30CC values the protection of your personal data and highly respects your privacy.
In this Privacy statement we want to give you clear and transparent information on how we handle your personal data. We put all our efforts in protecting your privacy and process your data with the highest care. 30CC respects all current legislation, and especially the EU's General Data Protection Regulation.
This means that all times:
- we process your data in accordance with the purpose they were provided for. The purposes and the specification of these data are described in this Privacy statement;
- we limit the use of personal data to the absolute minimum required for the specific purpose;
- we ask your explicit approval when using your personal data;
- we have taken appropriate technical and organisational measures to ensure the safety of your personal data;
- we do not pass on your personal data to other parties, unless it is absolutely necessary for the specific purpose;
- we are aware of your rights concerning personal data, are willing to point them out and will always respect them.
30CC is (usually) the responsible controller of your personal data. If you have any question, after reading this Privacy statement or in general, please do not hesitate to contact us:
VZW 30CC, Rijschoolstraat 4 bus 0004, 3000 Leuven
info@30CC.be - phone: 016 23 84 27
You can also contact the GDPR-team of the city of Leuven:
Why we process personal data
We use your personal data for the following purposes or legal grounds:
- to allow you to participate in our events (context of a (sales) contract);
- to send newsletters, direct marketing, thematical mailings or invitations (declaration of consent);
- to be eligible for subsidies by the government (legal obligation).
For these purposes we might require (and process) the following personal data:
- personal identification data: name, surname, address, phone number, e-mail;
- identification data issued by the government: ID card number or national register number;
- personal data: gender, date of birth, birth place and nationality
We only use the collected data for the specific purpose they were provided for.
You can at all times manage your direct marketing settings and the subscription to our e-newsletter in your ticket account.
Transfer of data
The data you provide to us can only be transferred to a third party if absolutely necessary for the execution of the described purpose.
We thus make use of a third party for:
- our internet structure (web hosting);
- our IT infrastructure (network, ticket software …);
- our electronic mailings, newsletters and invitations.
With all these parties we have made all necessary arrangements to saveguard your personal data. We never transfer your data to third parties without a specific code of conduct.
We will not transfer your personal data to other parties, unless we are legaly obliged to do so. A correct example of this would be a police investigation demanding the access to personal data of our audience.
We do not transfer personal data to parties outside the EU.
We only process personal data of minors (under the age of 16) upon written consent by a parent or a legal representative.
Data processing for third parties
30CC also sells tickets for events of third parties. These are mainly guest events in our venues. In these cases we act as processor of the personal data, by order of the organiser which is the actual data controller.
For our data processing we always act within a strict Data processing contract with the organiser and adopt the same guarantees and levels of protection. In these cases all personal data is only processed for the sole purpose of the activity and will not be used for other purposes.
30CC will keep your personal data for the strict minimum required by the specific purpose, or otherwise imposed by law. As a general rule, personal data will not be kept for more than 5 years after their last use.
Protection of your data
We take all necessary technical and organisational measures to protect your data from unlawful use. These measures include the following elements:
- everyone accessing your data on behalf of 30CC is bound by a code of confidentiality;
- we use a user and password policy on all our systems;
- data will be pseudonymised and/or encrypted when needed;
- we make back-ups of the personal data in order to restore them in the case of physical or technical incidents;
- we regularly test and evaluate all our protective measures;
- our staff is duly informed on the importance of data protection.
You are entitled to access the personal data you have provided to us or, in certain cases, also have the right to rectification and erasure.
You'll find our contact details on the top of this page. In order to verify your identity, we ask you to send us a copy of your ID card. We strongly advise you to strike out your photo and to explicitely mark the document as being a copy.
You can also restrict the processing of (a part) your personal data by 30CC or one of its processors. You also have the right to data portability, either to you or (in your direct order) to another party. We will ask you to prove your identity before responding to the mentioned requests.
Also, you always have the right to file a complaint with the Belgian Gegevensbeschermingsautoriteit, which is the supervisory authority on the protection of your privacy.
30CC can alter its privacy statement. All amendments will be announced on our website. The latest amendment dates from June 25th, 2018.