PRIVACY POLICY

CONTACT DETAILS

TTN Eesti OU is a legal entity registered under the law of Estonia ("Company"/“We”). The Company respects your privacy and processes your Personal data in accordance with the EU General Data Protection Regulation ("GDPR") and the legislation of the country of residence of the Company (hereinafter referred to as the “data protection legislation”).

Contact details of the Company are following: Address: 5 Jõe St., Tallinn, Estonia, 10151; Identification number: 14038986; information on licenses and certificates is available at the following link, tel: +994 12 493 84 83 (24 hours a day, according to operator tariffs), email address:  company.privacy.eesti@tickets.ee

In general, we will hereby try to explain to you why, how and what Personal data the Company collects, uses, processes, and transfers. We will try to explain in details what security measures the Company takes to ensure the highest level of security of your Personal data processed.  

DEFINITIONS USED IN THE PRIVACY POLICY TO FACILITATE THE NAVIGATION:

“Personal data” are any data concerning an identified or identifiable natural person, regardless of the form or format in which such data exist (e.g. your name, e-mail address, IP address or the feedback you provide on the Website). Therefore, all the identifiable data about you that we collect shall be deemed the Personal Data.

“Sensitive Personal data” are the personal information regarding the ethnic or racial origin, religious or philosophical believes and political opinions, biometric data, data about health or health condition, sexual life and sexual orientation, trade union memberships.  

 “Controller” means a natural or legal person, which determines the purposes and means of processing of Personal data. For example, we use your Personal data for the purposes specified in this Privacy Policy therefore, the Company shall be considered a data controller. Where required, we may transfer your Personal data to recipients, which may be deemed both Controllers and Processors.  

“Processor” means a natural or legal person, which processes the Personal data on behalf of the Controller.  

“Third Countries” means all the countries that are outside the European Economic Area.

“Processing” means operation or set of operation which is performed on the Personal data or sets of Personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Loyalty Program” means a loyalty program, which is organised, launched, and managed by the Loyalty program provider at the request of the Company in different countries. The details of the Loyalty Program within each separate country You can find at the website of the Loyalty program provider in each respective country.

“Loyalty Program member”/“Member”/“You” means a natural person who participates in a Loyalty program, and who is, at the time of registration in the Loyalty Program, at least 18 years old, and who holds a Visa payment card issued by the bank.

“Bonuses” means calculation units a respective bank charges to the Member's personal account in a result of the payment transactions made by the Member using a Visa card participating in the Loyalty Program.

“Visa” means a company Visa International Service Association, a Delaware corporation, which orders from the Company or the person engaged by the Company the launch and performance of the Loyalty Program.

“Loyalty program provider” means the company CARD INDUSTRIAL LLC duly registered in Ukraine.

"Applicable  Legislation"  means  Data protection legislation of the country where the Company is established, the General Data Protection  Regulation  (EU)  2016/679  and  any other  legislation  and/or  regulation  which amends, replaces, re-enacts or consolidates any of the data protection provision.

All other capitalized definitions not specified in this Privacy Policy shall have the meanings specified in the General Data Protection Regulation (GDPR) # 2016/679.  

WHY AND WHAT PERSONAL DATA WE COLLECT

We obtain, collect, store and otherwise process only the Personal data required for the purposes specified in this Privacy Policy:

• Ordering the launch and performance of the Loyalty program from the Loyalty program provider, TTN Eesti OU may collect some personal data about you, such as your first name, last name and details of Your VISA card.
• Company may collect an information about Your Bonuses accumulated and spent within the Loyalty Program.
• Company may collect other information regarding you participation in the Loyalty Program to the extent this is required for the purposes of Loyalty Program.  
• Company may collect statistical information about your participation in the Loyalty Program.

Sensitive data. Company does not need any Sensitive personal data for performing the purposes specified in this Privacy Policy. Therefore, we do not collect any Sensitive personal data about you and do not ask you to provide us with such data.  

THE PERSONAL DATA WE OBTAIN FROM THIRD PARTIES.

You should admit and acknowledge that we do not obtain Personal data directly from you, as we do not have any technical abilities to do so. Herewith, we may obtain Personal data about you from Loyalty program provider and other third persons such as banks involved in the Loyalty Program. Loyalty program provider and other third persons transfer the Personal data about you to us solely for the purposes specified herein. Third parties, which provide us with your Personal data, act as the data controllers with regard to your Personal data and guarantee to us that the consent (where applicable) for the use of your Personal data was duly obtained from you or the other lawful grounds for the processing are in place.

Loyalty program provider and all other third persons we interact with ensure that the Personal data of underage persons are not transferred to the Company therefore, we officially state that the Company does not process the Personal data of underage persons. We will never bear any liability in a case when Loyalty program provider and all other third persons provide us with not correct, not full, not accurate, or misleading information or Personal data.

FOR WHAT PURPOSES WE USE PERSONAL DATA.

We may process the Personal data for various purposes. The scope of purposes may be changed and amended where it is required. We will inform you about all such change immediately by means of publication in this Privacy Policy.  

When ordering the launch and performance of the Loyalty program , the Company performs analytical and statistical research at the same time to find out a number of the Loyalty Program Members who take part in the Loyalty Program. Herewith, we will determine a number of the Bonuses accumulated and spent within the Loyalty Program by both the each Loyalty Program Member and all the Loyalty Program Members together.

Company has an obligation to provide Visa with the reports on the Loyalty program, which describe a number of the Loyalty Program Members as well the number of the Bonuses accumulated and spent within the Loyalty Program by all Loyalty Program Members together. Therefore, we use your Personal data to draw reports to be sent to Visa. It is worth to know that we do not transfer to Visa any Your Personal data or identifiable information.  

As the Company orders the launch and performance of the Loyalty program from the Loyalty program provider, we process all your Personal data based on the grounds of our legitimate interest. Our legitimate interest is that we require your Personal data in order to provide a proper execution of the Loyalty Program. You have a right to object the processing based on such legal grounds at any time by submitting to us a request in an order that is specified in this Privacy Policy. If your individual interests, rights, and freedoms override our legitimate interest, we will stop processing your Personal data.

DISPUTES AND CLAIMS

We store and process your Personal data for the purposes of resolving possible or potential future disputes that might be result of your participation in the Loyalty Program, including disputes of the legal nature. We may also process the Personal data for the purposes of establishment, exercise and defense of legal claims.  

We process your Personal data for the purposes of resolving future disputes or claims on the legal ground of our legitimate interests. You have a right to object the processing based on such legal grounds at any time by submitting to us a request in order specified in this Privacy Policy. If your individual interests, rights and freedoms override our legitimate interest, we will stop processing your Personal data.

LEGAL OBLIGATIONS

Company may be subject to some legal obligation imposed on by the applicable legislation in particular but not limited to the obligations of tax and accounting reporting, therefore, we may use some of your Personal data on the grounds of necessity for compliance with a legal obligation to which the Company is subject. In such a case, we do not need your consent or any additional confirmation.  

To obtain the detailed information on the purposes of processing of your Personal data you may contact us by submitting a request as it is specified in this Privacy Policy at any moment.

RETENTION PERIOD

We store your Personal data no longer than it is required for the purposes of processing of personal data. Where it is required by the applicable legislation, we may store some of your Personal data longer than it is defined by the initial purposes.

Generally, we store your Personal data transferred to us as long as it is required for the exercise of the purposes specified herein and not longer than 5 (five) years since the last day of your participation in the Loyalty Program, unless longer period is required by applicable laws. We may have another purposes and legal basis for processing of Personal data under the Applicable Legislation therefore, the period of storage may be changed. If so, we will inform you on this additionally.    

TRANSFER OF PERSONAL DATA TO RECIPIENTS

We will only share your Personal data where it is necessary for the purposes of processing specified in this Privacy Policy, in particular, where it is necessary to manage the Loyalty Program properly. TTN Eesti OU does not share your Personal data with the recipients that act as data controllers, because it is not necessary for the purposes specified herein.  

We also may disclose Your Personal data when needed to affect the sale or transfer of business assets, to enforce our rights, to protect our property, or protect the rights, property or safety of others. We disclose your Personal data where permitted by law and the Applicable Legislation.

Processors. There are many activities we cannot manage by ourselves and therefore, we may engage other legal or natural persons to the processing of Personal data.  We need to share your Personal data with them as it is impossible to manage some activities without sharing the Personal data with them in some cases. In any case, such companies shall be considered data processors with regard to your Personal data, and shall act on behalf of the Company. Processors shall process your Personal data only for the purposes set by us in this Privacy Policy. We do not exclude that some of them may be established outside the European Economic Area (EEA).

For the purposes of storing of the Personal data processed by TTN Eesti OU, we seek to use the services of the most secure and safe hosting providers. Therefore, for the storing of Personal data we use web-services 23media and/or Hetzner.

We engage only the Processors that warrant they have the level of security of Personal data processing appropriate to the requirements of the GDPR, and will never process the Personal data for their own purposes. If any of the Processors engaged sets its own purposes of use of your personal data, such data processor shall be considered separate Controller of your Personal data within such purposes. In this case, the respective Processor shall bear the liability before you by its own.  

TRANSFER OF DATA TO THIRD COUNTRIES

Sometimes we need to transfer your Personal data to recipients located outside the European Economic Area (EEA).In the most cases the Recipients we transfer your Personal data to are Processors of Personal data.  For example, we may transfer your Personal data to the Company registered in Ukraine, which provides us with the technical support.  

In any case, when we transfer Personal data outside the EEA, we try to provide the highest level of security of such transfer under the GDPR and other applicable data protection legislation.

We seek to transfer your Personal data to the recipients that are established in the countries that have an adequate level of protection of personal data. If it is impossible, we provide the appropriate safeguards as specified in the article 46 of the GDPR in particular by using the standard contractual clauses approved by the European Commission. In some cases, the derogations specified in the article 49 paragraph 1(b) of the GDPR may be applied.  

SECURITY OF PERSONAL DATA

To ensure the highest level of security of processing of Personal data, we have developed and implemented all the organisational and technical measures within the Company required by the GDPR and Applicable Legislation.  Such measures are implemented in order to ensure data secrecy and data security and prevent possible loss, misuse, unauthorized access and disclosure, modification or destruction of the Personal data. Taking into consideration special aspects and threats in the media and on the Internet, the Company cannot guarantee absolute protection of your Personal data but will make every effort to protect your Personal data at the highest possible level. We abide by the requirements of the GDPR and Applicable Legislation and the internal policies and documents that regulate the order of processing of Personal data by the employees of the Company and the persons engaged. The main aim of that document is to define roles of the employees of the Company and the persons engaged in the processing of the Personal data as well as their responsibilities. Once the roles and the appropriate responsibilities are defined, it will facilitate to distribute tasks and limit the use of Personal data in particular the use for purposes other than specified in this Privacy Policy.    

AUTOMATED PROCESSING AND PROFILING

Company may create profiles about Loyalty Program member to the extent it is necessary for the purposes of execution of the Loyalty Program. The profile of the Loyalty Program member may contain contact details of the respective Loyalty Program member, the information on the Bonuses accumulated and used, and any other information relating to your participation in the Loyalty Program.

Company does not process the Personal data solely by automated means so that, the Company does not make any decisions on you without human involvement.    

YOUR RIGHTS

When processing your Personal data, we take all reasonable steps to ensure you have a proper control over your Personal data. To provide this, we will give you an ability to use the right specified in the GDPR and applicable Data protection legislation. Some of the rights may be used only based on some condition specified in the respective article of the GDPR. Generally, you have a right to (i) request access to personal data; (ii) request rectification of personal data; (iii) request erasure of personal data; (iv) request restriction of processing of personal data; (v) request data portability; (vi) object to the processing of Personal data (including objection to profiling); (vii) request not be subject to a decision based solely on automated processing.

You may submit any request to TTN Eesti OU, in particular those regarding the use of your rights contemplated by the GDPR.

Complaints

If you think the Company or any other person engaged by the Company processes the Personal unlawfully, you may lodge a complaint with the respective supervisory authority of the European Union country of you habitual residence, place of work or of an alleged infringement. Contact information for these authorities can be accessed at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.

You may submit any request to the Company, in particular those regarding the withdrawal of a consent, or explicit consent, or any other information regarding the Processing to the Company’s email address: company.privacy.eesti@tickets.ee.  

AMENDMENTS

The Company, at its sole discretion, may make amendments to this Privacy Policy from time to time. You may always find the current amendments at the following link. The amendments shall be deemed effective as of the date of their publication. You should review the changes on a regular basis. Hereby you confirm and agree that all the provisions of the Privacy Policy is clear for you and by continuing the participation in the Loyalty Program you accept the provisions of this Privacy Policy and its updated version.