1. General purposes of the processing operation
We use personal data to ensure the functionality of our website and to provide our content and services. The NIFFF treats personal data seriously, rigorously and in a targeted manner. In doing so, we comply with the requirements of applicable data protection law.
2. What data do we use and why?
2.1 Access data
When you visit our websites, the browser on your computer or mobile device automatically sends data to the server of our website. This data is temporarily stored in a log file. The following data are collected without your intervention and stored until they are deleted:
- name and URL of the requested file
- date and time of the request
- amount of data transferred
- message on successful recovery (HTTP response code)
- browser type and browser version
- operating system
- URL of the referrer (i.e. the page previously visited)
- IP address and requesting provider
- websites called by the user’s system via our website
- user’s Internet Service Provider
- IP address and requesting provider
We use this protocol data without assigning it to you or creating any other form of profiling for statistical analysis purposes for the operation, security and optimization of our website, for anonymous recording of the number of visitors to our websites (traffic) and the extent and nature of use of our websites and services, and also for invoicing and measuring the number of clicks. Based on this data, we can provide personalized and localized content, analyse traffic, search and correct errors, and improve our services. This use of the data also constitutes our legitimate interest. We reserve the right to check the protocol data afterwards if, on the basis of concrete elements, there is a legitimate suspicion of illegal use. We store IP addresses in log files for a limited period of time when necessary for security reasons or for the provision of services or billing for a service, for example, if you subscribe to one of our offers. We also record the date of your last visit as part of your account activity (for instance, during registration, log in, when clicking links, etc.).
2.2 Data to enable us to fulfil our contractual obligations
We process the personal data we need to fulfil our contractual obligations to you, such as first name, surname, address, delivery address, e-mail address, billing and payment data. The deletion of these data takes place after the expiry of the legal storage periods. The data associated with a customer account (see below) will be kept in all cases for the duration of the account’s activity. We may also use your personal data to verify compliance with the terms and conditions of sale and thus fight against fraud. The legal basis for processing this data is the execution of the contract concluded with you or our legitimate interest in combating fraud.
For the order we need you to provide us with certain contact data such as first name, last name, address, e-mail address and telephone number. For a new registration, we collect basic data (name, address), communication data (email address), and access data (username and password). You can, at any time, ask for the deletion of a user account by sending a message to the contact details listed in point 7 without incurring any transmission costs other than those provided for in the basic rates.
To subscribe to the newsletter, we need the data requested when you register, in particular your e-mail address. Subscribing to a newsletter is registered. Once you have subscribed, you will receive a message asking you to confirm the subscription (“double opt-in”) at the indicated e-mail address. This is necessary to prevent third parties from subscribing with your e-mail address. You may cancel your subscription to a newsletter at any time by notifying the address mentioned in point 1 without incurring any transmission costs other than those provided for in the basic rates. Of course, you will also find an unsubscribe link in each newsletter. We keep subscription data for as long as necessary to send newsletters. The registration of the subscription and the delivery address are kept as long as there is an interest in proving the original consent given. The legal basis for sending the newsletter is your consent. The legal basis for registering the subscription is our legitimate interest in proving that the delivery was made with your consent.
2.5 E-Mail and other contacts (written opinions, contact with customer service)
If you contact us (for example via a contact form or an e-mail), we will use your data to process the request or notification as well as to answer any follow-up questions. If the data processing takes place for the purpose of taking pre-contractual measures at your request, for example if you are already our customer, for the performance of the contract, then the legal basis for the data processing is the performance of the contract. We will only process other personal data if you consent or if we have a legitimate interest in doing so. A legitimate interest lies, for example, in replying to your e-mail or any other request.
Cookies store the following data and information:
- login information
- language settings
- search terms entered
- information about the number of visits to our websites and the use of the individual functions of our website.
When the cookie is activated, it is assigned an identification number and no assignment of your personal data to this identification number will be made. Your name, IP address or similar data that would allow the cookie to be associated with your account will not be included in the cookie. On the basis of cookie technology, we only receive anonymous or pseudonymised information, for example about the nature of the pages of our websites visited, the products visited, etc. You can configure your browser to be informed in advance of the cookie settings and decide on a case-by-case basis whether you exclude the acceptance of cookies in certain cases or in general, or whether cookies are totally prohibited. This may limit the functionality of websites.
4. Rights of the data subject
You have the following rights regarding your personal data. If you wish to exercise these rights, please send your request by e-mail or post, clearly indicating your identity, to the address indicated in point 7.
- Request information about your personal data processed by us. In particular, you may request information on the purposes of the processing, the category of personal data, the category of recipients to whom your data are or have been disclosed, the storage period provided for, the right of rectification; deletion, limitation of processing or opposition, the right to lodge a complaint, the origin of your data if they are not collected from us, and the existence of automated decision-making, including profiling and useful information on their details;
- Request as soon as possible the rectification of incorrect personal data or that incomplete data stored on our servers be completed;
- Require the deletion of your personal data stored on our servers, unless the processing of such data is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal rights;
- Require the limitation of the processing of your personal data, if (i) you dispute the accuracy of the data, (ii) the processing is unlawful and you object to its deletion, (iii) we no longer need the data, and you need it for the establishment, exercise or defence of legal rights, or (iv) you have opposed the processing during the verification as to whether the legitimate grounds pursued by our company prevail over those of yours;
- Receive the personal data you have provided us in a structured, commonly used and machine-readable format or require the data to be transmitted to another controller;
- Withdraw your consent once given at any time. Consequently, we cannot continue processing the data based on this consent in the future;
- Submitting a complaint to a supervisory authority. As a general rule, you can contact the supervisory authority of your usual place of residence or work or that of our registered office.
5. Right of opposition
If your personal data are processed on the basis of legitimate interests, you have the right to object to the processing of your personal data, insofar as there are reasons related to your particular situation or if the opposition is directed against direct mail. In the latter case, you have a general right of opposition, which we implement without specifying any particular situation.
6. Data security
We make every effort to ensure the security of your data in accordance with applicable data protection laws and technical possibilities. The personal data transmitted to us are encrypted. This applies to your orders and also to the connection in your customer account. We use the SSL (Secure Socket Layer) encryption system, but we would like to point out that data transmission over the Internet (e.g. in the case of communication by e-mail) may have security breaches. Complete data protection against access by third parties is not possible. To protect your data, we implement technical and organisational security measures that we continuously adapt to the state of technological knowledge. Nor do we guarantee that our offer will be available at all times, as disruptions, interruptions or failures cannot be excluded. The servers we use are regularly backed up with care.
7. Transfer of data to third parties
Your personal data will solely be used within our company.
Personal data collected in the context of a ticket purchase may be used to inform you in the future of the existence of identical or similar events. You have the option to decide not to receive this information at any time.
If and to the extent that we outsource certain parts of our data processing (for example to a collection agency), we contractually oblige our subcontractor(s) to comply with the provisions of applicable personal data protection law when using the data and to guarantee the protection of the rights of the data subject.
Apart from these cases mentioned in this explanation (see in particular paragraph VI), there is no transfer of data to third parties outside Switzerland and the European Economic Area (EEA), and this is not foreseen.
8. Modification of the personal data protection policy
The NIFFF reserves the right to modify this personal data protection policy at any time. The changes will be published on Ticketack’s websites and will take effect as soon as they are activated.
If you have any questions or concerns about data protection, please contact us by sending a message to the contact details mentioned in point I.
9. Contact details