The following policy explains how we collect and use personal data and other information. It also describes what rights you have in respect of your personal data.
Our goal is to be as clear as possible, but if you should have any questions, please do not hesitate to contact us at firstname.lastname@example.org.
What is personal data?
Personal data refers to any kind of information such as a name, an address or a personal identity number that can be connected to an identified or identifiable natural person (“a data subject”). Encrypted data and various kinds of electronic identity such as IP addresses are considered to be personal data if they can be connected to a natural person.
What is processing of personal data?
Processing refers to everything that is done with the personal data, for example collection, recording, storage, adaptation, transmission and erasure.
Who is responsible for the data we collect?
MM the Party in Gothenburg AB (referred to as Mamma Mia! The Party in this document), Company Reg. No. 559214-7291, is the data controller responsible for processing the personal data.
What personal data do we collect?
If, for example, you buy tickets to our events or visit our website, we collect various types of information such as your name, age, address, telephone number and e-mail address. Our starting point is never to process more personal data than is necessary for our purpose. Please find below a more detailed description of the kind of personal data we collect, our purpose for collecting it, and the legal basis that supports this.
How do we use your personal data and for what purposes?
Our purposes for processing your personal data, the categories of personal data that we process for each purpose, the legal basis that underpins this, and the length of time the personal data is retained are as follows:
To fulfil our commitments to you in connection with visits
We may need to use your personal data prior to, during or after your visit. This may concern information that needs to be communicated to you prior to your visit or to deal with questions or complaints, etc. Data processing is necessary in order for us to be able to fulfil our commitments to you as stated in the purchase agreement. If the necessary information is not provided, our commitments cannot be fulfilled and we may then be forced to refuse your purchase. The personal data that we store and process is information such as your name, address, telephone number and e-mail address, as well as information about the performance to which you have purchased a ticket. If you have accessibility needs, we want to ensure that you enjoy the best possible experience when you visit us. In order to facilitate this, we have to collect information about your needs (which may require you to provide information about your physical circumstances or dietary requirements). We only store your personal data for as long as it is necessary to fulfil our contractual obligations to you or in order to comply with statutory storage times.
To manage customer service issues
We also use your personal data in conjunction with customer service issues such as communicating and answering any questions you may ask our customer service team (by telephone, e-mail or through digital channels such as social media). This processing is necessary in order to fulfil our legitimate interest in providing good service to our customers. The personal data that we store and process is, for example, your name, address, telephone number, e-mail address and other information that you provide to us during the case. We only store your personal data as long as it is necessary for your case or in order to comply with statutory storage times.
For information and marketing
We use your personal information to communicate with you for the purpose of information and marketing so as to keep you updated on our future performances and ticket releases. This processing is necessary to fulfil our legitimate interest in informing you. The personal data that we store and process is information such as your name, address, telephone number and e-mail address, as well as information about the performance to which you have purchased a ticket. This personal data is only stored for the duration of your customer relationship with us. You may also unsubscribe from our mail-outs at any time by contacting us. Even if your personal data is deleted from our mailing lists, your email address will remain stored in a list to ensure that you do not receive any more mail-outs.
To enhance the user experience on our website
How do we obtain your personal data?
We can obtain your personal data in the following ways:
– Data that you provide us directly.
– Data that is recorded when you visit our website.
– Data that we receive from third parties (e.g. partners such as Liseberg and tour operators).
Who do we share your data with and why?
In some cases, we may share your personal data with companies known as data processors. A data processor is a company that processes personal data on our behalf and according to our instructions. When your personal data is shared with a data processor, this only takes place for purposes that are consistent with the purposes for which we have collected the data. We never sell your personal data to third parties.
Our data processors help us with:
– IT services (companies that manage the operation, storage, support and maintenance of our IT solutions and IT systems).
– Marketing (web analytics companies, advertising partners and other collaborative partners, etc.
– Customer surveys (evaluation and follow-up of events).
Companies that are joint controllers
Where is personal data processed?
We endeavour to process your personal data within the EU/EEA. In certain situations, personal data may be transmitted and processed in a country outside the EU/EEA. In the event that we share your personal data with a data processor that is established or that stores information in a country outside the EU/EEA, we take all reasonable legal, technical and organisational measures to ensure that the level of protection is the same as it is within the EU/EEA. In cases where personal data is processed outside the EU/EEA, the level of protection is guaranteed either by a decision from the EU Commission that the country in question can ensure an adequate level of protection, or through the use of so-called appropriate security measures. Examples of appropriate security measures are an approved code of conduct in the recipient country, standard contractual clauses, Binding Corporate Rules or Privacy Shield.
What rights do you have?
Right to access
You have the right to request access to your personal data. The data will be provided as a so-called register extract (processing purposes, categories of personal data, categories of data recipient, storage duration or criteria for determining the storage duration, information about where the data has been collected). In the event that we receive a request for access, we may ask for additional information to determine which data it is that you wish to receive as well as to guarantee that we are providing the data to the right person.
Right to rectification
You always have the right to request that your personal data be rectified if it is incorrect. Within the scope of the stated purpose, you also have the right to supplement any incomplete personal data.
Right to erasure
Under certain circumstances, you have the right to request that your personal data be erased. This applies, for example, in the following situations:
– The data is no longer necessary for the purposes for which it was collected or processed.
– You object to a legitimate interest and the reason for your objection outweighs our legitimate interest.
– You object to processing for direct marketing purposes.
– Your personal data has been processed in an unlawful manner.
We may have the right not to comply with your request in the event of legal obligations that prevent us from immediately erasing certain personal data, or if the processing is necessary in order to determine, exercise or defend legal claims.
Right to restriction
You have the right to request that our processing of your personal data be restricted. You have the right to object to our processing of your personal data on the basis of the following points:
If we use a legitimate interest as the legal basis for a purpose, you have the option to object to the data processing. In order to be able to continue processing your personal data after such an objection, we need to be able to demonstrate compelling legitimate grounds that outweigh your interests, rights or freedoms.
You have the option to object to your personal data being processed for direct marketing. In the event that you object to direct marketing, we will cease processing your personal data for that purpose.
Right to data portability:
If your personal data is processed automatically with your consent or in order for us to be able to fulfil our agreement with you, you have the right to demand that your personal data be transmitted to another data controller.
Competent supervisory authority
The Swedish Data Protection Agency is the competent supervisory authority. You have the right to register a complaint with the Data Protection Agency if you feel that we have processed your personal data in breach of applicable data protection legislation. More information is available at www.datainspektionen.se..
Protection and security
The security of your personal data is important to us. We apply appropriate technical and organisational security measures such as firewalls, access restrictions, anti-virus software, etc. to ensure that your data is not accidentally or unlawfully destroyed or lost, that it does not to come to the knowledge of unauthorised parties, and that it is not misused or otherwise processed in breach of applicable data protection legislation. We ensure that your personal data is secure by communicating our privacy and security guidelines to all employees of Mamma Mia! The Party. Only people who need to process your personal data in order for us to fulfil our stated purposes have access to it.