1. PLUG-MI: The Urban Culture Festival
  2. Privacy policy

PRIVACY NOTICE PURSUANT TO ART. 13 OF THE EUROPEAN REGULATION 2016/679

Fandango Club Creators S.r.l. informs that the personal data of visitors to this website, including data collected during the purchase of tickets to attend the Plug-Mi event as a visitor, will be processed in compliance with personal data protection regulations.

Therefore, pursuant to Article 13 of the European Regulation 2016/679 ("GDPR"), Fandango Club Creators S.r.l. provides the following information.

1) Contact details of the data controller

The data controller is Fandango Club Creators S.r.l. with registered office in via Vincenzo Monti, 4, 20123, Milan, VAT no. 09709659966- e-mail: [email protected] (hereinafter also "Company" or "Data Controller").

2) Purpose and legal basis of processing

a) Creation and management of an account: the visitor, hereinafter also referred to as the "data subject", can register on this website by entering some personal data such as name, surname, date of birth, address, phone number, email address, and password. Personal data will also be stored to make all information related to the visitor's profile and orders and activities always and immediately accessible. The processing of personal data for this purpose does not require the visitor's express consent, as the legal basis for the processing is the performance of the contract to which the data subject is a party (Art. 6 para. 1 lit. b GDPR).

b) Ticketing: the data provided by the visitor (name, surname, phone number, email address, personal datails (home address, etc.), credit card data, data related to other payment methods used) are processed to allow the purchase of the ticket for entry to the "Plug-Mi" event, to offer and manage the requested services related to such purchase (e.g., responses to information requests, payment management, communications in case of emergency measures, etc.), as well as to comply with related legal obligations. The legal basis for the above-described processing is the performance of the contract to which the data subject is a party and compliance with legal obligations related to the ticket purchase (Art. 6 para. 1 lit. b and c GDPR).

c) Visitor requests: personal data may also be processed to respond to any requests from the visitor received through the email addresses or phone numbers indicated on the site, as well as through certain sections of this website. The processing of personal data is based on the legitimate interest of the Company to respond to visitors' requests (Art. 6 para. 1 lit. f GDPR).

d) Marketing: if the visitor wishes to stay in touch with the Company to receive information about promotional initiatives (promotions, discounts, contests, surveys, and other marketing activities), including those related to the Plug-Mi event, they must provide their email address and any other requested data, which will be used for this purpose, without prejudice to the visitor's right to communicate at any time their desire not to receive such communications. The legal basis for the above-described processing is the visitor's express consent (Art. 6 para. 1 lit. a GDPR).

e) Website performance analysis: the Company uses Google Analytics 4 and Google Tag Manager, as well as Meta Events Manager, to evaluate the performance of this website. The use of cookies for measuring website performance occurs with the visitor's consent, expressed through the dedicated banner (Art. 6 para. 1 lit. a GDPR). For more information on the use of these tools, please refer to our Cookie Policy.

f) Statistical analysis and effective business management: additionally, certain data provided during account creation, newsletter subscription, or ticket purchase, along with data on website performance, may be analyzed to conduct statistical studies on the effectiveness of current promotional initiatives and website performance. The legal basis for the above-described processing is the visitor's express consent (Art. 6 para. 1 lit. a GDPR).

g) Additional navigation data: finally, we inform the visitor that the computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of the computers and terminals used by visitors, URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters related to the visitor's operating system and computer environment. The processing of personal data is based on the legitimate interest of the Company to ensure the proper functioning of the website (Art. 6 para. 1 lit. f GDPR).

3) Recipients or categories of recipients to whom personal data may be communicated

Data may be communicated to third parties who operate in support and on behalf of the Data Controller only for the purposes listed above, including contractual and legal obligations. Personal data may be accessible to IT and marketing providers, as well as to other entities collaborating with the Data Controller in organizing the event or to whom data transfer is necessary to respond to the visitor's requests.

It should be noted that for the management and creation of the account, as well as for the issuance of the ticket through this sales channel, PG Italia s.r.l., with registered office at Via Morimondo, 26, 20143 Milan (MI), is considered the data processor, as it is responsible for managing the technological infrastructure that enables ticket acquisition and data processing through these technological tools.

In any case, the complete list of any data processors is available from the Data Controller.

If the visitor has given his or her consent, data may be transmitted to TeamSystem S.p.A., with registered office at Via Sandro Pertini 88, 61122 Pesaro (PU), which provides services to the Company for sending promotional communications.

Lastly, for the purpose of "Statistical analysis and effective business management" the personal data outlined in point 2.f) may be shared with specialized data analysis providers who assist the Company in enhancing the website's performance and optimizing its promotional efforts.

4) Possible transfer of personal data to a third country

Personal data may be transferred to the Principality of Monaco as PG Italia Srl is controlled by Platinium Group S.A.M., based in the aforementioned principality. The transferred data will be protected by applying the Standard Contractual Clauses approved by the European Commission, in accordance with Articles 44 and following of the GDPR.

5) Period of retention of personal data or criteria used to determine that period

Data will be retained in a form that allows the identification of data subjects for a period not exceeding the achievement of the processing purposes, in compliance with other legal obligations, and in accordance with the data retention procedure adopted by the Data Controller.

Data processed for the purpose 2.d) "Marketing" will be deleted if the visitor withdraws the previously given consent.

6) Visitor's rights

As provided for in Article 13 of the GDPR, the visitor may at any time exercise the following rights: 

a) Right of access, rectification, deletion, restriction, opposition: the visitor may at any time access his data, request their rectification if incorrect, request the Data Controller to delete excess data but not those required by law, as well as request restriction of data processing for certain purposes;

b) Right to data portability: the visitor has the right to receive in a structured, commonly used and machine-readable format the personal data concerning him or her provided to the Data Controller and has the right to transmit such data to another data controller without hindrance by the Data Controller exclusively in the cases provided for in Article 20 of the GDPR;

c) right to lodge a complaint with a data protection supervisory authority. For more information, please visit https://www.garanteprivacy.it/web/garante-privacy-en/home_en

d) as to the purposes under paragraph 2.d) "Marketing", 2.e) "Website performance analysis" and 2.f) "Statistical analysis and effective business management" the visitor who has given his consent may revoke it at any time, without prejudice to the lawfulness of the processing up to the time of revocation and without prejudice to the obligation for the Data Controller to continue to hold personal data when this is necessary to fulfil a legal obligation or for the performance of a task of public interest or connected with the exercise of public powers vested in the Data Controller.

To exercise their rights (or to request any information), visitors may write to: [email protected].

7) Compulsory or optional nature of providing data

Providing the data indicated with an asterisk is mandatory due to the nature of the contractual relationship established between the visitor and the Data Controller regarding the requested services, including ticket purchase.

The data voluntarily provided by the visitor is essential to responding to their request.

Providing data for the purposes 2.d) "Marketing," 2.e) "Website performance analysis," and 2.f) "Statistical analysis and effective business management" is optional.

8) Consequences of refusal to provide data

If the visitor refuses to provide the mandatory data required for the requested services, including ticket purchase, the Data Controller will not be able to allow the creation of an account, the issuance of tickets, and, in general, the provision of its services.

Failure to provide personal data may also result in the inability to effectively respond to the visitor's requests.

No consequence is foreseen for the non-provision of data of optional nature, except the simple impossibility to receive promotional communications.