top of page

GET Pay - Eventportal Privacy Policy

This data protection information is only valid if a purchase is made via the online platform using "GET Pay". The data protection information is only acknowledged by clicking the checkbox during check-out.

​

Privacy Policy
The processing of personal data is required for the use of this web platform and the cashless billing system during the event. In the following, we inform you about this processing in accordance with Art. 13 of the EU General Data Protection Regulation (GDPR).

​

​

Who is responsible for data processing?
Global Event Technologies GmbH & Co KG, Neualmerstrasse 37, 5400 Hallein, Austria ("GET", https://get.systems) is the controller for the processing of personal data on this platform. If you have any questions about this privacy policy or data protection at GET in general, please contact our data protection officer at privacy@get.systems.

Your rights
You have the right to access, rectification and erasure of the data as well as restriction of processing if deletion should not (yet) be possible. Furthermore, you have the right to transfer the data in a structured, machine-readable format to another person responsible. To exercise any of these rights, please contact our Data Protection Officer at privacy@get.systems.

If you believe that your data is being processed unlawfully, you have the right to lodge a complaint with a supervisory authority. The supervisory authority responsible for GET is the Austrian data protection authority “Datenschutzbehörde” https://dsb.gv.at. However, you can also lodge a complaint with another supervisory authority that is responsible for your location.

​

​

Who is the data shared with?
In principle, your data will not be passed on to third parties unless there is a legal obligation to do so (e.g. to tax authorities for events that are subject to a fee), which are necessary to fulfill contractual obligations (e.g. to postal service providers for the delivery of non-digital tickets and/or products to the specified address or payment service provider for the processing of payment transactions or the organizer for organizational purposes) or this is necessary for protection against electronic or physical attacks at the state of the art or the investigation of fraudulent or otherwise punishable suspected cases.

Also excluded is the transfer of data to technical service providers who support us in providing the platform. However, these service providers may not process the data for their own purposes, are bound by separate contracts to the strict provisions of the General Data Protection Regulation for data processors and must demonstrate extensive technical and organizational measures to protect the data.

​

​

How long is the data kept?
Data will be automatically deleted if they are no longer required for their processing purpose. In general, this happens after the relevant statutory retention requirements have expired. In this respect, GET is subject to Austrian law, which generally provides for storage for seven years. Instead of being deleted, the data can also be made anonymous in such a way that no personal reference can be made.

​

​

Place of Processing and Security of Processing

The systems used for data processing are generally located within the European Union. If the transfer to countries outside the European Union is necessary for short-term processing purposes (e.g., protection against cyber attacks, technical support), this occurs after ensuring an adequate level of data protection. Typically, this is done by transferring to countries or providers that have been certified by the European Commission under Article 45 of the GDPR as having an adequate level of data protection, such as registered members in the EU-US Data Privacy Framework. In other cases, this means adopting the Standard Contractual Clauses approved by the EU Commissionn on June 4, 2021, for which additional technical and contractual measures have been taken to minimize data protection risks, as required by the European Court of Justice and recommended by the European Data Protection Board. This includes the use of pseudonymization, where the data recipient does not have lawful access to the translation of the pseudonym, and encryption with algorithms recognized as secure by current technological standards, where the data recipient does not have lawful access to the used keys.

​

​

Information on individual processing

Provision and operation of the platform

When using the event portal platform, personal data is processed. This is done for the purpose of providing and technical operation of the platform. For communication between your end device (browser, smartphone) and the event portal servers, data from the end device (the public IP address of your Internet access, type and version of the browser, user logs; hereinafter referred to as "telemetry data") are processed in order to ensure the secure operation of the to guarantee technical infrastructure and to be able to use protective measures against any cyber attacks. The processing of telemetry data is based on the legitimate interest (Art. 6 (1) f GDPR) in a secure and highly available operation of the platform.

 

Registration for the event

For the purpose of recording registrations and later checking access authorizations (e.g. ticket scanning at the event location), it is necessary for personal data to be processed. In the case of events that are subject to a fee, processing is also carried out for billing and the administration of payments and the associated services.

In addition to your name and contact details, information from your stay at the event (date/time of entry or exit and the entrances/exits used) will also be processed. The e-mail address is used to communicate with you about changes in the event or the use of the platform.

The legal basis for processing is Art. 6 (1) b GDPR, as the processing of the data is necessary to fulfill the agreement with you regarding access to the event or to respond to pre-contractual measures. In the case of paid events, the data is stored after the end of the event due to statutory storage obligations (Article 6 (1) c GDPR).

 

Use of cashless payment (“cashless”)

If cashless payment is used at the event ("cashless"), additional information will be processed for the correct booking of services and the fulfillment of the obligation to issue receipts. This is the date/time of the transaction, the cashless terminal used and the type and amount of the service. In order to compile statistics and to improve the planning of future events, the data will be anonymized so that no personal reference can be made. The data is used exclusively for the stated purposes and not for the creation of personal profiles, movement profiles, marketing purposes, etc. The legal basis for processing is Art. 6 (1) b GDPR, as processing is necessary to fulfill a contractual obligation.

 

Other contact

When you contact us via email, telephone, instant messenger, or online chat, your personal data is processed for the purpose of customer service. Firstly, to respond to your inquiry as per Article 6(1)(b) of the GDPR, and secondly, based on the legitimate interest according to Article 6(1)(f) of the GDPR, to optimize the quality of our customer service and to assert, exercise, or defend legal claims, for a duration not exceeding three years. The data processed includes your email address (when using email as a communication channel), your telephone number (when making contact by phone), the IP address of your device (when using instant messenger or online chat), and the respective communication contents or data needed to respond to the inquiry.

 

Anonymization for use for statistical purposes

Statistical analyzes and data models are developed to improve event organization and our products and services. However, the data used for this is anonymized before use so that no personal reference can be made.

bottom of page