Be The Event

1. Data Controller

[Your Company Name Ltd]

Registered Office: [Complete Address, Malta]

Company Registration Number: [Malta Company Number]

VAT Number: [Malta VAT Number]

Email: [your-email@domain.com]

Phone: [Phone Number]

2. Types of Data Processed

2.1 Contact Data for Ticket Purchases

Our website collects the email address and, optionally, the phone number provided by users during the ticket purchase process. This data is strictly necessary to:

Complete the ticket order (Email)
Send purchase confirmation and ticket delivery (Email)
Provide post-sale assistance related to the purchased tickets (Email and Phone)
Contact you directly in case of event changes, cancellations, or postponements (Phone)

2.2 Payment Data

Payment data (credit card numbers, banking details, etc.) is processed directly by Stripe Inc., our technology partner for payment processing. We do not have access to or store this data on our systems.

2.3 Non-Nominal Tickets

Important: The tickets we sell are non-nominal (not tied to specific individuals). We do not collect or store personal identification data of ticket holders.

3. Purpose of Processing

3.1 Primary Purposes

Legal basis: Contract performance - Art. 6(1)(b) GDPR

Processing and managing ticket orders
Sending purchase confirmations and ticket-related communications
Customer support for ticket-related issues
Delivery of digital tickets via email
Direct communication regarding event changes (if phone number is provided)

3.2 Secondary Purposes (Marketing)

Legal basis: Consent - Art. 6(1)(a) GDPR

If you have provided your explicit consent by checking the marketing opt-in box, we may use your email and/or phone number to send you information about future events, promotions, and news related to BeTheEvent. You can withdraw your consent at any time.

4. Legal Basis for Processing

The processing of your contact data is based on:

Art. 6(1)(b) GDPR - Contract performance: the data is necessary to complete the requested ticket purchase and provide related assistance.

Art. 6(1)(a) GDPR - Consent: for marketing communications, if you have opted in.

5. Processing Methods

5.1 Nature of Processing

Processing is carried out using IT and electronic tools, with organizational and logical methods strictly related to the stated purposes.

5.2 Security Measures

We adopt appropriate technical and organizational measures to ensure an adequate level of security, including:

Encryption of data in transit and at rest
Limited data access to authorized personnel only
System access monitoring
Secure backups and disaster recovery procedures

6. Data Communication and Disclosure

6.1 Communication to Third Parties

Your data may be communicated exclusively to:

Stripe Inc. - for payment processing (see dedicated section)
Competent authorities, only if required by law

6.2 Extra-EU Transfer

Stripe Inc. is a US company. The transfer of payment data to the USA is based on standard contractual clauses approved by the European Commission and security guarantees provided by Stripe.

7. Stripe - External Data Processor

7.1 Stripe's Role

Stripe Inc. acts as an external data processor for payment data, processing:

Credit/debit card information
Billing data necessary for payment
Technical data for fraud prevention

7.2 Stripe's Privacy Policy

For complete information on payment data processing, consult Stripe's Privacy Policy available at: https://stripe.com/privacy

8. Data Retention

8.1 Retention Period

Contact data (email and phone) is retained for:

12 months from the date of ticket purchase for contractual purposes and post-sale assistance
Until consent is withdrawn for marketing purposes (if applicable)
Beyond this period, only if required by legal obligations (e.g., tax regulations)

8.2 Automatic Deletion

After the retention period, data is automatically deleted from our systems.

9. Data Subject Rights

Under Articles 15-22 of the GDPR, you have the right to:

9.1 Access and Control Rights

Access: obtain confirmation of the existence of your data and receive a copy
Rectification: correct inaccurate or incomplete data
Erasure: request deletion of data (right to be forgotten)
Restriction: limit processing in specific circumstances

9.2 Opposition and Portability Rights

Objection: object to processing for legitimate reasons
Portability: receive data in structured format to transfer to another controller

9.3 How to Exercise Rights

To exercise your rights, contact us at: [your-email@domain.com]

We will respond within 30 days of the request.

10. Cookies and Tracking Technologies

10.1 Cookie Usage

Our website currently does not use cookies of any kind (neither technical nor profiling cookies).

10.2 Future Monitoring

If cookies are implemented in the future, this policy will be updated and you will be informed of the changes.

11. Complaints to Supervisory Authority

You have the right to lodge a complaint with the Malta Information and Data Protection Commissioner if you believe that the processing of your data violates the GDPR.

Information and Data Protection Commissioner (Malta)

Level 2, Airways House

High Street, Sliema SLM 1549, Malta

Tel: +356 2328 7100

Email: commissioner.dataprotection@gov.mt

Web: https://idpc.org.mt

12. Policy Changes

12.1 Updates

This policy may be modified for regulatory compliance or changes in our services.

12.2 Change Communication

Substantial changes will be communicated through:

Publication of the new version on the website
Email notification (if your contact is available)

13. Event-Specific Considerations

13.1 Event Cancellation/Postponement

In case of event cancellation or postponement, we may use your email address to:

Communicate event status changes
Provide refund information
Notify about rescheduled dates

13.2 Malta Event Regulations

Our ticket sales comply with Malta's event and entertainment regulations. No additional personal data collection is required for compliance with local event regulations.

14. Contact Information

For any questions regarding this policy or the processing of your personal data: