FLOW FESTIVAL PRIVACY NOTICE
Welcome to Flow Festival’s Privacy Notice! You might be viewing this through our website or mobile application (“MyFlow”), which we’ll collectively call the ”Platform” in short. We process personal data of Flow Festival’s customers as well as users of our apps and Services and the visitors of the website www.flowfestival.com (“Website”).
In this Privacy Notice, “Services” refers jointly to the Website and the products, apps and services offered by us. “Group” refers to other companies operating under the same entertainment operator that Flow Festival is part of. Furthermore, “Customer” or “you” refers jointly to our and our Group companies’ customers, potential customers, and the users of our Services.
1 OUR CONTACT DETAILS
Name: Flow Festival Oy
Company ID: 1601850-4
Address: Kaikukatu 2 C, 00530 Helsinki, Finland
Phone Number: +358 9 7531 560
2 WHAT PERSONAL DATA DO WE PROCESS AND WHERE WE GET IT FROM?
CATEGORIES OF PERSONAL DATA
We currently collect and process the following personal data:
Customer and contact data, such as:
- personal details (name, e-mail address, phone number, home address, date of birth);
- the artists and restaurants you have marked as your favourites in the MyFlow app;
- marketing opt-ins and opt-outs.
Analytics data, such as:
- device information (device and device identification number; device IMEI number; country and city; IP address; browser type and version; operating system; internet service providers; advertising identifier of your device; location when using the MyFlow app);
- usage information (time spent on the Platform; interaction with the Platform; time and date of your visits to the Platform; the sections of the Platforms you visited; the keywords you use in the Platform).
SOURCES OF PERSONAL DATA
We will collect your personal data directly from you when you:
- sign up to create an account or log in to your MyFlow account;
- if you connect or login to your MyFlow account with Facebook/Meta, Facebook shares your personal data with us, including your profile picture and your Facebook ID.
- if you connect or login to your MyFlow account with Google, Google shares your personal data with us, including your name, e-mail address, and profile picture possibly attached to your account.
- if you login to your MyFlow account with an Apple ID, Apple shares your name and email address with us.
- subscribe to our newsletters or to mailing lists;
- participate in a competition, promotion or survey;
- send an email to or call our customer service team, or send an online request through our social media channels;
- visit and use our Platform (see more in our Cookie Notice).
We may also receive personal data from other parties, such as:
- ticket agents and different service providers;
- other festivals and events within our Group;
- other third parties outside our Group where you have agreed to them sharing your data with us.
3 WHAT DO WE USE YOUR DATA FOR?
Service and operational purposes
- to provide you with your event ticket or any other goods, Services and information that you have requested from us;
- to manage your entry to our events;
- to provide you with customer service and support, deal with enquiries or update you in respect of changes to our events, our Platform or other Services;
- to improve the quality of the Services e.g. by analysing any trends in the use of the Services. In order to ensure that our Services are in line with your needs, personal data can be used for things like customer satisfaction surveys. When possible, we will do this using only aggregated, non-personally identifiable data.
Customer communication and marketing
- to contact you regarding the Services and to inform you of changes relating to them;
- to contact you directly for marketing and promotional purposes in connection with our events and other festivals and events within our Group or in connection with any competitions or prize draws you have entered into.
- with your consent, we may share your data with third parties for their own marketing and promotional purposes. If you opt in to any third-party communications, you can opt out at any time by following instructions in the third-party communications received.
Claims handling legal processes and security
- to handle claims and legal processes and to protect the rights, property or safety of our employees and/or other third parties;
- to prevent fraud, misuse of our Services and for data, system and data network security.
- to enable us to administer and fulfil our obligations under law, such as bookkeeping obligations and to provide information to relevant authorities.
4 WHAT ARE THE LEGAL GROUNDS FOR PROCESSING YOUR PERSONAL DATA?
Flow Festival processes your personal data to perform our contractual obligations towards you and to comply with legal obligations. Furthermore, we process your personal data to pursue our legitimate interest to run, maintain and develop our business and to create and maintain customer relationships. Some of the processing (such as the use processing related to website analytics) is based on your consent.
5 WHO WILL YOUR DATA BE SHARED WITH?
We only share your personal data within the organization of Flow Festival as far as reasonably necessary for the purposes of this Privacy Notice. We use service providers to help us perform the Services, and such service providers process personal data on our behalf. In these cases, , we have taken contractual and organizational measures to ensure that your data is processed exclusively for the purposes specified in this Privacy Notice and in accordance with all applicable laws and our instructions, as well as appropriate obligations of confidentiality and security measures.
We do not share your personal data with third parties outside of Flow Festival’s organization unless one of the following circumstances applies:
For the purposes set out in this Privacy Notice and to authorized service provides
- we may share personal data with selected third parties that we work with, so we are able put on the events you love and choose to attend. For example, when you participate in our event (for example as audience or as a volunteer), we might need to share your data with third-party sub-contractors or service providers that help us to put on our events (such as venue or security staff);
- we may also share your data with third parties who provide Services to us in connection with making your booking such as payment and ticketing providers;
- other companies, festivals and event organisers within our Group for service and marketing purposes;
- any other third-party outside our Group that you have given your consent to share your data with for marketing purposes.
For legal reasons and legal processes
- we may share your personal data with third parties outside Flow Festival if we have a good-faith belief that access to and use of the personal data is reasonably necessary to: (i) meet any applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address fraud, crime, security or technical issues; and/or (iii) protect the interests, properties or safety of Flow Festival, the customers or the public as far as in accordance with the law. When possible, we will inform you about such processing.
For other legitimate reasons
- if Flow Festival is involved in a merger, acquisition, or other business transaction, we may transfer your personal data to the third party involved. However, we will continue to ensure the confidentiality of all personal data. We will give notice to all the customers concerned when the personal data is transferred or become subject to a different privacy notice.
With your explicit consent
- we may share your personal data with third parties outside Flow Festival when we have your explicit consent to do so. You have the right to withdraw this consent at all times.
6 WHERE IS YOUR DATA PROCESSED, AND HOW DO WE PROTECT THE DATA?
Flow Festival stores your personal data primarily within the EU. However, some of our service providers operate globally, and your personal data may be transferred to, or accessed from, jurisdictions outside the EU. In case your data is transferred to a country outside the EU for which the European Commission has not issued a decision on an adequate level of data protection, we will ensure the protection of your data through contractual agreements including the standard contractual clauses approved by the European Commission, and other additional safeguards.
We take all reasonable and appropriate technical and organisational measures to protect the security of your personal data throughout the course of our business. Technical safeguards include for example, restrictive access rights, encryption, antivirus software, regular testing and evaluation.
7 HOW LONG IS THE DATA STORED?
Flow Festival does not store your personal data longer than is legally permitted and necessary for the purposes of providing the Services or the relevant parts thereof. The storage period depends on the nature of the information and on the purposes of processing. The maximum period may therefore vary per use.
We store data related to your MyFlow account primarily as long as you have an account in the MyFlow app. The data is deleted within 12 months following the deletion of the account. We may store other Customer data as long as such processing is required by law or is reasonably necessary for our legitimate interest such as claims handling, legal actions or internal reporting purposes. All such Customer data will, however, be deleted within 10 years after you purchased your ticket with the exception of personal data required in certain rare situations such as legal proceedings.
However, information regarding direct marketing is stored until further notice if you have given us your consent for direct marketing. If you later opt out from the direct marketing, we delete other information regarding the direct marketing, but will retain the information that you have opted out of the direct marketing to ensure compliance with the opt-out request.
We store analytics data relating to the visitors of our Platform for 14 months.
8 WHAT ARE YOUR RIGHTS?
Under the GDPR, you can exercise the following rights:
Your right of access – You have the right to access and ask us for copies of your personal data processed by us. We may refuse to provide you with a copy of your data in case doing so would for example adversely affect the rights and freedoms of others.
Your right to withdraw consent – In case the processing is based on a consent granted by you, then you may withdraw the consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Your right to rectification – You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal data in certain circumstances i.e. if your personal data is no longer necessary for the purpose they were collected for or if you withdraw your consent. We will comply with such request unless we have a legitimate ground to not delete the data.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal data in certain circumstances i.e. if you think that the information we process is inaccurate or unlawful. This may however lead to fewer possibilities to use the Services.
Your right to object to processing – You have the right to object to the processing of your personal data only if we process the relevant data on legitimate or public interest grounds. This may however lead to fewer possibilities to use the Services.
Your right to data portability – You have the right to receive the personal data you have provided to us in a structured and commonly used format and to independently transmit those data to a third party for the processing based on the performance of a contract or your consent.
Your right to object and prohibit using data for direct marketing – You have the right to object to the use of your data for direct marketing purposes and profiling by contacting us or by using the unsubscribe possibility offered in connection with any direct marketing messages. Where you object to processing of your personal data for direct marketing purposes, the personal data will no longer be processed for such purposes.
Your right to lodge a complaint – You have the right to lodge a complaint to the supervisory authority if our response doesn’t satisfy your request. The supervisory authority in Finland is the Data Protection Ombudsman (www.tietosuoja.fi).
If you have any questions or issues regarding the processing of your personal data, we encourage you to use your rights and contact us at email@example.com. We may request the provision of additional information necessary to confirm the identity of the customer. We may reject requests that are unreasonably repetitive, excessive, or manifestly unfounded.
9 HOW DO WE KEEP THIS PRIVACY NOTICE UP TO DATE?
We will keep this Privacy Notice up to date to reflect changes in our Services and may unilaterally change this Privacy Notice. This Notice was last updated on the 22nd of August, 2023.