Personal Data Protection and Processing Policy

Privacy Policy for the Processing of Personal Data Within the Scope of Registration Processes

As Gen-Z Entertainment GmbH (”Pickaseat”), “Controller"), we value the protection of your personal data, so we expect you to show the same attention. For this reason, it is very important for us that you read this text detailing which personal data we use for what purpose and to clearly understand the obligations of Pickaseat, who is responsible for the administrative and technical security of your personal data as “Controller”.

With this privacy notice we aim to inform data subjects, persons whose personal data is processed (used), as the “Controller” who uses their data. As a Controller, we have to prove that you have been informed about your personal data we will process by explaining:

1.     What personal data we collect about you and how we obtain them.. 1

2.     How we use your personal data. 2

3.     Who we share your personal data with. 3

4.     Which countries we transfer your personal data to. 4

5.     How long we keep your personal data. 5

6.     What rights you have in relation to your personal data and how to contact us. 5

8.     How we will update this Privacy Notice. 6

Please be kindly informed that through Privacy Notice, we provide links to certain areas in our website where your personal data may be collected and additional privacy notices are provided in those areas.

Please note: This Privacy notice does not apply to, and Pickaseat is not responsible for, any third-party websites which may be accessible through links from this website. If you follow a link to any of these third-party websites, their own privacy policies may apply.

What personal data we collect about you and how we obtain them

As Pickaseat, we collect your personal data listed below through digital means through you providing us with your personal data in the register page. The following information:

Your identity data (including but not limited to your name, surname),

Your contact data (including but not limited to your phone number, e-mail address, address),

Your customer relations data (including but not limited to your profile information, past purchases and activity records, reviews or points about events),

Your data on process security (including but not limited to your password),

are obtained through Pickaseat Registration Portal and legal basis for obtaining them is that it is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

Your marketing data (gender and city information) in the event that you provide your consent through choosing information on the registration page.

How we use your personal data

As presented below the purposes of personal data processing carried out within the scope of the activity in which the Privacy Notice is issued are detailed.

We will only use your personal data where we are permitted to do so by applicable law. Each personal data processing purpose is matched with the categories of personal data and the relevant legal reason relating to the purpose.

For the Performance of Our Contract with You

We process your data when it is necessary to fulfill our contractual obligations and provide the services you request, including:

To create & manage your user profile: We use your information to establish our user agreement with you and create your profile with the information provided.

To confirm your contact information: We confirm your information through the contact information you’ve provided in order to ensure safety and accuracy of your contact information.

To provide our services and process transactions: We use your information while you browse our website to better our services by analyzing your choices,

To ensure compliance in bundled purchases: When users purchase event tickets and third-party products in the same checkout, we will provide clear consent mechanisms and additional contractual terms.

For our Legitimate Business Interests

We process data where it is necessary for our business operations, security, and service improvements, ensuring a better user experience:

To personalize & optimize user experience: We analyze browsing activity, purchase history, and preferences to personalize website content, recommend events, and tailor your experience. We process interaction data to enhance website functionality, offer location-based suggestions, and improve service relevance.

To provide user communications: We send account-related notifications, confirmations, service updates, and reminders about purchases, bookings, or relevant promotions. We communicate service changes, event updates, and personalized recommendations.

To facilitate password recovery and ensure account security: We provide password reset functionalities and authentication support to maintain account security. We conduct fraud monitoring, suspicious activity detection, and access control enhancements.

To detect fraud and improve system security: We continuously monitor system logs, transaction patterns, and user behavior to identify potential security risks. We conduct anti-fraud checks, IP tracking, and account verification to mitigate financial and cybersecurity threats.

To store and manage user preferences: We store notification preferences, marketing consent settings, and personalized recommendations based on user choices. We allow users to manage opt-ins, unsubscribe preferences, and data privacy settings through their accounts.

To allow users to share their user views about events: We may publish your opinions or points to shows by anonymizing your user information. We may prevent any views or points from being published if we deem such publication may be criminal. This information may also be used for return calls if your have a negative experience.

Where You’ve Given Your Consent

We process your data only with your explicit consent when required, including:

To send marketing communications: Where local laws require consent, we contact you via email, push notifications, SMS, or social media platforms with personalized offers, promotions, and event details.

To provide location-based services: Our apps may request location permissions for functions such as browsing events near you or receiving event notifications.

To Fulfill Legal Obligations

We process your data when necessary to comply with applicable laws, protect security, and enforce legal rights, including:

To comply with legal and regulatory requirements: We may disclose personal data to government authorities, regulators, or law enforcement agencies when legally required.

To ensure event security: We work with event organizers and venue security teams to protect attendees and enforce safety protocols.

To prevent fraudulent activity and misuse: We process personal data to detect and prevent unauthorized resales, ticket fraud, and brand misuse.

To ensure verification of user-provided data: In compliance with GDPR, we are required to verify phone numbers, email addresses, and other user details to prevent unauthorized access and fraudulent use of personal data.

To regulate data-sharing for third-party purchases: For transactions where personal data is shared with third-party vendors (bundled purchases, or promotional product sales), we ensure that necessary contractual safeguards and user consents are implemented.

Who we share your personal data with

We only share your personal data where necessary to provide our services, comply with legal obligations, and operate our business efficiently. Below is an overview of who we share your data with.

Pickaseat Group Companies

We may share your personal data within Pickaseat and its affiliated companies, including:

Providing our services to you through our different companies in Europe,

Marketing & personalization teams for user engagement and targeted promotions.

Fraud prevention & compliance teams for data protection and regulatory adherence.

Third-Party Service Providers

We rely on third parties for infrastructure, security, support, and operational services, including:

Cloud hosting providers, secure data storage and platform infrastructure.

Payment processors, online payment transactions and fraud monitoring.

Customer support teams, external contact centers handling inquiries.

Security & fraud prevention providers, monitoring and risk assessment services.

Marketing & analytics providers, advertising networks, email service providers, and audience insights platforms.

Merchandise vendors and fulfillment partners for physical product deliveries.

Digital content and ticketing service providers for online event access and exclusive digital content.

Insurance providers and refund protection services for ticket protection plans.

Law Enforcement & Compliance Authorities

We may disclose personal data when required to comply with legal obligations, including:

Government agencies and regulatory bodies.

Law enforcement and fraud prevention organizations.

Legal representatives and compliance auditors.

Additionally, to ensure compliance with GDPR and prevent fraudulent activity, we may verify phone numbers, email addresses, and other user details before granting access to our services.

International Data Transfers

Where necessary, we transfer personal data internationally under strict safeguards, including:

Standard Contractual Clauses (SCCs) for secure data processing.

Localized data storage and processing solutions when possible.

Privacy-enhancing security measures, including encryption.

Further details can be found in the "Which Countries We Transfer Your Personal Data To" section.

Which countries we transfer your personal data to 

If we process data in third countries (meaning countries outside the European Union or the European Economic Area) or this occurs in the process of utilising the services of third parties or transmitting data to third parties, this will only be done for the purpose of fulfilling our contractual obligations, on the basis of your consent, due to a legal obligation or based on our legitimate interests.

In doing so, we ensure that your personal data is processed in compliance with the European level of data protection, based on special guarantees or due to corresponding contractual obligation including adequate technical and organisational measures.

When transferring your data internationally, we implement strict safeguards to ensure your privacy and security, including:

Standard Contractual Clauses (SCCs) – We use legally binding agreements approved by the European Commission to ensure that data recipients outside the EU/EEA adhere to strict privacy standards.

Binding Corporate Rules (BCRs) – If we transfer data within our corporate group, we enforce internally regulated policies that guarantee strong data protection across all entities.

Binding Corporate Processor Rules – When working with third-party service providers, we require them to comply with contractual obligations ensuring high data security standards.

Localized Data Storage – Whenever feasible, we process and store data within the EU/EEA to minimize cross-border transfers.

Encryption & Security Measures – All transferred data is protected using advanced encryption protocols, access controls, and cybersecurity safeguards.

We may transfer your data internationally under the following circumstances:

Use of shared services within the Pickaseat group – Some of our technical, security, and customer support services are provided by affiliated companies outside your country of residence.

Event coordination across regions – When international events or ticketing operations require data sharing across borders, we ensure a seamless and secure experience.

Global service providers – We work with international third-party vendors, including cloud hosting, payment processors, fraud prevention, and customer support teams, which may process data in different countries.

If you require further information or a copy of the relevant documentation regarding data transfers, please contact us at privacy@pickaseat.com[AA1] .

How long we keep your personal data

We will retain your personal data for as long as is necessary to fulfil the purpose for which this data was collected and any other permitted linked purpose (for example your correspondance and any information we provide in return may be retained until the time limit for claims in respect of the communication or in order to comply with regulatory requirements regarding the retention of such data).

If your personal data is used for two purposes we will retain it until the purpose with the latest period expires; but we will stop using it for the purpose with a shorter period once that period expires.

Once your data is no longer needed, we:

Securely delete the information; or

Anonymize the information, ensuring that it cannot be linked back.

What rights you have in relation to your personal data and how to contact us

You have different rights listed under General Data Protection Regulation and if you wish to confirm processing of your personal data or to have access to your personal data we may have about you, you may contact us through the contact methods listed below.

You may also request information about: the purpose of the processing; the categories of personal data concerned; who else outside Pickaseat might have received the data from Pickaseat; what the source of the information was (if you didn’t provide it directly to Pickaseat); and how long it will be stored. You have a right to correct (rectify) the record of your personal data maintained by Pickaseat if it is inaccurate. You may request that Pickaseat erase that data or cease processing it, subject to certain exceptions.

You may also request that Pickaseat cease using your data for direct marketing purposes. When technically feasible, Pickaseat will—at your request—provide your personal data to you or transmit it directly to another controller.

You also have a right to lodge a complaint with the a competent data protection supervisory authority (Article 77 of the GDPR in conjunction with Section 19 of the German Federal Data Protection Act, BDSG) if you have concerns about how the Pickaseat processes your personal data. A list of supervisory authorities (for the non-public sector) with addresses can be found here:

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

If you have questions about this statement or about data protection at Pickaseat, you can contact our data protection officer directly:

Contact details for our data protection officer:

Gen-Z Entertainment GmbH

Schillingstr. 24 13403 Berlin Germany

info@pickaseat.de

Customer Service: +49 30 46699885

WhatsApp Hotline: +49 30 46699885[AA2] 

How we use Cookies and similar Technologies

You may find detailed information regarding our use of cookies and similar technologies under our Cookie Policy.[AT3] 

How we will update this Privacy Notice

We may change the content of our websites and how we use cookies without notice and consequently our Privacy notice and Cookie Policy may change from time to time in the future. We therefore encourage you to review them when you visit the website to stay informed of how we are using personal data.

This Privacy notice was last updated in January 2025.

 [AA1]Lütfen teyit ediniz.

 [AA2]Burada lütfen DPO’nuzu belirtiniz.

 [AT3]Please link the Cookie Policy.