The controller responsible for the processing of your personal data is THE FACTORY, a limited company (“besloten vennootschap”/“société à responsabilité limitée”) under Belgian law, with registered office at Diestersteenweg 152, 3970 Leopoldsburg, Belgium, and registered with the Crossroads Bank for Enterprises under company number 0434.153.588. You can contact us as indicated in section 6.11 below.
2. Processing of your personal data
2.1.1. It is not our intention to collect or otherwise process children’s personal data through this Website for marketing purposes or to create personality or user profiles.
2.1.2. Whenever you use our Website, we collect technical information associated with the device you use, such as device type, screen resolution, operating system name and version, internet browser type and version, system language, and location. Additionally, we collect technical identifiers that identify the device you use, such as IP address, IDFA (identifier for advertisers), MAC address, and other unique identifiers. Depending on your cookie settings, we also collect information concerning your browsing behavior and engagement information, such as how long you visit, what links you click on, what pages you visit, how many times you visit a page and how long it takes for you to come back.
2.1.3. We process your personal data collected through our Website to enable access to our Website and deliver content and functionalities correctly. This processing is based on our legitimate interest.
2.2. Festival ticket
2.2.1. When you purchase (a) festival ticket(s), we collect the personal data that is necessary for such purchase and to send you the corresponding ticket(s). This includes basic identification data such as your name, email address, date of birth and billing information. Additionally, we also collect other relevant details pertaining to your order, your preferences regarding receiving email communications, and any other personal data you choose to provide.
2.2.2. When you purchase a festival ticket, we process your identification data and contact information to be able to issue a valid ticket as well as for administrative and contractual purposes. At the event, we use the data that are linked to your ticket to verify your identity as a fraud prevention measure and to confirm the authenticity of your ticket. To the extent this processing requires the processing of your personal data, we rely on the performance of our agreement. Additionally, your date of birth will be included in the QR code on your wristband so that we can quickly verify during the event whether or not we may serve you alcoholic beverages. We rely on our legitimate interest to efficiently comply with our legal obligations with regard to private and special security and with regard to the protection of consumer health with respect to food and other products for this purpose.
2.2.3. We use your contact information to send practical information and updates about services you requested and messages to follow up on your customer service queries. To the extent this processing requires the processing of your personal data, we rely on the performance of our agreement.
2.3.1. We process your personal data to keep you informed of novelties, events and services offered by us. If you are an existing customer (meaning that you have previously purchased a festival ticket from us), we will keep you informed based on our legitimate interest to stay in touch with you, and to market, promote and overall successful roll-out of our products and services.
2.3.2. If you are not an existing customer, and you subscribe to the Pukkelpop Newsletter, we will collect your name, your email address and your personal preferences in terms of favorite music genre. In this case we will obtain your consent in order to send you relevant marketing communications to keep you up to date about our current and future activities.
2.3.3. In both cases, you will of course have the option to opt out from future communications.
At the festival grounds, we may capture your image as a part of the promotional materials we create at our events (photographs, videos). These materials may be shared on our Website or social media platforms, or may be aired on television. When we do so, we process your personal data based on our legitimate interest to promote our events. Where we take dedicated pictures of you, we will obtain verbal consent before using your image.
2.5.1. If you contact us by email, phone, or any other means, we collect the information you provide to us. This may include your name, telephone number, email address, and any other personal data you choose to provide. We also process the content of your communication, the practical details of this communication (such as with whom you corresponded, and the date and time), and, where necessary and proportionate, publicly available information about you. In this case, we use your personal data to provide relevant customer service, respond to inquiries and fulfil requests. To the extent your communication with us requires the processing of your personal data, we rely on the performance of our agreement to process your personal data.
2.5.2. Additionally, as stated in section 2.1.5, we may process your personal data to preserve our legitimate interests or the legitimate interests of our partners or others to keep our and their assets and business safe from misuse and illegal activity and to enforce our policies.
In addition to the processing of your personal data for the purposes set out above, we may process all of your personal data for compliance purposes as follows:
2.6.1. We may process your personal data for internal audits and to otherwise verify that our internal processes function as intended and are compliant with applicable laws, regulatory requirements, or contractual obligations. We need to process your personal data for this purpose to protect our legitimate interests in carrying out our business and to keep our assets and business safe from misuse and illegal activity and to enforce our policies.
2.6.2. We may process your personal data for informing others in the context of corporate operations, such as a possible merger or any other form of reorganization. For the processing of your personal data for this purpose, we rely on our legitimate interest to conduct our business in good faith.
2.6.3. We use your personal data to comply with our legal obligations, such as obligations under applicable anti-money laundering and counter-terrorism financing legislation. We need to process your personal data for this purpose for us to comply with our legal obligations.
2.6.4. We process your personal data to comply with any reasonable request from competent law enforcement agents or representatives, judicial authorities, and governmental agencies or bodies, including competent data protection authorities. The processing of your personal data for this purpose is necessary for us to comply with our legal obligations. In the same way we may share your personal data upon our own initiative with competent authorities if there are justified suspicions of an unlawful act or crime committed by you through your use of our Website or any other interaction with us. For the processing of your personal data for this purpose, we rely on our legitimate interest to assist competent authorities in preventing or investigating illegal activities.
We may process your personal data for other purposes upon your request. For example, if you were unable to present a valid festival ticket while travelling to or from our events and you have requested De Lijn or NMBS to verify with us that you had a valid festival ticket to avoid a penalty for travelling without a bus or train ticket.
3. Sources of your personal data
4. Recipients of your personal data and data transfers
4.1. We only share personal data with others if it is legally required or if there is another legal basis for doing so.
4.2. Your personal data is processed by third-party processors that operate on our behalf. For example, we rely on processors to safely store your personal data and to send you our newsletters. We carefully select our processors and contractually require them to maintain the safety and integrity of your personal data. Our processors are only authorized to process your personal data according to our explicit written instructions.
4.3. Moreover, we collaborate with others that assist us in delivering and improving our services. For instance, we utilize a third-party service to follow certain of your actions on our Website in order to better understand how our Website is used and to support our marketing campaigns. When you purchase a festival ticket, your payment details are processed by Mollie, a payments platform that offers an easy-to-implement process for integrating payments into our Website, to ensure a secure online payment.
4.4. In order to process your personal data for the purposes outlined in section 2 above, we may transfer your personal data to others which are located outside of the European Economic Area, such as any country where we have partners or service providers. In case these recipients that process your personal data on our behalf are located in a third country for which the European Commission has not yet decided that it ensures an adequate level of protection and where derogations for specific situations do not apply, we shall implement appropriate safeguards with regard to the processing of your personal data. Such safeguards might be provided by, for example:
- A contractual arrangement being in place between us and the third-country recipient that is based on the standard contractual clauses for international data transfers adopted by the European Commission; or
- Any other transfer mechanism or transfer tool that legitimizes the international transfer of your personal data in compliance with applicable data protection law.
Where we rely on appropriate safeguards for the transfer of your personal data, we will assess whether these safeguards can sufficiently protect your personal data so that the level of protection guaranteed in the European Union is not undermined by the transfer. If this is not the case, we will take the additional measures necessary to provide appropriate protection for your personal data. If it is not possible to provide for appropriate protection of your personal data, we will not transfer your personal data to the recipient in a third country, or will transfer your personal data only if and to the extent that another mechanism justifies the transfer of your personal data in accordance with applicable data protection law. To obtain a copy of these data protection safeguards or to obtain information about their applicability, please send a request via email to firstname.lastname@example.org.
5. What we do to protect your personal data
5.1. We do our utmost to process only that personal data that is necessary to achieve the purposes listed under section 2.
5.2. The personal data you provide us will only be processed for as long as necessary to achieve the purposes stated in section 2 above, as required by applicable laws, or, if processing is based on your consent, up until such time you withdraw consent for processing. When deciding on the appropriate retention period, we take into account the purposes for which we process the personal data, the categories of personal data involved, the potential risks associated with a data breach, and any legal obligations (such as accounting obligations) that may require us to retain the data. We will de-identify your personal data when they are no longer necessary for the purposes outlined in section 2, unless there is an overriding interest of us or others in keeping your personal data identifiable, or if there is a legal or regulatory obligation or a judicial or administrative order that prevents us from de-identifying them.
5.3. We want you to feel confident about using our Website and interacting with us, so we make our best effort to ensure that any personal data we collect is safely kept. We take technical and organizational measures to keep your personal data safe from unauthorized access or theft as well as accidental loss, tampering or destruction. Access by our staff, partners and third-party processors is only on a need-to-know basis and subject to strict confidentiality obligations. You understand, however, that safety and security are best efforts obligations only which can never be guaranteed.
6. Your rights as a data subject
6.1. You have the right to request access to your personal data that we process.
6.2. You have the right to obtain the rectification of any inaccurate personal data about you. Your rectification request must be supported by evidence of the inaccuracies in the data you are seeking to have corrected.
6.3. Where we process your personal data based on your consent, you have the right to withdraw such consent at any time.
6.4. Under the conditions foreseen in the applicable data protection legislation, you have the right to obtain the erasure of your personal data.
6.5. If you would like your image to be removed from our promotional materials taken during our events, please contact us at email@example.com and describe the picture or footage in question. We will make a reasonable effort to remove the pictures and footage that feature you from any future promotional materials. Please note that we may not be able to immediately remove your image from promotional materials that have already been produced or distributed.
6.6. Under the conditions foreseen in the applicable data protection legislation, you have the right to obtain the restriction of processing of your personal data.
6.7. If you receive our marketing communications, you can change your preferences for receiving such communications by clicking the “unsubscribe” link provided in our communications or object to direct marketing, including profiling to the extent that it is related to such direct marketing, by sending us an email at firstname.lastname@example.org.
6.8. Where we process your personal data based on our legitimate interests, you have the right to object to the processing of your personal data on grounds relating to your particular situation. However, you can always object to processing for direct marketing at any time without any charge or justification.
6.9. If we process your personal data with your consent or to fulfill a contract and the processing is carried out by automated means, you have the right to receive the personal data you provided to us in a structured, commonly used, and machine-readable format and to transfer this information to another controller.
6.10. We do not use automated decision-making processes that have a legal or similarly significant effect on you.
6.11. To exercise any of the rights mentioned above, you can send a request via email to email@example.com. Please state clearly which right you wish to exercise and provide reasons or proof to support your request if required. We will acknowledge receipt of your request and proceed to review it. If your request is valid, we will honor it as soon as possible. In case we have doubts about your identity, we may request additional information to verify it.
If you are not satisfied with how we handle your personal data, please inform us by sending an email to firstname.lastname@example.org. You also have the right to lodge a complaint with a supervisory authority. You have the choice of submitting this complaint to the supervisory authority of the EU member state where you normally reside, where you have your place of work, or where the alleged infringement was committed. If you choose the Belgian supervisory authority, this can be done at https://www.dataprotectionauthority.be/citizen/actions/lodge-a-complaint (available in Dutch, French and German).
Last Updated: 23 October 2023