Our role in processing your personal data
Whose and what data do we collect?
We collect personal data from users of our website and services, from partners that help us supply our services to you, from our suppliers, and from our job applicants.
The categories of personal data we collect are:
Website usage and browser information, such as the pages you visit and the links you click on plus the time, frequency and duration of your visits, location data, streaming history, search history for our website, and your IP address
Identity and registration information, such as your name, date of birth, gender, email address, postal address, phone numbers, username and password
Contact details, such as your name, phone number, email address and information you provide to us during your communications to us
Survey information, such as any personal data that you provide to us as part of your response to our survey
Transactional information, such as your name and bank account number
Job application information, in case you apply for a job with us, such as your educational background, interests, skills and work experience, and other information listed on your resume
We do not ask or collect ‘special categories’ of personal data about you, such as health data or data related to racial or ethnic origin.
Children under the age of 13 are not permitted to use our services and must not attempt to register an account or submit any personal data to us. We do not knowingly collect any personal data from any person who is under the age of 13. If it comes to our attention that we have collected personal data from a person under the age of 13, we will delete this information immediately. If you are a parent or guardian and you learn that your child (under the age of 13) has provided us with personal data, please notify us immediately at email@example.com.
How and why do we process your data?
To comply with our legal obligations (as a ‘legal basis’), we use your data when you send us a request to exercise your rights with respect to your personal data (as a ‘purpose’).
With your consent (as a ‘legal basis’), we may share your name, age, email address, age and gender with our event partners to offer them insight into visitor demographics (as a ‘purpose’). We will also ask for your consent to be able to use third party remarketing and retargeting services to inform you of interest-based events and services that we offer while you are browsing third party websites.
To carry out the agreement we have entered into with you or to take the steps to do so (as a ‘legal basis’), we use your data to enable you to watch an event or other content offered by us, to allow you to participate in interactive features of our services when you choose to do so, to provide you with information or assistance that you request from us and to let you know about important changes or developments in our services (as ‘purposes’).
Providing data for the aforementioned purposes is a necessary condition for providing our services to you. If you do not provide us with this data, we will not be able to provide you with our services.
We have weighed and determined that we have a ‘legitimate interest’ (as a ‘legal basis’) to use your data for direct marketing communications, to recommend content that we think may interest you, to provide, improve and personalise our services, for internal operations including back-ups, troubleshooting, data analysis, testing, research, statistical and survey purposes, to detect and protect us against error, fraud and other criminal activity and to enforce our Terms and Conditions if necessary (as ‘purposes’).
Our ‘legitimate interests’ are to offer new content to users, to generate revenue, to ensure our services are as enjoyable, effective and accessible as possible, to allow us to understand our services and to develop improvements.
The duration for which we keep your data depends on the type of data and the purpose. We do not keep your data longer than necessary for the specific purpose for which the data is collected. We may keep your data for a longer period to comply with legal, reporting or audit requirements. In such case, we restrict access to any archived data and ensure that all data is retained securely and confidential.
In some cases we may use your data for automated profiling to help recommend or suggest events that we think might interest you, based on your usage of the services or your geographical location. We do not use automated profiling for any other purpose and you can ignore our suggestions. Therefore we believe that such use of data will have little to no impact on you.
Who do we share your data with?
We may share your data with third parties (‘recipients’) if this is necessary for one or more of the purposes mentioned above. The following categories of recipients have access to your data:
Suppliers, such as providers of hosting and CDN-services, CRM services, data rights management, payment services, mail services and compliance tools. We also use various analytics services to assess the effectiveness of our services and website, and to improve them
Ads-platforms to inform you of interest-based events and services that we offer while you are browsing third party websites (i.e. remarketing and retargeting)
Affiliated group-companies, if this is necessary for compliance, internal reports, audit or security purposes, or for the execution of an agreement with you
Event partners, such as the artists, their respective management companies and event-organizers to offer them insight into visitor demographics
The vendor or supplier of merchandise products
Our accountant, legal advisers and other professional service providers engaged by us for compliance reasons
Governmental bodies, courts, supervisory authorities, law enforcement or intelligence agencies, if we have a legal obligation to provide them with personal data
Fraud prevention companies to investigate fraudulent actions and ensure that our property and rights are protected
Third parties buying or interested in buying On Air or any of its assets. Don’t worry - we will always inform you of such a situation in advance
The third parties accessing your data might be located outside the European Economic Area (EEA). When transferring data for which we are responsible to countries outside of the EEA (so-called ‘third countries’), we ensure ‘appropriate safeguards’. More specifically, we contractually bind recipients of personal data to protect your data using the Standard Contractual Clauses (SCC’s) as approved by the European Commission. We will assess in advance (where necessary, with the help of the recipients in third countries) on a case-by-case basis if the law or practice of the third country diminishes the effectiveness of the SCC’s. In those cases, we will implement supplementary measures that fill the gaps in the protection and bring it up to the level required by EU law.
What are your rights with regard to your data?
We want you to feel in control of your personal data and we will do our best to assist you with:
Accessing your data and, in some cases, getting a copy of your data
Correcting your data and, in some cases, deleting or restricting your data
Withdrawing your consent whenever you see fit
You can find out more about your data rights here. To exercise any these rights, send us an email at firstname.lastname@example.org. You can also e-mail us at that address with any questions or complaints. You also have the right to file a complaint with the Dutch data protection authority via their website. If you want to unsubscribe from the newsletter, you can do so easily by unsubscribing at the bottom of each newsletter.
Who’s responsible for your data?