The company Beatworx s. r. o., company ID: 08262021, with its registered office at Prokopova 148/15, Žižkov, 130 00 Praha 3, Czech Republic (the data controller, hereinafter referred to as the “Controller”), processes the personal data of the visitors of its events and other individuals who provide the Controller with their contact details or participate in its online event.
The visitor is admitted to the festival if he or she presents a ticket with his or her first and last name. Admission to the event also requires verification of the visitor’s identity by a personal identification document at the festival entrance.
The visitor is admitted to the festival if he or she presents a ticket with his or her first and last name. Tickets are sold via ticketing companies GoOut and FestTicket (typically used by visitors from abroad). The operators of these payment systems provide the Controller with summarized data on ticket sales. The Controller is allowed to view the transactions within the GoOut system only, not within the FestTicket system.
The Controller is allowed to process data regarding the visitor’s identity (in the extent of first name, last name, and e-mail address) only if the visitor registers for the Cashless database at the Controller’s website. In this step, the visitor’s ticket becomes linked via the barcode to the visitor’s identity. Until then the visitor is anonymous, and his or her personal data are not processed in any way except for the purposes of personal identity verification at the festival entrance or when viewing the GoOut database. Processing of personal data in the Cashless database enables the visitors to enjoy the benefits of special promotional events, to resolve potential disputes between the visitor and the Controller regarding the use of services prepaid via the purchase of the festival’s currency, and to receive potential refunds in their Cashless account (in such cases the visitor is also asked to provide his or her address and bank account number). The personal data contained in the Cashless database are processed for the purpose of fulfilling the contract on supplementary services, i.e. to provide a system of benefits and to allow traceability of the visitor’s usage of prepaid services. The visitor enters into this contract with the Controller by registering for the Cashless database. The confidentiality of the records stored in the Cashless database is protected by encryption and general IT security measures as implemented by the Controller. The Cashless database is maintained separately for each festival year and making any connections between databases from separate years is technically impossible. The Controller always anonymizes the records in the Cashless database after the lapse of a period of 5 years. Each such anonymized database only contains data on transactions without data on the visitors’ identity. Anonymization is
irreversible – there is no technically feasible way to reconnect these transaction records with visitor identities. These transaction records in association with the purchasers’ identities are stored for 5 years due to the Controller’s legitimate interest in having access to data evidencing the use of services by visitors (the general limitation period for potential claims by the visitors in court is 3 years).
Within the Cashless database, the Controller processes a subdatabase of important customers for each festival year for the purpose of delivering targeted advertising in the Controller’s legitimate interest.
For its legitimate commercial interests, the Controller organizes events focusing on promotion and visitor recruitment (e.g. contests), which require the collection of the participants’ (potential visitors’) e-mail addresses for the purpose of providing newsletters. These e-mail addresses obtained from various sources are then stored for an unlimited (but variable – see below) period of time in a database (mailing list), which is used for sending out newsletters, event notifications and other promotional offers. With respect to all mass e-mail newsletters, the addressee always has the option to have his or her e-mail address permanently removed from the Controller’s mailing list by simply clicking a link in the e-mail body should he or she no longer wish to receive such e-mails from the Controller.
The sources from which e-mail addresses are collected are the following: visitor registration for the Cashless (use of the provided e-mail address for the purposes of direct marketing due to a legitimate interest, under the terms and conditions provided in Act no. 480/2004 Coll.) or voluntary submission via interaction with hostesses or ambassadors, or submission of an online contest survey via Google Forms (Explicit consent of the data subject with the use of their e-mail address for the purposes of direct marketing). Finally, the Controller also has the option to obtain e-mail addresses from the GoOut database. If the e-mail address was obtained by means of direct interaction with the data subject, his or her country of residence is also recorded for the purposes of classifying the subject’s address into the respective language subdatabase (“Czech” or “English”), since mass e-mails are sent out in Czech and English versions.
The Controller maintains a special database, with the same level of IT security as the Cashless database, which contains data about visitors who took part in the (already finished) event, which granted lifelong free admission to all events organized by the Controller to all visitors who had a tattoo of the festival logo. This database is maintained due to the fact that the event has already finished, and visitors who joined later and are not registered in this database do not have the privilege of free admission. This maintenance of this database therefore constitutes a legitimate interest of the Controller. The database contains the following data: first name of the visitor, last name of the visitor, and a photograph of the tattoo.
The Controller produces photographs and audiovisual recordings of its events and publishes them on its website and Youtube. These recordings are always intended to capture mass scenes, not detailed portraits of individual visitors, let alone individual visitors performing private activities.
The Controller uses the following internet services: cookies, Google Analytics, FB Pixel, and Youtube Data, and it runs Facebook contests (status sharing) as well as other contests on the Controller’s website (typically in the form of Google Forms surveys). The functions of our cookies are detailed in a separate information sheet available in the cookies bar of this website.
Your rights related to the processing of your personal data
You have the right to access your personal data. You have the right to receive a confirmation from the Controller stating whether the personal data pertaining to you are or are not processed, or whether your identity is included in one of the databases described above. If the answer is yes, you are entitled to know what particular details are processed in connection with your identity, as well as the following information:
a) purpose(s) of data processing – see information on the processing of personal data above;
b) category of personal data being processed – you as a visitor or e-mail and computer user;
c) recipients or category of recipients to whom personal data were or will be disclosed – there are no recipients, as the Controller does not disclose collected personal data to any other parties, and the Controller’s associates are under the obligation of secrecy;
d) period for which the personal data are planned to be stored – see information on the processing of personal data above, web browser settings, and FB profile settings.
You have the right to have your data deleted from our database(s). With respect to the mailing list, you have the simple option to have your e-mail address removed using the procedure described above. Furthermore, you can ask the Controller to remove your personal data from all databases maintained by the Controller with the exception of the main Cashless database, which is anonymized in its entirety after the lapse of a period of 5 years. Keep in mind that by having your data removed from one of the secondary databases you lose all the benefits linked to your identity in that given subdatabase.
You have the right to obtain from the Controller the rectification of erroneous, inaccurate, outdated or incomplete personal data. When applying for such a correction, update or addition, you have the right to request the processing of your personal data to be restricted until your application has been approved (or verified, as the case may be).
You have the right to raise objections against the processing of your personal data. In reality, this may be applicable to the above-mentioned option of having your data removed from any of the databases except the main Cashless database. In relation to published photographs and audiovisual recordings, you have the right to object to the publication of such media that contain your likeness, and the Controller shall be obliged to blur the appropriate part of the image in question or withdraw and delete the concerned photograph/recording.
Please send your requests and complaints regarding the processing of your personal data to firstname.lastname@example.org. Apart from processing your requests and complaints, we will also answer all your questions and work to eliminate any doubt related to our processing of your personal data. We can also provide you with more detailed information regarding personal data. The regulatory body supervising the processing of personal data is the Office for Personal Data Protection, with its registered office at Pplk. Sochora 27, 170 00, Praha 7, Czech Republic (www.uoou.cz).