Key Points

• Elevate primarily collects and processes Personal Data on behalf of the owners of various festivals and live events for which Elevate facilitates ticket sales (our “Clients”).
• We use Personal Data for various business purposes, e.g. to process, service, and fulfill your order, to improve our products and services, personalize your experience across your interactions with us, and to help improve your event experience. Learn More.
• Our Clients use Personal Data for commercial purposes, such as marketing and advertising, using data we collect on their behalf. As part of these activities, we may receive information from third parties, and we may disclose information to our Clients, third-party partners and vendors. Learn More.
• You have rights and choices with respect to how we collect and use your Personal Data. Learn More about User Rights and Choices, California Privacy Rights, and EU/EEA Privacy Rights.
• You can contact us at any time if you have questions. Learn More.

Scope of this Policy

This Policy applies to your use of our “Services,” which include the following:

• Our “Offline Services”
  • Services you use when you purchase a ticket for or access a live event supported or serviced by Elevate, including for live events or websites operated by Elevate’s Clients and other third parties (each an “Event” and collectively the “Events”);
• Our “Digital Services”
  • Our products, services, or technology to access an Event, or use our other technology (such as mobile devices) that integrate with our RFID products; and
  • interactions with us online, use of our websites, mobile applications, and other online services, or linking to us from our Clients’ websites or mobile applications, including data collected when you interact with or reference our products/services or advertisements online.

Note that our Clients and other third parties may be able to identify you across sites and services using the information they process, however, any such processing not done at the direction of Elevate is outside the scope of this Policy.

How to Contact Us

If you have any comments or questions about this Policy or privacy practices, please contact our Data Privacy Team at:

General Inquiries and Data Updates: privacy@elevatetickets.com

Data Rights Inquiries: mail to the address above, email privacy@elevatetickets.com or call 877-569-7767

Direct Marketing Disclosure Inquiries: mail to the address above or email privacy@elevatetickets.com

Categories and Sources of Personal Data

The following describes how we process data relating to identified or identifiable individuals and households (“Personal Data”), including the categories of Personal Data, its sources, and the purposes for which we process that Personal Data.

The categories of Personal Data we process

The categories of Personal Data we collect and use, whether for our own purposes or on behalf of our Clients, include (specific data are examples, and may change):

Sources of Personal Data

We collect Personal Data from various sources, which vary depending on the context in which we process that Personal Data:

How We Process Personal Data

When you use our Services, we process your Personal Data in specific contexts and for certain specified purposes, as well as for our general business purposes and, in some cases, for Commercial Purposes.

How We Collect and Use Personal Data

We collect and process Personal Data in several contexts when you use our Services, including:

• When you make a purchase or other transaction through our Services;
• When you activate and use RFID products;
• When you access or use our Digital Services;
• Cookies and other tracking technologies;
• When you contact us or submit information to us;
• Feedback and Surveys; and
• Applications for employment or to provide services.

See below for more information regarding the context in which we process Personal Data.

When you make a purchase or other transaction through our Service

We generally process Identity Data, Financial Data, Commercial Data and Contact Data when you engage in a purchase and sale transaction. We process this Personal Data as necessary to perform or initiate a contract with you, process your order and payment, and carry out fulfillment and delivery. In addition, we may also collect or create Device/Network Data and Inference Data. This data, together with other data we collect in this context is used as necessary in connection with certain legitimate business interests, such as:

• ensuring the security of our Services and to prevent fraud;
• providing you with information about our Services;
• contacting you about administrative matters;
• managing and responding to any queries or complaints you make or any correspondence you send us.

We or our Clients may also use Identity Data, Financial Data, Commercial Data, Contact Data, and Device/Network Data collected in this context for Commercial Purposes.

When you activate and use RFID Products

We generally process Identity Data, Commercial Data, Financial Data, and Contact Data when you use electronic or RFID technologies at an Event. We primarily use this data to authenticate your access to an event or complete a transaction you request. We also may process this data, in combination with Inference Data and Location Data that we collect and/or create, in connection with certain legitimate business interests in:

• verifying your identity for authentication and security purposes;
• helping us to ensure ticket purchasers are genuine and to prevent fraud;
• to help us to return lost property to its rightful owner; and
• managing access to specific areas of Events.

We may also link Personal Data we collect from RFID products, including any Identity Data, Commercial Data or Inference Data provided by Clients or Event partners, and use this information for our legitimate interests in market research and statistical analysis of guest engagement, movement, or other matters in order the improve our Services and the events we support.

Note, in certain cases, we may collect Health Data. Health Data is generally used so that we can provide you with tailored services (for example, a wheelchair accessible space or a sign language interpreter) or to help us investigate an incident which may have taken place at an Event. Where consent is required by law, we will process this information only with appropriate consent.

We or our Clients may also use Identity Data, Commercial Data, and Contact Data collected in this context for Commercial Purposes.

When you access or use our Digital Services

When you use our online or in-venue Digital Services, we automatically collect and process Device/Network Data. We use this data as necessary to initiate or fulfill your requests for certain features or functions through our Services, such as keeping you logged in, delivering pages, etc.

In addition to Device/Network Data, we may also collect and process Contact Data, Identity Data and Inference Data that we collect, create, and/or receive (including through the use of cookies and similar technologies). We typically use this data as necessary in connection with certain legitimate business interests, such as:

• ensuring the security of our websites, mobile applications and other technology systems; and
• analyzing the use of our Services, including navigation patterns, clicks, etc. to help understand and make improvements to the Services.

Some Digital Services may, with your consent, process Location Data. We use this data, together with Inference Data, and Device/Network Data in order to determine your proximity to portions of our Events, provide directions and contextual information to you, and other features that require the use of location. We may also use this information in connection with our legitimate business interests, such as, creating aggregate information about users’ location and patterns, which we use to help improve our Events and other Services. Note, Location Data may be required in order for you to use certain features of our Digital Services.

Additionally, Personal Data processed when you submit information to us or complete a purchase or transaction (among others) may involve processing through Digital Services.

We or our Clients may use Identity Data, Device/Network Data, Location Data, Inference Data and Contact Data collected through our Digital Services for Commercial Purposes.

Cookies and other tracking technologies

We use cookies, tracking pixels and similar technologies on our Digital Services. These technologies can be used to collect or create Identity Data, Device/Network Data, Contact Data, or Inference Data. Our Clients or other third parties may use data collected by these technologies. These technologies may allow us and our Clients or other third parties to distinguish you from other users of our Digital Services, and some of these technologies can be used by us and/or our third-party partners to identify you across platforms, devices, sites, and services. Our Clients or other third parties may engage in targeted advertising and may create marketing profiles using this data.

We and our Clients or authorized third parties may use cookies and similar technologies for the following purposes:

• for “essential” or “functional” purposes, such as to enable certain features of our Digital Services (for example, to allow a customer to maintain a basket when they are shopping at an online store);
• for “analytics” purposes, such as to analyze the traffic to and on our Digital Services (for example, we can count how many people have looked at a specific page, or see how visitors move around the website when they use it, what website they visited prior to visiting our website, and use this information to understand user behaviors and improve the design and functionality of the website); and
• we may provide Personal Data which enables our Clients to engage in “retargeting,” behavioral advertising or similar advertising or Commercial Purposes.

The use of these technologies by third parties may be subject to their own privacy policies and is not covered by this Policy, except as required by law.

We or our Clients may also use your Identity Data, Device/Network Data, Inference Data and Contact Data collected in this context for Commercial Purposes.

When you contact us or submit information to us

We collect and process Identity Data, Contact Data, and User Content as necessary to address your request, fulfill the business purpose for which that information was provided, or for other related purposes. This information is primarily used to respond to your request, and to otherwise fulfill our contract or communicate with you, as appropriate.

Feedback and Surveys

We generally process Identity Data, Contact Data, Inference Data, and User Content collected in connection with guest surveys or questionnaires. We generally process this Personal Data as necessary to respond to guest requests/concerns, create aggregate analytics regarding guest satisfaction, or to allow our third-party partners to communicate with guests. Feedback/Survey data may be made available to certain third-party partners, who may use it for their own purposes. We may also store and analyze feedback for our purposes, for example, to personalize the Services.

We or our Clients may also use the Identity Data, Contact Data, Inference Data, and User Content collected in this context for Commercial Purposes.

Employment & Service Provider Applications

We may process Identity Data, Contact Data, Government ID Data, Protected Category Data, Biographical Data, Inference Data, User Content, Financial Data, and Health Data (which may include Special Category Data) in connection with your application to be a vendor, volunteer, employee, or otherwise join or support our team. We process this Personal Data primarily in connection with the assessment and creation of the personnel relationship, and to the extent permitted by applicable law, or with your consent or where authorized by law, and subject to your rights and choices, we may process Personal Data in accordance with our legitimate business interests, as follows:

• We may use your Contact Data as necessary to process your application, contact you regarding this or other future application/vendor/work opportunities, or similar matters.
• The assessment of your application may involve the creation and processing of Inference Data based on your Identity Data, Contact Data, Biographical Data, and User Content in order to evaluate your prospective engagement, assess skills alignment, qualifications, and similar matters. Inference Data does not include Special Category Data, Health Data, or Special Category Data.
• To the extent permitted under applicable law, the processing of your Personal Data in connection with application evaluation may involve the use of automated decision-making that may extract relevant information and rate applications based on their conformity with requirements. In some cases, automated processing may reject or place a low rating on applications that are found to not meet requirements of a given engagement.

How We Process Personal Data for Business Purposes

We and our service providers process Personal Data we hold for numerous business purposes, depending on the context of collection, your rights and choices, and our legitimate business interests. For example, we generally process Personal Data for the following purposes:

• In connection with providing our Services, supporting events you attend, and fulfilling our contractual obligations to you;
• To maintain the quality and stability of, and generally improve, our Services;
• To secure Events Services, and prevent fraud;
• To personalize the Services;
• To compile aggregate statistics regarding the use of the Services, and for research and market analysis; and
• To comply with the law, and for other purposes in the public interest.

Service Provision and Contractual Obligations

We process any Personal Data as is necessary to provide our Services, to provide you with the products and Services you purchase or request, authenticate users and their rights to access the Services, as otherwise necessary to fulfill our contractual obligations to you, and provide you with the information, features, and Services you request. Additionally, we use information to authenticate your right to access Events, deliver products and services, and for other related matters. Similarly, we may use Personal Data as necessary to audit compliance, and log or measure aspects of service delivery (e.g. to document ad impressions).

Internal Processing and Service Improvement

We may use any Personal Data we process through our Services as necessary in connection with our legitimate business interests in improving the design of our Services, understanding how are Services are used or function, for customer service purposes, in connection with logs and metadata relating to service use, and for debugging and similar purposes relating our identification of errors and improving the stability of the Services. Additionally, we may use Personal Data to understand what parts of our Services are most relevant to Users, how Users interact with various aspects of our Services, and how our Services perform.

Security and Incident Detection

Whether online or off, we work to ensure that our Services are secure. We may process any Personal Data we collect in connection with our legitimate business interest in identifying and preventing crime and fraud. Similarly, we process Personal Data on our Digital Services as necessary to detect security incidents, protect against, and respond to malicious, deceptive, fraudulent, or illegal activity. We may analyze network traffic, device patterns and characteristics, maintain and analyze logs and process similar Personal Data in connection with our information security activities.

Compliance, Health, Safety, Public Interest

We may also process any Personal Data as necessary to comply with our legal obligations, such as where you exercise your rights under data protection law and make requests, for the establishment and defense of legal claims, or where we must comply with our legal obligations, lawful requests from government or law enforcement officials, and as may be required to meet national security or law enforcement requirements or prevent illegal activity. We may also process data to protect the vital interests of individuals, or on certain public interest grounds, each to the extent allowed under applicable law. Please see the data sharing section for more information about how we disclose Personal Data in extraordinary circumstances.

Aggregated data

We process Personal Data about ticket purchasers and other users of our Services in order to identify trends, e.g. to create aggregated and anonymized data about buying and spending habits, use of our Services, and other similar information (“Aggregated Data”). We may pass Aggregated Data to the third parties referred to in the section below to give them a better understanding of our business and to bring you better Services. Aggregated Data will not contain information from which you may be personally identified.

Personalization

We process certain Personal Data as necessary in connection with our legitimate business interest in personalizing our Digital Services. For example, aspects of the Digital Services may be customized to you so that it displays your name and other appearance or display preferences, to display content that you have interacted with in the past, or to display content that we think may be of interest to you based on your interactions with our Digital Services and other content. This processing may involve the creation and use of Inference Data relating to your preferences.

Other Business Purposes

If we process Personal Data in connection with our Services in a way not described in this Privacy Notice, this Privacy Notice will still apply generally (e.g. with respect to your rights and choices) unless otherwise stated at collection. We will process such information in accordance with the notice provided at the time of collection or in a manner that is necessary and proportionate to achieve the operational purpose for which the personal information was collected or processed or for another operational purpose that is compatible with the context in which the personal information was collected.

How We Process Personal Data for Commercial Purposes

We and certain third parties process Personal Data we hold for certain purposes, depending on the context of collection and your rights and choices:

• Marketing communications; and
• In connection with online advertising, including targeted advertising by our Clients.

See below for more information regarding our processing for Commercial Purposes.

Marketing Communications

Consistent with our legitimate business interests, we (or if appropriate, certain third parties, including our Clients) may send you marketing communications if you sign up for such communications or purchase products or Services from us. For example, we may process Contact Data and Identity Data when you opt-in to receive marketing communications via email or SMS. Where allowed, we or our Clients may also send you these communications without opt-in, for example, you may receive email marketing communications if you register for our Services, or in connection with your communications with or submission of User Content to us. Similarly, we or our Clients may also collect Device/Network Data and Contact Data so that we can determine whether you have opened an email or otherwise interacted with our communications, and we or our Clients may generate Inference Data based on these interactions.

Marketing communications we send on our Clients’ behalf may be personalized or customized based on your prior purchases, or other criteria specified by our Clients. Where consent to processing is required by law, we will link and process this information for targeted advertising only with appropriate consent, however we are not able to control the ways in which our Clients may use Personal Data we provide to them.

Targeted Advertising

Certain third parties operating on or through our Services, as well as our Clients, may engage in targeted advertising. This form of advertising includes various parties and services providers, including third party data controllers, engaged in the processing of Personal Data in connection with advertising. These parties may be able to identify you across sites, devices, and over time.

In some cases, these third parties may develop a consumer profile about you that is based on this information and use it to determine whether you are a type of person a company wants to advertise to and determine whether and how ads you see are effective. These third parties may augment your profile with demographic and other Inference Data derived from these observations, and may also track whether you view, interact with, or how often you have seen an ad, or whether you complete a purchase for a good or services you were shown in an advertisement.

How We Share Personal Data

International Transfers of Your Personal Data

If you are located outside the US, your Personal Data may be transferred to and/or processed in a location outside of the European Economic Area (EEA).

Your Personal Data may also be processed by staff operating in the United States or outside the EEA working for us, or third-party data processors. Such staff may be engaged in, among other things, the provision of our Services to you, the processing of transactions and/or the provision of support services.

Some countries outside the EEA do not have laws that protect your privacy rights as extensively as those in the EEA. However, if we do transfer your Personal Data to other territories, we will put in place appropriate safeguards to ensure that your Personal Data are properly protected and processed only in accordance with this Policy. We may transfer Personal Data from the EEA to the US using the EU standard contractual clauses, the EU-U.S. Privacy Shield Program, under Binding Corporate Rules, or other lawful mechanisms. You can obtain more information about the safeguards we put in place by contacting us using the information below.

How We Retain Your Personal Data

We retain Personal Data for so long as it, in our discretion, remains relevant to its purpose, and in any event, for so long as is required by law. This period may be different if required by law, or if we need to retain data in order to respond to claims, to protect our rights or the rights of a third party. We will review retention periods periodically and may sometimes pseudonymize or anonymize data held for longer periods, if appropriate.

Your Rights & Choices

You may have certain rights and choices regarding the Personal Data we process. Please note, these rights may vary based on the country or state where you reside, and our obligations under applicable law.

• Additional information regarding individuals’ rights & choices in California are available here.
• Additional information regarding individuals’ rights & choices in the EU/EEA/Switzerland/Cayman Islands are available here.

Your Rights

To the extent applicable law grants you the right to do so, and subject to any necessary verification, you may have the right to:

• request that we provide you with a copy of the Personal Data which we hold about you;
• request that we update any of your Personal Data which are inaccurate or incomplete;
• request that we delete any of your Personal Data which we are holding; or
• request that we provide your Personal Data to you or a third-party provider of services in a structured, commonly used and machine-readable format.

To submit a request, you may contact our Data Privacy Team. Please include your name, email address and postal address with your request, and we may require proof of your identity to complete your request.

Your Choices

Marketing Communications.

You can withdraw your consent to receive marketing communications by clicking on the unsubscribe link in an email or for other communications, by contacting us using the information below. To opt-out of the collection of information relating to email opens, configure your email so that it does not load images in our emails.

Withdrawing Your Consent/Opt-Out

Where we are processing your Personal Data based on your consent, you may change your mind and withdraw your consent at any time. The consequence of you withdrawing consent might be that we cannot perform certain services for you, such as location-based services, personalizing or making relevant certain types of advertising, or other services conditioned on your consent. Please note that use of RFID technologies may be necessary for you to access certain Events or areas of an Event.

Location Preferences

You may control or limit Location Data collected through mobile applications by changing your preferences in your device’s location services preferences menu, or through your choices regarding the use of Bluetooth, and other network interfaces you may use to interact with our Services. However, please note that use of RFID technologies may be necessary for you to access certain Events, and the functioning of hardware required for certain processing of Personal Data. Note, you may not be able to opt-out of having general location data collected if you are using an RFID wristband at an Event.

Do-Not-Track

Our Services do not respond to your browser’s do-not-track request. If you do not want information collected through the use of cookies, you can manage/deny cookies (and certain technologies) using your browser’s settings menu. You must opt out of third-party services directly via the third party. For example, to opt-out of Google’s analytic and marketing services, visit Google Analytics Terms of Use, the Google Policy, or Google Analytics Opt-out.

Advertising

You may opt out or withdraw your consent to behavioral advertising directly via the third party conducting the behavioral advertising (e.g. our Clients or third parties). For example, to opt out of Google’s use of cookies, visit Google’s Ads Settings, here. To opt out from Facebook Custom Audience Pixel, visit their customer support page here. To learn more about how to opt out of Twitter’s use of audience pixels, visit the Twitter help page here. If you wish to take steps to opt-out of tracking by certain online advertisers, you can visit the Digital Advertising Alliance’s opt-out page at http://www.aboutads.info/choices or the Network Advertising Initiative at www.networkadvertising.org/optout_nonppii.asp.

Data Sales

We do not engage in the “sale” of Personal Data as defined under the California Consumer Privacy Act. However, we do collect and process Personal Data on behalf of our Clients, and some of our Clients may sell the Personal Data we have provided to them in our capacity as their service provider. We have no ability to control our Clients’ data sale practices. If you wish to opt-out of the sale of your Personal Data, including data they may collect through our Services, please contact the applicable Client directly.

Regional Rights

See the California Rights section for additional information regarding your California privacy rights.

Residents and others in the EU may have rights under EU law. See the EU Rights section for additional information.

How We Protect Your Personal Data

We use industry standard technical and organizational security measures to protect your Personal Data. We cannot guarantee the security of your Personal Data when you transmit it to us, and any such transmission is at your own risk.

Where we have given you (or where you have chosen) a password which enables you to access one of our Services, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Third-Party Websites and Mobile Applications

We are not responsible for the privacy policies, content or security of any linked third-party websites or mobile applications. We recommend that you check the privacy and security policies of each and every website and mobile application that you visit.

Minors

Our Services are neither directed at nor intended for use by children under the age of 13 in the US, or under the age of 13 to 16 in the EU, depending on the local jurisdiction. We generally collect information relating to minors only from parents or with parental consent and do not knowingly collect Personal Data from such minors directly. If we learn that we have inadvertently done so, we will promptly delete such Personal Data if required by law. Do not access or use the Services if you are not of the age of majority in your jurisdiction unless you have the consent of your parent or guardian.

Changes to Our Policy

We reserve the right to change our Policy from time to time. Any such changes will be posted on this page so that we can keep you informed about how we process your Personal Data. We recommend that you consult this page frequently. Your continued use of our Services shall constitute your acceptance of any revised Policy.

Additional Rights and Disclosures: EU/EEA, Switzerland, Cayman Islands, etc.

Your Rights

Under the GDPR and analogous legislation, you may have the following rights in addition to those set forth in the Rights & Choices section above, subject to your submission of an appropriately verified request. You may exercise any of these rights by sending an email to privacy@elevatetickets.com.

Additional Rights and Disclosures: California

Your California Privacy Rights

Under the California Consumer Privacy Act (“CCPA”) and other California laws, California residents may have the following rights in addition to those set forth in the Rights & Choices section above, subject to your submission of an appropriately-verified request (see below for verification requirements):

Submission of Requests

You may submit requests, as follows (see below for summary of required verification information):

Verification of Requests

All rights requests must be verified to ensure that the individual making the request is authorized to make that request, to reduce fraud, and to ensure the security of your Personal Data. We may require that you provide the email address we have on file for you (and verify that you can access that email account) as well as an address, phone number, or other data we have on file, in order to verify your identity. If an agent is submitting the request on your behalf, we reserve the right to validate the agent’s authority to act on your behalf. We may choose to send your request to our Client if applicable, rather than processing the request at Elevate.

Data Processing

Categories of Personal Data Disclosed for Business Purposes

For purposes of the CCPA, we may disclose to Service Providers for “business purposes” the following categories of Personal Data: Identity Data, Contact Data, Location Data, Device/Network Data, Commercial Data, Inference Data, Financial Data, Audio/Visual Data, Health Data, Biographical Data, Government ID Data, and User Content.

Categories of Personal Data Sold

For purposes of the CCPA, we do not “sell” Personal Data processed through our Services. However, we do provide Personal Data to our Clients as part of the services we provide to them.

Right to Know