Shankra Festival / Narmada SA Data Protection Declaration
Protecting your personal data and safeguarding your privacy are matters we take very seriously. You can expect us to handle your data sensitively and carefully as well as to ensure a high level of data security. When doing so, we comply with the current data protection regulations stipulated by Swiss and, insofar as applicable, European law (General Data Protection Regulation (GDPR).
“Personal data“ is defined as any information relating to an identified or identifiable natural person. In other words, information which can be assigned to you personally and provide details about you. This data protection declaration refers to it as “your data”.
“Processing” is defined as any handling of your data, in particular also the collection, storage, management, use, transmission, disclosure or erasure of your data.
Please note that the following explanations may be updated from time to time. We therefore recommend that you consult this data protection declaration regularly. Third-party websites which can be accessed via our websites are not subject to the principles described here. We do not accept any responsibility or liability for third-party website compliance with data protection principles or regulations.
The following provides information about how we handle any data concerning you which is processed when you use our websites and mobile applications (hereinafter also “digital offerings” or “websites”) or in any other way. In addition to this it provides you with information about your rights relating to our use of your data.
1. Contact persons
The data controller’s contact details are as follows:
Via Stella 12
Should you have questions about data protection on our websites; wish to request information or wish to request erasure of your data, then please contact our data protection officer by sending an email to email@example.com.
2. Scope and Purpose of Personal Data Processing
We will collect, process and use your data for the following purposes.
a. When You Visit our Websites
Our web server technology automatically records general technical information about the visit in so-called log files. This information includes, among other things:
- The IP address of the device used
- Information about the browser typeInformation about the operating system used
- The time and duration of the visitInformation about the Internet service provider
- Reference / exit websites
The purpose of collecting and processing this information is to facilitate use of our websites (establishment of a connection); to ensure and increase the security and stability of our systems and offerings; to analyse use of our offerings and services; to collect general demographic information and to facilitate optimisation of our Internet offering (in particular, but not only, product improvements, marketing measures, target group-specific advertising etc.) as well as for internal statistical purposes. Collecting and processing are thus based on our legitimate interests. The user is not identified within the scope of these activities. In addition to this and as a matter of principle, no connection is established between this automatically collected information and personal data we already have stored. There may, however, be an exception to this fundamental rule if you already have a registered user account
b. When You Subscribe to Our Newsletter
Our website provides an option to subscribe to our newsletter. We use this newsletter to provide information about all kind of news in regard of Shankra Festival. If you would like to subscribe to our newsletter, we will need your email address so that we can send it to you. Processing of your data after you subscribe to our newsletter is based on the fact that we have your consent. Within the scope of the subscription process we will therefore obtain your consent to processing of your data and draw your attention to this data protection declaration. You can unsubscribe from the newsletter and withdraw the consent you have given at any time. To do this, click the corresponding button in the newsletter which you have received. The link unsubscribe from the newsletter is provided at the end of every newsletter. Alternatively you can unsubscribe by sending an email to the following address: firstname.lastname@example.org with the subject heading “Cancellation of newsletter”.
c. When You Make a Contact Enquiry
Our portals provide an option to establish contact with us by email. In such cases we will process the information which you provide to facilitate correspondence with you and/or for the purpose of processing your enquiry and further contact.
Processing your personal data is based on our legitimate interest in processing your enquiry. This legitimate interest in processing is based on the desire to communicate with you quickly and to answer your enquiry. Where the establishment of contact serves to facilitate performance of a contract to which you are a party or to carry out measures prior to concluding a contract, then this will provide an additional basis for processing of your data.
You can object to this processing at any time. Please send your objection to the following email address: email@example.com with the subject heading “Stop processing”.
Your data will be erased if circumstances indicate that the relevant issue has been conclusively clarified and erasure is not prevented by any legal archiving obligations.
d. When You Make a Purchase
You can purchase our tickets at points of sale; When doing so, you must complete the fields marked with an asterisk (*). All other information is voluntary:
- First and surname*
- Full delivery address (street, postcode, place, country)*
- Date of birth
The mandatory information is required to process your order and delivery and thus also to perform our contractual obligations.
When we process your order we will forward the data required to process it and make delivery to the service providers we use, such as transport companies and payment service providers (Mastercard, Visa, Twint, PayPal). The payment service provider you chose will be responsible for your payment data. We will not receive any information regarding your payment data. The corresponding online payment system provider’s relevant data protection regulations will apply in addition to our regulations.
Insofar as you use your customer account to make an order, we will, based on our legitimate interests in optimising our offering, store all information regarding your current and prior purchases and concluded contracts. We will use this information for marketing and analysis purposes. For more information about this, see Section 4 of this data protection declaration.
e. When We Perform Other Contractual Services
We process the personal data of our principals, customers, clients, contractual partners and potential customers to facilitate performance of contractual services or measures prior to conclusion of contracts. The personal data processed in this regard; the type; the extent and the purpose as well as the necessity of its processing are determined by the contractual relationship on which processing is based. Processed data includes our contractual partners’ master data (e.g. names and addresses), contact data (e.g. email addresses and telephone numbers) and contract data (e.g. services which have been used; contract contents; contractual communications, names of contact persons) and payment data (e.g. bank details, payment history). We do not, as a matter of principle, process special categories of personal data unless they are included in processing which has been commissioned or are integral to a contract.
We process personal data which is required to establish and perform contractual services and, insofar as this is not obvious to the contractual partners, make them aware that this data is required.
Data is erased when it is no longer required to fulfill contractual or legal obligations or in connection with any warranty or comparable (archiving) obligations.
f. For Marketing and Analysis Purposes
Our goal is to continuously improve the digital offerings which we provide and thus make them more needs-oriented and secure. To this end, we may use a variety of analysis, marketing and tracking services to continuously link the user-specific historic and future data which is available to us to analyse, pseudonymise and anonymise user behaviour across services. For more information about the services used, see Section 5 of this data protection declaration. We may also acquire publicly accessible data or third-party provider data to improve our database.
When you place an order as a guest visiting one of our websites we may, on the basis of our legitimate interests, evaluate your data and user behaviour for the following purposes:
- To improve our offering and structure it in a more needs-oriented manner;
- To manager our customer relationship with you and make it more customer-friendly;
- To inform you via personalised advertising about certain topics and products which could interest you.
This relates to both personalised advertising by email and also, for example, to emails including general information or of an advertising nature; by text messages, image messages and via instant messaging services as well as the provision of personalised content and advertising on our websites.
You may object to this data processing at any time. Should you object, then we will no longer process your data for this purpose. Please send your objection to firstname.lastname@example.org with the subject heading “Please stop data processing for advertising purposes”.
Cookies help to make your visit to our portals easier, more pleasant and more efficient. Cookies are information files which your web browser automatically installs on your computer hard drive when you visit our website. They do not damage your computer’s hard drive and do not transmit user data to us.
Most Internet browsers automatically accept cookies. You can, however, reconfigure your browser settings at any time to prevent the installation of cookies on your computer or to always notify you when a new cookie is received. Our digital offerings can, as a matter of principle, also be used without cookies; this may, however, result in limitations to certain features. For more information about cookies and the corresponding services which we use, see Section 5 of this data protection declaration.
4. Analysis, Marketing and Tracking Services
Our portals use a variety of services to carry out website analysis, marketing and tracking, all of which are described in more detail below. Insofar as we request you to provide your consent to the use of third-party service providers, this consent is the legal basis for such data processing. Should we not obtain your consent, then your data will be processed on the basis of our legitimate interests (i.e. for optimisation and marketing purposes and the interest-related structuring of our websites).
a. Google Service
Our portals use a variety of services provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA respectively, if you are habitually resident in the European Economic Area (EEA) or Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Eire (“Google”).
Google uses technologies such as cookies, web storage in the browser and tracking pixels to analyse use of our websites. So-called user profiles may be created for these purposes and stored in a cookie (e.g. content viewed, websites visited and the elements used there as well as technical data such as the browser used, the computer system used and information about use times). Insofar as users have consented to collection of their location data, it may also be processed, depending on the provider.
Users’ IP addresses are also stored; however we use an IP masking procedure (i.e. pseudonymisation by truncating the IP address) to protect users. As a general rule no unmasked data on users (such as email addresses or names) is stored within the scope of web analysis and online marketing; it is pseudonymised instead. In other words, we, and also Google, do not know users’ actual identities; we only have the information stored in their profiles to facilitate the corresponding processes.
Information regarding your use of our portals which is generated in this way may be transmitted to a Google server in the USA, where it will be stored. Insofar as personal data is processed in the USA, please note that Google is certified in line with the Swiss-US and EU-US privacy shield agreements and thus guarantees to comply with Swiss and/or European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
You can prevent the installation of cookies by selecting the corresponding settings in your browser software. Please however be aware that should you do so, you may not be able to use all the features of our website to their full extent.
For further information see Google’s data protection notes at https://policies.google.com/privacy?hl=en.
For information about Google’s privacy settings, visit https://safety.google/privacy/privacy-controls/.
We use the following Google services:
- Google Tag Manager: We use Tag Manager to manage so-called website tags via a user interface (and thus for example to integrate Google Analytics and other Google marketing services in our online offering). Tag Manager (which implements tags) itself does not process users’ personal data. For more information about Google Tag Manager visit https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/ respectively https://policies.google.com/privacy?hl=en
- Google Analytics: We use the Google Analytics web analysis service to analyse our website and its visitors as well as for marketing and advertising purposes. For more information about Google Analytics visit https://marketingplatform.google.com/about/analytics/terms/us/ respectively https://policies.google.com/privacy?hl=en&gl=us
- Google reCAPTCHA. We use reCAPTCHA to check whether entry of data on our portals (e.g. in contact forms) is carried out by humans or an automated programme. To do so, reCAPTCHA analyses the site visitor’s behaviour using a variety of characteristics (e.g. IP address, length of visits to the websites or mouse movements made by the user). For more information about reCAPTCHA visit: https://www.google.com/recaptcha/intro/v3.html respectively https://policies.google.com/privacy?hl=en
- Google Ads: We use Google Ads to place ads in the Google advertising network (e.g. in search results, in videos, on websites, etc.) so that they are displayed to users who can be expected to have an interest in them. In addition to this, we measure ad conversion. When doing so, we are only informed about the anonymous total number of users who clicked our ad and were taken to a site fitted with a so-called “conversion tracking tag”. In this context we do not receive any information which would allow us to identify users. For more information about Google Ads visit: https://ads.google.com/intl/en/home/ respectively https://policies.google.com/privacy?hl=en.
We use Mailchimp services tp process Newsletter Subscriptions as well as sending transactional email in case you bought an event ticket, a shuttlebus or parking ticket. For more information about Mailchimp visit: https://mailchimp.com/legal/privacy/
c. Social Plugins
Our digital offerings are linked to third-party features and systems in a variety of ways, such as via the integration of plugins:
Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025, USA respectively, if you are habitually resident in the European Economic Area (EEA) or Switzerland, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Eire.
Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.
If you have a user account with these third parties, then they may, under certain circumstances, be able to measure and evaluate your use of our digital offerings. When doing so, additional personal data, such as your IP address, personal browser settings and other parameters, could be transmitted to these third parties, who will store it.
We have no control over the use of such personal data collected by third parties and do not accept any responsibility or liability. For more information about the purpose and extent of data collection and further processing and use of your personal data please view the data protection and privacy policies of the relevant networks. They will also provide further information about your corresponding rights and settings options to protect your privacy and about your right to object to the creation of user profiles:
5. Storage Limitation
Insofar as not otherwise specifically stated within the scope of this data protection declaration, we will only process and store your data for as long as required to fulfil our contractual and legal obligations or otherwise required for the purposes on which processing is based, i.e. for example for the entire duration of the business relationship (from initiation to performance and termination of a contract and the guarantee period as well as a subsequent support phase) as well as, over and above this, in accordance with legal archiving obligations. Your data may, furthermore, be stored for the period during which claims can be exercised against us and insofar as we are otherwise legally obliged to do so or legitimate interests require this (e.g. for proof and documentation purposes).
As soon as your data is no longer required for the above-mentioned purposes or a statutory archiving period has expired, your data will, as a matter of principle and insofar as possible, be erased or blocked.
In addition to this, we will erase your data if you request us to do so by sending an email to email@example.com and we are not subject to any legal or contractual archiving or other security obligations concerning this data.
6. Data Security
We take appropriate technical and organisational security measures to protect personal data concerning you which we store against unintended, unlawful or unauthorised manipulation, erasure, alteration, access, forwarding or use and against loss. Our security measures are continuously updated and improved in line with technological developments.
When you register with us as a user, access to your user account will, in each case, only be possible after you have entered your personal password. You should always treat payment and access information as confidential and close the browser window when you have finished communicating with us, in particular if you share the computer with others.
We also take data protection within our company very seriously. Our employees and the service providers we use have all signed undertakings to maintain confidentiality and to comply with data protection law-related regulations.
7. Use of the Websites by Minors
Our digital offerings are intended for adults. Minors, in particular children under 18 years of age, are forbidden to transmit their personal data to us or to register for a service without the permission respectively consent of their parents or guardians.
Should we determine that such data has been transmitted to us, it will be erased without delay. The parents (or legal representative) of the child can contact us to request erasure or unsubscription.
8. Your Rights
As a matter of principle you have rights regarding information, rectification, erasure, restriction, data portability, objection to processing and withdrawal of consent with regard to your data. To exercise these rights please contact us at firstname.lastname@example.org.
Making an objection will not fully prevent the collection of personal data. The objection only prevents the processing of any personal data collected for marketing purposes without prior anonymisation and also its forwarding to, and analysis by, other companies for this purpose.
Please note that, following any request to block or erase your data, we will, within the scope of our legal or contractual archiving obligations (such as for invoicing purposes), still have to keep some of your data and, in such cases, your data will, insofar as required for this purpose, only be blocked. In addition to this, erasing your data may result in you no longer being able to receive or use services for which you have registered.
Under certain circumstances you are entitled to have your data forwarded to you or a third party designated by you by us, using a commonly used format.
Should you consider that processing of your data infringes data protection laws or that your data protection law-related rights have been infringed in any other way, then you can, in addition to this, lodge a complaint with a supervisory authority. In Switzerland this is the Federal Data Protection and Information Commissioner (EDÖB).
9. Currentness of, and Changes to, the Data Protection Terms and Conditions
Further development of our portal or the implementation of new technologies may make it necessary to amend these data protection terms and conditions. Registered users will be notified regarding any significant amendment of the data protection terms and conditions by means of an email to the email address provided within the scope of registration or by means of a corresponding note displayed in an appropriate location after users log on to their customer accounts.
In addition to this, you can view and print off the relevant current data protection terms and conditions displayed on our portals at any time.
The original data protection declaration is written in English. Translated versions are merely intended to facilitate better understanding. In the event of disputes, the English text will take precedence.