VENDINI, INC
PRIVACY POLICY

Effective January 1, 2020

Purpose of this Privacy Policy

We are committed to protecting your personal information and being transparent about the information we collect and process about you. The purpose of this policy is to give you a clear explanation about how we collect and process your personal information through your use of our website at www.vendini.com and its subdomains ("Website"), our applications ("Apps") where applicable, and any other services offered by Vendini (collectively, the "Services").

It is important that you read this privacy policy together with any other privacy policy or fair processing notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are collecting, storing, disclosing and using your personal information.

This policy explains:

1. Information we collect about you
2. How we collect your personal information
3. How we use your personal information
4. Purpose for which we use your personal information
5. Disclosure of your personal information to third parties
6. Personal information of children
7. International transfers
8. Security of your personal information
9. Data retention
10. Your legal rights
11. Cookies and similar technologies
12. Complaints
13. Notification of changes to our privacy policy
14. Contacting us

For a PDF version of this policy, please click here.

1. Information we collect about you

"Personal information" is information that does or can be used to identify you, either alone (e.g. your name) or when combined with other information. Personal information does not include data where identifying features have been removed, e.g. anonymous data.

We collect your personal information in different ways, such as:

• when you create an account, or send us an email, and provide us with your name, address, telephone number, postal address, email address;
• if you make a purchase with us, we may collect certain financial information, such as banking and partial credit card information, we may also collect certain sensitive information such accessibility requirements;
• when you enter any password-protected area of the Services, it will recognize who you are and will collect whatever personal information you submit;
• when you browse any of our websites, including this Website, we may collect technical information about your browsing behavior and location.

We may collect the following categories of personal information about you and share that information with our third-party service providers, as identified in the table below. Any information collected about you from our Services may be associated with other information that Vendini may have on you.

Category of data	Examples of types of information we may collect (including but not limited to)	Category of service providers
Identity	First name, last name, date of birth, gender, photograph.	Marketing and Advertising Payment Processor
Contact	Address, email address and telephone number.	Marketing and Advertising Client Relationship Manager Payment Processor
Financial	Banking and partial credit card information.	Payment Processor
Transaction	Purchases made, donations made, refunds requested and received, exchanges made.	Payment Processor
Technical	Internet Protocol (IP) address, browsing behavior, the domain and host from which you access the Internet, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, the referring website address and other technology on the devices you use to access our website.	Analytics
Profile	Photograph (if you have chosen to upload one), social profiles, your interests, preferences, feedback and survey responses.	Not shared with any third-party service provider
Household	Links to relative patrons, if applicable.	Marketing and Advertising Payment Processor
Usage	Information about your browsing behavior.	Analytics
Marketing and Communications	Your preferences in receiving marketing and other electronic communications from us. This also includes any documentation we have created resulting from communications we have had with you in person and/or electronically. This information helps us manage our relationship with you and ensures you only receive communications from us that you have agreed to receive.	Marketing and Advertising Client Relationship Manager
Sensitive	Your accessibility needs, if you choose to provide this information when purchasing from us.	Applicable Venue

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal information but is not considered personal information under data protection laws as this information does not directly or indirectly identify you. For example, we may anonymize your Profile Data and aggregate your Profile Data with the profiles of other users for statistical analysis, trend analysis, and to improve our products, services and marketing activities. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal information which will be used in accordance with this policy.

2. How we collect your personal information

We collect personal information about you in the following ways:

Information you give us

We collect personal information you give us, such as your name, email address, postal address and telephone number, when you:

• purchase a festival bracelet, ticket or other offerings from our Services;
• sign up to our newsletter or other promotional materials;
• register for any of our Apps or set up an account with crowdtorch.com, electrostub.com, laughstub.com or tunestub.com;
• provide feedback or make any enquiry or complaint;
• browse this Website.

Information we receive from third parties

We may receive personal information about you from third parties, including but not limited to:

• analytics providers such as Google Analytics, ChurnZero Analytics, MixPanel Analytics (aggregated data only);
• business partners such as third-party payment providers, social media service providers, or other websites that we have integrated with.

As you interact with our Website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal information by using cookies and other similar technologies. For further details on cookies, see below.

3. How we use your personal information

We use your personal information in accordance with applicable data protection laws. Most commonly, we will use your personal information:

• when you purchase a festival bracelet, ticket or other product or service from us, and we need the personal information to perform the contract with you;
• where it is necessary for our legitimate business interests, or those of a third party, and your interests and fundamental rights do not override our business interests;
• where we need to comply with a legal or regulatory obligation; and,
• where we have your consent to using your personal information.

4. Purposes for which we use your personal information

We have set out in the table below a description of how we may use your personal information, and which of the legal bases we rely on to do so. Where we rely on the basis of legitimate interest, we have also identified what our legitimate interests are.

Purpose	Type of personal information	Lawful basis for processing including basis of legitimate interest
To register you as a new subscriber.	Identity Contact	Performance of a contract with you.
To register your account with our Website or Apps.	Identity Contact Financial	Performance of a contract with you. Necessary for our legitimate interests to interact with you and service your inquiries.
To process and deliver your purchases including: (a) manage payments, fees and charges (b) collect and recover money owed to us	Identity Contact Financial Transaction	Performance of a contract with you. Necessary for our legitimate interests to recover debts due to us.
To enforce our terms and conditions entered into with you e.g. collect and recover money owed to us. To protect against or identify possible fraudulent transactions, and otherwise as may be reasonably needed to manage our business in connection with your transaction.	Identity Contact Financial Transaction	Performance of a contract with you. Necessary for our legitimate interest to protect our business, prevent fraud and enforce our terms and conditions.
To publish any feedback, questions, comments and suggestions that you post on the Website or Apps, where applicable.	Identity Contact Profile	Consent Necessary for our legitimate interest to promote our services.
To send you our newsletters and other marketing communications.	Identity Contact Profile Marketing and Communications	Consent Necessary for our legitimate interest to market our services.
To notify you about changes to our terms and conditions or privacy policy and other administrative information.	Identity Contact Profile Marketing and Communications	Performance of a contract with you. Necessary to comply with a legal obligation. Necessary for our legitimate interest to ensure that any changes to our terms and policies are communicated to you.
To enable you to complete a survey or take advantage of a promotion.	Identity Contact Profile Marketing and Communications	Consent Performance of a contract with you. Necessary for our legitimate interests to study how customers use our products/services, to develop them and grow our business.
For compliance with Vendini's legal and regulatory obligations.	Identity Contact Profile Usage Marketing and Communications Sensitive	Necessary for compliance with our legal and regulatory obligations.
To administer and protect our Services, including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data.	Identity Usage Technical	Necessary for our legitimate interests for running our business, provision of administration and IT services, network security; to prevent fraud; and in the context of a business reorganization or group restructuring exercise. Necessary to comply with a legal obligation.
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you.	Identity Contact Profile Usage Marketing and Communications Technical	Necessary for our legitimate interests to study how customers use our products/services, to grow our business and to inform our marketing strategy.
To use data analytics to improve our Services, marketing and communications with you, customer relationships and experiences.	Contact Technical Usage	Necessary for our legitimate interests to create meaningful products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy.
To make suggestions and recommendations to you about goods or services that may be of interest to you.	Identity Contact Technical Usage Profile	Necessary for our legitimate interests to develop our products/services and grow our business.

Marketing communications

We aim to communicate with you about our Services in ways that you find relevant, timely, respectful, and never excessive. To do this, we may use your Identity, Contact, Technical, Profile and/or Marketing and Communications Data to send you newsletters that you have consented to receive.

We will provide you with an option to unsubscribe from receiving our direct marketing in every newsletter and marketing communication we send you. You can also contact us to help you update your email preferences (see Contacting Us section below).

As part of our service to you, we may contact you by email or telephone to provide essential information related to your account, purchase and visit.

5. Disclosure of your personal information to third parties

We never monetize your personal information. As explained in this policy, we may disclose your personal information to our service providers who process data on our behalf and on our instructions. For example, your Financial Data is provided to Vendini's payment processor. Your personal information may also be provided to others who assist us with certain functions such as online queue management systems, transaction processing, website support and maintenance, promotional and marketing services, business and sales analysis.

We require all service providers respect the privacy of your personal information and to handle it in accordance with the law. We do not allow our service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.

We may share your personal information with the following parties:

• our business partners that operate event venues;
• our business partners that offer related products and services to you;
• any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries;
• any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries;
• in the context of a legal transaction such as a merger, acquisition or other legal proceeding.

We do not monetize your personal information and we do not share your personal information except as described in this policy.

6. Personal information of children

We do not target our Services to children. You must be 16 years of age to use this Website or any of our Services. We do not knowingly collect personal information from children under the age of 16.

7. International transfers

The personal information we collect about you may be transferred outside of the jurisdiction in which you are situated and may become subject to the laws of the receiving jurisdiction, which may differ from the laws of your jurisdiction. Our data processing and storage locations include the United States and Canada. By using our Services, you consent to the transfer of your personal information outside of your jurisdiction for the purpose of storing your personal information or processing it.

For European Customers: Where your personal information is transferred to and stored in a country not determined by the European Commission as providing adequate levels of protection for personal information, we take steps to provide appropriate safeguards to protect your personal information, including:

• entering into standard contractual clauses approved by the European Commission, obliging recipients to protect your personal information as permitted under Article 46(2)(c) of the GDPR;
• under the EU-U.S. Privacy Shield Framework (where we transfer personal information to the U.S.), which enables U.S. businesses to self-certify as a means of complying with EU data protection laws.

In the absence of an adequacy decision or of appropriate safeguards as referenced above, we will only transfer personal data to a location outside the EEA where one of the following applies (as permitted under Article 49 of the GDPR)):

• the transfer is necessary for the performance of our contractual engagement with you;
• the transfer is necessary for the establishment, exercise or defense of legal claims; or
• you have provided explicit consent to the transfer.

If you would like to learn more about our transfer practices, please contact us at privacy@vendini.com.

8. Security of your personal information

Vendini takes appropriate technical, physical and organizational security measures to protect personal information in our custody and control against unauthorized access, use, modification and disclosure, and accidental loss, destruction and damage. Unfortunately, no method of transmission over the Internet, or method of electronic storage, is one hundred percent secure. Therefore, while we strive to use commercially acceptable means to protect personal information, we cannot guarantee its absolute security.

In addition, we aim to protect your personal information with all of our service providers by contractually requiring them to maintain adequate data security processes and by limiting them to process your personal information on our instructions only.

Your debit and credit card information

If you use a credit or debit card to purchase from us or to make a donation, we will ensure that this is carried out securely and in accordance with the Payment Card Industry Data Security Standard (PCI-DSS). You can find more information about this by clicking here.

Our payment service provider will store your card details safely for use in future transactions. This is carried out in compliance with PCI-DSS and in a way where none of our staff members can see your full card number. We never store your 3 or 4-digit security code.

Third-party links

Our Website may contain links to other sites that Vendini does not own or operate. Except as provided in this privacy policy, we will not give any of your personal information to these third parties without your consent. We provide links to third-party websites as a convenience.

These links are not intended as an endorsement of or referral to the linked websites. The linked websites have separate and independent privacy statements, notices and terms of use, which we recommend you read carefully. We do not have any control over such websites, and therefore we have no responsibility or liability for the manner in which the organizations that operate such linked websites may collect, use or disclose, secure and otherwise treat your personal information.

Internal data protection policies

Vendini staff are prohibited from putting personal data on memory sticks or other such storage devices to protect against accidental loss.

Any Vendini staff member that has access to personal data on their mobile phones must ensure that their phone is password protected and that in the event of loss, that data can be deleted remotely.

All Vendini laptops are encrypted so that personal data cannot be accessed by third parties in the event of theft or loss.

Vendini has a policy in place to ensure that once an employee leaves the company, they no longer have access to personal data via any means including electronic.

9. Data retention

We will only retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

10. Your legal rights

Depending on certain considerations such as your residence, you may have the following rights to your personal information:

1. Right to request access to your personal information
   
   You have a right to request a copy of the personal information that we hold about you. We may refuse to comply with a subject access request if the request is manifestly unfounded, excessive or repetitive in nature.
   
   To request a copy of the personal information we have collected about you, or to request that your information be deleted, please contact us by clicking here: Request to Access/Delete.
   
   You may authorize an agent to submit a request on your behalf. If an authorized agent will be submitting a request for you, please contact us at privacy@vendini.com or toll-free at (800) 364-4265. We will aim to complete requests as soon as reasonably practicable and consistent with any applicable laws. Please note that we are required to verify your identity and, where applicable, that your agent has been properly authorized to request information on your behalf and this may take additional time to fulfill your request.
   
   
2. Right to request the deletion of your personal information
   
   You have the right to request that we delete or remove personal information where there is no good reason for us continuing to process it. Note that deletion requests are subject to certain limitations, for example, we may retain personal information as permitted by law, such as for tax or other record keeping purposes, to maintain an active account, or to process transactions and facilitate customer requests.
   
   To request a copy of personal information we have collected about you, or to request that your information be deleted, please contact us by clicking here: Request to Access/Delete. You can also email us at privacy@vendini.com or call us toll-free at (800) 364-4265.
   
   
3. Right to request we transfer your personal information to you
   
   You have the right to request that the personal information we hold about you is transferred to you or to a third party. We will provide you, or the third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.transferPersonalInformation_paragraph") ?>
   
   
4. Right to request correction of your personal information
   
   You have the right to request that we correct the personal information we hold about you, although we may need to verify the accuracy of the new information you provide us. We may refuse to comply with a request for rectification if the request is manifestly unfounded, excessive or repetitive in nature.
   
   If you have an account with us, you may also make certain changes directly through your account profile page.
   
   
5. Right to request restrictions on the processing of your personal information
   
   You have the right to request that we suspend the processing of your personal information in the following scenarios:
   
   
   • if you contest the accuracy of the personal information we hold about you and we are verifying the accuracy of that information;
   • where it has been determined that the processing of your personal information is unlawful but you do not want us to erase it;
   • where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
   • you have objected to our use of your data under Article 21(1) of the GDPR but we need to verify whether we have overriding legitimate grounds to use it.
   
   We may refuse to comply with a request for restriction if the request is manifestly unfounded, excessive or repetitive in nature.
   
   
6. Right to object to the processing of your personal information
   
   In certain circumstances, you have the right to object to the processing of your personal information where we are relying on a legitimate interest (or those of a third party). In this case, you must provide specific reasons for why you are object to the processing of your personal information.
   
   You have an absolute right to object to the processing of your personal data for direct marketing purposes. In some cases, we may seek to demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
   
   
7. Right to withdraw consent
   
   In circumstances where we are relying on your consent to process your personal data, you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
   
   
8. Right to non-discrimination
   
   Exercising your right to privacy does not result in different treatment by us or different quantities or qualities of product or service we offer. Where we request your personal information in exchange for a valuable product or service, we will let you know at the time of the exchange.
   
   

Exercising Your Rights

You may exercise any of these rights by emailing us at privacy@vendini.com or by calling us toll-free at (800) 364-4265. Please also note the following:

• No fee usually required
  
  Typically, you will not have to pay a fee to access your personal information (or to exercise any of the other rights).
  
  
• What we may need from you
  
  We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
  
  
• Time limit to respond
  
  We try to respond to all legitimate requests without undue delay and in any event within one month of receipt of the request. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
  
  

11. Cookies and similar technologies

This Website makes use of "cookies". Cookies are small data files commonly stored on your device when you browse and use websites. They help to make your online experience faster, and assist with things like personalization, reporting, and advertising. Cookies contain information allowing us to recognize when you are visiting this Website and to keep track of your preferences. Through the use of a cookie, we also may automatically collect information about your online activity on our site, such as the web pages you visit, the links you click, and the searches you conduct on our site. Cookies are stored in your computer's browser or on your hard disk and can then be retrieved by this Website.

We may also use "pixel tags," "web beacons," "clear GIFs" or similar means (individually or collectively "Pixel Tags") in connection with our services to collect usage, demographic and geographical location data. A Pixel Tag is an electronic image, often a single pixel, that is ordinarily not visible to users and may be associated with cookies on a user's hard drive. Pixel Tags allow us to count users who have visited certain pages of the Site, to deliver branded services and to help determine the effectiveness of promotional or advertising campaigns.

This Website uses two kinds of cookies:

• "session" cookies, which are deleted from your computer when you leave this Website and are used purely to help you to navigate around this Website; and
• "persistent" cookies, which remain on your computer so that this Website can recognize you when you return.

We also use third-party advertising companies to target and show you advertisements when you visit this Website. These third-party advertisers may send "cookies" to your computer or other device to gather information about your preferences to provide you with advertising that is more likely to relate to your interests.

You can opt-out from our use of cookies that are not necessary. However, if you opt out of tracking, this may affect the quality of your browsing experience on our websites and the extent to which we can provide you with relevant and timely information.

To opt-out of tracking from Google's advertising services, go to: https://www.google.com/ads/preferences/

If you want to delete any cookies that have already been sent to your computer or personal device, please refer to your web browser's "Help" facility. In addition, most web browsers can be set to prevent you from receiving new cookies, notify you before accepting cookies or disable cookies altogether. Details about this can normally be found in the "Help" facility provided with your browser. Please note that if you disable cookies you may not be able to take advantage of some of this Website's interactive functionality.

Google Analytics

This website uses Google Analytics, a web analytics tool provided by Google, Inc. ("Google") that helps website owners understand how visitors engage with their website. We can view a variety of reports about how visitors interact with our Website so we can improve it. Google Analytics collects information anonymously. Google uses cookies, and IP addresses, and it reports website trends without identifying individual visitors. For more information related to Google Analytics, click here: http://www.google.com/analytics/learn/privacy.html You can opt-out of Google Analytics by installing the Google Analytics Opt-out Browser Add-On. For information about and to install Google Analytics Opt-out Browser Add-on, click here: https://tools.google.com/dlpage/gaoptout?hl=en

Additionally, we use Google Analytics'doubleclick cookie for tracking aggregate and non-personally identifiable demographics and interests data. This website describes how it works and how the user can opt-out: https://support.google.com/adsense/answer/1348695.

12. Complaints

Your privacy is important to us. We want to hear from you if you have any questions or concerns about our privacy practices. We hope we can resolve any query or concern you raise about our use of your information. If you have questions or concerns about our use of your personal information, please send an email with the details of your question or concern to privacy@vendini.com or call us toll-free at (800) 364-4265.

We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding your information that we cannot resolve with you directly. You have the right to complain to a supervisory authority in the jurisdiction where you work, normally live or where any alleged infringement of data protection laws occurred.

13. Notification of changes to our privacy policy

This privacy policy may change from time to time. Any changes will be posted on this page with an updated revision date. We will always communicate any changes to our patrons and supporters where we have accurate contact details and where they would expect to receive communications from Vendini.

This privacy policy was last updated on March 19, 2020.

14. Contacting us

We want to hear from you. We have appointed responsibility for overseeing questions related to this privacy policy to a data privacy team. If you have any questions about this policy or our privacy practices, you may contact us at privacy@vendini.com or call us toll-free at (800) 364-4265.