Purchase Processes Privacy Notice

As Gen-Z Entertainment GmbH (”Pickaseat”, ” Controller"), we value the protection of your personal data, so we expect you to show the same attention. For this reason, it is very important for us that you read this text detailing which personal data we use for what purpose and to clearly understand the obligations of Pickaseat, who is responsible for the administrative and technical security of your personal data as “Controller”.

With this privacy notice we aim to inform data subjects, persons whose personal data is processed (used), as the “Controller” who uses their data. As a Controller, we have to prove that you have been informed about your personal data we will process by explaining:

1. What personal data we collect about you and how we obtain them 

2. How we use your personal data 

3. Who we share your personal data with 

4. Which countries we transfer your personal data to 

5. How long we keep your personal data 

6. What rights you have in relation to your personal data and how to contact us 

7. How we will update this Privacy Notice 

Please be kindly informed that through Privacy Notice, we provide links to certain areas in our website where your personal data may be collected and additional privacy notices are provided in those areas.

Please note: This Privacy notice does not apply to, and Pickaseat is not responsible for, any third-party websites which may be accessible through links from this website. If you follow a link to any of these third-party websites, their own privacy policies may apply.

1. What personal data we collect about you and how we obtain them

As Pickaseat, we collect your personal data listed below through digital means through you providing us with your personal data when you initiate a purchase on our website. The following information:

• Your identity data (including but not limited to your name, surname)
• Your contact data (including but not limited to your phone number, e-mail address, address, your billing and delivery address)
• Your customer relations data (including but not limited to your delivery and shipping information, product information included in your order, records of your return transactions and requests)
• Your finance data (including but not limited to amount and payment information, invoice information)
• Your process security data (including but not limited to IP adress, OTP verification information, browser type, and device identifiers when you use our website)

are obtained through Pickaseat Registration Portal and legal basis for obtaining them is that it is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

• Your marketing data (including but not limited to your campaign participation information, campaign usage details, gift voucher usage information and details)

are obtained through Pickaseat website and legal basis for obtaining them is necessary for the purposes of the legitimate interests pursued by the controller except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

2. How we use your personal data

As presented below the purposes of personal data processing carried out within the scope of the activity in which the Privacy Notice is issued are detailed.

We will only use your personal data where we are permitted to do so by applicable law. Each personal data processing purpose is matched with the categories of personal data and the relevant legal reason relating to the purpose.

a. For the Performance of Our Contract with You

We process your data when it is necessary to fulfill our contractual obligations and provide the services you request, including:

• To confirm your identity and contact information: We confirm your information through the contact information you’ve provided in order to ensure safety and accuracy of your contact information.
• To provide our services and process transactions: We use your information while you browse our website to better our services by analyzing your choices,
• To manage purchasing and business collaborations: We process data related to commercial negotiations, contractual agreements, and supplier partnerships. We analyze business transactions, email correspondence, and invoicing data to ensure seamless operations with partners, suppliers, and affiliates. We manage third-party agreements, reseller partnerships, and co-marketing campaigns with external vendors and strategic business partners.
• To facilitate third-party product sales – In cases where users purchase physical or digital products from third-party vendors, we may need to share relevant personal data (e.g., delivery address, contact information) with the vendor for order fulfillment.
• To ensure compliance in bundled purchases: When users purchase event tickets and third-party products in the same checkout, we will provide clear consent mechanisms and additional contractual terms.

b. For our Legitimate Business Interests

We process data where it is necessary for our business operations, security, and service improvements, ensuring a better user experience:

• To engage in marketing, advertising and analytics: We analyze interactions, including social media activity, and referral sources, to improve our marketing campaigns. We conduct market research, user segmentation, and trend analysis to enhance the relevance of our promotions.

c. To Fulfill Legal Obligations

We process your data when necessary to comply with applicable laws, protect security, and enforce legal rights, including:

• To comply with legal and regulatory requirements: We may disclose personal data to government authorities, regulators, or law enforcement agencies when legally required and especially for billing purposes.
• To ensure event security: We work with event organizers and venue security teams to protect attendees and enforce safety protocols.
• To prevent fraudulent activity and misuse: We process personal data to detect and prevent unauthorized resales, ticket fraud, and brand misuse.
• To ensure verification of user-provided data: In compliance with GDPR, we are required to verify phone numbers, email addresses, and other user details to prevent unauthorized access and fraudulent use of personal data.
• To regulate data-sharing for third-party purchases: For transactions where personal data is shared with third-party vendors, commercial partners (bundled purchases, or promotional product sales), we ensure that necessary contractual safeguards and user consents are implemented.
• To minimize unnecessary data sharing in marketing partnerships: In food-chain companies and cinema-related promotional campaigns, we aim to limit customer data sharing by using QR codes instead of personal data transfers.

3. Who we share your personal data with

We may share your personal data within Pickaseat and its affiliated companies, including:

• Payment and transaction processing teams – Ensuring secure order fulfillment.
• Fraud prevention & compliance teams – Protecting against unauthorized transactions.
• Customer support teams – Handling inquiries, refunds, and order-related issues.

a. Pickaseat Suppliers

 We may share your personal data within Pickaseat and its affiliated companies, including:

• Providing our services to you through our different companies in Europe,
• Marketing & personalization teams for user engagement and targeted promotions.
• Fraud prevention & compliance teams for data protection and regulatory adherence.

b. Event Organizers, Promoters & Venues

To facilitate ticket purchases and event coordination, we may share your data with:

• Event organizers and promoters.
• Venues, ticketing agents, and event operators.
• Security and compliance teams responsible for event safety.

At the time of purchase, we disclose which event partners will receive your data. Some partners may offer marketing communications, and you will be given the option to opt in where applicable.

c. Third-Party Product & Service Providers

If you purchase additional products or services through Pickaseat, we may share your data with:

• Merchandise vendors & fulfillment partners – Processing and shipping of physical products.
• Digital content and ticketing service providers – Providing access to exclusive event-related content.
• Insurance providers & refund protection services – For ticket protection and cancellation options.

These third parties operate under their own privacy policies, and we ensure they comply with data protection standards.

d. Law Enforcement & Compliance Authorities

We may disclose personal data when required to comply with legal obligations, including:

• Government agencies and regulatory bodies.
• Law enforcement and fraud prevention organizations.
• Legal representatives and compliance auditors.

Additionally, to prevent fraud and unauthorized transactions, we may verify phone numbers, email addresses, and payment details before processing purchases.

e. International Data Transfers

Where necessary, we transfer personal data internationally under strict safeguards, including:

• Standard Contractual Clauses (SCCs) for secure data processing.
• Localized data storage and processing solutions when possible.
• Privacy-enhancing security measures, including encryption.

Further details can be found in the "Which Countries We Transfer Your Personal Data To" section.

Which countries we transfer your personal data to 

If we process data in third countries (meaning countries outside the European Union or the European Economic Area ) or this occurs in the process of utilising the services of third parties or transmitting data to third parties, this will only be done for the purpose of fulfilling our contractual obligations, on the basis of your consent, due to a legal obligation or based on our legitimate interests.

In doing so, we ensure that your personal data is processed in compliance with the European level of data protection, based on special guarantees or due to corresponding contractual obligation including adequate technical and organisational measures.

When transferring your data internationally, we implement strict safeguards to ensure your privacy and security, including:

• Standard Contractual Clauses (SCCs) – We use legally binding agreements approved by the European Commission to ensure that data recipients outside the EU/EEA adhere to strict privacy standards.
• Binding Corporate Rules (BCRs) – If we transfer data within our corporate group, we enforce internally regulated policies that guarantee strong data protection across all entities.
• Binding Corporate Processor Rules – When working with third-party service providers, we require them to comply with contractual obligations ensuring high data security standards.
• Localized Data Storage – Whenever feasible, we process and store data within the EU/EEA to minimize cross-border transfers.
• Encryption & Security Measures – All transferred data is protected using advanced encryption protocols, access controls, and cybersecurity safeguards.

If you require further information or a copy of the relevant documentation regarding data transfers, please contact us at privacy@pickaseat.com .

5. How long we keep your personal data

We will retain your personal data for as long as is necessary to fulfil the purpose for which this data was collected and any other permitted linked purpose (for example your correspondence and any information we provide in return may be retained until the time limit for claims in respect of the communication or in order to comply with regulatory requirements regarding the retention of such data).

If your personal data is used for two purposes we will retain it until the purpose with the latest period expires; but we will stop using it for the purpose with a shorter period once that period expires.

Once your data is no longer needed, we:

• Securely delete the information; or
• Anonymize the information, ensuring that it cannot be linked back.

6. What rights you have in relation to your personal data and how to contact us

You have different rights listed under General Data Protection Regulation and if you wish to confirm processing of your personal data or to have access to your personal data we may have about you, you may contact us through the contact methods listed below.

You may also request information about: the purpose of the processing; the categories of personal data concerned; who else outside Pickaseat might have received the data from Pickaseat; what the source of the information was (if you didn’t provide it directly to Pickaseat); and how long it will be stored. You have a right to correct (rectify) the record of your personal data maintained by Pickaseat if it is inaccurate. You may request that Pickaseat erase that data or cease processing it, subject to certain exceptions.

You may also request that Pickaseat cease using your data for direct marketing purposes. When technically feasible, Pickaseat will—at your request—provide your personal data to you or transmit it directly to another controller.

You also have a right to lodge a complaint with the a competent data protection supervisory authority (Article 77 of the GDPR in conjunction with Section 19 of the German Federal Data Protection Act, BDSG) if you have concerns about how Pickaseat processes your personal data. A list of supervisory authorities (for the non-public sector) with addresses can be found here:

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

If you have questions about this statement or about data protection at Pickaseat, you can contact our data protection officer directly:

Contact details for our data protection officer:

Gen-Z Entertainment GmbH

Schillingstr. 24 13403 Berlin Germany

info@pickaseat.de

Customer Service: +49 30 46699885

WhatsApp Hotline: +49 30 46699885

7. How we will update this Privacy Notice

We may change the content of our websites and how we use cookies without notice and consequently our Privacy notice and Cookie Policy may change from time to time in the future. We therefore encourage you to review them when you visit the website to stay informed of how we are using personal data.

This Privacy notice was last updated in June 2025.