The visit to the Web does not imply that the user registers or that they must provide personal data. When you must provide them, the website informs about the mandatory nature of the delivery of the data, by means of an asterisk [*]. To enjoy certain services or solutions, the user must register as a registered user and / or register for the proposed events.
Where does your data go?
The personal data that you provide us is understood as express consent for them to be processed and incorporated into a file; the responsibility of MUSICAL ENTRETENIMIENTO, S.L. (hereinafter ELROW), CIF: B-66084625 and address at Avda. Esplugues, 79, 08034 Barcelona, Tel .: +34 932 063 034, Email: email@example.com
In the event of ticket purchases for events organized or promoted by ELROW customers, the data of the event registration form will also be included in the files of these organizers, identified in the event's information page and in the purchase conditions that the buyer user must accept beforehand.
Why is your data treated?
The personal data that you provide us implies an express consent for the administrative and commercial management regarding the use of our services, products and promotions or those of organizers / promoters of events of our client, so that ELROW can inform you via any means about them, unless you tell us otherwise. Specifically:
- Contact and Newsletter: To inform you about services, products and promotions of ELROW, as well as for commercial and statistical analysis, and to be able to improve and / or personalize the offers of our services and products.
- User registration: Registration in the private account of ELROW to enjoy the services and products offered, among which are those of ticket sales and download the tickets, as well as for commercial and statistical analysis and to improve and/or customize the offers of our services and products.
- Ticket Sales: For the handling of the ticket purchase of the event selected by the buyer, the commercial and statistical analysis, and to be able to improve and or personalize the offers of our services and products.
During the events, pictures can be taken of spectators without being able to identify or connect the person in the image with the identification data on our files. ELROW may use these images of the public event in publications and social networks belonging to the company, the press, and any other social media within the common purposes and uses of the services provided, for an unlimited period of time.
The main purpose of the processing of your personal data is not subject to the informed consent you gave us when using our website to store cookies and share your anonymized information with third parties, with the aim of creating profiles for the personalization of our own and third party advertising, analyse traffic on our website and offer you services related to social networks. For more information, consult our Cookies Policy here.
What data do we need?
The data being handled is identifying data of users and participants, and concerning the purchase modality or options of the events selected by the user.
In exceptional cases and depending on the types of registration in organized events, compulsory data of hobbies, preferences, tastes or membership/affiliation to clubs, associations etc. can be requested, this being data collected for analysis and statistics, and to improve and/or personalize the offers of our services and products; in the event that you do not provide or consent to the processing of such data, ELROW reserves the right to not accept the purchase if such data is considered to be mandatory.
How long is data conserved?
The data will be stored and processed until you request its cancellation, and at least for the time that is imposed by legal requirements in force for ELROW.
Transfer and access of data by third parties
The data will not be transferred by ELROW to third parties without the prior consent of the user.
For the fulfillment and attainment of the services of the Web, the registration data of events facilitated by you may be communicated to the organizers promoters, clients of ELROW, as legitimate co-responsible parties of the data, in the event you have not provided it directly to them. ELROW is not responsible for the use that these organizers/promoters make of the data.
Concerning Payment and International Data Transfer
Our store is hosted at Shopify Inc. They provide us with the online ecommerce platform that allows us to sell you our products and services.
Your data is stored through Shopify data storage, databases and the general application of Shopify. They store their data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card details. It is encrypted using the payment card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as you need to complete your purchase transaction. After it is complete, the information in your purchase transaction will be deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security standards Council, which is a joint effort of brands such as Visa, Mastercard, American Express and Discover.
PCI-DSS Requirements help ensure the safe handling of credit card information by our store and its service providers.
Shopify is a member of the EU-U.S. Privacy Shield Framework, and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).
In general, third-party suppliers we use will only collect, use and disclose their information to the extent necessary to enable them to perform the services they provide.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies regarding the information we need to provide for their transactions related with the purchase.
For these vendors, we recommend that you read your privacy policies so you can understand how these providers will handle your personal information.
In particular, remember that certain providers may be located or have facilities located in jurisdictions other than you or us. Therefore, if you decide to proceed with a transaction involving the services of an external service provider, then your information may be subject to the laws of the jurisdictions in which that service provider or its facilities are located.
For example, if you are in Canada and your transaction is processed by a payment gateway located in the United States, your personal information used to complete that transaction may be subject to disclosure under United States law, including the Patriot Act.
What is the legal basis of the processing?
As far as it is necessary for the fulfilment of the purposes expressed herein and as a necessary legal requirement, both the purchase/payment of tickets and the submission of data in a form filled in by you, are positive and unambiguous actions that express consent of said processing.
What rights and obligations do you have regarding this data processing?
It is the responsibility of the User to provide all the updated data required as mandatory for the use and enjoyment of the services and products offered. The data and information provided will be assumed to be true, accurate and up-to-date, it being the User's responsibility to modify and/or update said information at all times; otherwise, it will be understood that the data has not been modified and that it is accurate and current.
If you have provided us with personal data of a third party, you must, prior to its inclusion, have informed and requested their consent to the points set out herein.
At any time, you may exercise your rights of access, rectification, deletion and opposition, limitation of processing and portability with respect to your personal data, by sending a communication with a photocopy of your ID, to ENTRETENIMIENTO MUSICAL, S.L. to the email: firstname.lastname@example.org; In the case of marketing or direct electronic communications, the mails will offer an automated system to refuse the reception of future commercial communications; all without retroactive effect on the previous processing and transfer of data to third parties, and without detriment to the obligations and legal consequences arising from those responsible for the files.
Specifically, the general content of your rights are as follows:
- Right of access. Right to confirm that we are processing your personal data and, if so, to obtain a copy of said data and complete information about the treatment.
- Right of rectification. Right to correct errors, modify inaccurate or incomplete data and guarantee the certainty of the information subject to processing.
- Right of suppression. Right to request the deletion of your data without undue delay, in the event that the processing is illegal or the purpose that motivated its processing or collection has disappeared.
- Right to limitation of processing. Right to request the suspension of the processing in case it is illegal or the accuracy of the data has been challenged.
- Right of opposition. Right to object to the processing of your data when it has as its object direct marketing or when the processing should cease for reasons related to your personal situation, unless a legitimate interest is proven or necessary for the exercise or defence of claims.
- Right to not to be the subject of individualized decisions. Right to not to be the subject of a decision based solely on automated processing, including profiling, which produces legal effects or affects you, unless it is necessary for the execution of a contract, is permitted by law or you have given your explicit consent.
- Right of Portability. Right to receive the personal data that concerns you, when you have contracted a service of distribution and management of tickets, in a structured format, of common use and in a machine-readable format, and to transmit them to another processing controller when the processing is done by automated means.
The exercise of these rights is free, unless manifestly unfounded or excessive requests are made, in which case the interested party may be required to assume the cost of processing the application.
Likewise, we remind you that according to EU Regulation 2016/679, you have the right to claim for any legal breach before the data protection control authorities.
Security and confidentiality
ELROW will treat the data with the utmost confidentiality and will maintain professional secrecy with respect to all of it, undertaking not to communicate it to other persons, even for the purpose of preserving it, and this obligation shall remain in force even after commercial relations with the user has ended, always in accordance with current legislation, implementing the necessary technical, organisational and safety measures to ensure the security of the personal data processed, and to prevent alteration, loss and unauthorised processing of the information, given the state of technology, the cost of application, the nature of the data stored, the ambit, context and processing ends, as well as the risks of diverse probability and seriousness which they are exposed to and which the processing entails for the rights and liberties of natural persons.
To protect your personal information, reasonable precautions and industry best practices are followed to ensure that it is not lost, misused, accessed, revealed, altered or destroyed inappropriately.
If you provide us your credit card information, the information is encrypted using SSL (Secure Socket Layer) technology and stored with an AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement other generally accepted industry standards.