Legal and general

Privacy policy

25.05.2018

When you use Fienta services, you entrust us with your personal data that is necessary for the event organiser (henceforth Organiser). We take data privacy seriously and only collect them to the extent that is necessary for us to provide services for you. We process personal data in compliance with the EU General Data Protection Regulation (GDPR, EU 2016/679) and the laws of the Republic of Estonia. Fienta does not process data that has been defined by the GDPR as sensitive personal data.

Our privacy policy, which is part of the Fienta e-ticket shop terms of service explains how and why we collect and process personal data. We emphasise that Fienta is the data processor and the data controller is the organiser of each event, who is also responsible for the legality of asking for personal data. Fienta collects personal data as tasked by the organiser, to allow for tickets to be mediated to the public.

What kinds of data do we collect?

To provide services, we collect data as asked by the Organiser in the following two ways:

Data that you provide for us

For example, when you purchase tickets, you submit different bits of information about yourself:

  • E-mail address.

  • Phone number.

  • Types, prices and quantities of purchased tickets.

  • A discount code used when making the purchase.

  • Possible additional fields that have been added to the registration form by the organiser.

Data that we get from you as you use our services

For example, if you present your ticket to get in to the event, we save the information about their use. To make using the service possible, we collect the following data:

  • Purchase status.

  • Time of purchase.

  • Purchase IP address and information about cookies (for more, see our cookies policy).

  • Language used to make the purchase.

  • Marketing channel that led to the purchase.

  • Type of browser used and the operation system.

  • Name of the payer.

  • Payment type, name of bank used for making purchase.

  • Payment status.

  • Time of using the ticket.

The organisers might ask you for additional personal data depending on the objectives and needs of their event.

Why do we collect and process personal data?

To purchase tickets for the Organisers’ events with the help of our service, we need to process your personal data. Without processing personal data, it is not possible to mediate tickets for you and fulfil the related duties. We use all information collected from service provision to offer, administer, protect and perfect our services, as well as develop new services.

We collect and process personal data at the request of the Organiser for the following purposes:

  • To issue a ticket.

  • To receive payment for the ticket.

  • To avoid repeat use of the ticket.

  • For business analysis and service improvement.

  • To offer user support.

  • To fulfil legal obligations.

Before using data for any other purposes than those outlined in our privacy policy, we will ask for your expressed consent.

To whom is your data disclosed?

We handle the data to be processed as confidential and we disclose them to persons or companies (or recipients) only to the extent that is necessary to provide the service.

We do not disclose data to companies, organisations or persons outside of Fienta, except in the following cases:

  • Within the service provision, the Organiser of the event as the data controller has the right to process, disclose or forward personal data collected through the Fienta website.

  • When paying for the ticket with a credit card or bank transfer, access to your bank card information and banking details is given only to Maksekeskus AS. The Maksekeskus privacy policy is available on their website at https://maksekeskus.ee.

  • Without a person’s consent their personal data can only be forwarded to organisations or persons, who have a direct legal right for that access as stipulated in legal acts that regulate data protection.

  • In case of mergers or acquisitions related to Fienta, personal data may be disclosed to third parties that are involved in the merger or acquisition.

  • If we use external service providers, who provide certain services for us, such as website services or hosting, marketing services and IT support services, then in the provision of these services, these subcontractors may have access to your personal data and/or they may process the data. We demand that our external service providers apply and implement security measures to ensure the integrity and security of your data.

  • If you have given your clearly expressed consent to disclose personal data to a specific recipient.

Disclosing personal data outside the EU

We do not disclose personal data to recipients outside the European Union or the European Economic Area (EEA).

Data security

We work to protect your data from unauthorised access or unauthorised modification, publication or damage.

To ensure data security, we do the following:

  • We handle all personal data as confidential.

  • We encrypt services, where possible, using SSL.

  • We restrict access to personal data by giving access only to those employees and contractual parties, who need the data for processing purposes, and to whom strict contractual confidentiality obligations apply, who can be penalised or whose contract can be terminated if they do not fulfil their obligations.

  • We store personal data mainly in digital form and not on paper, to ensure more secure monitoring of access.

  • The personal data storage technology is protected with the necessary IT technology and organisational protection measures.

Although we apply strict security rules for the personal data that has been submitted to our platform, it should be noted that the internet is never completely secure, and we cannot fully guarantee the secure forwarding of information you send to us. The secure sending of data is always at your own risk.

What are your rights and how can you exercise your rights?

If you have given consent to the collection, processing and use of your data in a certain manner, you can always withdraw that consent in the future at any moment.

In line with the applicable legal acts concerning data protection, you have the right to:

  • Apply for access to your personal data.

  • Apply for the correction of your personal data.

  • Apply for the erasure of your personal data.

  • Apply for the limitation of processing your personal data.

  • Apply for a transfer of your personal data.

  • Apply for a withdrawal of the consent you gave to processing personal data.

  • Express your opposition to the use of automated decisions (including profiling).

To exercise your rights and to forward these applications, please contact the Organiser of the particular event, who is the data controller of your personal data. The application should allow for your identity to be singularly identified. Please consider that you can ask for the erasure of your personal data, for limitations to be set up or the like only if it is in compliance with legal bases and the legal acts that regulate data protection.

If you apply for the limitation of processing your personal data, ceasing or erasure, it may either partially or completely cease the services that we provide for you.

In case of complaints, you have the right to submit a complaint to the appropriate data protection authority. We cooperate with the respective regulatory authorities, including the local data protection authorities to solve any complaints related to personal data disclosure.

How long do we store your data?

Your personal data will be stored as long as is necessary to provide you the services you requested and also as is set out in the applicable laws.

Non-personal data that has been collected will be stored indefinitely.

Privacy policy terms and changes

By using Fienta services, you have familiarised yourself with and agreed to these principles and terms.

Our privacy policy may be subject to periodic change. We do not reduce the rights stemming from this privacy policy without your expressed consent. We will post a notification of any changes to the privacy policy and any other changes on this page, and in case of more significant changes, we will forward you a more detailed notification.

Contact us

If you have any questions or concerns about our privacy policy, please contact us at:

Fienta Ticketing OÜ
Hobujaama 4
Tallinn 10151 Estonia
+372 6700 070
[email protected]

If you have any questions or concerns related to data submitted on or requested by the event page, please contact the organiser of that particular event, whose contacts are available either on the event page or whose contact information has been forwarded to your e-mail when you purchased the tickets.