provisions of other union or Member State data protection provisions.
7.4 The Processor is entitled to invoice separately for work related to 1.7.2 and 1.7.3.
8.1 The Processor returns all personal data after the processing service has been terminated and deletes all existing copies.
8.2 The processor’s obligation to deletion and return data under Section 8.1, does not apply if EU law or Member State law requires storage of the personal data.
8.3 The data processor documents, without undue delay, to the Controller which rules under EU law or Member State law requires the storage of the personal data, as mentioned under 8.2.
9.1 Statutory changes are introduced by the Processor and the Controller is notified of this as soon as possible. Such changes do not affect the validity of the agreements already concluded, nor do they require the adapted agreement to be signed.