The purpose of this privacy notice (hereinafter « notice« ) aims to provide the information about how the public establishment “établissement public Centre de Musiques Amplifiées- Rockhal and its Rocklab (hereinafter ”Rockhal”) ,acting as controller, collects, processes, shares and protects your personal data collected during the visit of its website, in accordance with the General Data Protection Regulation (« GDPR ») and the applicable national laws.
Rockhal is committed to protect the privacy of everyone, and thus to comply with the laws and regulations on personal data come into force.
Please note: According to the sanitary measures taken by the Grand-Ducal authorities resulting from COVID 19 Pandemic, Rockhal shall respect and implement the requirements of the regulatory provisions relating to sanitary measures in force, which entails a series of changes to the processing of your data. For further information, please visit www.covid19.lu and Ministry of Culture website (FR)
I. WHO ARE WE ACTING AS CONTROLLER?
The controller as defined in the General Data Protection Regulation (GDPR) and other data protection legislation passed by the member states as well as other data protection regulations is the following one:
ROCKHAL / Centre de Musiques Amplifiées / 5, Avenue de Rock ‘n’ Roll / L-4361 Esch/Alzette
II. WHICH HIGH PERSONAL DATA DO WE COLLECT?
We collect your personal data when you visit our website, when you use our featured services online (e.g. ticketing online, contact form, online subscriptions). The data collected include among other, the following ones:
- Website navigation data (e.g. timestamp, IP address technical data relating to equipment and browser used, cookies).
- Personal identification data that you may communicate to us during the set of operations for ticketing, subscriptions and contact forms (e.g. email address, last name, first name, phone number, function, company, bank details for any ordering, etc)
III. WHY DO WE COLLECT YOUR PERSONAL DATA?
1. Web features management
Manage a website requires processing of data (= what we use), logic (= how we do) and views (= what you see). This processing includes the following purposes:
- To share with you, on your demand, various information relating to Rockhal and its products and services;
- To follow the requests management for information or contact made by email.
- To optimise our website and to ensure the safety of our information technology. We do not evaluate this data for marketing purposes.
These processing are based on your consent, which means that you are asked for approval to be contacted by Rockhal for further marketing issues or contact.
2. Marketing issues
- Contact form: We shall exclusively process data entered in the interface for processing the user’s contacting. The contact email is based on the necessary legitimate interest in processing the corresponding data.
The personal data additionally processed during transmission helps to prevent abuse of the enquiry form and to ensure the safety of our information technology.
- Newsletter: subscription and sending out our newsletter.
- Profiling & direct marketing: should you use our website to purchase goods or services and provide an e-mail address during this purchase, we may use this e-mail address at a later stage to send you a newsletter. In this case, the newsletter will only contain direct marketing for comparable goods or services we offer. You can withdraw your consent or object to this processing at any time using the unsubscribe (see section What are your rights as Data Subject?) link in the mail footer.
We collect additional personal data during the subscription process to prevent any abuse of our services or the e-mail address provided.
We collect personal data for the following purposes:
Purchase of a ticket:
- Personal data attached to the individual ticket: first name, last name, address, city, province, country, postal code, company/group, phone, email
- Bank details for payment operations: card number, expiration date, security code
Subscription to the newsletter:
- Tick the checkbox to activate the subscription before confirming your purchase. We disclose your data with third parties that we refer as service providers (e.g. online payment provider) solely for payment operations.
IV. HOW LONG DO WE STORE YOUR PERSONAL DATA?
The GDPR introduces the storage limitation of personal data.
We remind you that under the principle of minimisation data and purpose limitation, your data will be stored only if absolutely necessary for the purposes of the processing in question.
1. Web management
Data will be deleted as soon as they are no longer required to accomplish the purposes, for which they have originally been collected. In case of data collection for website provision, this is the case once the respective session is terminated.
For data saved to logfiles, such data will be deleted after a maximum period of seven days. Further storage of this data is possible. In this case, the user’s IP address will be deleted or alienated, making it impossible to establish any connection with the accessing client.
2. Marketing issues
The user’s e-mail address will be saved for as long as the user actively maintains their subscription to our newsletter.
For personal data from the enquiry form and personal data transmitted by e-mail, this is the case, once the corresponding communication with the user has come to an end. A conversation may be considered as terminated when the circumstances allow for the respective matter to be regarded as fully settled.
The personal data additionally processed during transmission will be deleted after a maximum period of seven days.
We retain the billing information according to national law that states the legal obligation related to accountancy (10 years).
In order to comply with the legal provisions regarding tracking due to the COVID 19 pandemic, we shall keep the following personal data: the name of the ticket holder, the assigned seat and the date of the event. These personal data shall be destroyed 1 month after the event. The deadline runs from the day after the day of the event. For further information, please visit www.covid19.lu.
V. DO WE TRANSFER ANY PERSONAL DATA OUTSIDE THE EUROPEAN UNION?
Your personal data as part of the processing defined above may be transferred to partners.
For our newsletter, we use the “Mailchimp” service offered by The Rocket Science Group, LLC (675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA). This data will exclusively be processed for sending out our newsletters. The information collected via this feature is typically sent and saved to one of the servers in the US.
According to the recent CJEU’s judgement (SCHREMS II) and the GDPR rules, the set of operations shall be covered by another appropriate safeguards :
- An additional contractual provision in the agreement between Rockhal and the service provider or based on a new draft of Standard Contractual Clauses.
- Technical and organisational measures such as those proposed by the EDPS : encryption before transmission, pseudonymised data, data in transit.
VI. WHAT ARE YOUR RIGHTS AS DATA SUBJECT?
Any data subject (= natural person) of which Rockhal, as controller, processes personal data may exercise the following rights:
- Right of access: you have the right to obtain confirmation that we are processing your personal data and where this is the case to obtain a copy of these data;
- Right of rectification: you have the right to obtain from the controller without undue delay the rectification of inaccurate personal data that you concerned.
- Right to erasure: in specific cases, you have the right to request the erasure of your personal data. We may, however, retain certain information about you as required by law or when we have a legal basis to do so;
- Right to restriction of processing: you can the limitation of certain treatments carried out on your personal data. This right only plays in the following cases:
- When you dispute the accuracy of your data for the time needed to verify the accuracy of the data;
- In the case of unlawful processing by us and you do not wish the deletion of the personal data in question;
- We no longer need your personal data, but these are necessary for the recognition, exercise or defense of rights in court;
- When you have exercised your right to oppose the time to verify that the legitimate reasons, we are pursuing take precedence over yours;
- Right to object: you have the right to object at any time, on grounds related to your particular situation, to any processing of your personal data necessary for the performance of a task carried out in the public interest or based on legitimate interest;
- Right to data portability: you have the right to receive personal data that you have provided to us in a structured, commonly used and machine-readable format and to transmit these data to another controller. However, when the personal data are not processed by automated means, you do not fulfil the conditions to exercise your right to portability;
- Right to withdraw your consent: you can withdraw your consent at every moment when the processing activity is based on it;
- Right to lodge a complaint: you have the right to lodge a complaint with the competent supervisory authority.
How to proceed?
Please fill in the following form available on our website. Then send it out with any additional details about your request by email to mydata(at)rockhal.lu. However, Rockhal may refuse your request if it does not meet the requirements of applicable law or regulation.
VII. HOW DO WE MAKE YOUR PERSONAL DATA SECURE?
We shall implement, test and maintain the appropriate security measures, among other, access to facilities, hardware and software, storage and networks, monitoring and logging, breach detection and incident response to protect against unauthorised or accidental access, loss, alteration, disclosure or destruction of personal data.
VIII. WHAT ABOUT DATA BREACH?
Rockhal shall communicate to its client of any personal data breach by Rockhal, its processors, or any other third parties acting on Rockhal’s behalf without undue delay, only where the personal data breach is likely to result in a high risk to the rights and freedoms of the client.
This privacy notice can be modified by Rockhal according to the rules and regulations that come into force.
Last update: 25/03/2021
Please note this linguistic version is the primary issue.
Limitation of liability
The public institution « Centre de Musiques Amplifiées – Rockhal » (hereinafter called the « Rockhal ») posts items on this site with a view to promoting its tasks and its activities.
Our objective is to disseminate correct and updated information. We will endeavour to correct errors which are indicated to us.
Nevertheless, the information disseminated on www.rockhal.lu shall under no circumstances involve any liability on the part of the Rockhal.
The Rockhal denies all liability for use of the information contained in the pages published on this site. The content is provided on a solely indicative basis. It contains information which is not necessarily complete, exhaustive, accurate or up to date. In the event of any difference between the texts published on this site and the original documents, the original documents shall be applicable.
The site may provide links to other sites over which the Rockhal has no control and for which it cannot be held liable. The Rockhal shall assume no liability for any loss or damage which may be caused to your computer system through the use of this site. The Rockhal denies any liability for interruption, even temporary, of the service provided by this site.
The present non-liability clauses are not intended to avoid the requirements imposed by the relevant legislations or to exclude liability in the case where it cannot be excluded by virtue of the said legislations.