Privacy Policy
We are Tactile, a private company with limited liability registered as Tactile B.V. in the Netherlands.
​
Our platform provides a ticketing system, a (cashless) payment system, access control, event app and other types of interactions at events and venues.
​
Why we collect and process personal data
The nature of the services we provide requires us to collect and process personal data. Your personal data is all data that is somehow relatable to you. This privacy policy explains what personal data we collect, why we collect that data and when we will erase that data. Furthermore this document discusses what security measures are taken to protect your data and with whom the personal data may be shared.
Depending on your relation with Tactile we may be either a processor of your personal data, a controller or both. The terms processor and controller are in accordance with the General Data Protection Regulation (European Regulation 2016/679), but we’ll explain what they mean for you below. For the following sections, we will make a distinction in the following relationships you can have with us:
-
If you are a visitor of an event or venue that uses our platform, we will only act as a processor of your data. Our client, for example an event organiser, fully determines the reasons for collecting and types of personal data we collect. Therefore our client is the controller of your personal data collection.
-
If you are a client of us, a (potential) employee or another type of a collaborative partner, we may also gather personal data of you for purposes of Tactile. In that case, we will act as a controller.
​
What personal data we collect and why
For visitors of events or venues that use our platform
If you are a visitor of an event or venue that uses the tactile platform, there are several data that we collect about you. What data we collect and process, for what reason, if we share it with others, and when we delete the data can be viewed in the following table:
Label | Category | Reason for gathering / usage | Will be shared with organiser | May be shared with other visitors? | May be shared with third parties? | Retention Period |
|---|---|---|---|---|---|---|
Name | Personalia | Identification for access to events, identification for security, communication, possibility to share with third parties & interaction activities with other visitors of the event | Yes | Yes, e.g. group members if decided by organiser | Only when requested by user | Partnership agreement period |
Email | Personalia | Communication & possibility to share with third parties | Yes | Yes, e.g. group members if decided by organiser | Only when requested by user | Partnership agreement period |
Mobile Number | Personalia | Communication & possibility to share with third parties | Yes | Yes, e.g. group members if decided by organiser | Only when requested by user | Partnership agreement period |
Date of birth | Personalia | Identification for security, age validation for bars & interaction activities with other visitors of the event | Yes | No | Only when requested by user | Partnership agreement period. Afterwards converted to age (part of anonymization) |
IBAN or other payment details | Payment | In case of direct debit IBAN is necessary for the payment system | Only when needed for Direct Debit | No | No | Partnership agreement period |
Profile Picture | Personalia | Identification for access to events, identification for security & interaction activities with other visitors of the event | Yes | Yes | Only when requested by user | Partnership agreement period |
Preferred Language | Personalia | Correct communication | Yes | Yes | Only when requested by user | Partnership agreement period |
Specific Event related questions (e.g. dietary preferences, requested workshops) | Organiser | Necessary for organiser | Yes | Yes | Only when requested by user | Partnership agreement period |
Transaction logs | Payment | Improving future event, insights in turnover & speeding up payments | Only metadata such as the amount of products that was bought at a certain location or event (will never be relatable to an individual) | Yes | Only when requested by user | Partnership agreement period |
Checkin/checkout | Interaction | Improving future events, security of visitors & convenience for visitors | Yes, for emergencies it is necessary to check how many and which people are still inside | Yes | Only when requested by user | Partnership agreement period |
Tag to share contact details | Interaction | Convenience for visitors & possible sponsordeals | No | Only when requested by user | Only when requested by user | Partnership agreement period |
Photo tag | Interaction | GDPR Compliance, convenience for visitors & entertainment purposes | Yes | Yes | Only when requested by user | Partnership agreement period |
Vote for music | Interaction | Entertainment purposes | No | Yes | Only metadata (the count of people voted) | Partnership agreement period |
Tactile Party Meetup | Interaction | Entertainment purposes | No | Only when requested by user | No | Partnership agreement period |
For clients and other collaborative partners
If you are a collaborative partner of us, such as a client, an ambassador or an employee, we will likely collect and process some personal data of you. What data we might collect, for what reason and how long we keep it is listed below
Field | Category | Client Reason | Partner Reason | May be shared with third parties? | Retention Period |
|---|---|---|---|---|---|
Name | Personalia | Communication | Communication & records of agreements | Only with explicit consent | 2 years or longer if we are legally required to. |
Email | Personalia | Communication | Communication | Only with explicit consent | 2 years or longer if we are legally required to. |
Mobile Number | Personalia | Communication | Communication | Only with explicit consent | 2 years or longer if we are legally required to. |
Date of birth | Personalia | - | Legal obligation (e.g. employee contract) | No | Till two years after ending of the collaboration. |
Payment details + tax details | Payment | Corrections for invoices | Payment of fees | No | Till two years after ending of the collaboration. |
CV | Personalia | Job applicants | - | Only with explicit consent | Till two years after ending of the collaboration. |
Personnel file (such as data in employee contract) | Personalia | - | Necessary for personnel administration | No | Till two years after ending of the collaboration. |
What we do to protect your data
Tactile is a technology focused company and we try hard to keep up with advancements in cyber security to make sure that we are resilient to possible attacks that may be a risk for the protection of your personal data. Specifically, we take the following measures to enforce the protection of your data:
-
We will only send your data over secured connections;
-
data will be stored on secured servers that are only accessible through multi factor authorization;
-
direct communication with our servers are only possible via SSH;
-
Tactile domains are only accessible via HTTPS;
-
we collaborate with (former) students of the Master program System Engineering at the University of Amsterdam to prepare red teaming attacks to identify possible vulnerabilities of the Tactile platform.
​
Where we store your data
Most of our servers are located in Amsterdam. We will not store your personal data on servers outside of the European Union
Subprocessing
Tactile currently uses the following subprocessors to help provide our services:
Name organisation | Service | Usage | Location | Remarks |
|---|---|---|---|---|
DigitalOcean | server & database hosting | necessary | Euopean Economic Area (EEA) | |
Mailgun | sending of e-mail messages | necessary | Euopean Economic Area (EEA) | e-mails are retained for 7 days for review and retrieval, after which they are deleted. |
Google Analytics | monitor usage of services | necessary | Euopean Economic Area (EEA) | we monitor to improve the application, these analytics are never traceable to an individual |
PAY. | payment service provider | optional | Euopean Economic Area (EEA) | concerns the delivery of current bank/credit card transactions & refunds. Transaction data will be retained for the statutory period |
MessageBird | sending text messages | optional | Euopean Economic Area (EEA) |
Contact
We try our best to make legal documents such as our privacy policy as readable as possible. However, the privacy matter is quite complex and we would understand if you still have questions after reading this document. If that is the case, please contact us via: privacy@tactile.events.