Eventeam Privacy Policy
The purpose of this privacy policy is to inform you of the terms and conditions that apply to the collection and processing of your Personal Data by the Eventeam group (hereinafter referred to as “Eventeam”) as well as the measures taken to ensure the security of this Data and, with regard to the Personal Data provided to us by our Customers when they subscribe to our Services, at a minimum, to define our obligations, and those of our Customers.
The terms “You” and “Your” are used to refer to Visitors to our Websites, as well as Customers and prospects who have either subscribed to our Services or who may be interested in our Services.
The terms “We” and “Our”, are used to refer to Eventeam.
Definitions
When capitalized, the terms below are defined as follows, whether used in the singular or plural form:
“Customer” means any natural person or legal entity who has subscribed to our Services.
“Personal Data” means any personal data as defined by the Applicable Regulations on Personal Data Protection, i.e. any information relating to an identified or identifiable natural person, such as their last name, first name, identification number, location data or an online identifier (e.g. IP address).
“Event” means any sporting, cultural or leisure event as described in our General Terms and Conditions of Sale.
“Applicable Regulations on Personal Data Protection” refers to the latest version of the French Data Protection Act no. 78-17 of January 6, 1978, known as the “Loi Informatique et Libertés” and Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on data protection (“GDPR”).
“Data Controller” means the natural person or legal entity, who, whether alone or in conjunction with others, determines the purposes and means of processing Personal Data. Depending on the processing context, the Data Controller is in principle Eventeam, or, sometimes, the Customer.
“Services” means the services offered by Eventeam on its Websites.
“Website” refers to the Eventeam websites, i.e.: https://www.eventeam.fr; https://www.eventeam-group.com; [https://eventeam-paris2024hospitality.com/]
“Sub-Processor” means any person who processes Personal Data on behalf of the Data Controller in accordance with the instructions provided by the Data Controller.
“Visitor” means any natural person or legal entity who accesses one or more of our Websites.
The terms “personal data”, “data subject”, “processing”, “processed” and “breach of personal data” have the same meanings as those defined in the Applicable Regulations on Personal Data Protection.
We process your Personal Data for the purposes of providing our Services, in order to receive, process and manage your orders, to provide you with information, to enable you to create an online account, and, more generally, to manage and monitor our contractual relationship. In this context, we are the “Data Controller” of your Personal Data.
How do we collect your Personal Data?
We collect your Personal Data directly in the case where:
- You access one of our Websites and/or our applications, you create an online account or complete a form;
- You communicate with our services by email or phone;
- You subscribe to our newsletters;
- You report a problem or request assistance;
- You take part in one of our Events;
- You buy a ticket from one of our Websites;
- You take part in our competitions, promotional offers or surveys;
- You interact with the platforms that we have made available to you;
- You attend any Event using our Services;
- You interact with Eventeam employees during an Event.
We may also collect your Personal Data indirectly via third parties in the following cases:
- We work closely with our subsidiaries and may receive Personal Data about you so that we can offer coherent and consistent services;
- We may also receive Personal Data relating to you via third parties such as Event registration platforms (via which you can register for our Events), venue rental companies (where our Events are hosted), audience analytics companies (information that is collected automatically when you visit our Websites), companies that provide medical assistance, our commercial partners (for the purposes of marketing our products and services), our sponsors, performance assessment platforms (for the purposes of statistics and performance analysis), ticket providers, booking platforms, payment service providers and hotels.
What is the legal basis for processing your Personal Data?
According to the Applicable Regulations on Personal Data Protection, we are authorized to process Personal Data provided that we can demonstrate a legal basis for doing so. Thus, when we process your Personal Data, we do so in accordance with one of the following legal bases:
Performance of a Contract: in the case where we are required to process your Personal Data to fulfill our obligations under a contract to which you are a party;
Legal Obligation: in the case where we are required to process your Personal Data to comply with a legal obligation, which includes providing information to a public body or law enforcement authority;
Legitimate interest: we will process your Personal Data if it is in our legitimate interest to do so, in order to best manage Eventeam’s business in accordance with the law, and provided that this interest does not override your own interests.
Your Consent: in certain cases, we will ask for your specific permission to process some of your Personal Data, and will only process this data for the purposes for which you have given your consent (for example: for marketing and targeted advertising). You can withdraw your consent at any time by contacting us at the following email address:
What types of Personal Data do we collect and for what purposes do we process your Data?
We may collect various types of Personal Data relating to you. In all cases, we undertake to only collect Data that is strictly necessary for the purposes of data processing. The table below sets out the purposes and legal bases for the processing of the various types of Personal Data by Eventeam.
Data Type | Purpose of Processing | Legal Basis |
Identification data (first name, last name, postal address, email address, phone number, references appearing on your identity documents, identifiers) and accessibility requirements (access for persons with reduced mobility) | Providing and personalizing our Services Providing Customer support Providing travel services | Performance of a contract |
Marketing and targeted advertising Management of PRM access/PRM ticket allocation | Consent | |
Security and fraud prevention Improving our Services | Legitimate interest | |
Financial data (payment method used, first and last name of bank card holder, bank card number, bank card expiry date, bank card security code) | Providing our Services Selling tickets | Performance of a contract |
Commercial relations data (Services to which you have subscribed, order number, date and time of order, package ordered, ticket category) | Providing our Services Providing Customer support
| Performance of a contract |
Research and development Improving our Services | Legitimate interest | |
Data relating to our communications (customer support messages, emails, network messages) | Providing and improving our Services Providing Customer support | Performance of a contract Legitimate interest |
Connection data (browsing history, date and time of connection, IP address, Visitor’s computer protocol, pages visited on our Websites, preferences, areas of interest) | Providing and personalizing our Services
| Performance of a contract |
Direct marketing Targeted advertising | Consent | |
Improving our Services Audience analytics | Legitimate interest | |
Photos and/or videos | Providing and personalizing our Services | Performance of a contract |
Improving the experience of our Events Marketing and promotion of services | Legitimate interest | |
Data relating to your dietary preferences | Providing our Services | Performance of a contract |
We may also use your Data:
- Where deemed necessary, and in the case where we believe that there has been a breach of the terms of purchase, the terms of use, the ticketing terms and conditions related to the organization of an Event or the rights of a third party;
- Where deemed necessary, to help us conduct an investigation into any activity that violates our rules, regulations or policies;
- To comply with applicable laws, court orders, decisions handed down by a court or tribunal, or government regulations.
For how long do we keep your Personal Data?
Your Personal Data is only retained for the time deemed necessary and proportionate to fulfill the purpose for which it was collected.
Data Type | Retention Period |
Customer and Prospect Data | Your Personal Data is retained in our databases for the time necessary to manage our commercial relationship and for a period of three (3) years after our last contact. After this period, your Data may be archived for a period in accordance with the legal or regulatory provisions in force. |
Financial Data | Data relating to the payment methods that you use when ordering tickets/travel/accommodation on our Websites is deleted once the transaction is complete, unless you expressly consent to it being saved for future orders. We do not retain the three-digit card security code on your bank card under any circumstances. |
Website Connection Data | Information stored on Visitors’ computer terminals related to tracking or frequency of use (such as logs or login data) will not be retained for a period longer than one (1) year. |
Who are the recipients of your Personal Data?
Your Personal Data is processed by authorized persons and is not sent to unauthorized third parties as defined in the Applicable Regulations on Personal Data Protection.
We may share your Data with the following entities:
Within the Eventeam entity concerned: authorized persons in the sales and marketing department and support service are required to process your Personal Data and only have access to the Data needed to perform their duties. Our employees have signed a specific confidentiality agreement to ensure the security of your Personal Data.
Our affiliates: we may share your Personal Data with our affiliates in the travel and leisure sector, in particular Eventeam Live and Eventeam Creativ. We may use your Data to provide you with information on leisure and travel products and services that may be of interest to you. In the case where our affiliates are given access to this Data, they are subject to obligations that are at least as restrictive as those defined in this Privacy Policy.
Third-party suppliers: third-party suppliers such as hotels, airlines, car rental companies, venue rental companies, and suppliers of activities that are involved in your travel bookings may be required to process some of your Personal Data. Subject to your prior consent, these third-party suppliers may contact you to obtain additional information in order to process your travel booking or to respond to any comments made by you. These suppliers are not our sub-processors as defined in the Applicable Regulations on Personal Data Protection.
Sponsors: sponsors in conjunction with whom we offer products or services may process some of your Personal Data in order to provide you with optional products and services. When subscribing to such a product or service, you will be informed when one of our sponsors is involved. If you choose to access these optional services, we may, subject to your prior consent, share your Data with these third parties so that they can contact you directly about their products and services by email or post.
As a general rule, we recommend that you read the privacy policies of third-party suppliers and sponsors whose products and services you purchase through us.
Sub-Processors: your Data may also be passed on to third-party service providers (auditors, consultants, lawyers, chartered accountants, etc.) and trusted subcontractors (IT service providers, payment service providers, customer service and marketing companies, survey organizations, etc.) who may be required to access, host and/or process your Personal Data on our behalf, according to our instructions.
Official Event organizers: official Event organizers (such as Olympic committees, national and international sports federations and hospitality agencies) may process some of your Personal Data so that we can provide you with our Services. As, independent data controllers, these organizers may use your Data or send it to each other and to their affiliates, in accordance with the terms of their privacy policy, and in the case where it is deemed necessary and legally justified. In all cases, you will be informed accordingly and will have to give consent for your Data to be transferred if these organizers are located outside the European Union.
Third-party websites: if you have been redirected to one of our Websites from a third-party website, we may share Data about you with these referring websites so that they can, subject to your prior consent, contact you directly about their products and services by email or post. We recommend that you review the privacy policies of all websites via which you are redirected to our Websites.
We may also share your Data to respond to requests from the courts or tribunals, government agencies or law enforcement authorities, or when required to comply with applicable laws and procedures.
Finally, we may share anonymous or aggregated data with third parties, including advertisers and investors. For example, we may disclose to advertisers the number of Visitors to our Websites or the names of the most popular hotels and vacation destinations. This data does not contain any Personal Data and is used to develop our content and Services.
What are your Personal Data rights?
In accordance with the provisions of the Applicable Regulations on Personal Data Protection, and, in particular, to ensure that we meet our obligations, you have the following rights regarding your Personal Data:
- Right of access: you have the right to submit a request for access and obtain a copy of your Data;
- Right to rectification: you have the right to obtain rectification of Personal Data relating to you in the case where it is inaccurate or incomplete;
- Right to erasure: you have the right to obtain the erasure of your Data, subject to compliance with our legal obligations;
- Right to obtain a copy: you have the right to obtain a copy of the Personal Data stored by us in a structured electronic format (right to data portability).
You also have the right to object, on legitimate grounds, to the processing of your Data, and to the use of this Data for commercial prospecting purposes.
If you have any questions, require additional information or would like to make a claim, you can contact us by sending an email to the following address:
Person responsible for personal data protection:
We may ask you to provide proof of identity if your request concerns the exercise of one of the rights conferred upon you in accordance with the Applicable Regulations on Personal Data Protection.
However, the exercise of your rights (in particular your right to object to or delete Data) must be reconciled with Eventeam’s legal obligations and legitimate interests.
We will respond to your request within one (1) month of receipt, on the understanding that this period may be extended by two (2) months depending on the complexity of your request or in the case where we receive a large volume of requests at the same time, provided that we inform you accordingly.
In the case where you do not receive a response from us within three (3) months of your initial request, or in the event of a dispute concerning the exercise of your rights, you may lodge a complaint with the Commission Nationale de l’Informatique et des Libertés (French National Commission on Informatics and Liberty).
Data security
As the Data Controller, we will take reasonable technical and organizational measures in compliance with best practices to ensure the security, integrity and confidentiality of your Personal Data, which includes preventing any alteration or damage to your Personal Data or access by unauthorized third parties.
Transfer of your Data to third countries
We will not transfer any Personal Data to countries that do not ensure an adequate level of protection, without first putting in place one of the appropriate safeguards defined in the Applicable Regulations to govern said transfer, in particular, by applying the standard contractual clauses approved by the European Commission.
In exceptional cases, if there is no adequacy decision or appropriate safeguards pursuant to Article 46 of the GDPR, a transfer or set of transfers of personal data to a third country may only be actioned if one of the conditions defined in Article 49 of the GDPR has been met, namely:
the data subject has given his or her explicit consent to the planned transfer, after having been informed of the risks that could arise from this transfer due to the lack of adequacy decision or appropriate safeguards;
the transfer is necessary to perform a contract agreed between the data subject and the Data Controller, or to implement pre-contractual measures at the request of the data subject;
the transfer is necessary to conclude or perform a contract entered into in the interests of the data subject between the Data Controller and another natural person or legal entity;
the transfer is necessary for important reasons of public interest;
the transfer is necessary to establish, exercise or defend a legal right;
the transfer is necessary to safeguard the vital interests of the data subject or of other persons, in the case where the data subject is physically or legally incapable of giving consent (….).
Links to third-party websites
Our marketing communications may sometimes contain links to websites belonging to third parties, including our partners, advertisers and affiliates. If you click on one of these links, please note that these sites have their own privacy policies and that Eventeam will in no case be held liable for the content of these privacy policies.
Processing carried out by Eventeam, as a Sub-Processor (as defined by the GDPR), on behalf of its Customers
Eventeam’s Customers may provide it with access to and/or require it to process Personal Data as part of a specific mission, such as the organization and management of hospitality events, for example. In this context, Eventeam acts as the “Sub-Processor” and the Customer as the “Data Controller”. Thus, the Customer will determine the means and purposes of the processing being carried out and for which it has requested our Services, and we will comply with the Customer’s instructions.
Changes to this Privacy Policy
This version of the privacy policy was updated on 25/04/2023.
In the future, we may update or make changes to this privacy policy. In such a case, we will inform you of any changes made to this privacy policy through the usual means of communication.