PRIVACY POLICY

Last updated on: 30 april 2024

As provided under REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND THE COUNCIL, of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/CE (General Data Protection Regulation) [“GDPR”] and in Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the Guarantee of Digital Data (“LOPDPGDD”) and its implementation regulations, you are informed that by accepting the check box attached, you expressly authorise your personal data, including image and voice data, to be placed on file for strictly confidential processing in a file. The data controller is MIDDLE GROUND, S.L. (hereinafter, “the company”), holder of TAX ID B-95.934.006, with address at Bilbao (Biscay), at Camino de la Ventosa, 46, 1º D, 48013. The purpose is to manage your participation in and/or attendance to KALORAMA MADRID (hereinafter, “the event”), send you informative communications about the same, as well as inform you of other products and services offered by the company and the rest of the LAST TOUR group companies detailed below, carry out profile segmentation with the aim of improving and optimising the experience associated with such events, respond to queries that may be made through the designated contact addresses, carry out satisfaction surveys about the products and services of the company and the rest of the LAST TOUR group companies indicated, and comply with the obligations established by current legislation.

The legal basis for processing of your personal data is the following:

  • The compliance with a contract and/or a commercial relationship.
  • The informed consent granted to us expressly, freely and unambiguously when you agree to this PRIVACY POLICY by sending us the corresponding form.
  • To comply with various compulsory legal obligations of the company.
  • For the legitimate interest based on all kinds of security reasons, the improvement of our products and services, the management of your information requests, claims and fraud management.

The data we request from you are appropriate, pertinent and strictly necessary to carry out the purposes provided above. You are entitled to withdraw consent at any time, although this does not affect the lawfulness of processing based on consent before it was withdrawn. You further guarantee the authenticity,  accuracy and truthfulness of any information you provide us, undertaking to keep the data you provide us updated so that such data truly reflect reality at all times. You shall likewise be solely responsible for false or inaccurate statements and the damage they may cause.

We store your data as long as there is a contract or commercial relationship with you, or as long as you do not exercise your rights to erasure, cancellation, and/or restriction of processing of data. Following the end of this storage period, the company shall erase, destroy, block or pseudonymise your personal data. In the case of blocking, your information shall always be maintained although it shall not be used and no processing shall be completed, whenever this information could be needed to lodge claims or there could be any court, legal, or contract responsibilities arising out of its processing, which must be addressed and made recovery necessary.

 

DATA COMMUNICATION:

 

The data you provide to us may be assigned to the following companies of the LAST TOUR group for the proper management of the services specified above, and to inform you of products and services that may be offered in the future: LAST TOUR CONCERTS, S.L., ARF VITORIA GASTEIZ, S.L., LASTUR BOOKIN, S.L., CULTURA ROCK, S.L., EVENTOS Y FESTIVALES SONIDO RURAL, S.L., LAST TOUR IBERIA, S.L., LAST TOUR EUROPA, S.L., OSO POLITA RECORDS, S.L., YUUKII RECORDS, S.L., FESTIVAL KALORAMA, S.L., AZKEN BIRA, S.L., LEHENENENGO BIRA, S.L., FUNDACIÓN INDUSTRIAS CREATIVAS and LAST TOUR AMÉRICA, S.A.S., as well as any other entity that replaces any of the above, and/or linked to or integrated in the LAST TOUR group, and/or that is linked to or integrated with the same in the future.

If you pay with a credit card, data shall be coded and transferred to our payment partners. Any personal details about you shall solely be used internally within the LAST TOUR group and shall not be assigned to third-party companies or entities, aside from the ones provided herein.

Finally, in the event that you send us a curriculum vitae for the job application, this will become part of a file whose ownership corresponds to the company. The purpose of the file is the selection of personnel and by spontaneously sending us this information you are giving us your express consent for your data to be available in future recruitment or personnel selection processes. Furthermore, said data may be transferred to the aforementioned entities of the LAST TOUR group, for the same purpose, as well as to any other entity that replaces any of them, and/or that is linked to or integrated in the LAST TOUR group, and/or that is linked to or integrated with the same in the future.

 

EXERCISING YOUR RIGHTS:

 

You can exercise rights of access, rectification or erasure, restriction of processing, cancellation or objection, and portability rights at the company, at Camino de la Ventosa, 46, 1º D, CP 48013 in Bilbao (Biscay), dpo@lasttour.org. Moreover, you are entitled to lodge a claim with the Spanish Data Protection Agency. Your rights set out under data protection laws can be exercised in Basque, Spanish and English.

SECURITY MEASURES:

 

To safeguard the security of your personal data, we inform you that the company has adopted all technical and organisational measures required to guarantee the computer security of the personal data supplied, including (inter alia):

  • Pseudonymisation and coding of personal data where applicable.
  • The capacity to guarantee the confidentiality, integrity, availability and permanent resilience of the processing systems and services.
  • The capacity to restore the availability and access to personal data swiftly in the case of a physical or technical incident.

A process of regular verification, assessment and valuation of the effectiveness of the technical and organisational measures to guarantee the security of processing.