GDPR Compliant

Privacy Policy

Last updated: March 2025 · Effective date: March 2025

1. Data Controller

Fests.io ("we", "us", or "our") operates the website available at https://fests.io. We are the data controller responsible for the personal information processed through this website.

For any privacy-related questions or requests, please contact us at: privacy@fests.io.

2. What Data We Collect

We collect minimal data in order to operate the site. The categories are:

Technical / server log data: IP address, browser type and version, operating system, referring URL, pages visited, and timestamps. This data is recorded automatically by our hosting provider's server software.
Session data: A temporary session identifier (stored as a cookie) that is created when you visit the site and expires when you close your browser or after a short inactivity period. This is used solely for technical operation of the site.
Cookie preferences: Your cookie consent choice (accepted / declined / essential-only) is stored in your browser's local storage to avoid showing the banner on every visit.
Contact or enquiry data: If you choose to contact us by email, we receive and store the information you voluntarily send (name, email address, message content).

We do not operate user accounts, collect payment information, or process sensitive personal data (as defined in Article 9 GDPR).

3. How We Use Your Data

Delivering the service: To display festival and artist information, process search queries, and serve pages correctly.
Security and abuse prevention: Server logs help us detect unusual traffic patterns, security threats, or technical errors.
Improving the site: Aggregated, anonymised technical data may be used to understand how visitors navigate the site and to improve content and performance.
Responding to enquiries: If you contact us, we use your contact details solely to respond to your message.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Legal Basis for Processing

Under the GDPR (EU) 2016/679, our processing activities rely on the following legal bases:

Legitimate interests (Article 6(1)(f)): Server log data is processed for security, fraud prevention, and service improvement. Our legitimate interest in maintaining a safe, functional website outweighs the minimal privacy impact of storing standard server logs for a limited period.
Consent (Article 6(1)(a)): Non-essential cookies and third-party resources are only activated after you have given your consent via the cookie banner. You may withdraw consent at any time by clearing your browser cookies or local storage.
Contract performance (Article 6(1)(b)): Where you contact us, your data is used to respond to and fulfil that communication.

5. Third Parties

To operate the website we use the following third-party services that may process data:

Google Fonts (Google LLC): Fonts used on the site are loaded from Google's servers (fonts.googleapis.com). When your browser requests these fonts, your IP address is transmitted to Google. Google's privacy policy applies: policies.google.com/privacy.
Font Awesome (Fonticons, Inc.): Icons are loaded from Cloudflare's CDN (cdnjs.cloudflare.com). Standard CDN request data (IP address, browser headers) may be logged by Cloudflare.
Ticket vendors: When you click a "Get Tickets" link, you are redirected to or shown content from an external ticket platform. We do not control the data practices of those third-party platforms. Please review their privacy policies before completing any purchase.
Hosting provider: Our servers are operated by a third-party hosting provider who processes technical data (server logs) on our behalf under a data processing agreement.

6. Data Retention

Server logs: Retained for up to 30 days for security purposes, then automatically deleted.
Session cookies: Expire at the end of your browser session (or after 24 hours of inactivity at the latest).
Cookie consent preference: Stored in your browser's local storage indefinitely, or until you clear your browser data.
Email correspondence: Retained for as long as necessary to address your enquiry and for up to 12 months thereafter, unless a longer period is required by law.

7. Your Rights Under GDPR

If you are located in the European Economic Area (EEA) or the UK, you have the following rights regarding your personal data:

Right of access (Art. 15): You can request a copy of the personal data we hold about you.
Right to rectification (Art. 16): You can ask us to correct inaccurate data.
Right to erasure (Art. 17): You can request deletion of your personal data where there is no legitimate reason for us to continue processing it.
Right to restriction of processing (Art. 18): You can request that we limit how we use your data.
Right to data portability (Art. 20): You can request your data in a structured, machine-readable format.
Right to object (Art. 21): You can object to processing based on legitimate interests.
Right to withdraw consent (Art. 7(3)): Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@fests.io. We will respond within 30 days. You also have the right to lodge a complaint with your national Data Protection Authority (DPA).

8. Cookies

We use cookies and similar browser storage technologies. For full details, please see our Cookie Policy.

9. Security

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. All data in transit between your browser and our servers is protected by TLS encryption (HTTPS).

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

10. Minors

Fests.io is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. Continued use of the site after any changes constitutes acceptance of the revised policy. We encourage you to review this page periodically.

12. Contact Us

For any questions, requests, or complaints regarding this Privacy Policy or our data practices:

Fests.io – Privacy Team
Email: privacy@fests.io
Website: fests.io