Be The Event
Be The Event

© 2023 Be The Event

Privacy Policy and Personal Data Processing

In accordance with EU Regulation 2016/679 (GDPR)

1. Data Controller

[Your Company Name Ltd]

Registered Office: [Complete Address, Malta]

Company Registration Number: [Malta Company Number]

VAT Number: [Malta VAT Number]

Email: [your-email@domain.com]

Phone: [Phone Number]

2. Types of Data Processed

2.1 Contact Data for Ticket Purchases

Our website collects only the email address provided by users during the ticket purchase process. This data is strictly necessary to:

  • Complete the ticket order
  • Send purchase confirmation and ticket delivery
  • Provide post-sale assistance related to the purchased tickets

2.2 Payment Data

Payment data (credit card numbers, banking details, etc.) is processed directly by Stripe Inc., our technology partner for payment processing. We do not have access to or store this data on our systems.

2.3 Non-Nominal Tickets

Important: The tickets we sell are non-nominal (not tied to specific individuals). We do not collect or store personal identification data of ticket holders.

3. Purpose of Processing

3.1 Primary Purposes

Legal basis: Contract performance - Art. 6(1)(b) GDPR

  • Processing and managing ticket orders
  • Sending purchase confirmations and ticket-related communications
  • Customer support for ticket-related issues
  • Delivery of digital tickets via email

3.2 Secondary Purposes

We do not currently process data for marketing, profiling, or other commercial activities.

4. Legal Basis for Processing

The processing of your email address is based on:

Art. 6(1)(b) GDPR - Contract performance: the data is necessary to complete the requested ticket purchase

5. Processing Methods

5.1 Nature of Processing

Processing is carried out using IT and electronic tools, with organizational and logical methods strictly related to the stated purposes.

5.2 Security Measures

We adopt appropriate technical and organizational measures to ensure an adequate level of security, including:

  • Encryption of data in transit and at rest
  • Limited data access to authorized personnel only
  • System access monitoring
  • Secure backups and disaster recovery procedures

6. Data Communication and Disclosure

6.1 Communication to Third Parties

Your data may be communicated exclusively to:

  • Stripe Inc. - for payment processing (see dedicated section)
  • Competent authorities, only if required by law

6.2 Extra-EU Transfer

Stripe Inc. is a US company. The transfer of payment data to the USA is based on standard contractual clauses approved by the European Commission and security guarantees provided by Stripe.

7. Stripe - External Data Processor

7.1 Stripe's Role

Stripe Inc. acts as an external data processor for payment data, processing:

  • Credit/debit card information
  • Billing data necessary for payment
  • Technical data for fraud prevention

7.2 Stripe's Privacy Policy

For complete information on payment data processing, consult Stripe's Privacy Policy available at: https://stripe.com/privacy

8. Data Retention

8.1 Retention Period

Email addresses are retained for:

  • 12 months from the date of ticket purchase, to provide post-sale assistance and handle any event-related issues
  • Beyond this period, only if required by legal obligations (e.g., tax regulations)

8.2 Automatic Deletion

After the retention period, data is automatically deleted from our systems.

9. Data Subject Rights

Under Articles 15-22 of the GDPR, you have the right to:

9.1 Access and Control Rights

  • Access: obtain confirmation of the existence of your data and receive a copy
  • Rectification: correct inaccurate or incomplete data
  • Erasure: request deletion of data (right to be forgotten)
  • Restriction: limit processing in specific circumstances

9.2 Opposition and Portability Rights

  • Objection: object to processing for legitimate reasons
  • Portability: receive data in structured format to transfer to another controller

9.3 How to Exercise Rights

To exercise your rights, contact us at: [your-email@domain.com]

We will respond within 30 days of the request.

10. Cookies and Tracking Technologies

10.1 Cookie Usage

Our website currently does not use cookies of any kind (neither technical nor profiling cookies).

10.2 Future Monitoring

If cookies are implemented in the future, this policy will be updated and you will be informed of the changes.

11. Complaints to Supervisory Authority

You have the right to lodge a complaint with the Malta Information and Data Protection Commissioner if you believe that the processing of your data violates the GDPR.

Information and Data Protection Commissioner (Malta)

Level 2, Airways House

High Street, Sliema SLM 1549, Malta

Tel: +356 2328 7100

Email: commissioner.dataprotection@gov.mt

Web: https://idpc.org.mt

12. Policy Changes

12.1 Updates

This policy may be modified for regulatory compliance or changes in our services.

12.2 Change Communication

Substantial changes will be communicated through:

  • Publication of the new version on the website
  • Email notification (if your contact is available)

13. Event-Specific Considerations

13.1 Event Cancellation/Postponement

In case of event cancellation or postponement, we may use your email address to:

  • Communicate event status changes
  • Provide refund information
  • Notify about rescheduled dates

13.2 Malta Event Regulations

Our ticket sales comply with Malta's event and entertainment regulations. No additional personal data collection is required for compliance with local event regulations.

14. Contact Information

For any questions regarding this policy or the processing of your personal data:

Email: [your-email@domain.com]

Phone: [Phone Number]

Address: [Complete Address, Malta]

Last Updated: 23/05/2025

Version: 1.0

This document has been drafted in compliance with EU Regulation 2016/679 (GDPR) and applicable Malta data protection legislation.