Ticombo GmbH (“We” or “Ticombo”) takes the privacy of your personal data very seriously. We treat your personal data confidentially and in compliance with the applicable statutory data protection regulations, in particular the General Data Protection Regulation ("GDPR"), the German Federal Data Protection Act (Bundesdatenschutzgesetz) ("BDSG") and the German Telecommunication Media Act (Telemediengesetz,) ("TMG"). Please find below information on the collection and use of your personal data when using our website ticombo.com ("Website" or “Platform”). You may access this policy at any time on our Website.

Data protection Policy of Ticombo GmbH

1. Data Controller and Purpose

Ticombo GmbH with a registered address at Unter den Linden 24, 10117 Berlin, Germany, is responsible for the processing of your data.

We collect and process your personal data for the purpose of providing you with access to our online marketplace for the resale of tickets. We collect this data on the legal basis of fulfilling our contract with you as well as our legitimate interests in providing our services and improving our platform. This includes processing your personal data to facilitate the purchase and sale of tickets, managing your account, and providing customer support.

Additionally, we may process your personal data if you visit our website, including through the use of cookies, for the purpose of improving our website and enhancing your user experience. If you apply for a job with us, we may also process your personal data as part of the recruitment process. We only collect and process personal data that is necessary for the purposes outlined above and will only share your data with third parties with your consent, as it may be necessary to provide our services or due to legitimate business reasons as allowed by law and as described in this policy. By using our platform or submitting your personal data to us, you consent to the processing of your personal data as outlined in this privacy policy.

Your personal data will only be used for advertising purposes subject to your previous consent and based on Art. 6 para. 1 lit. a) GDPR. The data provided to us by you for the purpose of receiving our newsletter will be stored by us until you unsubscribe from the newsletter and will then be erased.

2. Categories of Personal Data

These are the categories of personal data that Ticombo collects:

2.1. Personal data you give to us.

Ticombo collects and uses information you provide to us.

If you want to sell tickets on our platform, we collect your first and last name, email address, date and place of birth, gender, phone number, user display name, personal ID number, address, identity document, nationality and registration IP address. In certain events, we will also collect the ticketholder’s personal details such as name, address, ID or passport number, phone number, nationality, email address and date of birth.

In order to process the payout, we collect their banking information including the account number and account holder name.

When making an account, we collect your name, email address, and phone number. Furthermore, in the case that you want to buy a ticket, we may collect the cardholder’s name, card number, expiry date, CVV, billing address, postal code, country and nationality, and state/province/region. This collection may be performed by Ticombo itself or by one of its payment processing partners through a widget.

If you send us an enquiry by means of a contact form, your information from the enquiry form, including the contact details you provide, will be stored with us for the purpose of processing the enquiry and for the case of any follow-up questions.

2.2. Personal data you give to us about others.

In some cases, you might use our Platform to share information regarding others if you wish to buy a ticket for them. The information you give to us about others may vary on the type of ticket acquired and may include, their name, ID, email address and nationality.

It is your responsibility to ensure that the person or people you have provided personal data about are aware that you have done so, and that they have understood and accepted how Ticombo uses their information (as described in this privacy policy).

2.3. Personal data we collect automatically.

In case that the Website is used for information purposes only, i.e., if you do not contact us beyond using the Website or otherwise transmit information to us, we collect usage data which is automatically transmitted by your browser in order to enable you to visit the Website. Such storage of data exclusively serves system-related and statistical purposes (on the basis of Art. 6 para. 1 lit. b) GDPR) as well as, in exceptional cases, to report criminal offences (on the basis of Art. 6 para. 1 lit. e) GDPR).

The data collected includes your IP address, the date and time you accessed our services, and information about your computer’s hardware and software (such as the operating system, the internet browser used, software/application version data and your language settings).

3. Collection and processing of personal data in case of job applications

We collect personal data when you apply for a position with us. This will include your name, contact information, IP address, device information and any information you provide on your CV. The processing of this personal data by us is required for the performance of the recruiting process, including setting up an electronic job applicant file, managing your application, organising interviews – in short, the processing is necessary for us to enter into an employment contract with you. The processing is based on Art. 6 para. 1 lit. b) GDPR.

4. Your Rights

You may at any time request information regarding your personal data as well as about the purpose of collection and processing, recipients or categories of recipients to which this data is forwarded, and the retention thereof.

You may request an immediate correction of incorrect personal data related to you or a restriction of processing. Taking into account the processing purposes, you are also entitled to request a completion of incomplete personal data - also by means of a supplementary declaration.

You may request that personal data about you is immediately erased. We are, inter alia, obliged to erase such data if it is no longer required for the purpose for which it was collected or otherwise processed or if you withdraw your consent.

You are entitled to receive the respective personal data provided to us in a structured, common and machine-readable format and you are entitled to transmit such data to other data controllers without restriction if the processing was based on your consent or if the data was processed by means of automated procedures.

You may withdraw your consent to the use of your data at any time.

You have the right to object to the processing of your personal data where we process your personal data on the basis of legitimate interests.

Please send any requests for information, data subject access requests or objections to the data processing by email to privacy@ticombo.com or by mail to the physical address specified under clause 1.

In case of data protection violations, you have the right to file a complaint with the competent supervisory authority.

5. Cookies

Cookies are stored on your device when using the Website. Cookies are small text files which are stored on your hard drive allocated to the browser used by you which provides Ticombo with certain information. Cookies do not damage your computer and do not contain any viruses. Cookies serve the purpose of making our services more user-friendly, effective and secure. For the most part, the cookies that we use are "session cookies". These cookies are deleted automatically at the end of your visit of our Website. Other cookies remain on your terminal device until being deleted. These cookies enable us to recognise your browser on your next visit.

Cookies required to perform the electronic communications procedure or to provide certain functions requested by you (e.g. basket function) are stored on the basis of Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in the storage of cookies in order to be able to provide our services in a defect-free and optimised way. If other cookies (e.g. cookies for analysing your browsing behaviour) are stored, such cookies are separately mentioned in this privacy policy.

You may configure your browser settings as needed and may, for example, object to the acceptance of cookies. However, please note that in this case you may not be able to use all the functions of the Website. In addition to that, you may prevent Google from collecting the data generated by the cookies and related to your use of the Website (including your IP address) as well as from processing such data by downloading and installing the browser plug-in available at tools.google.com/dlpage/gaoptout.

This information will be stored separately from any other data which we may hold about you. In particular, the cookie data will not be linked to your other data.

6. Browser Fingerprinting

Ticombo may use browser fingerprinting technologies when using the Website to collect and process information about your device and browser. Browser fingerprinting involves the collection of data points that are unique to your device and browser configuration, which can be used to identify your device and track your activities across the internet.

We use this information to provide and improve our services, such as to prevent fraud, identify bots and other malicious activity, and to personalize content based on your interests. We will not use this information to identify you personally, and we will not share this information with third parties without your consent, except as required by law.

By using the Website, you consent to the collection and processing of your browser fingerprinting data as described in this clause.

7. Server log files

The provider of the web pages automatically collects and stores information in "server log files" which your browser transmits to us automatically. This information includes:

• browser type and browser version
• operating system used
• referrer URL
• host name of the accessing computer
• time of the server request

This data cannot be allocated to individual persons. This data will not be combined with other data sources. We reserve the right to check this data at a later stage if we become aware of specific indications of illegal use.

8. Google Analytics

This Website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"), which also uses cookies. The information generated by the cookie about your use of this Website is transmitted to and stored on a Google server in the United States. If the IP anonymization is activated on this Website, however, Google will shorten your IP address within member states of the European Union and other contracting states to the Agreement on the European Economic Area prior to transmission. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and shortened there. On behalf of the operator of this Website, Google will use this information for the purpose of evaluating your use of the Website, compiling reports about Website activities and providing other services associated with the use of the Website and the Internet to the Website operator. Google will not combine the IP address transmitted by your browser within the framework of Google Analytics with any other data held by Google. You may prevent cookies from being stored by selecting the respective settings on your browser software; however, please note that in this case you may not be able to use all the functions of this Website to their full extent. In addition to that, you may prevent Google from collecting the data generated by the cookies and related to your use of the Website (including your IP address) as well as from processing such data by downloading and installing the browser plug-in available at http://tools.google.com/dlpage/gaoptout?hl=de.

Further information on the terms of use or data protection can be found at http://www.google.com/analytics/terms/de.html or http://www.google.com/intl/de/analytics/privacyoverview.html. Please note that on this Website, Google Analytics has been extended by the code "gat._anonymizeIp();" to ensure an anonymized collection of IP addresses ("IP masking").

This Website uses the demographics feature of Google Analytics. As a result, reports can be produced that contain statements on the age, gender and interests of the site visitors. This data comes from interest-based advertising of Google and third-party visitor data. This data cannot be attributed to a specific person. You can disable this feature at any time through the ad settings in your Google account, or generally prohibit the collection of your data by Google Analytics as outlined in the section "Objection to Data Collection".

The data processing is based on Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in analysing the use of our Website for optimisation purposes.

We have entered into a data processing agreement with Google and completely comply with the strict requirements of the German data protection authorities regarding the use of Google Analytics.

9. Facebook plugins

Plugins of the social network Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, are integrated on our pages. You will recognise the Facebook plugins as the Facebook logo or the "like button" ("like") on our Website. An overview of the Facebook plugins can be found here: developers.facebook.com/docs/plugins/.

When you visit our Website, the plugin establishes a direct connection between your browser and the Facebook server. This will give Facebook the information that you have visited our Website with your IP address. If you visit our Website while you are logged in to your Facebook account, Facebook can link the visit to our pages to your user account. We would like to point out that, as a provider of the pages, we are not aware of the content of the transmitted data and their use by Facebook. For more information, please see the Facebook privacy policy at de-de.facebook.com/policy.php.

If you do not want Facebook to be able to link your visit to our pages to your Facebook user account, please log out of your Facebook account.

10. Google Maps

This Website uses Google Maps via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. In order to use the functions of Google Maps, it is necessary to store your IP address. This information is generally sent to a Google server in the USA and stored there. The provider of this Website cannot influence the transmission of this data.

For more information on how Google processes your user data, please refer to Google's privacy policy.

11. Google AdWords and Google Conversion Tracking

This Website uses Google AdWords. AdWords is an online advertising program of Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States ("Google").

As part of Google AdWords, we use a feature called conversion tracking. When you click on an ad served by Google, a conversion tracking cookie is set. Cookies are small text files that your Internet browser stores on your computer. These cookies expire after 30 days and are not used for personal identification of the user. Should the user visit certain pages of the Website and the cookie has not yet expired, Google and the Website can tell that the user clicked on the ad and proceeded to that page.

Each Google AdWords customer receives a different cookie. These cookies cannot be tracked using the website of an AdWords customer. The information obtained using the conversion cookie is used to create conversion statistics for the AdWords customers who have opted for conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, the customers do not obtain any information that can be used to personally identify users. If you do not want to participate in tracking, you can opt-out of this by easily disabling the Google Conversion Tracking cookie by changing your browser settings. You will then no longer be included in the conversion tracking statistics.

For more information about Google AdSense and Google Conversion Tracking, see the Google's privacy policy.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically reject cookies under certain conditions or in general, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this Website.

12. SSL Encryption

This Website uses SSL encryption for security reasons and for the protection of the transmission of confidential content, such as the enquiries you send to us as the site operator. You can recognise an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar.

If SSL encryption is activated, the data you transfer to us cannot be read by third parties

13. Processing of Data (customer and contract data)

We collect, process, and use personal data only insofar as it is necessary to establish, define or modify legal relationships with us (inventory data). We collect, process and use your personal data when accessing our Website (usage data) only to the extent required to enable you to access our service or to bill you for the same.

List of third-party providers with whom we share data (mostly via API):

1. Stripe: for payment processing

Stripe provide payment processing services. Our platform allows an event organiser to link their Stripe account to receive customer payments. As a seller, if you link your Stripe account to our platform, we will be able to view transactions in your account which includes ticket buyer information. As a ticket purchaser, facilitating a transaction requires the processing of personal data, such as the cardholder’s name, credit card number, the credit card expiry date, and CVC code. Your cardholder data is sent directly to Stripe. This is to help us take payment and meet our obligations in regard to fraud prevention, customer identification and refunds. Whenever we use the services of Stripe the Stripe privacy policy applies.

Stripe Privacy Policy

2. Mailchimp: mass mailing, newsletter and other emails

We use Mailchimp to send emails to our users. We share your different types of personal data with Mailchimp depending on what kind of message we send. Whenever we use the services of Mailchimp the Mailchimp privacy policy applies.

MailChimp Privacy Policy

3. Sendgrid: mass mailing (transactional emails, like order confirmations)

We use Sendgrid to send emails to our users. We share your different types of personal data with Sendgrid depending on what kind of message we send. Whenever we use the services of Sendgrid the Sendgrid privacy policy applies.

Sendgrid Privacy Policy

4. Amazon Web Services (AWS)

AWS provide us with our hosting, database, and backup infrastructure. All of our servers are located in Frankfurt.

Whenever we use the services of Amazon the privacy policy of Amazon Web Services (AWS) applies.

AWS Privacy Policy

5. Intercom: messaging, customer service requests (live chat).

Intercom provides us with a customer support messaging platform. Every user that signs up to our service has their name and email address passed on to Intercom for support communications. Visitors to our Website may sometimes use the intercom service for support, in this scenario Intercom will hold the person’s email address only if they give it as part of the support request. If we communicate with you to offer customer support then the messages will be sent through Intercom.

Whenever we use the services of Intercom the Intercom privacy policy applies.

Intercom Privacy Policy

6. Sentry

Sentry provide error reporting and logging services for our platform. If you experience an error while using our services, data about the action you were performing will be sent to Sentry to assist our development team in tracking down the problem. Some personal data may be included to assist our development team in tracking down a specific error. Any passwords that may be present are removed automatically before being sent.

Sentry Privacy Policy

7. Eventprotect:

Ticombo is a member of Event Protect providing event organisers with event cancellation insurance. Personal data in the format of name & contact details from the ticket purchaser and event organiser is required in order to fulfil the policy requirements. Payment information is not shared. By purchasing a ticket through our service you may in the future be contacted by Event Protect regarding your purchase should a refund be necessary.