Privacy Policy

The basis of effective data protection is comprehensive information about the collection, processing and use of your data ("data processing"). Therefore, we would like to inform you,

  • When or during which actions we process data
  • What data we process and for what reasons
  • Who receives data
  • What rights you have because of the data processing by us.

This privacy policy only governs the processing of personal data in the context of the use of our platform ("Platform"). The Platform can be accessed via a mobile application that can be downloaded via the Google Play Store (Android) or the AppStore (iOS). When you leave the platform, you also leave the scope of this privacy policy.

The privacy policy can be accessed at any time within the mobile application.

1. Contact information

The person responsible for data processing within the framework of this platform within the meaning of the General Data Protection Regulation (GDPR) is:

Reydix GmbH

Hallerstr. 59, 20146 Hamburg

privacy@reydix.com

Data Protection Officer: Dr. Jonas Jacobsen, jacobsen@comtection.de

2. General information on data processing

The app offers venue operators ("Venues") as well as the artists engaged for the event ("Artists") ("Venues" and "Artists" together as well as individually also called "Partners") the use of the app for the organisation and verification of access rights to events. Partners receive an account on the platform via which the respective account manager, a natural person, can invite further event managers who, after registration, receive their own user account and can invite further personnel (e.g. event staff) as well as guests for the event (partners, their personnel as well as the guests who register on the app hereinafter also referred to jointly as "users"). Guests have the possibility to be invited to an event by partners and to manage their access rights to the event via the app as well as to purchase tickets to selected events (the ticket terms and conditions of Reydix apply primarily).

In order to be able to use this offer, the processing of personal data is unavoidable. We only process personal data if it is unavoidable and there is a legal basis for the processing. In the following, we would like to inform you comprehensively about data processing and your rights.

2.1 Scope of the processing of personal data

The provision of the platform requires the processing of various information. In addition, the scope of data processing depends on your use of the functionalities of the platform, for example when you register or check-in to an event.

You are not obliged to provide us with personal data. However, insofar as the provision of this data is technically mandatory for the use of our platform, a refusal will result in you not being able to use our platform.

As a user of our platform, you are not subject to automated decision-making within the meaning of Art. 22 GDPR.

The following categories of data may be processed in the context of the use of the platform:

  • Access data
  • Contact details (e.g. surname, first name, username, address(optional), telephone number, e-mail address(optional))
  • Identification data (e.g. date of birth (optional))
  • Geo data (optional)
  • User documents (e.g. profile picture, avatar picture (optional))
  • Event dates
  • QR codes
  • System and log data (e.g. IP address, device manufacturer, provider name, operating system)

2.2 Legal basis for the processing of personal data

The legal bases for the processing of personal data are presented below.

Performance of contract or implementation of pre-contractual measures (Art. 6 para. 1 b) GDPR)

Processing is only carried out to the extent that is necessary for the exercise and fulfilment of the rights and obligations arising from the contract. Unless expressly stated otherwise, data processing by us will only take place to this extent.

Legitimate interest (Art. 6 para. 1 f) GDPR)

Processing takes place insofar as we have a legitimate interest and no conflicting overriding interests of the data subject are apparent. The specific interest is explained in this data protection declaration as part of the processing description.

Consent (Art. 6 para. 1 a) GDPR)

Processing takes place if you have expressly consented to the type and scope of data processing. You can revoke your consent at any time with effect for the future. However, the processing that has taken place up to this point will not be affected by this.

Legal obligation (Art. 6 para. 1 c) GDPR)

Processing takes place insofar as this is necessary for the fulfilment of German or European legal obligations.

2.3 Data deletion and storage period

We delete your personal data as soon as the legal basis for its processing ceases to apply. In some cases, however, legal bases may also exist in parallel or a new legal basis may take effect when a legal basis ceases to exist, such as the obligation to store certain data in order to comply with a statutory retention obligation.

2.3.1 Steps for Account deletion

  1. Open Reydix application
  2. Go to your User profile
  3. Go to settings
  4. Select „Delete account“
  5. Confirm account deletion
  6. Account deleted

2.3.2 Categories and types of data deleted

  1. Location
    • Approximate location
    • Precise location
  2. Personal information
    • Name
    • Email address (if provided)
    • User IDs
    • Phone number
    • Other info (Any other personal information such as date of birth, gender identity, veteran status, etc.)
      • Date of birth (if provided)
  3. Photos & Videos
    • User profile picture
    • ID picture
  4. App activity
    • App interactions
    • Installed apps
    • Other user-generated content
    • Other actions (in this case: Connections)
  5. App info and performance
    • Crash logs (retention 2 weeks)
    • Diagnostics (retention 2 weeks)
    • Other app performance data
  6. Device or other IDs

2.3.3 Request Deletion

If you would like to request the deletion of your account, please contact us via email privacy@reydix.com.

3. Data processing in detail

In order for us to be able to show you the platform, it is necessary to process certain information. This already takes place when you call up our platform. In addition, we offer various functionalities on our platform that make further data processing necessary.

3.1 Log Files

When you call up our platform, your end device sends various information, so-called server log files, to our server. We need these to establish and maintain the connection. Among the data is also your IP address, which we treat as personal data.

This data is not merged with other data about you. The storage of log files including your IP address serves the legitimate interest of providing our platform and preventing its misuse. Stored log files are deleted after 30 days at the latest, unless longer storage is necessary, for example, to prevent or clarify an attack on our platform.

3.2 Registration and log-in

In order to use the Platform, you must register. For this purpose, we collect the following data:

First name, last name, e-mail address, telephone number, identification picture (photo of the face), date of birth, geo data

3.3 Event participation

If you attend an event as a guest and use the Platform to check into the event or into certain areas at the event, we process the personal data you provide during registration to determine whether you have the necessary authorisation for access. This is usually done either by comparing your name or a QR code with data stored with the event organiser.

The required data can also be stored on a wristband issued to the users by the organiser. This can be used to compare the required data without contact, if necessary. Whether such a wristband is available depends on the respective event.

3.4 Event information

Within the scope of your registration on our platform and in your user account, you have the option of activating or deactivating notifications regarding important information about the event (e.g. event cancellation). These notifications will only be made after you have given your consent or if there is a justified interest in this respect.

4. Cookies

We use cookies on our platform. Cookies are small text files that are stored by your browser when you visit a website. This identifies the browser used and can be recognised by our servers. If this use of cookies results in the processing of personal data, this is based on the legal basis of Art. 6 (1) (f) GDPR if the cookie is absolutely necessary for the operation of the platform. Otherwise, we obtain your consent in advance in accordance with Art. 6 (1) (a) GDPR. You can delete the cookies in the security settings of your browser at any time. You can object to the use of cookies through your browser settings in principle or for specific cases.

4.1 Absolutely necessary cookies

The following cookies are absolutely necessary for the operation of the platform. The legal basis in this respect is Art. 6 (1) (f) GDPR.

  • Name: CookieConsent; Purpose: Storage of the user‘s consent status for cookies on the platform.
  • Name: LOCALIZE_DEFAULT_LANGUAGE; Purpose: Storage of the language settings on the platform.

4.2 Other cookies

The following cookies are only processed if you have given us your consent to do so, Art. 6 (1) (a) GDPR:

  • Name: _ga; Purpose: Registers a unique ID to generate data about user behaviour on the platform. Other: In this context, a third country transfer may occur. This takes place on the basis of the current SCC of the European Commission.
  • Name: _ga_#; Purpose: Collects data on how often a user has visited the platform. Other: In this context, a third country transfer may occur. This takes place on the basis of the current SCC of the European Commission.

5. Possibility of objection and revocation

Insofar as the data processing is based on your consent or our legitimate interest, you have the right to object to the processing at any time or to revoke the consent you have given. Your objection or revocation only has effect for the future. If the analysis cookies used offer their own technical options for deactivation, this is shown there in each case. You can exercise your right of objection or revocation at any time by contacting privacy@reydix.com to exercise your right to object or revoke. If you object to processing on the basis of our legitimate interest, we may nevertheless continue the processing if we can demonstrate compelling legitimate grounds for the processing which override your interest, rights and freedoms.

6. Data subjects‘ rights

If personal data relating to you is processed, you are a data subject within the meaning of Art. 4 (1) GDPR. As a data subject, you are entitled to the following rights with regard to your personal data. To exercise these rights, you can contact us using the contact details provided above.

Right of access by the data subject according to Art. 15 GDPR

You have a right of access to your personal data processed by us. This includes the mandatory information set out in Art. 15 GDPR.

Right of rectification according to Art. 16 GDPR

You have the right to request the immediate correction of incorrect personal data and the completion of incorrect personal data.

Right to erasure according to Art. 17 GDPR

You have the right to request the erasure of your personal data if one of the reasons listed in Art. 17 of the GDPR applies, in particular if there is no longer a legal basis for the processing.

Right to restriction of processing according to Art. 18 GDPR

You have the right to request the restriction of the processing of your personal data if one of the reasons listed in Art. 18 of the GDPR applies, in particular at your request instead of deletion of the data.

Right to data portability according to Art. 20 GDPR

In accordance with the provisions of Article 20 of the GDPR, you have the right to request the personal data concerning you that you have provided to us in a structured, common and machine-readable format and to transfer this data to another controller without hindrance from the controller to whom the personal data was provided.

Right to complain to the competent supervisory authority, Art. 77 GDPR

You have the right to lodge a complaint with the supervisory authority responsible for you in accordance with Art. 77 GDPR.

7. Recipients of data

The processing of your personal data in the context of the use of the platform is also partly carried out by processors. These are involved exclusively on the basis of a commissioning agreement in accordance with Art. 28 (3) GDPR.

We will only pass on your data to third parties if:

  • you have given your consent to this, Art. 6 para. 1 p. 1 lit. a GDPR.
  • which is necessary for the processing of the contractual relationship with you, Art. 6 para. 1 p. 1 lit. b GDPR.
  • there is a legal obligation to do so, Art. 6 para. 1 lit. c GDPR.
  • the processing is necessary to protect vital interests pursuant to Art. 6 para. 1 sentence 1 lit. d GDPR.
  • the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller pursuant to Art. 6 para. 1 sentence 1 lit. e GDPR.
  • the disclosure is necessary in accordance with Art. 6 (1) p. 1 lit. f GDPR for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data.

8. Data transfer to third countries

If there is a transfer of personal data to a third country, this is described in this declaration in connection with the respective processing. The current Standard Contractual Clauses (SCC) of the EU Commission are used to secure the transfer if no adequacy decision is available for the third country.

The data is generally hosted on servers located in Germany.

9. Data security

The transmission of information to or from this platform is secured with TLS encryption.

In addition, we use a range of technical and organisational measures to protect your data. In particular, we focus on the requirements of Article 32 of the GDPR. This means that we protect personal data by implementing appropriate technical and organisational measures. This includes, for example, the pseudonymisation and/or encryption of data. We also ensure that all employees who have access to personal data receive regular training on how to handle sensitive data in accordance with data protection regulations.

10. Other

The further development of our platform as well as changes in legal requirements may make it necessary to amend this data protection declaration. The current version is available at any time in the app.

Status: December 2023