MULTIGROOVE PRIVACY POLICY

Effective Date: 26/09/2025
Last Updated: September 2025

1. WHO WE ARE

Sound Culture B.V., trading as Multigroove, is the data controller responsible for your personal information.

Company Details:
Sound Culture B.V.
Crailoseweg 6
1272 EV Huizen
The Netherlands
Trade Registration Number: 64209598
Email: info@multigroove.nl

2. SCOPE OF THIS POLICY

This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you:

  • Visit our websites (multigroove.nl, multigroove.com)

  • Purchase tickets for our events

  • Attend our events

  • Subscribe to our marketing communications

  • Interact with us through social media or other channels

This policy applies to all Multigroove events and activities, including collaborative events with partner venues and promoters.

3. INFORMATION WE COLLECT

3.1 Information You Provide Directly

When you purchase a ticket through our ticketing platforms (Celebratix or Weeztix), we collect:

  • First name and last name

  • Email address

  • Date of birth (for marketing segmentation purposes)

  • City of residence (for marketing analysis and audience understanding)

  • Gender (for marketing segmentation and audience understanding)

  • Payment information (processed and stored securely by our payment processors; we do not store full payment card details)

Account Creation: Our ticketing platforms require you to create an account. The platform's privacy policy also applies to your account information.

3.2 Information Collected Automatically

When you visit our website or interact with our digital services, we automatically collect:

  • Device information: IP address, browser type and version, device type, operating system

  • Usage data: Pages visited, time and date of visits, time spent on pages, links clicked, referring website

  • Location data: General location derived from IP address (city/region level)

  • Cookies and tracking technologies: See our Cookie Policy for detailed information

3.3 Information from Third Parties

We receive information from:

  • Ticketing platforms (Celebratix, Weeztix): Full customer purchase details, purchase history, account information, and attendance records

  • Payment processors: Transaction confirmation and fraud prevention data

  • Advertising platforms (Meta, Google, TikTok): Campaign performance data and audience insights

  • Co-promoters: For collaborative events, shared attendee information where we are the primary ticket seller

3.4 Information Collected at Events

When you attend our events:

  • Photos and videos: You may be captured in photographs, video recordings, or live streams

  • Entry data: Ticket scanning records showing entry time

  • Venue information: Some venues may collect additional data; their privacy policies apply

Merchandise vendors at events operate independently and collect their own customer data under their own privacy policies.

4. HOW WE USE YOUR INFORMATION

We process your personal information for the following purposes:

4.1 Essential Services (Legal Basis: Contract Performance)

  • Processing and fulfilling ticket purchases

  • Delivering tickets via email or mobile application

  • Providing customer service and support

  • Communicating essential information about events (confirmations, changes, cancellations)

  • Managing event access and security

  • Processing refunds or transfers

4.2 Marketing Communications (Legal Basis: Consent)

When you purchase a ticket, you automatically consent to receive marketing communications from us, including:

  • Email newsletters about upcoming Multigroove events

  • Event announcements and lineup reveals

  • Early bird ticket alerts and promotional offers

  • General Multigroove news and updates

  • Information about partner and collaborative event promotions

Frequency: Marketing emails are sent on an ad-hoc basis depending on event schedules and announcements.

You can withdraw consent at any time by clicking "unsubscribe" in any marketing email or by contacting info@multigroove.nl.

4.3 Marketing Analysis and Advertising (Legal Basis: Consent via Cookie Banner)

  • Analyzing audience demographics (age, gender, location) to understand our attendees

  • Creating targeted advertising campaigns on Meta (Facebook/Instagram), Google, and TikTok

  • Building custom audiences and lookalike audiences for social media advertising

  • Segmenting email lists based on location, demographics, and past event attendance

  • Measuring the effectiveness of our marketing campaigns

4.4 Business Operations (Legal Basis: Legitimate Interest)

  • Improving our events, website, and services

  • Understanding attendance patterns and preferences

  • Conducting internal research and analytics

  • Preventing fraud and ensuring security

  • Maintaining records for accounting and tax purposes

  • Defending legal claims

4.5 Legal Compliance (Legal Basis: Legal Obligation)

  • Complying with tax and accounting regulations

  • Responding to law enforcement or regulatory requests

  • Meeting other legal and regulatory requirements

5. LEGAL BASIS FOR PROCESSING (GDPR)

Under the General Data Protection Regulation (GDPR), we process your data based on:

  1. Contract Performance (Article 6(1)(b)): To fulfill our agreement with you when you purchase a ticket

  2. Consent (Article 6(1)(a)): For marketing communications and cookies/tracking technologies

  3. Legitimate Interest (Article 6(1)(f)): For business analytics, event improvement, and fraud prevention

  4. Legal Obligation (Article 6(1)(c)): For tax, accounting, and compliance with legal requirements

You have the right to object to processing based on legitimate interest at any time.

6. HOW WE SHARE YOUR INFORMATION

We share your personal information with the following categories of recipients:

6.1 Service Providers (Data Processors)

  • Ticketing platforms: Celebratix and Weeztix (EU-based servers) for ticket sales and management

  • Payment processors: Multiple payment providers process transactions on our behalf

  • Email marketing platform: Brevo (EU/France-based) for sending marketing communications

  • Website hosting: Squarespace for website hosting and management

  • Analytics providers: Google Analytics (GA4) for website usage analysis

  • Advertising platforms: Meta (Facebook/Instagram), Google Ads, TikTok for targeted advertising campaigns

6.2 Event Partners

  • Co-promoters: For collaborative events with partner venues (Lofi, Paradigm, etc.), we share attendee information only when we are the primary ticket seller

  • Venues: Event venue operators may receive attendee information for security and capacity management purposes

6.3 Legal and Regulatory Authorities

We may disclose your information to law enforcement, regulatory bodies, courts, or government agencies when:

  • Required by law or legal process

  • Necessary to protect our rights or property

  • Necessary to protect the safety of our attendees or the public

6.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred to the new entity. You will be notified of any such change.

We do not sell your personal data to third parties for their own marketing purposes.

7. INTERNATIONAL DATA TRANSFERS

Some of our service providers are located outside the European Economic Area (EEA) or process data internationally:

  • Meta (Facebook/Instagram): US-based company; transfers protected by EU Standard Contractual Clauses

  • Google (Analytics, Ads): US-based company; transfers protected by EU Standard Contractual Clauses and Data Privacy Framework

  • TikTok: Transfers protected by appropriate safeguards

  • Brevo: EU-based but may use sub-processors outside EEA with appropriate safeguards

We ensure that all international data transfers are protected by:

  • EU Standard Contractual Clauses (approved by the European Commission)

  • Adequacy decisions by the European Commission

  • Other appropriate safeguards as required by GDPR

International ticket buyers: We sell tickets to customers worldwide, including the UK, US, and other countries outside the EU. By purchasing a ticket, you consent to your data being processed as described in this policy.

8. DATA RETENTION

We retain your personal information for the following periods:

8.1 Purchase and Financial Records

  • Ticket purchase information: Retained for accounting and tax purposes

  • Financial records: Retained as required by Dutch law and accounting practices (typically 7 years after the transaction)

8.2 Marketing Data

  • Active subscribers: Retained until you unsubscribe or request deletion

  • Unsubscribed contacts: Email address retained on suppression list to prevent re-adding; marketing consent flag removed

  • Purchase history: Retained even after unsubscribe for operational and legal purposes

8.3 Event Content

  • Photos and videos from events: Retained indefinitely for promotional and archival purposes unless removal is requested

8.4 Website Analytics

  • Analytics data: Retained according to Google Analytics settings (default: 26 months)

  • Cookie data: Retained according to cookie expiration periods (see Cookie Policy)

8.5 General Policy

We review our data retention practices regularly. Personal data that is no longer needed for the purposes described in this policy will be deleted or anonymized. We are currently developing a formal data deletion schedule.

9. YOUR RIGHTS UNDER GDPR

As a data subject under the GDPR, you have the following rights:

9.1 Right of Access (Article 15)

You have the right to request a copy of the personal data we hold about you.

9.2 Right to Rectification (Article 16)

You have the right to request correction of inaccurate or incomplete personal data.

9.3 Right to Erasure / "Right to be Forgotten" (Article 17)

You have the right to request deletion of your personal data, subject to:

  • Legal retention requirements (e.g., tax and accounting records)

  • Legitimate business purposes (e.g., defending legal claims)

  • Other legal exceptions

9.4 Right to Restriction of Processing (Article 18)

You have the right to request that we limit how we process your data in certain circumstances.

9.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

9.6 Right to Object (Article 21)

You have the right to object to:

  • Processing based on legitimate interests

  • Direct marketing (including profiling for marketing purposes)

9.7 Right to Withdraw Consent (Article 7(3))

Where processing is based on consent, you have the right to withdraw that consent at any time. This does not affect the lawfulness of processing before withdrawal.

9.8 Right to Lodge a Complaint (Article 77)

You have the right to lodge a complaint with a supervisory authority, particularly in your country of residence, place of work, or where an alleged infringement occurred.

Dutch Data Protection Authority (Autoriteit Persoonsgegevens):
Website: https://autoriteitpersoonsgegevens.nl
Telephone: +31 (0)70 888 8500

9.9 How to Exercise Your Rights

To exercise any of these rights, contact us at: info@multigroove.nl

Please include:

  • Your full name and email address used for ticket purchase

  • Specific right you wish to exercise

  • Any relevant details or documentation

Response time: We will respond to your request within one month. In complex cases, we may extend this by two additional months and will notify you of the extension.

Verification: We may request proof of identity to protect your personal information from unauthorized access.

10. DATA SUBJECT REQUEST PROCEDURES

10.1 Standard Procedure for Handling Data Requests

When we receive a data subject request at info@multigroove.nl, we follow this procedure:

Step 1: Verification (Within 48 hours)

  • Confirm identity of requester

  • Request proof of identity if necessary (government ID matching ticket purchase name)

  • Acknowledge receipt of request

Step 2: Assessment (Within 1 week)

  • Determine type of request (access, deletion, rectification, etc.)

  • Check if any exemptions apply (legal retention requirements, legitimate interests)

  • Identify all systems where data is stored (Celebratix, Weeztix, Brevo, internal records)

Step 3: Processing (Within 2-3 weeks)

For Access Requests:

  • Compile all personal data from all systems

  • Provide in clear, readable format (PDF or spreadsheet)

  • Include sources of data and processing purposes

For Deletion Requests:

  • Delete data from Brevo (marketing list)

  • Request deletion from Celebratix/Weeztix (subject to their retention policies)

  • Remove from internal spreadsheets/records (subject to legal retention)

  • Add email to suppression list to prevent re-adding

  • Note: Purchase records required for tax/accounting will be retained but flagged as "do not market"

For Objection to Marketing:

  • Immediate unsubscribe from Brevo

  • Remove from active marketing lists

  • Retain email on suppression list only

Step 4: Response (Within 1 month total)

  • Confirm action taken

  • Explain any data that cannot be deleted (with legal basis)

  • Inform of right to complain to supervisory authority

Record Keeping:

We maintain a log of all data subject requests including:

  • Date of request

  • Type of request

  • Action taken

  • Date of response

11. MARKETING COMMUNICATIONS

11.1 How You're Added to Our Marketing List

Automatic opt-in: When you purchase a ticket for a Multigroove event, you are automatically subscribed to receive marketing communications. You can unsubscribe at any time.

No opt-out during checkout: There is no option to decline marketing communications during the ticket purchase process; you must unsubscribe after purchase if you do not wish to receive marketing emails.

11.2 Types of Marketing Communications

We send the following types of marketing emails:

  • Event announcements for upcoming Multigroove events

  • Artist lineup reveals and updates

  • Early bird ticket sales and promotional offers

  • General news about Multigroove

  • Information about partner and collaborative events

  • Surveys or feedback requests (occasionally)

11.3 How to Unsubscribe

You can unsubscribe from marketing communications at any time by:

  • Clicking the "unsubscribe" link at the bottom of any marketing email

  • Emailing info@multigroove.nl with "Unsubscribe" in the subject line

  • Updating your preferences in your Celebratix or Weeztix account (if available)

Important: Even after unsubscribing from marketing, you will still receive essential transactional emails related to tickets you have purchased (confirmations, event changes, cancellations, refund information).

11.4 Email List Segmentation

We segment our marketing lists based on:

  • Location (city of residence)

  • Demographics (age, gender)

  • Past event attendance

  • Purchase history

  • Engagement with previous emails

This allows us to send more relevant event information to different audience segments.

12. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar tracking technologies on our website. For detailed information about the cookies we use, their purposes, and how to manage them, please see our Cookie Policy [LINK TO COOKIE POLICY].

Summary of Cookie Use:

  • Essential cookies: Required for ticket purchase and website functionality

  • Analytics cookies: Google Analytics (GA4) to understand website usage (requires consent)

  • Marketing cookies: Meta Pixel, Google Ads, TikTok Pixel for targeted advertising (requires consent)

You can manage your cookie preferences through our cookie banner or your browser settings.

13. PHOTOS AND VIDEOS AT EVENTS

13.1 Consent to Being Filmed

By purchasing a ticket and attending our events, you consent to being photographed and filmed. We may use photos and videos of you at events for:

  • Social media posts (Instagram, Facebook, TikTok, YouTube)

  • Website content and galleries

  • Promotional materials and advertisements

  • Event aftermovies and recaps

  • Marketing campaigns (including paid advertising)

  • Press and media coverage

  • Archival purposes

Scope: Photos and videos may be used indefinitely and across all channels where Multigroove has a presence.

13.2 Your Rights Regarding Images

If you appear in a photo or video and wish to have it removed:

  1. Contact us at info@multigroove.nl with:

    • Specific URL or description of the image/video

    • Your location/description in the image

    • Proof of identification (to verify you are the person in the image)

  2. We will review your request and:

    • Remove the content where reasonably possible

    • Blur or obscure your image if removal is not practical

    • Respond within 2 weeks of your request

Limitations: We may not be able to remove or recall content that has been:

  • Shared or reposted by third parties

  • Published in print materials already distributed

  • Licensed to media outlets or partners (we will request removal but cannot guarantee it)

13.3 Third-Party Content

Professional photographers/videographers: Some events may include professional photographers or videographers who sell photos separately. They operate under their own terms and privacy policies.

Attendee-generated content: We are not responsible for photos or videos taken by other attendees at events.

14. CHILDREN'S PRIVACY

All Multigroove events are strictly for persons aged 18 years or older. We do not knowingly collect personal information from anyone under the age of 18.

If we discover that we have inadvertently collected personal information from someone under 18, we will delete that information immediately.

If you believe we have collected information from someone under 18, please contact us immediately at info@multigroove.nl.

15. DATA SECURITY

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

Security measures include:

  • Encryption of data in transit using SSL/TLS protocols

  • Secure payment processing through PCI DSS compliant payment processors

  • Access controls and authentication for internal systems

  • Regular security assessments and updates

  • Restricted access to personal data on a need-to-know basis

  • Training for team members and contractors on data protection

Limitations: While we take reasonable steps to protect your personal data, no internet transmission or electronic storage system is completely secure. You use our services at your own risk.

Data breach notification: In the event of a data breach that poses a risk to your rights and freedoms, we will notify the Dutch Data Protection Authority within 72 hours and will notify affected individuals as required by law.

16. THIRD-PARTY LINKS AND SERVICES

Our website and communications may contain links to third-party websites, applications, and services, including:

  • Ticketing platforms (Celebratix, Weeztix)

  • Social media platforms (Instagram, Facebook, TikTok, YouTube)

  • Partner venue websites

  • Payment processors

  • Other promotional or informational websites

We are not responsible for the privacy practices of these third-party services. We encourage you to review their privacy policies separately.

Ticketing platform privacy policies:

  • Celebratix: [LINK TO THEIR PRIVACY POLICY]

  • Weeztix: [LINK TO THEIR PRIVACY POLICY]

17. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in:

  • Our data practices

  • Legal requirements

  • Business operations

  • Technology and services we use

How we notify you of changes:

  • Updated policy posted on our website with new "Last Updated" date

  • Email notification to active marketing subscribers for significant changes

  • Notice on our website homepage for major updates

Your continued use of our services after changes are posted constitutes acceptance of the updated Privacy Policy.

Last Updated: September 2025

18. CONSENT RECORDS

We maintain records of your consent for data processing, including:

  • Timestamp: Date and time of ticket purchase or opt-in

  • IP address: IP address used during ticket purchase or consent action

  • Consent method: How consent was obtained (ticket purchase, checkbox, etc.)

  • Scope of consent: What was consented to (marketing, cookies, etc.)

These records are maintained to demonstrate compliance with GDPR consent requirements.

19. DATA PROTECTION OFFICER

Current status: We do not currently have a designated Data Protection Officer (DPO). Data protection matters are handled by our internal team.

Contact for data protection queries: info@multigroove.nl

Note: Under GDPR Article 37, we are evaluating whether our processing activities require the appointment of a formal DPO.

20. DATA PROCESSING AGREEMENTS

We rely on standard terms and privacy policies provided by our data processors. We are in the process of reviewing and establishing formal Data Processing Agreements (DPAs) with our key service providers as required under GDPR Article 28.

21. FUTURE DATA COLLECTION

We may collect additional types of personal information in the future, including:

  • Phone numbers: For SMS marketing and event notifications

  • Additional preferences: More detailed profile information for personalized experiences

  • Loyalty program data: If we implement a membership or loyalty system

Any new data collection will be:

  • Disclosed through an updated Privacy Policy

  • Subject to appropriate consent where required

  • Processed in accordance with GDPR principles

22. CONTACT US

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data:

Email: info@multigroove.nl
Response time: We aim to respond within one week

Postal Address:
Sound Culture B.V. / Multigroove
Crailoseweg 6
1272 EV Huizen
The Netherlands

For data subject requests: Please clearly state the nature of your request in the subject line (e.g., "Data Access Request" or "Deletion Request").

To report a data security concern: Email info@multigroove.nl with "URGENT: Data Security" in the subject line.

23. SUPERVISORY AUTHORITY

If you are not satisfied with how we handle your personal data or our response to your requests, you have the right to lodge a complaint with the relevant supervisory authority:

Autoriteit Persoonsgegevens (Dutch Data Protection Authority)
Postal Address:
Postbus 93374
2509 AJ Den Haag
The Netherlands

Website: https://autoriteitpersoonsgegevens.nl
Telephone: +31 (0)70 888 8500
Email: info@autoriteitpersoonsgegevens.nl

This Privacy Policy is effective as of 26/09/2025 and applies to all personal data collected by Multigroove / Sound Culture B.V. through our websites, events, and related services.

End of Privacy Policy