Table of Contents

I.        Information We May Collect About You

II.        How We Use Your Personal Information

III.        Who has Access to Your Personal Data?

IV.        How is Your Personal Data Hosted?

V.        Our Use of Cookies

VI.        Linking Analytics Cookies and Personal Data

VII.        Your Rights

VIII.        Data Accuracy Measures

IX.        Disclosure of Your Personal Information

X.        Process for Rectifying Inaccuracies

XI.        Links to Other Websites

XII.        Changes to Our Privacy Policy

XIII.        GDPR Compliance

XIV.        How to Contact Us

This Privacy Policy was last updated on May 20, 2024

For the purposes of this privacy policy and applicable data protection legislation, the data controller is Flokk Technologies OÜ. You can contact us at the “Contact us” section below. Please read this privacy policy carefully to understand how your personal data is gathered, processed and stored.

Flokk Technologies OÜ respects your privacy and is committed to protecting your personal information and keeping this information secure.

This Privacy Policy describes and outlines how Flokk Technologies OÜ collects, uses, shares, and protects your personal information in connection with the use of the Service.

Processing is necessary for the performance of a contract (e.g., the processing of ticket bookings on behalf of the Provider or storing your information if you choose to join a waitlist for an event) and legitimate interest (e.g., storage or IP Addresses for risk management or Cookies to allow full access to our Service, or even for anonymous research such as industry analyses).

Please note that this Privacy Policy does not apply to you if you are a Customer who has sourced a ticket or voucher from an event organiser (“Provider”) who uses our Tour Operator Booking Software. In such circumstances, we process Customers’ personal information solely on the Provider’s behalf (as their “processor”) and the Provider has the legal responsibility to tell Customers how their personal information will be collected and used. For such data, we shall merely act as a data processor, and the Provider shall then be the data controller.

Please take a moment to review this policy in detail (together with our Terms of use of Service for Customers). As you will see, it explains our privacy practices and covers the following areas:

  1. Information We May Collect About You

The processed personal data is presented by the Customer on the Service upon entering the information necessary for the purchase of tickets and/or vouchers. We may collect and process the following personal data about you:

Flokk Technologies OÜ collects personal information about you when you specifically provide us with such information on a voluntary basis. We collect information from you through our web application (e.g., nameoftheprovider.flokk.io), when you request further information about the Services and when you report a problem. The information that we collect includes:

  1. Name
  2. Address (at the request of the Provider)
  3. Email address
  4. Contact number (at the request of the Provider)
  5. Business name/position (for some business events)
  6. IP address - we may collect information about your computer, including where available your IP address, operating system, and browser type, for system security, customer support and site analytics. This statistical data cannot be used to identify a Customer.
  7. Cookies – cookies are used to track visitors through our site and to save booking information as you move from page to page of the booking process.,
  8. We may automatically collect details of your visit, including, but not limited to, traffic data, location data, weblogs and other communication data
  9. Connection data – when you use our Service, we gather your connection data, i.e. information that is automatically recorded by our servers when you access the Service or when you use it. Your connection data is also used to gather and to analyse statistics concerning your use of our Service, such as the number of visits, the number of unique visitors, the number of page views, or to produce other general statistics about the activity of the Service.

Please note that we do not use your personal information for marketing purposes, and we do not send newsletters.

We may also collect, use, and share anonymised data and aggregated data such as statistical or demographic data for any purpose. Anonymised and aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity.

We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

  1. How We Use Your Personal Information

We use your personal data for the following purposes:

  1. To process ticket or voucher bookings (including the booking, payment processing and ticket delivery)
  2. To send you email communication regarding your booking (to include booking reminders, event updates or to advise you of an event cancellation)
  3. To assist you with any query that you may have regarding your booking or payment
  4. To provide you with information or services that you request from us
  5. To place you on a waitlist for a sold-out event at your request, and send updates as tickets become available
  6. To notify you about changes to our Service
  7. We may also use your data to perform quality assurance, and anonymous research such as industry analyses

We use your personal information to comply with various legal and regulatory obligations, such as:

  1. To notify you about changes to our Terms of Service for Customers or Privacy Policy
  2. To comply with mandatory law enforcement or regulatory requests for the disclosure of your personal information, including in circumstances of suspected fraudulent activity

We use your personal information in order to deploy and develop our services, to improve our risk management and to defend our legal rights, including:

  1. To ensure that content from our Service is presented in the most effective manner;
  2. to administer our site and for internal operations, including troubleshooting, data analysis, research and statistical purposes;
  3. to measure the effectiveness of our Services so that we can improve our Services;

  1. Who has Access to Your Personal Data?

Your personal data will be accessible only by authorised persons within Flokk Technologies OÜ for those purposes that are strictly necessary for their respective duties. The Provider will also have access to your personal data.

  1. How is Your Personal Data Hosted?

All personal data that we gather from the persons who access our Service in the European Union is hosted in the European Union.

All personal data will be destroyed in 30 days upon withdrawal of your consent. This shall apply only to any data gathered based on your consent. In the event of a withdrawal of consent, the Data Controller is also entitled to process the personal data of the data subject if it has another legal basis for the data processing (e.g. for the fulfilment of a legal obligation or for the assertion of a legitimate interest).

Any cookies that are not strictly required for the operation of our Service will be erased twelve (12) months following their insertion, and the information that is gathered through these cookies will be kept for a term of sixty (60) months following its gathering.

  1. Our Use of Cookies

Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you visit our platform, we may collect information from you automatically through cookies or similar technologies to distinguish you from other users of our Service.

  1. Some cookies are necessary to allow our Service to function,
  2. others help us provide you with a good experience when you browse our Service,
  3. others allow us to collect data to improve our sites

There are a number of different types of cookies, however, our platform uses:

  1. Strictly necessary cookies – these cookies do not require user consent at all
  2. Functional cookies – these cookies help us to recognise you on our platform and remember your previously selected preferences. These could include what language you prefer and the location you are in. A mix of first-party and third-party cookies are used.
  3. Performance cookies – these cookies monitor site preferences and follow user actions, but they do not collect identifiable information. They collect data anonymously and use it to improve the platform. Performance cookies can count page visits, examine how much time a user has spent on a website, as well as analyse loading speeds to improve performance.
  4. Analytics cookies – these cookies track how users navigate and interact with a platform.

You can opt to deactivate any cookies that are not needed for the use of the functionalities of our Service. Here you can find information on how to customize cookie settings for the usual browsers:

Google Chrome (https://support.google.com/chrome/answer/95647?hl=en&co=GENIE.Platform%3DDesktop)
Internet Explorer (https://support.microsoft.com/en-us/windows/manage-cookies-in-microsoft-edge-view-allow-block-delete-and-use-168dab11-0753-043d-7c16-ede5947fc64d )
Firefox (https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox )
Safari (https://www.apple.com/legal/privacy/en-ww/)

  1. Linking Analytics Cookies and Personal Data

Our website uses analytics cookies to track and analyse user activity, thereby improving the quality of our services and your experience. In some cases, we combine the data collected by analytics cookies with your personal data to perform user research and analytics to improve our services.

Consent to Analytical Cookies

Your explicit consent is required to use analytics cookies. When you first visit our platform, you will see a notice asking you to consent to the use of analytics cookies.

Consent to Data Linking

Where we combine the data collected by analytics cookies with personal data, we will ask you for your specific consent. You can give this consent in the cookie settings or in the notification, in which you will be clearly informed about the purpose and method of processing.

You have the right to withdraw your consent to the use of analytics cookies and data aggregation at any time. For more information about your rights, please read the section below!

  1. Your Rights

You have certain legal rights with respect to your personal information depending on your location and applicable laws. You may exercise your rights at any time by contacting us at [email protected] 

Your rights if you are resident in the EEA:

Right of access: You have the right to access any personal data we hold about you: we will provide a copy of your personal data that we hold together with details of the purposes of the processing, the types of personal data we hold and the people to whom your personal data has been disclosed.

Right to rectification: You have the right to have inaccurate or incomplete personal data corrected or to restrict the processing of personal data whilst the accuracy is checked.

Right to erasure (“Right to be forgotten”): You have the right to ask to have personal data we hold about you erased as soon as possible. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with a legal obligation under European Union law or Estonian law.

Right to data portability: In certain circumstances, you have the right to have data we hold about you transferred to yourself or another data controller. Note, this right only applies to information that is processed by automated means which you initially provided consent for us to use or where we used the information to perform a contract with you.

Right to object: You have the right to: ask us not to process your personal data for direct marketing purposes; object, on grounds relating to your particular situation, to the processing of your personal data (including profiling) where we are relying on a legitimate interest.

Right to withdraw consent: You have the right to withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.

Right to complain: You have the right to lodge a complaint with the Estonian Data Protection Inspectorate or other data protection supervisory authority applicable to you if you are unhappy with the way we are handling your personal data.

You can exercise these rights by contacting [email protected]. If you have any concerns or complaints regarding the processing of your personal information, you can contact [email protected] directly.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within 30 days. Occasionally it may take us longer than 30 days if your request is particularly complex or you have made multiple requests. In this case, we will notify you and keep you updated.

  1. Data Accuracy Measures

Flokk Technologies OÜ. takes reasonable steps to ensure that personal data collected is accurate and up to date. Individuals are encouraged to update their personal information if any changes occur.

  1. Disclosure of Your Personal Information

Payments via our Service

All payments through our Service and pursuant to our referral partner program are made using the payment services provided by Stripe ("Payment Processor"). To provide your card and billing details, you will be directed to the Payment Processor’s service. Stripe is a global payment service provider that processes and stores data worldwide, including in the United States. When you make a payment through our Software, the following information is transferred to Stripe:

  1. Payment information (e.g. credit card details)
  2. Transaction information (e.g. payment amount, date)

Data protection safeguards

The European Union's General Data Protection Regulation (GDPR) requires that transfers of data outside the European Union are only possible if appropriate data protection measures are in place. Stripe guarantees that such transfers will be carried out in accordance with the data protection safeguards required by the GDPR. These measures include the application of Standard Contractual Clauses (SCCs) approved by the European Commission.

In processing card payments, the Payment Processor acts as a data processor to us but in other respects, both Flokk and the Payment Processor act as data controller and we will share personal information with the Payment Processor and the Payment Processor will share personal information with us in order to provide the Services. For further information on how the Payment Processors handle your personal data see: Stripe Global Privacy Policy.

  1. Process for Rectifying Inaccuracies

You have a right to request the correction of any inaccurate or incomplete personal data, by contacting [email protected] with your correction requests. Upon receiving a correction request, Flokk Technologies OÜ should promptly review the requested changes and make appropriate corrections to the personal data. We try to respond to all legitimate requests within 30 days.

  1. Links to Other Websites

Our sites may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites.

  1. Changes to Our Privacy Policy

Any changes we may make to our privacy policy in the future will be posted on this page and we will notify you of any material changes to this policy through our Service or other usual communication channels. We recommend that you review this page from time to time for updates.

  1. GDPR Compliance

Flokk Technologies OÜ complies with its obligations under the General Data Protection Regulations (GDPR) by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining unnecessary data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

Flokk Technologies OÜ will retain your personal information for as long as necessary to fulfil the purposes for which it was collected, unless otherwise required by law. Flokk Technologies OÜ will take reasonable measures to ensure the security and confidentiality of your personal information.

Your personal information may be transferred to countries outside of your country of residence, which may have different data protection laws. Any such transfers will be made in accordance with applicable data protection regulations. The transfer of information from the European Economic Area (“EEA”) to countries outside the EEA is subject to the standard contractual clauses approved by the European Commission (Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council).

Flokk Technologies OÜ shall process personal data under this Policy as a data controller within the meaning of the General Data Protection Regulation 2016/679 (GDPR) and the EU member state law implementing the GDPR and the Directive on privacy and electronic communications (2002/58/EC) as amended or replaced and shall be responsible for its own compliance under applicable data protection law for such processing activities. The Customer’s personal data is processed in compliance to the Personal Data Protection Act of the Republic of Estonia (Isikuandmete kaitse seadus). Processing personal data is necessary for entering into and for the performance of the Contract.

  1. How to Contact Us

Questions, comments, and requests regarding this Privacy Policy are welcomed and should be addressed to:

Flokk Technologies OÜ

Registry Code: 16975838

Address: Harju maakond, Tallinn, Kesklinna linnaosa, Tornimäe tn 3 // 5 // 7, 10145

[email protected]