Privacy Policy for FestMitra
Effective Date: [Insert Date]
1. Introduction and Data Controller
FestMitra ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This policy explains how we handle your information when you use our application to book festival tickets in Germany.
Data Controller:
* Company Name: [BMV Developers]
* Address: [Lehrter straße. 58 30559 Hannover]
* Email: [loveloop9055@gmail.com]
* Represented by: [Vaidehi Virani]
2. What Data We Collect
To provide ticket booking services, we collect the following:
* Identity Data: Full name.
* Contact Data: Email address, phone number.
* Transaction Data: Details about payments and tickets purchased (note: we do not store full credit card numbers; these are handled by secure payment processors).
* Technical Data: IP address, device type, and operating system (collected automatically for security and app performance).
3. Purpose and Legal Basis for Processing
Under GDPR, we process your data based on the following legal grounds:
* Contractual Necessity (Art. 6(1)(b) GDPR): To process your booking, send your ticket, and manage your account.
* Legal Obligation (Art. 6(1)(c) GDPR): To comply with German tax and accounting laws regarding financial transactions.
* Legitimate Interest (Art. 6(1)(f) GDPR): To improve our app and protect against fraudulent bookings.
* Consent (Art. 6(1)(a) GDPR): If you sign up for our newsletter or marketing updates.
4. Data Sharing with Third Parties
We only share your data with third parties when necessary:
* Event Organizers: Your name may be shared with the festival organizers for entry verification.
* Payment Providers: To process your ticket payment securely (e.g., Stripe, PayPal).
* Technical Service Providers: Cloud hosting services (e.g., AWS, Google Cloud) located within the EU.
* Authorities: Only if legally required by German law.
5. International Data Transfers
We prioritize storing data on servers located within the European Economic Area (EEA). If any data is transferred outside the EEA, we ensure it is protected by Standard Contractual Clauses as approved by the European Commission.
6. Data Retention
We keep your data only as long as necessary:
* Booking Data: Kept for 10 years to comply with German commercial and tax retention periods (Handelsgesetzbuch and Abgabenordnung).
* Account Data: Kept until you delete your account or after 2 years of inactivity.
7. Your Rights (Data Subject Rights)
As a user in the EU/Germany, you have the following rights:
* Access: Request a copy of your data.
* Rectification: Correct any wrong information.
* Erasure: Request deletion of your data ("Right to be forgotten").
* Restriction: Limit how we use your data.
* Data Portability: Receive your data in a machine-readable format.
* Objection: Object to marketing or processing based on legitimate interest.
To exercise these rights, contact us at [Insert Email Address].
8. Right to Complain
You have the right to lodge a complaint with a data protection authority. In Germany, this is usually the State Data Protection Officer (Landesdatenschutzbeauftragter) of the state where you live or where our company is based.
9. Cookies and Tracking
We use cookies to keep you logged in and analyze app usage. You can manage your preferences through the "Privacy Settings" in the app menu.
10. Security
We implement state-of-the-art technical and organizational measures (e.g., SSL encryption) to protect your data against unauthorized access or loss.
