Privacy policy Tactile

Last updated: February 10th, 2020

Who are we

We are Tactile, a private company with limited liability registered as Tactile B.V. at Kinkerstraat 58D, 1053 DZ, Amsterdam, The Netherlands.

Our platform provides a ticketing system, a (cashless) payment system, access control and other types of interactions at events and venues.

Why we collect and process personal data

The nature of the services we provide requires us to collect and process personal data. Your personal data is all data that is somehow relatable to you. This privacy policy explains what personal data we collect, why we collect that data and when we will erase that data. Furthermore this document discusses what security measures are taken to protect your data and with whom the personal data may be shared.

Depending on your relation with Tactile we may be either a processor of your personal data, a controller or both. The terms processor and controller are in accordance with the General Data Protection Regulation (European Regulation 2016/679), but we’ll explain what they mean for you below. For the following sections, we will make a distinction in the following relationships you can have with us:

  1. If you are a visitor of an event or venue that uses our platform, we will only act as a processor of your data. Our client, for example an event organiser, fully determines the reasons for collecting and types of personal data we collect. Therefore our client is the controller of your personal data collection.
  2. If you are a client of us, a (potential) employee or another type of a collaborative partner, we may also gather personal data of you for purposes of Tactile. In that case, we will act as a controller.

What personal data we collect and why

For visitors of events or venues that use our platform

If you are a visitor of an event or venue that uses the tactile platform, there are several data that we collect about you. What data we collect and process, for what reason, if we share it with others, and when we delete the data can be viewed in the following table:

Field

Category

Reason for gathering / usage

Will be shared with organiser

May be shared with other visitors?

May be shared with third parties?

Retention Period

Name

Personalia

– Identification for access to events

– Identification for security (for payments)

– Communication (email header etc.)

– Possibility to share with third parties (after consent)

– For interaction activities with other visitors of the event

Yes

Yes, e.g. group members if decided by organiser

Only when requested by user

Partnership agreement period

Email

Personalia

– Communication

– Possibility to share with third parties (after consent)

Yes

Yes, e.g. group members if decided by organiser

Only when requested by user

Partnership agreement period

Mobile Number

Personalia

– Communication

– Possibility to share with third parties (after consent)

Yes

Yes, e.g. group members if decided by organiser

Only when requested by user

Partnership agreement period

Date of birth

Personalia

– Identification for security (for payments)

– Age validation for bars

– For interaction activities with other visitors of the event

Yes

No

Only when requested by user

– Partnership agreement period

– Afterwards converted to age (part of anonymization)

IBAN or other payment details

Payment

– In case of direct debit IBAN is necessary for the payment system

Only when needed for Direct Debit

No

No

Partnership agreement period

Profile Picture

Personalia

– Identification for access to events

– Identification for security (for payments)

– For interaction activities with other visitors of the event

Yes

Yes

Only when requested by user

Partnership agreement period

Preferred Language

Personalia

– Correct communication

Yes

Yes

Only when requested by user

Partnership agreement period

Specific Event related questions (e.g. dietary preferences, requested workshops)

Organiser

– Necessary for organiser

Yes

Yes

Only when requested by user

Partnership agreement period

Transaction logs

Payment

– Improving this and coming events

– Insights in turnover

– Speeding up payments

Only metadata such as the amount of products that was bought at a certain location or event (will never be relatable to an individual)

Yes

Only when requested by user

Partnership agreement period

Checkin/checkout

Interaction

– Improving this and coming events

– Security of visitors

– Convenience for visitors

Yes, for emergencies it is necessary to check how many and which people are still inside

Yes

Only when requested by user

Partnership agreement period

Tag to share contact details

Interaction

– Convenience for visitors

– Possible sponsor deal

No

Only when requested by user

Only when requested by user

Partnership agreement period

Photo tag

Interaction

– GDPR Compliance

– Convenience for visitors

– Entertainment

Yes

Yes

Only when requested by user

Partnership agreement period

Vote for music

Interaction

– Entertainment

No

Yes

Only metadata (the count of people voted)

Partnership agreement period

Tactile Party Meetup

Interaction

– Entertainment

No

Only when requested by user

No

Partnership agreement period

For clients and other collaborative partners

If you are a collaborative partner of us, such as a client, an ambassador or an employee, we will likely collect and process some personal data of you. What data we might collect, for what reason and how long we keep it is listed below:

Field

Category

Reason for gathering / usage

May be shared with third parties?

Retention Period

Name

Personalia

For clients:

– For communication

For collaborative partners:

– For communication

– For records of agreements

Only with explicit consent

2 years or longer if we are legally required to.

Email

Personalia

For clients:

– For communication

For collaborative partners:

– For communication

Only with explicit consent

2 years or longer if we are legally required to.

Mobile Number

Personalia

For clients:

– For communication

For collaborative partners:

– For communication

Only with explicit consent

2 years or longer if we are legally required to.

Date of birth

Personalia

For collaborative partners:

– Legal obligation (e.g. employee contract)

No

Till two years after ending of the collaboration.

Payment details + tax details

Payment

For clients:

– Corrections for invoices

For collaborative partners:

– For payment of fees such as salaries etc.

No

Till two years after ending of the collaboration.

CV

Personalia

For collaborative partners:

– For job applicants

Only with explicit consent

Till two years after ending of the collaboration.

Personnel file (such as data in employee contract)

Personalia

For collaborative partners (specifically employees):

– Necessary for personnel administration

No

Till two years after ending of the collaboration.

What we do to protect your data

Tactile is a technology focused company and we try hard to keep up with advancements in cyber security to make sure that we are resilient to possible attacks that may be a risk for the protection of your personal data. Specifically, we take the following measures to enforce the protection of your data:

  • We will only send your data over secured connections;
  • data will be stored on secured servers that are only accessible through multi factor authorization;
  • direct communication with our servers are only possible via SSH;
  • Tactile domains are only accessible via HTTPS;
  • we collaborate with (former) students of the Master program System Engineering at the University of Amsterdam to prepare red teaming attacks to identify possible vulnerabilities of the Tactile platform.

Where we store your data

Most of our servers are located in Amsterdam. We will not store your personal data on servers outside of the European Union.

Contact

We try our best to make legal documents such as our privacy policy as readable as possible. However, the privacy matter is quite complex and we would understand if you still have questions after reading this document. If that is the case, please contact us via: privacy@tactile.events.