top of page

Privacy Policy

We are Tactile, a private company with limited liability registered as Tactile B.V. in the Netherlands.

​

Our platform provides a ticketing system, a (cashless) payment system, access control, event app and other types of interactions at events and venues.

​

Why we collect and process personal data

The nature of the services we provide requires us to collect and process personal data. Your personal data is all data that is somehow relatable to you. This privacy policy explains what personal data we collect, why we collect that data and when we will erase that data. Furthermore this document discusses what security measures are taken to protect your data and with whom the personal data may be shared.

Depending on your relation with Tactile we may be either a processor of your personal data, a controller or both. The terms processor and controller are in accordance with the General Data Protection Regulation (European Regulation 2016/679), but we’ll explain what they mean for you below. For the following sections, we will make a distinction in the following relationships you can have with us:

  • If you are a visitor of an event or venue that uses our platform, we will only act as a processor of your data. Our client, for example an event organiser, fully determines the reasons for collecting and types of personal data we collect. Therefore our client is the controller of your personal data collection.

  • If you are a client of us, a (potential) employee or another type of a collaborative partner, we may also gather personal data of you for purposes of Tactile. In that case, we will act as a controller.

 

​

What personal data we collect and why

For visitors of events or venues that use our platform

If you are a visitor of an event or venue that uses the tactile platform, there are several data that we collect about you. What data we collect and process, for what reason, if we share it with others, and when we delete the data can be viewed in the following table:

Label
Category
Reason for gathering / usage
Will be shared with organiser
May be shared with other visitors?
May be shared with third parties?
Retention Period
Name
Personalia
Identification for access to events, identification for security, communication, possibility to share with third parties & interaction activities with other visitors of the event
Yes
Yes, e.g. group members if decided by organiser
Only when requested by user
Partnership agreement period
Email
Personalia
Communication & possibility to share with third parties
Yes
Yes, e.g. group members if decided by organiser
Only when requested by user
Partnership agreement period
Mobile Number
Personalia
Communication & possibility to share with third parties
Yes
Yes, e.g. group members if decided by organiser
Only when requested by user
Partnership agreement period
Date of birth
Personalia
Identification for security, age validation for bars & interaction activities with other visitors of the event
Yes
No
Only when requested by user
Partnership agreement period. Afterwards converted to age (part of anonymization)
IBAN or other payment details
Payment
In case of direct debit IBAN is necessary for the payment system
Only when needed for Direct Debit
No
No
Partnership agreement period
Profile Picture
Personalia
Identification for access to events, identification for security & interaction activities with other visitors of the event
Yes
Yes
Only when requested by user
Partnership agreement period
Preferred Language
Personalia
Correct communication
Yes
Yes
Only when requested by user
Partnership agreement period
Specific Event related questions (e.g. dietary preferences, requested workshops)
Organiser
Necessary for organiser
Yes
Yes
Only when requested by user
Partnership agreement period
Transaction logs
Payment
Improving future event, insights in turnover & speeding up payments
Only metadata such as the amount of products that was bought at a certain location or event (will never be relatable to an individual)
Yes
Only when requested by user
Partnership agreement period
Checkin/checkout
Interaction
Improving future events, security of visitors & convenience for visitors
Yes, for emergencies it is necessary to check how many and which people are still inside
Yes
Only when requested by user
Partnership agreement period
Tag to share contact details
Interaction
Convenience for visitors & possible sponsordeals
No
Only when requested by user
Only when requested by user
Partnership agreement period
Photo tag
Interaction
GDPR Compliance, convenience for visitors & entertainment purposes
Yes
Yes
Only when requested by user
Partnership agreement period
Vote for music
Interaction
Entertainment purposes
No
Yes
Only metadata (the count of people voted)
Partnership agreement period
Tactile Party Meetup
Interaction
Entertainment purposes
No
Only when requested by user
No
Partnership agreement period

For clients and other collaborative partners

If you are a collaborative partner of us, such as a client, an ambassador or an employee, we will likely collect and process some personal data of you. What data we might collect, for what reason and how long we keep it is listed below

Field
Category
Client Reason
Partner Reason
May be shared with third parties?
Retention Period
Name
Personalia
Communication
Communication & records of agreements
Only with explicit consent
2 years or longer if we are legally required to.
Email
Personalia
Communication
Communication
Only with explicit consent
2 years or longer if we are legally required to.
Mobile Number
Personalia
Communication
Communication
Only with explicit consent
2 years or longer if we are legally required to.
Date of birth
Personalia
-
Legal obligation (e.g. employee contract)
No
Till two years after ending of the collaboration.
Payment details + tax details
Payment
Corrections for invoices
Payment of fees
No
Till two years after ending of the collaboration.
CV
Personalia
Job applicants
-
Only with explicit consent
Till two years after ending of the collaboration.
Personnel file (such as data in employee contract)
Personalia
-
Necessary for personnel administration
No
Till two years after ending of the collaboration.

What we do to protect your data

Tactile is a technology focused company and we try hard to keep up with advancements in cyber security to make sure that we are resilient to possible attacks that may be a risk for the protection of your personal data. Specifically, we take the following measures to enforce the protection of your data:

  • We will only send your data over secured connections;

  • data will be stored on secured servers that are only accessible through multi factor authorization;

  • direct communication with our servers are only possible via SSH;

  • Tactile domains are only accessible via HTTPS;

  • we collaborate with (former) students of the Master program System Engineering at the University of Amsterdam to prepare red teaming attacks to identify possible vulnerabilities of the Tactile platform.

​

Where we store your data

Most of our servers are located in Amsterdam. We will not store your personal data on servers outside of the European Union

Subprocessing

Tactile currently uses the following subprocessors to help provide our services:

Name organisation
Service
Usage
Location
Remarks
DigitalOcean
server & database hosting
necessary
Euopean Economic Area (EEA)
Mailgun
sending of e-mail messages
necessary
Euopean Economic Area (EEA)
e-mails are retained for 7 days for review and retrieval, after which they are deleted.
Google Analytics
monitor usage of services
necessary
Euopean Economic Area (EEA)
we monitor to improve the application, these analytics are never traceable to an individual
PAY.
payment service provider
optional
Euopean Economic Area (EEA)
concerns the delivery of current bank/credit card transactions & refunds. Transaction data will be retained for the statutory period
MessageBird
sending text messages
optional
Euopean Economic Area (EEA)

Contact

We try our best to make legal documents such as our privacy policy as readable as possible. However, the privacy matter is quite complex and we would understand if you still have questions after reading this document. If that is the case, please contact us via: privacy@tactile.events.

bottom of page