logo elrow

PRIVACY POLICY

Version March 2024

  1. Data controller and contact details

The elrow Family Group is made up of several Spanish and foreign companies. For this reason, there will be two different and independent data controllers depending on the type of data and purposes of processing. On the one hand, our parent company and, on the other hand, the company organising the corresponding event.

The Group’s Spanish parent company, among its responsibilities, assumes responsibility for centralising our database of users, customers, partners, suppliers, artists, performers and collaborators in order to offer and/or improve the coordination of products, services and communications to our global community (the “ELROW GLOBAL”):

ELROW GLOBAL S.L.
NIF: B-66.084.625
Address: Avda. Esplugues, 79, 08034 Barcelona, Spain
Telephone: +34 932 063 034
E-mail: privacy@elrowfamily.com

On the other hand, the elrow Group company that promotes, organises, co-produces (or participates in any way) in the event of your interest and/or in which you participate or attend (the “ELROW AFFILIATE”), which functions as the company that issues tickets, hires suppliers and manages the event in general. Full details of the ELROW AFFILIATE can be found in the relevant documents related to the event (e.g. tickets, invoice, agreement, etc.).

For our part, we will simplify the process as much as possible. Therefore, simply contact ELROW GLOBAL, and we will assist you by directing you to the appropriate entity.

  1. Source and categories of data

2.1 We will process the data you provide to us through the Website, as well as through other means, in order to deal with your requests and, where appropriate, to manage the User-elrow relationship in the context of the provision of our products and services. This personal data generally includes name, surname, email, personal activation code, as well as any other data that is necessary for the good purpose of the above.

2.2 Finally, please note that, by providing us with your data, you guarantee the truthfulness and/or accuracy of these data. Consequently, you will be responsible for any false or inaccurate statements you make.

  1. Purpose and legitimacy of the processing
PurposeLegal basis
Offer you our products and servicesOffer you free tickets to certain elrow events as a thank you for funding cultural activities such as ours.Art. 6.1.(f) and Art. 6.1(b) General Data Protection Regulation (“GDPR”)We will initially rely on our legitimate interest in providing you with these tickets and, once accepted, in the performance of the contract relating to the use and enjoyment of these tickets.
  1. Data retention

4.1 We will retain your data for as long as our relationship with you is ongoing in order to manage it properly. However, if we notice a prolonged period of inactivity, we will also delete your data to the extent that the processing is no longer adequate, relevant and necessary for the purposes intended for the processing. This rule applies unless you request us to delete your data.

4.2 Once the processing of your data is no longer adequate, relevant and limited to what is necessary for the purposes for which it is processed, we will keep your data properly blocked and only for the purpose of meeting potential liabilities, as required by law.

4.3 Finally, we inform you that we will take all reasonable steps to ensure that your data is rectified or deleted where it is inaccurate.

  1. Automated decisions

We will not make individual decisions based solely on automated processing that produce legal effects on you or significantly affect you in a similar way.

  1. Addressees

6.1 As a general rule, we will not disclose your data to third parties. However, in certain cases we may need to disclose your data to:

  • elrow Family Group entities: We may share your data with companies within our Group (in accordance with the data processing agreements in place with such entities) for operational purposes and, where intra-group data sharing is controller to controller, we will rely on the legitimate interest for such sharing to carry out internal administrative tasks within the elrow Family Group.
  • Suppliers: Access to your personal data will be granted to those suppliers who require such access in order to provide us with their services, such as other elrow Group companies, managers, IT or cloud providers or hosting providers, CRM providers, partners, logistics companies, postal services, competent Social Security authorities, security and access control personnel, travel agencies, catering companies, event promoters, occupational risk advisors as well as any others who assist us in the organisation of the event and who need to process your data for this purpose.

Where these third parties act as our (sub)processors, we will ensure that they have in place appropriate safeguards to protect your personal information including a corresponding contract of commissioning in accordance with Art. 28 GDPR.

  • Other: We will share your personal data with third parties if we are required to do so by law, by an administrative or judicial authority or in the public interest or for public order, such as to comply with anti-money laundering and anti-terrorism regulations, tax or social security obligations.

6.2 Finally, please note that we may also share your information if we believe it is reasonably necessary to enforce the terms and policies of the Website or to protect our operations or users.

6.3 In addition, in the event of a business restructuring, merger, spin-off or sale, we may transfer all of your personal information to the third party resulting from such a transaction.

  1. International transfers

7.1 As a general rule, we do not need to carry out international data transfers for the processing of personal data generated within the framework of the Website. However, as is customary nowadays, many IT providers have their servers outside the European Economic Area (EEA). It is therefore possible that in the future some of our suppliers may be located outside the EEA. In this case, and only where strictly necessary to operate the Website and/or fulfil your requests, we will make international transfers for these purposes.

7.2 In any event, we anticipate that we will enter into such documents with all such providers as may be necessary to ensure that they provide adequate safeguards equivalent to those in the EU for such international transfers.

  1. Security of personal data

We have implemented appropriate measures to prevent any loss, alteration or misuse of your personal data and to keep it secure. All identifying, confidential and personal information is stored in encrypted form at rest, and any access to data is only possible through secure, encrypted protocols.

  1. Rights

9.1 What rights do you have?

As provided for in the RGPD and the LOPDgdd, we inform you that you have the following rights:

  • Access: You have the right to access your data to find out what personal data we are processing concerning you.
  • Rectification or erasure: In certain circumstances, you have the right to rectify inaccurate personal data concerning you which is processed by us or to ask us to erase it.
  • Limitation: In certain circumstances, you will have the right to ask us to limit the processing of your data, in which case we inform you that we will only keep them for the exercise or defence of claims.
  • Portability: In certain circumstances, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transfer it to another data controller.
  • Objection: In certain circumstances and for reasons related to your particular situation, you will have the right to object to the processing of your data in which case, we would stop processing them except for compelling legitimate reasons or for the exercise or defence of possible claims. You may object to receiving commercial communications at any time.

9.2 How can you exercise your rights?

You may exercise your rights at any time by contacting elrow (as indicated in Section 1), indicating “Privacy” in the subject line. In order to verify your identity, we may require you to submit certain additional information or documentation.

The exercise of these rights is free of charge. However, please note that a fee may be charged when requests are unfounded, excessive or repetitive.

9.3 Do you have the right to withdraw your consent?

Yes, you may withdraw your consent at any time for processing operations based on your consent. In this case, this does not apply in principle as this legal basis is not used.

9.4 Do you have a right to complain?

Yes, at any time you can complain to the competent supervisory authority depending on your place of residence. In the case of Spain, the Spanish Data Protection Agency (AEPD). You can consult the different supervisory authorities by contacting us. For example, in Spain, the competent supervisory authority is the Agencia Española de Protección de Datos (AEPD).

In any case, before initiating any complaint, please contact us by e-mail in order to try to resolve any discrepancy or dispute amicably.

9.5 How long will it take to get back to you?

We will respond to your requests as soon as possible and, in any case, within one month (this period may exceptionally be extended by two months in accordance with the GDPR). If this is not the case, please excuse us and contact us again so that we can respond to you and rectify any technical errors that may have prevented us from responding within the deadline.

  1. Cookies 

This website does not use cookies.

  1. Modification

elrow reserves the right to modify this Privacy Policy in accordance with the provisions of the Legal Notice.

  1. Contact

If you have any questions or comments about our Privacy Policy, want us to stop using your information, want to exercise any of the rights set out above or have any complaints, you can contact us through the channels set out in Section 1.