Effective Date: May 25th, 2018
- How to opt-out of marketing communications
- How to opt-out of interest-based advertising
- How to request access to your data
WHO WE ARE
(“Company”, “we”, “our”, or “us”) operates the site and subsites located at and mobile applications (collectively “Site”) and provides the content (including email and electronic communications) and services (collectively “Services”) offered on or through the Site. “Platform” means the “Site” and/or “Services”.
ABOUT THIS DOCUMENT
This Privacy Notice explains how we collect, use, share, and protect information about users of the Platform, and the choices users have about how we collect and use certain information about them.
Third-party Websites: This Privacy Notice does not apply to the websites of third parties to which the Platform links. We do not endorse, and are not responsible for the content of such websites, their policies or practices, or any product or service that they offer. Any activity you perform on such third-party websites will be subject to the privacy policies and other terms and conditions expressed therein. We recommend that you review third-party terms before providing any personal information to them.
We modify this Privacy Notice from time to time in accordance with the “Modifications” section below .
By using the Platform, you represent that you are at least 16 years old. The Service is a general audience service. Our content is not directed towards children who are under the age of 16, nor do we knowingly collect personal information from children under the age of 16. If we become aware that a child under the age of 16 has provided us with personal information without parental consent, that information will be deleted. Parents who have questions about personal information that has been submitted by a child under the age of 16 should email us at the address provided in the “How to Contact Us” section.
WHAT WE COLLECT
Categories of data we collect:
- Contact/Identification: Name, email, phone, mailing address, birthday, gender (gender is collected for nightlife/daylife customers only);
- Purchases: Number of tickets purchased, ticket purchase time, transaction amount, venue name, event date, artist, billing address;
- Payment: Credit card information is requested to complete online purchases through our Platform (this information goes straight to our credit card processor www.plugnpay.com, we do not process or store it). Additionally, unique transaction IDs are recorded for customer support and to process refund requests;
- Reservation Notes: Information relating to your reservation (for example, seating preferences, food and beverage preferences, and allergy information), whether you showed up for your reservation, venue, reservation date and time, party size, amount spent. Please note that allergy information will not be collected without your consent;
- Referrals: If you were referred to us by someone, we may keep a record of the referral source;
- Age verification: We keep records of your age verification on our websites, verifying that you are old enough to consent to the processing of your personal data;
- Correspondence: Contents of emails you send us, when you send/receive/view one of our emails, when you opt in or out of receiving emails from us;
- Advocate Link: This is a URL that points to our website and includes a parameter that identifies the affiliate who sent the traffic to us.
- Venue Admissions: We keep records regarding when a ticket, wristband, or reservation is fulfilled at a particular venue;
- Music Preferences: Musical artists and genres that you have expressed an interest in;
- Social Media: Contents of posts you make on our social media pages, likes and other interactions with our social media content, social media user name. You can control the information we receive from social media platforms such as Facebook, Instagram, Snapchat, and Twitter by using the privacy and data settings in your social media accounts;
- Preferences/Settings: Time zone, language, and character size, among others;
- Online Identifiers: IP address; mobile device advertising identifier, Marketo “Munchkin” tracking ID, Salesforce Predictive Intelligence tracking ID;
- Technical Information: Type of device, operating system name/version, device manufacturer, model, browser name/version, screen resolution, installed and uninstalled applications running in the background;
- Connection: Internet service provider or mobile carrier’s name, country, connection speed and connection type, Bluetooth settings, among others;
- Platform Usage: Date stamp, URL of the last webpage visited before visiting our Platform, and URL of the first page visited after leaving our Platform, pages viewed, time spent on a page, click through, clickstream data, queries made, search results selected, comments made, search history, type of service requested, purchases made, among others;
- Do Not Call: Whether you have asked to be placed on a do not call list, and do not call reasons;
- Third-party Cookies: Information collected through cookies, pixel tags, and other tracking technologies; and
- General geographic location
SOURCE OF THE DATA
- WEB FORMS
Most of the personal data we collect comes through various forms across our Platform. Certain fields on these forms are mandatory in order for us to complete the associated transactions. Mandatory fields are indicated with an asterisks.
We also collect data from your browser. This data collection occurs automatically as a consequence of your browser interacting with our servers. This data is captured in logs
We collect personal information from third-party service providers including OpenTable (restaurant reservations), Seven Rooms (restaurant reservations), Hotpoint (photo booths), Zenreach (Wi-Fi access), Ticketmaster (ticket sales to events), Bookmyshow (ticket sales to events), American Express (global dining program), Facebook (Facebook lead forms), Full Contact (provides additional contact information by matching e-mail address with full contact database, and verifies e-mail addresses are valid), Hotspot International (WiFi access), Woobox (sweepstakes administration), and New Epoch (sweepstakes administration). We only receive your information from these services if you give them consent to share it with us.
WHY WE COLLECT
We collect this information for the following purposes:
- Commercial Transactions: We use your contact/identification information, in conjunction with your payment information through our payment processor, to complete online purchases and communicate any relevant information after the purchase is complete. We also pay some of our affiliates commissions when an affiliate refers someone to us who then makes a purchase. The advocate link allows us to track which referrals came to us through which affiliate, so that we can calculate commissions.
- Improve Platform/Services: We use several categories of information listed above to help us understand how users interact with our Platform, so we can improve user experience. This information is collected on an aggregated basis, so that it is not individually identifiable. We use various analytics tools to help us analyze online behavior for this purpose.
- Marketing/Promotions: We send promotional emails from time to time to users who opt-in to receive such emails (you can unsubscribe any time by clicking the “unsubscribe” link at the bottom of the email). We send promotional emails in relation to your birthday; however, these are based on the month and day of your birthday only (not your birth year). We use social media usernames to assist us in de-duplicating contacts in our marketing database. This de-duplication helps us avoid sending duplicate advertising to the same person through multiple e-mail addresses. We also create custom audiences for social media advertising.
- Legal Compliance: We collect birthdates and addresses to help us comply with certain regulations such as age restrictions on attending some of our venues and consenting to processing of your personal data, and online communications.
GDPR LAWFUL BASES
In accordance with the EU General Data Protection Regulation (GDPR), we have determined that we have the following legal bases to collect and process personal information of users who are in the EEA:
- Contract: We process personal information of EU users in order to complete contractual obligations such as selling/honoring tickets to events, making/honoring reservations for VIP tables (at events) and restaurants, and honoring employment contracts.
- Legal Obligation: We process personal information of EU users in order to meet legal obligations with various regulatory authorities which impose certain restrictions on us, such as age restrictions on some of our venues.
- Legitimate Interests: We process personal information of EU users in order to advance legitimate interests such as communicating information about our products and services. When we rely on our legitimate interests as a reason for processing your personal information, we have already considered whether or not those interests are overridden by your rights, and have concluded that they are not. Our legitimate interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your explicit consent or are otherwise required or permitted by law). In determining whether our legitimate interests override your rights, we consider the nature of both your interests and ours, the impact the processing will have on you, and any safeguards which are or could be put in place. Our legitimate interests for processing your personal information include:
- Reservations: We may use your personal data to complete and administer your online reservations;
- Customer service: We use your personal data to provide customer service to you;
- Direct marketing activities: We use your personal data for marketing activities, such as marketing communications and running sweepstakes or contests. When we send you marketing communications, we include an unsubscribe link that you can use if you do not want us to send you future marketing communications;
- Analytics, improvement, and research: We use personal data to conduct research and analysis so that we can improve our services, enhance the user experience, and improve our website. When using your personal data for analytics, improvement, and research, it will only be used in an anonymous, aggregated form;
- Cybersecurity, fraud detection, and prevention: We use personal data to help prevent fraud and other illegal activities, to investigate and detect fraud, and for the authentication of users;
- Payments: We use personal data to collect payments for purchases made from us;
- Recordkeeping: We use personal data to keep internal records and maintain records of reservations, contracts, user preferences, and complaints, to help us run our business efficiently and provide a higher level of service to our guests;
- Operating our websites: We use your personal data to operate our website.
- Consent: We send promotional emails to users who consent to receive promotional emails.
ONLINE TRACKING & YOUR CHOICES:
- Session cookies: We use session cookies to keep you logged in while you use features of our Site. These disappear after you close your browser.
- Persistent cookies: We also use persistent cookies, which stay in your browser and allow us to recognize you when you return to our Site. These allow us to remember your information, so you will not have to re-enter it multiple times, to better understand how you use our Platform, and otherwise enhance our Platform, products, and services.
- Email tracking: In some of our email messages, we use a “click-through URL” linked to content on the Site. We track this click-through data to help us measure the effectiveness of our customer communications.
- Google Analytics. To opt out of Google Analytics, please go to https://tools.google.com/dlpage/gaoptout.
- Google AdWords. To opt out of Google AdWords, please go to https://support.google.com/ads/answer/2662922
- To opt out of Adroll, please go to https://help.adroll.com/hc/en-us/articles/216599538-Opting-Out-of-Personalized-Advertising
- Salesforce Marketing Cloud analytics. To opt out of Salesforce Marketing Cloud analytics, please click the unsubscribe link in one of our emails.
THIRD-PARTY TRACKING & INTEREST-BASED ADVERTISING:
- Browser settings: Most Internet browsers allow you to change the settings to stop accepting cookies or to prompt you before accepting a cookie. If you set your browser to reject cookies, parts of our Site may not work for you. Please note, depending on your type of device or browser, it may not be possible to delete or disable all tracking mechanisms on your device.
- “Do Not Track”: If you select a “Do Not Track” option in your browser, it may not have any effect on our collection of cookie information for analytic and internal purposes. We have no control over and cannot confirm whether our third-party ad partners honor “Do Not Track” browser settings.
- Opt-out of Interest-based advertising: Many advertising companies are members of the NAI or DAA which offer opt-out guidance and tools at org/choicesor aboutads.info/choices.
- Instructions for opting out of Google ads can be found here.
- Instructions for opting out of Facebook ads can be found here.
- To opt-out of interest-based advertising in mobile applications, visit http://youradchoices.com/appchoices.
- To learn more about cookies, web beacons, and similar tracking technologies, visit org).
THIRD-PARTY SITES & SOCIAL MEDIA:
We use your information to deliver ads to you on social media platforms including Facebook, Instagram, Snapchat, and Twitter.
We do not share your personal information outside of our corporate group for any commercial or marketing purpose unrelated to our products and services without asking you first. We do not rent or sell our customer lists. However, there are still a few limited situations where we share personal information:
- External processing: We have vendors, service providers, and technicians who help with some of our processing and storage. They also assist with monitoring our servers for technical problems. These external processors potentially access your information while doing their work, but they are not allowed to use any of your data for purposes unrelated to our products and services.
- Data validation/enrichment: We share personal data with a third-party service provider called FullContact for the purpose of verifying if the data is current, as well as enriching it with relevant information from public databases, such as location and demographics.
- Business transitions: Upon the sale or transfer of the company and/or all or part of its assets, your personal information will likely be among the items sold or transferred. We will request a purchaser to treat our data under the privacy statement in place at the time of its collection.
- Legal reasons: We will provide information to a third party if we believe in good faith that we are required to do so for legal reasons. For example, to respond to legal process, or comply with state and federal laws (or the applicable laws of foreign countries other than the United States).
- Aggregate/Anonymized data: We share non-personal information (for example, aggregated or anonymized customer data) publicly and with our partners. For example, we publish trends about our events and venues. We take steps to keep this non-personal information from being associated with you and we require our partners to do the same.
- Cross-border transfers – Your personal information will be collected, processed and stored by us or our service providers in the United States and other countries outside the European Union where our servers reside. As a result, your personal information may be subject to legal requirements, including lawful requirements to disclose personal information to government authorities, in those jurisdictions.
If you wish to opt-out of our marketing communications and data sharing practices, please email email@example.com. Please note that even though you may opt-out of receiving marketing-related communications from us, we may still send you important administrative messages.
We do not retain your personal data indefinitely. We employ a data retention policy which ensures we can complete our contractual and legal obligations, as well as meet our internal business intelligence needs. You may request more information about how we retain your personal information through a data request described in the following section.
YOUR RIGHTS TO YOUR DATA
You have the right to request a copy of the data we have on you and know how we use that information. If you wish to request this information, send an email to firstname.lastname@example.org with the word “Access” in the subject line. The email account from which you send the email request must match the email account for the personal data record requested. Depending on the amount and categories of data in the requested record, we will respond to your initial email with additional questions to verify that your identity matches the requested record. While we fully respect your right to request your data, we must verify your identity first.
If you find any mistakes in your data record, you may request that we correct the record by emailing your corrections to email@example.com. Please use the word “Correction” in the subject line. If we decide not to correct your data record, we will explain our reason(s) in writing within 30 days.
You have the right to request that we erase the data we possess regarding you. If you wish to exercise this right, send an email to firstname.lastname@example.org with the word “Erase” in the subject line. If we decide not to erase your data record, we will explain our reason(s) in writing within 30 days.
- Restriction of processing
In certain circumstances, you have the right to request that we restrict the processing of the personal data that we have collected about you; for example, where you believe that the personal data that hold about you is not accurate or lawfully held.
- Right to data portability
In certain circumstances, you have the right to receive the personal data concerning you that you have provided us in a structured, commonly used, machine readable format, and the right to obtain that we transmit the data to another entity where technically feasible.
- Right to object to the processing of data
In certain circumstances, you have the right to request that we stop processing your personal data.
- Right to object to the processing of data for marketing purposes
You have the right to request that we stop sending you marketing communications.
- Right not to be subject to decisions based solely on automated processing including profiling
In certain circumstances, you have the right no to be subject to a decision based solely on automated processing – including profiling – that produces legal effects or similarly affects you.
- Right to withdraw consent
We may seek to rely on your consent in order to process certain personal data. Where we do so, you have the right not to provide your consent, and the right to withdraw your consent at any time. If you withdraw your consent, this will not affect the lawfulness of the processing conducted based on consent before its withdraw.
You have the right to file a complaint with a relevant data protection supervisory authority and the right to file a complaint in court if you feel we have violated this policy. If so, we will cooperate with the authority to resolve the issue.
We take security seriously and care about the integrity of your personal information. We use commercially reasonable methods to transmit your data securely including HTTPS, TLS/SSL protocol, AES and RSA data encryption. Data is stored using Amazon’s S3 cloud service. However, we cannot guarantee that unauthorized third parties will never be able to defeat our security measures or use your personal information for improper purposes. In the event that any information under our control is compromised as a result of a security breach, we will take reasonable steps to investigate the situation and where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.
INTERNATIONAL DATA TRANSFERS
We are a global organization and provide services throughout the world. Sharing data cross-border is essential to our services so that you can receive the same high-quality services from us wherever you are. As a result, we will, in accordance with the law, transfer your personal data to other countries which may have different data protection standards than those in your country of residence.
Our Site is hosted in the United States. If you are accessing the site from the EEA or other regions with laws governing data collection and use that differ from U.S. law, you should be aware that your data will be transferred outside the EEA. When we transfer personal data from the EEA and Switzerland to other countries, including to the United States, we rely on third-party service providers who use a variety of legal mechanisms to help ensure your data is appropriately protected such as Binding Corporate Rules, Privacy Shield certification, or Standard Contractual Clauses. Unless we have your explicit consent, we will not transfer your personal data from the EEA and Switzerland to other countries without appropriate safeguards (specifically, Binding Corporate Rules, Privacy Shield certification, or Standard Contractual Clauses) in place.
We will modify this Privacy Notice from time to time. We will notify you of material changes to this Privacy Notice by posting the amended terms in accordance with applicable laws. If you do not agree with the proposed changes, you should discontinue your use of the Platform before the new Privacy Notice takes effect. If you continue using our Platform after the new terms take effect, you will be bound by the modified Privacy Notice.
HOW TO CONTACT US
If you have any questions about this Privacy Notice, please contact us:
By email at: email@example.com.
By postal mail at:
Hakkasan Holdings, LLC
6385 S. Rainbow Blvd., Suite 800
Las Vegas, NV 89118
Local Representative in the EEA:
Company Name: Hakkasan Limited
Email address: firstname.lastname@example.org
Postal address: 3rd Floor, Elsley House, 24-30 Great Titchfield Street, London, W1W 8BF, United Kingdom