Principles for processing personal data
AS Piletilevi Group (registry code 10568581, address Maakri 23A, Tallinn, 10145, hereinafter Piletilevi or we) values the privacy of our customers. Piletilevi and other establishments in the same group process personal data based on the principle of minimality: we only process the personal data necessary for providing our services.
The objective of this document is to explain to you in a transparent and understandable manner how and under which principles do we process the data of our customers. In this document, we describe our data processing principles and how we process personal data. Please read the principles for processing personal data carefully to understand how we might process your data.- TERMS AND ABBREVIATIONS
GDPR or General Regulation | Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. |
Personal data | Any information relating to an identified or unidentifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. |
Valid rights | All legislations in force and applicable in the European Union and in the Republic of Estonia, including, but not limited to the national implementing acts of the GDPR. |
Customer or data subject | A natural person who uses, has used, or has expressed a wish to use the services of Piletilevi and whose personal data Piletilevi is processing, including with regard to using the Piletilevi e-store through the Piletilevi web site. |
Piletilevi | AS Piletilevi Group (registry code 10568581, address Maakri 23A, Tallinn, 10145). |
Processing | Any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. |
Controller | Natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. For the purposes of these principles for processing personal data, the controller of personal data is Piletilevi. |
Web site | The Piletilevi web site https://www.piletilevi.ee/ and any related subdomains or other web sites applied by Piletilevi in the future. |
Processor | Natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. |
- GENERAL
- The principles for processing personal data are applicable to customers who use, have used, or have expressed a wish to use the services of Piletilevi. Among other things, the principles for processing personal data are applicable for customers who use the Piletilevi e-store.
- Piletilevi guarantees that the processing of personal data complies with applicable law. The main legislation that Piletilevi follows with regard to processing personal data of customers is the GDPR.
- If you have any questions about the processing of your personal data, please contact us using the contact information submitted in the section ‘Contact information and questions’.
- LEGAL BASIS FOR PROCESSING PERSONAL DATA
- Piletilevi processes the personal data of customers only if it has legal basis for the processing in accordance with applicable law.
- Piletilevi might process the personal data of customers, for example, in the following cases:
- to conclude a contract, perform a contract, guarantee the performance of a contract or provide services to customers – for example, for registering as a user or using the Piletilevi e-store (legal basis: Article 6, Paragraph 1, Clause b) of the GDPR);
- to perform legal obligations, for example, with regard to performing Piletilevi accounting obligations (legal basis: Article 6, Paragraph 1, Clause c) of the GDPR);
- in the case of legitimate interests of Piletilevi or a third person, except for when such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (legal basis: Article 6, Paragraph 1, Clause f) of the GDPR). Based on legitimate interest we may send you notifications to your email address about similar products/services. We will be relying on the exception of ESS § 103¹ (3) (Electronic Communications Act), provided that you are always given an easy opt-out. For this specific processing, Piletilevi will be the joint controller together with the Organizer, if the personal data has been provided to the Organizer. Find out more about our Organizers here.
- Based on customer consent, for example, for the purposes of receiving a newsletter (legal basis: Article 6, Paragraph 1, Clause f) of the GDPR). If the customer has given consent to receive a newsletter, they have the right to withdraw their consent at any time by clicking on the ‘Remove’ link attached to the newsletter.
- COMPOSITION OF THE PROCESSED PERSONAL DATA
- In general, Piletilevi only process such personal data that are voluntarily submitted by the customer. Piletilevi does not collect information on customers from third parties.
- The precise composition of personal data which is collected and processed by Piletilevi depends on the specific services provided by Piletilevi to a customer under applicable circumstances. Detailed conditions for collecting personal data may be laid down in the contract concluded between Piletilevi and the customer.
- If a customer registers as a user at the Piletilevi e-store, then Piletilevi will collect the following data on the customer, necessary to set up an account pursuant to the terms of service of the e-store:
- username;
- first and last name;
- e-mail address;
- phone number.
- If a transaction is made (a ticket is purchased) through the Piletilevi e-store (regardless of whether or not the customer is a registered or an unregistered user of the e-store), Piletilevi will collect the following data on the customer:
- information on the ticket purchased from the Piletilevi e-store (including discount information in the case of purchasing a discount ticket);
- bank account information (bank account number and first and last name of the account owner) of the account used to conclude the transaction.
- DISCLOSURE OF PERSONAL DATA
- Piletilevi will not disclose the personal data of customers to third parties without applicable legal basis.
- In certain cases, Piletilevi might disclose the personal data of customers to entitled persons (for example, an organiser of the event for which a customer has purchased a ticket) if it is necessary for providing important organisational information, rebuying the tickets if the event is cancelled, or for any other important reason.
- Piletilevi has the right to use authorised processors for processing personal data. In certain cases, Piletilevi has authorised certain persons to process the personal data of our customers, for example, our IT service providers (server service providers, IT software developers).
- STORAGE OF PERSONAL DATA
- Piletilevi will not store personal data for longer than is necessary for the purposes of processing personal data or permitted under applicable law.
- The personal data of registered users in the Piletilevi e-store are stored by Piletilevi until the user decides to delete their account (legal basis: Article 6, Paragraph 1, Clause b of the GDPR, performance and enforcement of contract).
- Personal data regarding contracts concluded between Piletilevi and the customer are generally stored by Piletilevi for up to 3 years after the transaction (legal basis: Article 6, Paragraph 1, Clause f of the GDPR, legitimate interest and limitation period for claims as referred to in Subsection 146 (1) of the General Part of the Civil Code Act).
- Piletilevi accounting documents that may, in certain cases, include personal data, are generally stored by Piletilevi for 7 years from the end of the economic year when the economic transaction with regard to the document was recorded in the book of account pursuant to the source document (legal basis: Article 6, Paragraph 1, Clause c) of the GDPR, legal obligation and limitation period as referred to in Section 12 of the Accounting Act).
- For more detailed information on the terms of preserving your personal data, please contact us using the contact information submitted in the section ‘Contact information and questions’.
- USING COOKIES
- The Piletilevi website uses cookies. They are small text files that contain information stored in the computer of the customer for tracking or identifying the customer.
- The Piletilevi website uses the following cookies:
Name of cookie | Purpose of cookie | Information processed with the cookie | Preservation of the cookie | Is any information shared or transferred through the cookie to third parties? |
public | Shopping cart of the user | identification of user | sessional | no |
lang | attributes of the selected language | language code | 1 month | no |
designTheme | theme of the selected design | design theme code | sessional | no |
hideBanners | user choice to hide banners | ID numbers of selected banners | 1 day | no |
loginToken | automatic log-in | identification of user | 3 years | no |
_ga | Google Analytics statistics | identification of user | 2 years | yes |
_fbp | tracking Facebook advertisement efficiency | identification of user | 3 months | yes |
_gid | Google Tags Manager statistics | identification of user | 2 days | yes |
- Customers have the right to disable cookies at any time by changing the settings in their web browser. In this case, the customer must consider that some functions of the website may not work correctly. Cookies can be disabled by following the instructions in the ‘help’ section of the web browser. More information on how cookies function or how to disable cookies is available at the website www.allaboutcookies.org.
- RIGHTS OF CUSTOMERS
- Customers have all the legal rights arising from the applicable law regarding the processing of their personal data, in particular the following rights:
- right of access: the customer has the right to ask, at any time, whether Piletilevi has any of their personal data, and to acquire information about which data is processed by Piletilevi;
- right to rectification: the customer has the right to request specification or rectification of personal data by Piletilevi if the data is insufficient, incomplete, or incorrect;
- right to object: the customer has the right to object the procession of their personal data, for example, when the use of personal data is based on the legitimate interests of Piletilevi, including profile analysis for the purposes of direct marketing;
- right to erasure: the customer has the right to request erasure of their personal data if the processing is based on consent and the customer withdraws their consent for the processing of personal data;
- right to restriction of processing: the customer has the right to request that Piletilevi restrict the processing of their personal data in accordance with applicable law, for example, if Piletilevi no longer needs the personal data of the customer for processing purposes or if the customer has objected the processing of their personal data;
- right to withdraw the consent for processing personal data: if the personal data of the customer are processed based on consent, the customer has the right to withdraw this consent at any time;
- right of portability: the customer has the right to acquire previously submitted personal data from Piletilevi that are processed based on a previously given consent or for the purposes of performing the contract concluded with the customer, in a written or publicly used electronic format and, if this is technically possible, to request that Piletilevi transfers this data to a third party service provider;
- right to file a complaint: if the customer believes that their rights have been violated with the processing of personal data, they can file a complaint with the Data protection Inspectorate or a court.
- The rights of customers listed in this Section regarding the processing of their personal data are not an absolute right. In certain cases, the rights of other data subjects or legal rights of Piletilevi may restrict the rights of the customer.
- In order to exercise these rights or submit any applications or requests regarding personal data processing, please contact us using the contact information submitted in the section named ‘Contact information and questions’.
- SAFETY OF PERSONAL DATA
- Piletilevi is obligated to guarantee the safety of personal data processing to protect personal data from unintentional or unauthorised processing, disclosure, or destruction.
- Considering the latest developments in research and technology, the costs of their application, and the nature, scope, context, and purposes of processing personal data, as well as the risks of varying likelihood and severity to the rights and freedoms of natural persons, Piletilevi implements appropriate technical and organisational measures when processing personal data to ensure their safety.
- CONTACT INFORMATION AND QUESTIONS
- If you have any questions about the processing of personal data or wish to submit any applications or requests regarding the processing of any personal data, please contact Piletilevi or our data protection specialist.
Contact information of Piletilevi are:
Business name: AS Piletilevi Group;
Address: Maakri 23A, Tallinn, 10145
Information by phone: +372 6248 032 (10 a.m.–9 p.m.)
E-post: info@piletilevi.ee
Contact information of the Piletilevi data protection specialist are:
Name: Mart Eensalu
Email: mart@piletilevi.ee