Pophouse Entertainment Group AB, org. no. 559000-0484, Mäster Samuelsgatan 45, 111 57 Stockholm (“Pophouse Entertainment”) and companies that are part of the same group as Pophouse Entertainment from time to time (“the Group” or “we”) process personal data about you when you use our services, attend our events, make purchases from us, visit our website or when you are a current or prospective supplier or partner representative.
Your privacy is important to us. We have therefore drawn up this privacy policy (“Privacy Policy“) which describes how we collect, use, share and store your personal data. Read the Privacy Policy to familiarise yourself with how we handle your personal data and do not hesitate to contact us if you have any questions. Our contact details are available under the section ”Contact Information” below.
DATA CONTROLLER
The data controller for the processing of personal data is responsible for ensuring that the processing of your personal data takes place in accordance with the General Data Protection Regulation (GDPR) and national data protection legislation, which exists to protect the privacy of individuals. The data controller is the entity that determines why and how your personal data are being processed. In most cases, the parent company of the Group, Pophouse Entertainment, is the data controller. In other cases, one of the subsidiary companies within the Group may be the data controller, either alone or together with Pophouse Entertainment.
HOW WE PROCESS YOUR PERSONAL DATA
“Personal data” refers to all information that can be directly or indirectly linked to a natural person living today. We may ask you to provide personal data when you use our services. You do not have to provide the personal data we request, but if you choose not to do so, we may, in certain cases, not be able to provide you with our services.
From where is your personal data collected?
From you: We collect the personal data that you yourself provide to us and which is relevant for the services we provide you.
From third parties: In addition to the information you provide to us, we may collect information from third parties such as ticket providers, travel agencies or other operators through which you have booked your service, or through cookies on our website.
Personal data we process and why
We may process your personal data for the following purposes:
Personal data
Purpose
Legal basis
§ Identity information such as name and social security number.
§ Contact information such as address and telephone number.
§ Work-related data such as job title and workplace.
§ Other information you provide to us.
To perform and administer the agreement or relationship with an existing or potential customer or partner, e.g. communication, purchases, payments and invoices.
The processing is necessary for the performance of a contract with you.
If there is a contract between us.
Processing is necessary for the purposes of our legitimate interests.
Our legitimate interest of managing the relationship with you or the organization that you represent.
To communicate with you and offer the Group’s services to you.
Processing is necessary for the purposes of our legitimate interests.
Processing is necessary for our legitimate interest to communicate with you, advertise our brand and services.
§ Technical data, such as IP address, unique device ID and other data from cookies or similar tracking technologies.
To ensure our website’s functionality.
Processing is necessary for the purposes of our legitimate interests.
Our legitimate interest to provide and develop our webpage.
To develop and analyze our website based on how it is used, to analyze your online behaviour.
Consent.
Cookies that are not strictly necessary are used with your consent.
§ Identity information such as name.
§ Contact information such as address and telephone number.
§ Work-related data such as job title and workplace
§ Pictures taken at our events or similar.
§ Other information you provide to us.
Marketing of our services e.g. by direct marketing, marketing through newsletters, social media, publications and events.
Consent.
When marketing to consumers, or where otherwise required by applicable law, we will target marketing to you only if you have provided your consent for marketing, unless marketing relates to the same or similar products and services which we have marketed to you previously and therefore received your contact information (in which case the processing is necessary for the purpose of our legitimate interest.
Processing is necessary for the purposes of our legitimate interests.
Our legitimate interests in the marketing of our services. We may target marketing to companies if they have not explicitly denied such marketing.
§ Identity information such as name and social security number
§ Contact information such as address and telephone number.
To provide personal data at your request.
Compliance with legal obligations.
To perform our responsibilities in accordance with privacy laws.
§ Identity information such as name and social security number.
§ Contact information such as address and telephone number.
§ Work-related data such as job title and workplace.
§ Financial details such as bank account and payment information.
To comply with legal obligations, e.g. in relation to archiving, accounting and tax requirements.
Compliance with legal obligations.
E.g. to perform our responsibilities in accordance with the Anti-Money Laundering Act, the Accounting Act, the Whistleblowing Act etc.
Protect our legal interests determine, claim or defend legal demands.
Processing is necessary for the purposes of our legitimate interests.
Our legitimate interest of the establishment, exercise or defense of legal claims.
DURATION OF PROCESSING
We process your personal data for the time that the processing is necessary to fulfil the purposes for which the data was collected and/or we have a legal obligation to retain the personal data. For example, it can be situations when we are in contact with you via e-mail, when you participate in an event, when we provide information at your demand or when we process information from cookies.
In certain cases, legal or regulatory obligations (for example in the case of tax related matters) require us to retain specific records for a set period of time. In the case of tax/bookkeeping related matters we are for example obliged to keep data concerning your remuneration for at least seven years.
We are using the following criteria to establish our retention period: (i) as long as we have an ongoing contractual relationship with you (or for a shorter period provided that the personal data is no longer necessary in relation to the purposes for which they were collected); (ii) as required by legal obligations to which we are subject (such as tax and accounting obligations); (iii) as necessary in light of our legal position in order to establish, exercise and defend against legal claims; and (iv) as necessary to meet our legitimate business needs (such as for planning, follow-up etc).
RECIPIENTS GIVEN ACCESS TO YOUR PERSONAL DATA
Where applicable, we may share your personal data with third parties. Your personal data is only shared with trusted third parties, such as authorities and partners, and we will never sell your personal data to anyone else. Sharing your personal data with third parties is based on the same purpose and legal grounds for which it was collected. Below are the categories of recipients with whom your personal data may be shared.
Companies within the Group and its affiliates: Personal data may be transferred between companies within the Group in relation to the purposes set out in this Privacy Policy.
Suppliers and partners: The Group uses suppliers for, e.g., its computer operations and personal data may therefore be transferred to these suppliers. This may include suppliers of IT services, such as for software and data storage, financial service providers, as well as other business consultants, such as advertising agencies or ticket service providers. Our suppliers and partners process your personal data only on behalf of the Group, in accordance with our instructions, and only after they have signed a personal data processing agreement in accordance with applicable law, in order for us to ensure a high level of protection for your personal data.
Social media: When using social media, such as Facebook, Instagram or LinkedIn, your personal data is also collected and processed by these companies. Some pages on the Group’s websites contain links to third party websites. These websites have their own privacy policies and the Group is not responsible for their activities, including but not limited to their information practices. Users who submit information to or through these third-party websites should review the privacy policies of the websites before providing any personal data to them.
Authorities: The Group may disclose personal data to third parties if the Group is obliged to disclose such information on the basis of law or decision by a public authority.
Transaction: If we intend to sell, reorganize or otherwise transfer all or part of our business, your personal data may be disclosed to a potential buyer.
TRANSFER OF PERSONAL DATA OUTSIDE THE EU/EEA
The Group may transfer data to partners and subcontractors outside the EU/EEA, a so-called “third country”. When we transfer personal data to a third country, we will take necessary measures to ensure that the personal data is processed in a secure manner by applying an appropriate safeguard, e.g. ensure that the transfer takes place primarily to organizations covered by the EU-US Data Privacy Framework from the European Commission, or by entering into the EU Commission’s standard contractual clauses. You have the right to obtain a copy of the standard contractual clauses by contacting us.
We may transfer your personal data outside the EU/EEA to the following categories of recipients:
Suppliers and partners: In some cases, your personal data may be shared with suppliers and partners outside the EU/EEA. These may be suppliers of IT services as well as financial service providers to conduct our business with its registered office or server in a country outside the EU/EEA.
Social media: When you visit or interact with us on social media such as Facebook, Instagram and LinkedIn, your personal data is also collected and processed by these companies. In connection with the receipt of personal data by these companies, the personal data may be transferred to the United States.
Which countries may be considered depends on the circumstances of the individual case. For more information, please contact us.
HOW WE PROTECT YOUR PERSONAL DATA
We take several technical and organizational measures to protect your personal data from unauthorized access, use, disclosure, change or erasure in accordance with the applicable data protection legislation. Such measures include, but are not limited to, shell protection, encryption, eligibility restrictions, policies, etc.
YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA
Right of access: You have the right to receive information about whether we process personal data about you and in such cases receive a copy of the personal data including information on the purposes of the processing, categories of personal data processed, categories of recipients of the personal data, retention periods, your rights regarding the processing, the existence of automated decision-making (including profiling), information on the appropriate safeguards relating to the transfer of your personal data to countries outside the EU/EEA and, if the personal data has not been collected from you, from where the data is collected.
Right to rectification: If the personal data we process about you is inaccurate, incomplete or outdated, you have the right to ask us to rectify or complete such personal data without undue delay.
Right to erasure: You often have the right to request deletion of your personal data without undue delay. Such is the case when (i) the personal data is no longer necessary for the purposes for which they were processed, (ii) you withdraw your consent and there is no other legal basis for the processing, (iii) you have objected to the processing of your personal data for direct marketing purposes or to processing based on legitimate interest as legal basis and we cannot show definitive reasons for the processing which outweigh your interests, rights and freedoms, (iv) the processing does not take place to establish, exercise or defend legal claims, (v) the personal data has been unlawfully processed or (vi) the personal data has to be erased for compliance with a legal obligation.
Right to restriction of processing: Under certain circumstances you have the right to request that we restrict the processing of your personal data. Such is the case when (i) you consider that the personal data is not correct and you are awaiting our verification of the accuracy of the personal data, (ii) the processing is unlawful and you, instead of deleting the personal data, wish the processing to be restricted, (iii) we no longer need the personal data for the purposes of the processing but you need them to establish, exercise or defend legal claims or (iv) when you have objected to processing based on a legitimate interest and you are waiting for a verification on whether our legitimate reasons outweigh yours.
Right to data portability: When personal data you have provided to us is processed by automated means and based on your consent or on a contract with you as legal basis, you have the right to obtain your personal data in a commonly used and machine-readable format and request that such personal data is transmitted to another controller.
Right to object: You have the right to object at any time to the processing of personal data based on legitimate interest as legal basis. We will then cease to process the personal data, unless we can demonstrate compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or if the processing takes place for the establishment, exercise or defense of legal claims.
Right to lodge complaints with a supervisory authority: If you believe that we are processing information about you in violation of the GDPR, you can lodge a complaint with the Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten), Box 8114, SE-104 20 Stockholm.
USE OF COOKIES
When you visit our website, we may send and store a cookie on your computer, tablet or mobile phone. This cookie enables the website or web server to collect and store specific, but limited, information from your browser about how you use it and to improve your user experience. We may also collect information about your IP address, operating system, and which search engine you use for statistical and administrative purposes. Information about how the Group uses cookies can be found in the cookie banner placed at the left bottom of our website https://pophouse.se/.
UPDATES TO THIS PRIVACY POLICY
We are constantly improving and developing our services and the content of this Privacy Policy may therefore change over time. Changes to this Privacy Policy are announced by publishing an updated Privacy Policy on this website and we therefore recommend that you read these regularly.
CONTACT INFORMATION
If you have questions or concerns about the Group’s Privacy Policy or data processing, or would like to make a complaint about our processing of your personal data, you can contact our data protection officer (DPO):
Email: DPO@pophouse.se.
Postal address: To: Data Protection Officer, Pophouse Entertainment Group AB, Mäster Samuelsgatan 45, 111 57 Stockholm.