Privacy Policy

Who is FanSafe and what are our services?
We, FanSafe GmbH, Blumauergasse 6/1/12, 1020 Vienna (hereinafter also referred to as “FanSafe” or “we”) are service providers for online event ticketing. You can find our contact details in the legal notice and in the footer of our website. At FanSafe, tickets for concerts, festivals, sporting events, cabarets, musicals, shows, etc. purchased from cooperating organizers and ticket providers can be conveniently and securely and sustainably personalized, centrally managed and bought and sold at fair prices. The fight against fraud and the curbing of the black ticket trade and thus fair pricing for event tickets and the safety of event visitors is our top priority. FanSafe also offers individually configured ticket shop systems for sports clubs and other organizers. You can find more information about us and our services on our website: www.fansafe.at.

The FanSafe GmbH website can generally be used without providing any personal data. However, if a data subject wishes to make use of our company’s special services via our website, it may be necessary to process personal data. In this privacy policy we explain what personal data we collect through our services, websites and apps. We also explain the purposes for which we use personal data, how we protect them and how long we store them and what rights you have with regard to your personal data and how you can exercise these rights.

General Data Protection Regulation (GDPR)
Our data protection guideline is based on the General Data Protection Regulation (GDPR) that came into force on May 25, 2018, which replaces the EU data protection guideline. This results in a data protection law that is binding for all EU member states.

Automatic storage of data
When visiting websites, it is common for some data to be saved when the page is accessed. Of course, this also happens on our website. The following data is automatically saved on our server

Website address
Browser and browser version
Operating system
Website address linked to on this page
Host name and IP address of the device with which the page was called up
Time stamp and date stamp
Files (web server log files).

Web server log files are stored for two weeks and are then automatically deleted. We will never pass on the above data to third parties. However, misuse of our services and illegal behavior can lead to this data being viewed.

Personal data
According to European law, personal data is all information about a natural person that relates directly or indirectly to this person and thus enables identification.

Which personal data are collected and used?

Personal Data	Purpose(s)
Name Date of birth Gender Address Phone number Email address Selfie and Avatar	We use: Your general information in order to contact you in the correct manner; Your name, email address and related ticket information for importing and assigning the tickets to your FanSafe user accountYour name, email address and username and selfie to personalize your tickets 100% securely; to send you information and updates about your personalized tickets and transactions; Depending on your (optional) consent, we may also send you information on interesting topics; Your name, gender, date of birth, place of residence, country, avatar to personalize your account; Your phone number to verify that it is real and yours. This is part of the verification policy from our payment service provider Stripe.
Payment details: Account number Payment details translated into tokens and name of the account holder	We use: Your payment details to enable us - and the processors we work with - to process and record your payments.
Know Your Customer (KYC) - Standard verification	We use: Depending on the country of your bank, we are obliged to request some personal data that Stripe processes and verifies: City Address Postal code Country Birth date
Know Your Customer(KYC) - Detailed ID verification	When Stripe performs additional verifications, additional information is requested and processed by Stripe: Copy of a passport Copy of an identity card Copy of a driver's license Registration confirmation or gas bill This data is only forwarded to Stripe via the FanSafe personalization app and cannot be viewed by FanSafe and is not stored in our system. FanSafe uses the positive feedback about your ID verification as basis for ticket personalization.
Social Media information: Apple Login Facebook ID Twitter ID Google Login Instagram	We use: FanSafe does currently not use any social media information, but would like to inform you that it may be in the future that social media information could be used as follows. Apple ID, Name and email address to complete your account or to enable you to complete your account. Depending on your Apple security session, we will either receive your real email address or the Apple relay email address. Facebook ID, avatar and name on Facebook as well as Facebook e-mail address, friends and your place of residence to complete your account or to enable you to complete your account (optional). This “Facebook data” is displayed on our websites and mobile apps. We also may use your Facebook ID for marketing purposes, as explained in more detail in this document. Twitter ID, number of your followers, number of friends, number of your status updates, username, location, security status, verification status and the date of the account creation to complete your account. Google ID, Gmail. First name, last name, place. We also use your Google ID and Gmail for marketing purposes, as explained in more detail in this document. Instagram profile is used by the FanSafe apps based on the user confirmation. We may use your public Instagram profile, as explained in more detail in this privacy policy, for marketing purposes.
Electronic identifiers: IP address Cookies Pixels	We use: Your IP address, cookies and pixels to communicate with you in a language you speak and to show you content that is relevant to your location.
Fraud Avoidance: Personal and Technical specifications	We use: Personal data to prevent fraud (committed by users).

As a company, we are subject to certain legal obligations that require the processing of personal data, such as accounting. In addition, certain personal data are processed in order to fulfill contractual obligations with the customer, e.g. sales contract.

Age restriction
No one under the age of sixteen is permitted to create a user account on our websites or apps. This is because the law (GDPR) imposes strict regulations on the personal data of minors. By opening a FanSafe user account, you confirm that you are at least 16 years old. However, the main account holder can use family accounts to set up so-called “linked accounts” for underage family members. This is done on a voluntary basis by the main account holder (or with the consent of the legal guardian). We do not require ID verification or selfies for minors. Minors are therefore only able to attend events if they are accompanied by the main account holder.

Storage period
We process and store personal data only as long as it is necessary to fulfill our services or the purposes mentioned above. Personal data in our accounting records for the tax authorities are stored for at least 10 years after you have personalized, bought or sold tickets on our platform. Personal data that we process to prevent fraud (committed by users) will be stored by us for at least 5 years after your last login. We keep all other personal FanSafe account data for 3 years after your last login. If your account is inactive, we will inform you after this period by email about the deletion of your FanSafe account and the associated data.

Transfer of personal data
FanSafe does not sell or rent personal information to third parties, nor does it trade with them. However, we use “data processors” who help us to perform our services. In this context, these data processors receive personal data from us, which they process on our behalf. Through “data processing agreements” we contractually oblige all data processors with whom we work not to process personal data for any other purposes than those instructed by us. These data processors must strictly follow our instructions. Thus, they do not use personal data for their own purposes. We will check that our data processors all comply with the relevant legal provisions. We can transfer personal data outside the EU if one of our data processors is based outside the EU. The personal data will only be transmitted to countries and / or parties that offer an adequate level of protection that corresponds to European standards. Among other things, we check whether an organization outside the EU is included in the Privacy Shield list and the level of protection of the third country has been approved by the EU Commission. You can find out more about the Privacy Shield program here.

Personal data protection
We protect all personal data processed by us against unauthorized and unlawful access, as well as corresponding changes, disclosure, use and destruction. Among other things, we take the following technical and organizational measures to protect personal data:

Securing our network connections via Secure Socket Layer (SSL);
Data or access to it are secured using passwords and / or two-factor authentication;
All new employees are trained accordingly with regard to data protection when hired;
Regular data protection training for all employees;
Restricted access of senior employees to databases containing personnel information;
Background check of all employees prior to hiring.

Data processors to fulfill our service

Data processor	Service	Location	Description
All-Inkl	Server Webhosting Datenbank	Friedersdorf, Germany	We our websites we use the web hosting provider All-Inkl.com. Following services are hosted on All-Inkl-Servers. Fansafe Marketing Website FanSafe Ticketshop Systems Here you will find details on the data protection declaration of ALL-INKL.COM, Hauptstraße 68, D-02742 Friedersdorf
AWS	Server Network Database	Frankfurt, Germany	We use Amazon Web Services (AWS) to for the operation of our web application. AWS are server-based online services of the company amazon.com, Inc. The responsible parties in terms of the data protection declaration are Amazon Europe Core S.à.r.l., Amazon EU S.à.r.l, Amazon Services Europe S.à.r.l. and Amazon Media EU S.à.r.l., all four located at 5, Rue Plaetis, L-2338 Luxembourg and Amazon Instant Video Germany GmbH, Domagkstr. 28, 80807 Munich. Amazon Deutschland Services GmbH, Marcel-Breuer-Str. 12, 80807 Munich. Our goal is to offer you the best possible security and performance when using our services. With AWS you have one of the safest and fastest providers for web services. Our main server location is Frankfurt, Germany. AWS stores all data, including personal data, in order to ensure the operation of our services. Personal data is stored in the AWS database for as long as it is necessary to fulfill our business services or for legal reasons. Amazon is headquartered in the USA, but our servers are in the EU (mainly Frankfurt, Germany) and therefore all data is stored in compliance with the GDPR. You have the right to request the deletion of your data at any time, with the consequence that you can no longer use the FanSafe services.
CloudFlare	Content Delivery Network (CDN)	San Francisco, USA	A content delivery network (CDN) can ensure that the route for data transmission is significantly shortened and that the content can thus be displayed more quickly. We are currently not using CloudFlare. However, it is impossible that it will be used in the future. What would we use CloudFlare for? Website and bandwidth optimization, protection against DDoS attacks, protection against bots and crawlers. Which data are saved? Contact information, IP address, security fingerprints, performance data. CloudFlare uses the cookie (__cfduid). This cookie relates to the CloudFlare security features, which are secure and cannot be turned off. No personal data is stored in the cookie. Storage period In general, CloudFlare stores data at the user level for domains in the versions Free, Pro and Business for less than 24 hours.
Facebook	Marketing/Analysis	California, USA	We currently do not use any Facebook services, but we may use them in the future. Facebook login allows you to log into third party websites with your Facebook account without creating an extra account. Facebook uses cookies for this. Cookies are, for example, _ fbp, sb or wd. A complete list is not possible because Facebook has a large number of cookies and uses them variably. Data that we receive from Facebook via cookies is public data such as facebook name, profile picture, a stored email address, friends lists, button details (e.g. "Like" button), birthday date,, language, place of residence.Facebook receives data from us such as the device used, surfing behavior on our websites, information about purchased products. If you use Facebook login, you consent to the data processing. This agreement is revocable. More information about data processing by Facebook at https://de-de.facebook.com/policy.php.
Google Ads	Marketing/Analysis	California, USA	Google Ads is an advertising service from Google Inc.. Companies use automated technology to collect information when you click on our ads to track and improve the effectiveness of our marketing efforts. Cookies are used so that Google AdSense can display personalized advertising. You can deactivate the automatic collection of information by third-party advertising networks in order to display advertisements that match your interests. Further information about the corresponding conditions can be found here.
Google Analytics	Marketing/Analysis	California, USA	Google Analytics is a web analysis service provided by Google. Google collects and uses personal data to analyze the use of the application / website and creates reports on these activities. Google can use the collected data for personalized advertising in its own advertising network. You can find more information here. Google Inc. is on the Privacy Shield list.
Google Login Api	Usability	California, USA	With a Google user account, users have access to a wide variety of Google services (e.g. Gmail, or a similar service). The account is required to authorize and use the services. Google provides a public API with which it is also possible to register as a user on other applications / websites without the need to create a separate user account. We are currently not using the Google Login API! However, since we are continuously improving our software, it is possible that we will offer Google Login later for a faster registration process. Google Inc. is in the Privacy Shield List.
Google Firebase	Marketing, real-time reservation service	California, USA	Google Analytics for Firebase or Firebase Analytics is an analysis service provided by Google Inc. (“Google”). Firebase may also use other applications provided by Firebase for e.g. crash reports, authentication, remote configuration or notifications. Users can disable certain Firebase features through their device settings, such as: B. the device advertising settings for mobile phones, or by following the instructions in other Firebase-related sections of this privacy policy, if available. We basically use Firebase to display seating plans and real-time ticket reservations in the Ticketshop-systems of our clients. You can find more information here. Google Inc. is on the Privacy Shield list.
Google Fonts	Usability	California, USA	We use Google Fonts on our website. These are the “Google Fonts” from Google Inc. To use these fonts, neither login nor registration is required. Furthermore, no cookies are stored in your browser.
Google Maps	Navigation, Localisation	California, USA	Google Maps is an internet map service from Google, which offers the possibility to display addresses, streets, sights, restaurants etc. We do not use Google Maps, but we offer our ticket shop contractual partners the option of using Google Maps to visualize event locations.
Google reCaptcha	Security	California, USA	We use Google reCaptcha to secure our website in the best possible way for you and for us. With the help of reCaptcha, we can determine whether the input is made by a human or a bot (automated tools). We use the new invisible reCaptcha version, which works without any user interaction. reCaptcha is embedded in the website's source code using JavaScript. The reCAPTCHA service can send IP addresses and other data to Google. As a rule, IP addresses are never completely transmitted to a server in the USA. reCAPTCHA sets a cookie in your browser and creates a snapshot of your browser window. Among other things, the following data is transmitted: Referrer URL (the address of the page from which the visitor comes from), abbreviated IP address, JavaScript objects. The above list is not intended to be exhaustive. Rather, they are examples of data that, to our knowledge, are processed by Google. reCAPTCHA demo version from Google at https://www.google.com/recaptcha/api2/demo.
Instagram	Marketing	California, USA	Instagram is a social media network for photos and videos. Instagram is operated by Facebook Inc. We currently do not use Instagram functions, but if we may use it the future, Instagram's privacy policy will apply. More information is available from this thread.
Klarna Payment	Payment	Stockholm, Sweden	In our ticketshop system, our customers have the option of activating the “Klarna Sofort” payment service via Mollie Payments. For this reason we are listing it here. Klarna Bank is headquartered in Sveavägen 46, 111 34 Stockholm, Sweden. If you choose this service, personal data will be sent to Klarna and stored and processed. What is Klarna? Payment system for orders in an online shop What data is stored by Klarna? Surname, title, birth date, billing and shipping address, E-mail address, phone number, nationality, payment information such as credit card details or your bank account number, product information such as tracking number, type of item and price of the product Cookies: Name: SOFUE Value: e8cipp378mdscn9e17kajlfhv7121606955-4 Purpose: Cookie stores session ID. Expiry date: after closing the browser session How and for how long is data stored? Klarna tries to only save data within the EU. In the event that data is transferred from the EU / EEA, Klarna ensures that data protection is in accordance with the GDPR, that the third country is subject to an adequacy decision by the European Union or that the country has the US Privacy Shield certificate. The data is always stored for as long as Klarna needs it for the processing purpose. You can request the deletion of your data by email to datenschutz@klarna.de or via the Klarna website “My data protection request”. You can find more information about Klarna's data protection declaration here.
Lomnido	Data transformation, Data import	Vienna, Austria	We use the product Lomnido Spider. This product serves as an interface between ticket providers and FanSafe to transfer the tickets purchased by the users into the FanSafe cloud. In this process, Lomnido does not save any personal or ticket-related data, but only processes it temporarily and forwards the data to the FanSafe cloud in a format defined by FanSafe. Lomnido is contractually obliged to use all data only for the intended service and acts in accordance with its data protection policy.
MailChimp	E-Mails, Newsletter	Georgia, USA	Mailchimp is a program for sending advertising campaigns by email. We are currently not using Mailchimp. If we may use it in the future, we will share your name and email address with Mailchimp. When we use Mailchimp's services, the privacy policy applies. Mailchimp is on the Privacy Shield list.
Mollie BV	Payments	Amsterdam, Netherlands	Mollie is payment service provider which offers a big number of payment options within one platform. We use Mollie for the ticketshop systems of our customers. Mollie offers a variety of payment options for our contractual partners and their customers and ensures a smooth and secure payment process. Only personal data which is necessary to fulfill the service will be passed on. You can find Mollie’s privacy policy here.
SendInBlue	E-Mails, Newsletter	Berlin, Germany	SendInBlue is an email service for info mails and newsletters. By registering on FanSafe, you agree that we may send you info emails via SendInBlue. When you use the SendInBlue services, we share your name, email address and IP address with SendInBlue. You can revoke your consent to this data processing at any time. For example, click directly on the unsubscribe link in a newsletter email or for info-mails contact FanSafe at datenschutz@fansafe.at. Please note that if you withdraw your consent, the functionality of the FanSafe services may be restricted. For example, it is possible that you no longer receive information emails about your tickets. If you do not receive information emails about your purchased, sold or re-personalized tickets due to the revocation of the use of SendInBlue, and because of this, you are not allowed to enter an event or experience other disadvantages when using your ticket, there is no entitlement to compensation towards FanSafe or SendInBlue. FanSafe holds itself harmless in this case and expressly states that the consent for the use of SendInBlue services is necessary for the full functionality of the FanSafe application. When we use SendInBlue's services, the privacy policy applies. More information can be found here.
Stripe	Payment , ID Verification	California, USA	Stripe offers payment solutions for online payments. With Stripe it is possible to make credit and debit card payments on our Ticket Marketplace. Stripe takes care of the entire payment process. A great advantage of Stripe is that you never have to leave our website or shop during the payment process and the payment is processed very quickly. Stripe acts as the data processor for FanSafe. As a payment service provider, Stripe has its own obligations in relation to your personal information. Stripe can also be viewed as a data controller for your personal information. Stripe's privacy policy applies to all activities Stripe undertakes as a data controller. When processing payments or withdrawals, we may use Stripe to process payments to and from us. In this case, your payment details will be forwarded to Stripe via an encrypted connection. Stripe uses and processes your payment details, such as: B. account number, in accordance with Stripe's privacy policy. If you make a payment with Stripe, your direct and indirect personal data as well as payment data are transmitted to Stripe and also stored by Stripe. Payment details include Credit / debit cards Account number Bank code Currency Amount Date of payment The following data can also be transferred for transactions Surname E-mail address Billing or delivery address Transaction history These data are required for authentication. In order to prevent misuse and fraud, to be able to prepare financial reports and to be able to offer its own services in full, Stripe can also save the following data IP address Name Address Country Phone number Cookies Stripe uses the following cookies for its services Name: m Value: edd716e9-d28b-46f7-8a55-e05f1779e84e040456121606955-5 Purpose: When selecting the payment method, a cookie is displayed. It recognizes the device you are using. Expiry date: after 2 years Name: __stripe_mid Value: fc30f52c-b006-4722-af61-a7419a5b8819875de9121606955-1 Purpose: To carry out credit card transactions, a cookie is required in which your session ID is saved. Expiry date: after 1 year Name: __stripe_si Value: 6fee719a-c67c-4ed2-b583-6a9a50895b122753fe Purpose: Cookie stores your ID and is used by Stripe for the payment process on our website. Expiry date: after closing the browser session Stripe acts according to the Privacy Shield principles. You have the right to information, correction and deletion of your personal data at any time. If you have any questions please contact the Stripe at https://support.stripe.com/contact/email. Cookies that Stripe uses for their functions can be deleted, deactivated or managed in your browser. Please note, however, that the payment process may no longer work. If you would like more detailed information, read the detailed Stripe data protection declaration at https://stripe.com/at/privacy. FanSafe only saves data for payment processing in encrypted tokens. Stripe is on the Privacy Shield list.
WooCommerce	Content-Management System, Shop-System	San Francisco, USA	We use WooCommerce to be able to offer our contractual partners customer-specific webshops / ticketshops. In addition, we present website and our demo shop to potential customers. Here you can find the terms of use of WordPress / WooCommerce. Which data are saved? WordPress / Automattic can potentially save all data that you or your customers actively enter in a text field. This includes the following data in particular Surname E-mail Address Payment information Billing information Automattic can use this information for its own marketing campaigns. Automattic writes the following data in log files IP address Browser information Language settings Date and time of web access Cookies WooCommerce uses a number of different cookies that are set depending on user action. For example, if you put a product in the shopping cart, a cookie is set so that the product remains in the shopping cart when you leave our website and is displayed again at a later point in time. Data storage Unless there is an obligation to store it, WooCommerce only retains the data for as long as it is necessary to fulfill the service. You have the right to access your personal data at any time and get informed about it’s usage and processing. You also have the option of managing, deleting or deactivating cookies individually in your browser. Please note, however, that deactivated or deleted cookies can have negative effects on the functions of our contractual partner’S WooCommerce online shops. Automattic is an active participant in the EU-USA. Privacy Shield Framework, which regulates the correct and secure transmission of personal data. Further information at https://www.privacyshield.gov/participant?id=a2zt0000000CbqcAAC. Further details on the privacy policy can be found here https://automattic.com/privacy/ and general information on WooCommerce at https://woocommerce.com/.

Third party websites
On our websites you will find (hyper) links to websites of partners, suppliers, advertisers, sponsors, licensors or other third parties. FanSafe has no influence on links and their content. The respective third party is solely responsible for this.

Cookies
We use HTTP cookies to process user-specific data. This is partly necessary in order to implement the use of our service for you in the best possible way and to make the use of our website more attractive. In the following we explain what a cookie is, which cookies we save, which cookies are necessary and which can be saved on a voluntary basis and how you can delete cookies.

A cookie is a simple, small text file that can be saved on your computer when you visit the website. This text file identifies your browser and / or computer. Cookies store certain user data about you, such as language or personal page settings. When you visit our website again, your browser transmits the “user-related” information back to our site and the cookie ensures, for example, that our website recognizes your browser and its settings. There are both first-party cookies and third-party cookies. First-party cookies are created directly from our side, third-party cookies are created by partner websites (e.g. Google Analytics). Cookies are not software programs and do not contain viruses, Trojans or any other malware. Cookies cannot access information on your PC either.

Technical cookies
These cookies are essential for the functioning of our website and our web apps. They allow you to navigate our website and use the functions made available on it.

Analytic or statistic cookies
With the help of these cookies we can optimize the quality and effectiveness of our website and our services for our customers.

Tracking cookies
These cookies analyze the click and surfing behavior of our visitors. This enables us to determine whether and when you have used which services. This can be particularly helpful when analyzing errors. Based on your surfing behavior, we reserve the right to display personalized advertising with the help of tracking cookies.

If you do not want to use cookies, you can change this in your browser settings at any time. Please note that some of the functions or services of our website and web applications may be restricted in functionality or may not at all without cookies. Details can be found in our cookie policy. You can find out more about tracking cookies here.

How to delete cookies?
You can find out which cookies have been saved in your browser settings. As mentioned before, it is only necessary to allow technical cookies, as these are essential for the website to function. However, if you have accepted other cookies and you later decide not to use these cookies, you have the option of deleting them or changing your settings using your browser settings. Please refer to the links to the manufacturer’s website to find out how this works with the different browsers.

Google Chrome
Firefox
Safari
MS Internet Explorer
MS Edge