This policy was last updated on 09 February 2022 to clarify how customer data will be used by our Event Partners.
1. ABOUT US
1.1 DICE comprises various group companies, including DICE FM Ltd, Boiler Room (UK) Limited (98 De Beauvoir Road, London N1 4EN UK), DICE FM Inc (US), DICE FM SPAIN S.L.U (Spain), DICE FM SARL (France), DICE FM Italy S.R.L (Italy), DICE FM GmbH (Germany) and DICE FM Australia Pty Ltd (Australia), (the “DICE Group”).
1.2. We are a disclosed ticketing agent selling tickets via the DICE Platform on behalf of promoters, organisers, managers, artists and venues of music, entertainment, sports and similar events (the “Event Partners”).
2.1. For the purpose of the EU General Data Protection Regulation (the “GDPR”) (and any other applicable UK laws, such as the UK GDPR), DICE is the “Data Controller” where you are using the DICE Platform.
2.2. DICE and the Event Partners are not joint controllers, except in certain situations in which the data is controlled jointly (for example with regards to pixels/cookies on third party websites). DICE is an agent, and the Event Partners are data controllers, and they also own your data.
3. THE BASIS FOR THE PROCESSING OF YOUR DATA
3.2. Some of your data will be processed based on DICE’s legitimate interest, including photographs, and audio and video recordings of events, to allow us to successfully provide the event experience set up for you on the DICE Platform. Legitimate interest is also our lawful basis for processing in-app analytics data (except where your consent is required) so we can enhance and monitor app performance, account activity, or website logs etc, and prevent fraudulent or other malicious activities, and produce website visitor logs for cybersecurity and/or error tracking purposes. Legitimate interest is also our lawful basis for profiling. We also rely on our legitimate interest to collect your date of birth, so we can make sure you are allowed to purchase tickets, since some events will require you to be at least 18, and to share some aggregated information with Event Partners for their own internal statistical and sales control purposes. We may also rely on legitimate interest to share with our Event Partners any personal information required for public health reasons as per any legal obligation to which our Event Partners are subject, and in some circumstances, to share limited data with third parties based on their legitimate interest, for example, where a ticket is re-sold to a third-party user on an alternative platform. Where we are processing any personal data based on legitimate interest, we have conducted a Legitimate Interest Assessment to ensure that the individual’s interests do not override those legitimate interests.
3.4. We may ask for your consent in other cases where we process your data. You can revoke your consent at any time by contacting us at email@example.com. Please note that the withdrawal of consent will not affect the lawfulness of processing based on consent before the withdrawal.
4. COLLECTED INFORMATION
4.1. To help us manage your registration and ticket sales, we will process and store all personal information you give when you register on the DICE Platform, and any personal information which is generated when you navigate and use the DICE Platform. We also use this information to analyse trends in your behaviour as this helps us to determine your preferences, habits, tastes, geographic location and favourite artists and events, which will maximise your use and enjoyment of the DICE Platform; this is the Discovery feature. We might also take some information from email communications between you and DICE and store this in separate documents. To find out more about how we use your personal information, see Clause 6 below.
4.2. The types of personal information we collect may include:
- Payment card and billing details – when you buy tickets via the DICE Platform, we will need your payment and billing information (such as your address and postcode) so we can handle the processing and despatch of ticket orders;
- Location data – we may collect your IP address, and if you allow us to connect to your device’s geolocation functionality, we may collect your GPS data. We will use the location data to improve personalised recommendations on the DICE Platform on what events are taking place near you. You can turn off the App's ability to access your geolocation at any time through your device’s general or privacy settings;
- Your image or recordings – we might get photographs, audio or video recordings of events listed on the DICE Platform. We may reproduce and/or publish your image (as part of a general photograph of an event) on the DICE Platform and in other promotional materials, social networking channels and other materials related to the DICE Platform;
- Your preferences – we may collect information about your purchase history, events you have viewed, attended or enquired about, any events you have joined a waiting list for, shared or invited people to attend and any feedback you may give or reviews you may submit;
- Music library (e.g. Spotify or Apple Music) – if you allow us to connect to your music library, we may collect and hold information on your musical interests so we can improve the personalised recommendations through the DICE Platform;
- Your interactions with us – for example if you send us information via email, survey, social media, customer service communications or other methods, this may be stored on our systems; and
- Technical information – when you use the DICE Platform, we automatically receive and record information on our server logs from your browser or mobile platform, including the location, IP address, strictly necessary cookie information and details about the page you requested. We also collect information regarding your use of the DICE Platform, mobile device information and browser information.
5.2. We use the following cookies on our website and/or our app:
- Strictly necessary cookies. These are cookies that we require to operate our website and app. They include, for example, cookies that enable you to log into secure areas of our website and app, use a shopping cart or make use of e-billing services. We also include among these cookies a combination of Google Analytics and proprietary tracking cookies that allow us to attribute purchases to partners, which is necessary for us to be able to fulfil our obligations under these agreements as our business model relies on it. This data is intended for internal use only and short expiry periods are set. You can contact us at firstname.lastname@example.org or our DPO at email@example.com for further information.
- Analytical/performance cookies. These allow us to recognise and count the number of visitors and to see how visitors move around our website and app when they are using it. This helps us to improve the way our website and app works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
- Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose. Where this information is used for any marketing purposes, we will ask for your consent first.
5.4 The cookies described above will be installed when you download the app. If you have any questions about them, you can contact us at firstname.lastname@example.org or our DPO at email@example.com before downloading the app. You can change your cookie preferences at any time by contacting us at firstname.lastname@example.org.
5.5 You can delete all cookies that are already on your device by clearing the browsing history of your browser. This will remove all cookies from all websites you have visited. Browsers also allow you to control access to cookies. You can find below the links providing information about how you can do this for the major browsers:
- Session cookies. These cookies allow us to recognise and link the actions of a user during a browsing session. They are temporary and expire at the end of a browser session, normally when you exit the browser.
- Persistent cookies. This category encompasses all cookies that are stored on a user’s device in-between sessions. All persistent cookies have an expiration date written into their code, but their duration can vary for each category or specific cookie. The persistent cookies we use normally expire after six months. If you require more information regarding the duration of a particular cookie used by us, please contact us on email@example.com.
6. USE OF YOUR PERSONAL INFORMATION
6.1. As well as the purposes described above at Clause 4.1, we use your personal information to:
- run the DICE platform or any other purposes required in order to allow us to provide the DICE Platform to you;
- communicate with you via email, SMS, in-App notifications and push notifications about your purchases on the DICE Platform, including tickets (and the events they relate to) and any other non-ticket items;
- fulfil your orders for tickets and other non-ticket items purchased via the DICE Platform;
- provide better content, services, marketing, and support to you. For example, we may need to use your information to administer your account or provide you with information in connection with any purchases or events you have expressed an interest in;
- run and provide any competitions available to you via the DICE Platform and communicate with you about those competitions. If entering into a competition, please read the terms and conditions relating to that competition as these may include specific terms regarding your personal data; and
- to profile individual and demographic trends of events you attend or interest you show in certain events and artists. This helps us to provide recommendations of similar things you might like or find interesting (via the Discovery feature or otherwise). We do this by making assumptions based on an analysis of the information we hold, including the events you have viewed, waiting lists you have joined, and tickets you have purchased. For example, if you purchased tickets to an event, we might show you more events of this specific genre or type, or events by similar artists.
6.2. We also use information that we collect about you to for operational purposes, including:
- to provide customer service, including to respond to your enquiries and answer any of your requests for information;
- carry out verification checks, including to verify your identity when collecting tickets at a venue, to check that you meet any minimum age requirements, or to check that any restrictions on the reselling of tickets have been complied with;
- to send you important information regarding our services, or other technical notices, updates, security alerts, and support and administrative messages; and
- as we believe to be necessary or appropriate under any applicable law, to enforce our rights or to respond to requests from law enforcement and any other government authorities.
6.3. As explained in Clause 3, we use your personal data on the following legal bases:
- your consent;
- as necessary to perform a contract that you have entered;
- in our (or an Event Partner’s or other third parties) legitimate interests, including to improve the performance of the DICE Platform and in order to enhance your experience of the DICE Platform; and/or
- to comply with a legal obligation.
7.1. We may send you marketing communications via email and push notifications. You can choose to opt in to marketing communications and push notifications when registering on the DICE Platform. If you change your mind about receiving any marketing emails from us, you can edit your preferences in the communication controls centre in App (called ‘Messages’) or unsubscribe from emails by following the unsubscribe directions provided in the footer of each one. If you do not want to receive push notifications from us, you can opt out by changing your preferences in the ‘Messages’ control centre in the App or change the appropriate settings directly on your mobile device. To access the communication controls centre (‘Messages’) you must have the App version 3.17.0 or above.
7.2. Where you opt out of receiving these marketing communications, we may still process your personal data for other required purposes, as explained in Clauses 5 and 6 above.
7.3.On registration, we will also ask you if you consent to receive marketing messages from our Event Partners and other third parties involved in providing an event you have purchased ticket(s) to. If you opt in to such marketing messages, we will pass your details, such as email address, city or full residence, full name and date of birth to the relevant Event Partner or third party so that they can contact you for this purpose. If you change your mind and do not want to receive such marketing messages, you can opt out by contacting that third party directly or by unsubscribing using any available ‘unsubscribe’ link or similar in that third party’s emails to you. Alternatively, to opt out of marketing messages from all third parties, you could edit your preferences in the communication controls centre in the App (called ‘Messages’). We will notify the relevant third parties of your change in preferences, normally within 7 business days. Note that it may take longer for each third party to action your request.
8. DISCLOSURE OF YOUR INFORMATION
8.1. We will not rent or sell your personal information to anyone without your explicit consent, but, so we can perform our part of our contract with you based on our Terms and Conditions and our legitimate interests, we may share your personal information in the ways described below:
- Agents and suppliers – We employ other companies/individuals to perform functions on our behalf, for example our payment processing suppliers and data analytics services providers. We do not share your personal information with our agents or suppliers except as is necessary to enable them to provide us with a service.
We may disclose your personal data to the following categories of third-party recipients:
We may share your personal data with cloud storage providers.
We may share your personal data with analytics and search engine service providers.
Administration and support tools
We may share your personal data with support software providers.
We may share your personal data with emailing service providers.
We may share your personal data with CRM providers.
We may share your personal data with online payment processing providers.
Messaging and collaboration tools
We may share your personal data with messaging and collaboration software providers.
2. Third Parties – We may integrate with other third party products and services such as Spotify to enable certain features of the DICE Platform. We do not share your personal information with them except as is necessary in order to allow them to perform the features requiring their integration.
3. Competition partners – When offering competitions or other prize draws, via the DICE Platform, we may process your personal data in order to manage your entry and contact you if you are a winner. We may share your name and country of residence with anyone who asks for winner’s details, and we may use your name and image in publicity materials as we see fit. We may share your personal information with our competition partner to allow them to administer the competition (e.g. arranging for the prize to be provided to the winner).
4. Event Partners – We are a ticketing agent, so we sell you tickets to events on behalf of the Event Partner for that event. So, we need to share your personal details with them and other parties involved in the provision of the event (such as the venue) so they can provide you with information about the event such as last-minute changes, or for the purposes of ticket validation when you enter a venue. We may also need to share your information with them in terms of sales control. Event partners can access customer information such as name, email address, ID, country of origin and a phone number, and we may share this information with them if this is needed for them to comply with any legal requirements or obligations that they are subject to. We are not responsible or liable for the actions of any third parties, and if you wish to complain about the use of your personal information by any third party then you should contact them directly.
5. Artists - If you follow an artist using the App, we may also share your information with them. We are not responsible or liable for the actions of any third parties, and if you wish to complain about the use of your personal information by any third party then you should contact them directly.
6. Other reasons – We may also share your personal information with a purchaser or potential purchaser of our business and in some circumstances, we may have to disclose your personal information by law, either because a court or the police or other law enforcement agency has asked us for it, to enforce our legal rights, or to prevent fraud or ticket-touting for example.
8.2. We may also provide our partners with anonymous information about how users, collectively, use the App and website so that they can understand how often people use their services, the App and the website.
9. INFORMATION ABOUT OTHER INDIVIDUALS
9.1. If you give us information (including personal information) on behalf of someone else, you confirm that the other person has given you permission to act on their behalf and has agreed that you can:
- provide their personal information to us;
- receive on their behalf any data protection notices; and
- give consent to the transfer of their personal data abroad.
9.2. We will need to see proof of this consent, so will ask you to provide DICE with the written authorisation from them or the document which demonstrates power to represent them. If these documents are not available, we will be able to accept any appropriate alternatives.
10. SECURITY AND INTERNATIONAL TRANSFERS OF DATA
10.1. We are committed to ensuring that your information will be treated confidentially and securely, and we have put in place appropriate measures to ensure the security of your personal data.
10.2. The personal data that we collect from you may be transferred to, and stored at, destinations outside the European Economic Area (EEA) where the laws on processing personal data may be less stringent than in your country. It may also be processed by staff operating outside the EEA who work for us or for one of our agents or suppliers.
10.3. Presently, personal data collected from you is stored in data centres as well as cloud networks which are located or hosted in Ireland.
10.4. When your personal data is transferred to parties located outside of the EEA we will assess and take appropriate measures to ensure these third parties provide adequate security of such personal data and respect your rights to privacy. These safeguards are intended to ensure a similar degree of protection to your data wherever it may be transferred and may include:
- only transferring your personal data to countries which have been deemed to provide an adequate level of protection for personal data by the European Commission; or
- entering into specific contractual terms which have been approved by the European Commission and which give personal data the same protection as within the EEA (for example, if transferring your data to the USA).
If you would like any more information on the safeguards used, feel free to contact us at firstname.lastname@example.org.
11. DATA RETENTION
11.2. We calculate the appropriate retention period for your data by considering the nature and sensitivity of the data, the purposes for which we are processing the data, and any applicable statutory retention periods. Using these criteria, we regularly review the personal data which we hold and the purposes for which it is held and processed. Once processing has been completed, we may securely delete or anonymise your personal data.
11.3. We may delete your account or specific information before deactivating your account if we believe it may no longer be relevant, or where an account has been inactive for more than a year. Purchase history may be deleted after 7 years.
If you would like any more information about our retention periods, please contact us at email@example.com.
12. YOUR RIGHTS
Under the GDPR and any equivalent rules in the UK, you are entitled to certain rights relating to our handling of your personal data, as described below.
12.1. You can request details of the personal information that we hold about you under data protection laws. If you would like a copy of the information held about you please write to us at firstname.lastname@example.org.
12.2. If you think any information we have about you is incorrect or incomplete, please write to us at email@example.com as soon as possible. We will correct or update any information as soon as we can.
12.3. You have the right to erasure of your data, as well as a right to deactivate your account (in which case only your user ID and ticket history will be retained for our records). We are not required to delete any information needed to establish, exercise or defend against legal claims, or that we need to retain in order to comply with the law.
12.4. You have the right of restriction of processing, where your data is wrongfully processed but should not be erased for a reason listed in Article 18 (1) of the GDPR.
12.5. Until a download option has been developed based on universally recognised standards, you may exercise your right of data portability by obtaining your data. You can do this by writing to us at firstname.lastname@example.org.
If you would like to exercise these rights, please write to us at email@example.com.
13. CONTACT AND COMPLAINTS
If you have any complaints about how we handle your personal information, please contact us at firstname.lastname@example.org. If we are unable to resolve your complaint and you wish to take your complaint further, you can do so by contacting the UK Information Commissioner’s Office.
14. DATA PROTECTION OFFICER CONTACT DETAILS
DICE has appointed a data protection officer for you to contact if you have any questions or concerns about DICE’s personal data policies or practices. DICE’s data protection officer’s name and contact information are as follows:
163 City Rd
London EC1V 1NR
Contact email: email@example.com
Contact telephone: (+44) (0)20 3917 4158