Privacy Policy

www.laimafestival.lv

Effective from: 1 January 2025 | Last updated: 1 January 2025

1. General Provisions

This Privacy Policy (hereinafter — the Policy) applies to the website www.laimafestival.lv, maintained by SIA "Laima Live" (hereinafter — the Organiser). The Policy defines how your personal data is collected, processed and protected.

By visiting the website and using its services, you confirm that you have read and understood this Policy. The Organiser processes personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, hereinafter — GDPR), as well as the Personal Data Processing Law of the Republic of Latvia.

2. Data Controller

The data controller is:

If you have any questions or concerns about the processing of your personal data, please contact us at the email address provided above.

3. Personal Data We Collect

The Organiser collects personal data in the following circumstances and to the following extent:

3.1. Ticket Purchase and Registration

When purchasing festival tickets or registering for an event, the following data is processed:

• first name and surname;
• email address;
• telephone number (where required);
• payment information (processed by the payment service provider; the Organiser retains only transaction confirmation);
• number and category of tickets purchased.

3.2. Competitions and Prize Draws

The festival regularly organises competitions and ticket prize draws, including on social media. When participating in such activities, the following data is processed:

• first name and surname;
• email address or social media profile;
• contact information for reaching the winner.

Processing of this data is based on the consent given by the participant when submitting an entry. Data is retained until the conclusion of the competition and announcement of the winner, but no longer than 1 year, unless otherwise specified.

3.3. Newsletter Subscription and Marketing

If you voluntarily subscribe to receive newsletters, the following data is processed:

• email address;
• first name (optional).

Processing of this data is based on your explicit consent. You may unsubscribe at any time using the link at the bottom of any email or by sending a request to info@laimafestival.lv.

3.4. Communication with the Organiser

When sending a request or message via the contact form or email, the following data is processed:

• first name and surname;
• email address;
• content of the communication.

3.5. Photography and Video Recording at the Festival

During the festival, photography and video recording may take place for marketing and documentation purposes. Visitors are informed of such recording by notices at the entrances. In accordance with the GDPR, persons under the age of 13 will not be photographed or filmed without the written consent of their parent or legal guardian.

4. Purposes and Legal Basis for Processing

Personal data is processed for the following purposes:

• Administration of ticket sales and event management — legal basis: performance of a contract (Art. 6(1)(b) GDPR);
• Direct marketing communications — legal basis: consent (Art. 6(1)(a) GDPR);
• Customer communications — legal basis: legitimate interest (Art. 6(1)(f) GDPR);
• Fulfilment of legal obligations (accounting, tax records) — legal basis: legal obligation (Art. 6(1)(c) GDPR);
• Website analytics and improvement — legal basis: consent to cookies (Art. 6(1)(a) GDPR).

5. Data Retention Periods

Personal data is retained only for as long as necessary for the relevant purpose:

• Ticket purchase data — 5 years (in accordance with accounting and tax legislation);
• Marketing consents and related data — until consent is withdrawn, but no longer than 3 years after the last activity;
• Communication history — 2 years;
• Cookie data — in accordance with the validity period of each cookie (see Cookie Policy);
• Photo and video materials — up to 5 years, with separate notification of use.

6. Transfer of Personal Data to Third Parties

The Organiser does not transfer personal data to third parties without a legal basis, except in the following cases:

• Ticketing platforms (e.g. Biļešu Serviss, Ticketshop) — for payment processing and ticket issuance;
• Email marketing service providers (e.g. Mailchimp or equivalent) — for sending newsletters with your consent;
• Analytics service providers — for collection of anonymised statistical data;
• State and law enforcement authorities — for compliance with legal requirements or protection of the Organiser's legal interests.

All third-party service providers are carefully vetted. A data processing agreement is concluded with each of them, guaranteeing a level of data protection no lower than that set out in this Policy.

Where data is transferred outside the European Union or the European Economic Area, the Organiser ensures that appropriate safeguards are in place in the recipient country (e.g. EU standard contractual clauses or a European Commission adequacy decision).

6.1. Processing of Data of Business Partners

The Organiser selects business partners — sponsors, artists, technology providers and others — who strictly comply with GDPR requirements and ensure data confidentiality in mutual dealings. Every partner to whom personal data is transferred has been assessed against data protection standards and is required to maintain an equivalent level of protection. Contact data of business partners is processed on the basis of contract and retained for no longer than 3 years after the end of the cooperation.

6.2. Processing of Corporate Client Data

The Organiser maintains the highest standards for the protection of corporate client data. Companies purchasing group tickets, using VIP packages or concluding other commercial agreements provide contact person data, which is used solely for the provision of the relevant service. Corporate client data is obtained on the basis of contract and retained for no longer than 3 years after the purchase of a product or service, unless a longer period is required by applicable legislation (e.g. accounting laws).

---

7. Your Rights as a Data Subject

Under the GDPR, you have the following rights in relation to your personal data:

• Right of access — to find out what personal data we hold about you;
• Right to rectification — to request correction of inaccurate or incomplete data;
• Right to erasure ('right to be forgotten') — to request deletion of data where there is no longer a legal basis for processing;
• Right to restriction of processing — to request suspension of processing during a dispute or review;
• Right to object — to object to processing based on legitimate interest or direct marketing;
• Right to data portability — to receive your data in a structured, machine-readable format;
• Right to withdraw consent — at any time without adverse consequences, where processing is based on consent.

To exercise your rights, please write to: info@laimafestival.lv or send a written request to the registered address: Brīvības iela 43–3, Rīga, LV-1010.

We will respond to your request within 30 days. If the request is complex, this period may be extended by a further 60 days, of which you will be notified in advance.

If you believe your data is being processed unlawfully, you have the right to lodge a complaint with the Data State Inspectorate (www.dvi.gov.lv, telephone: +371 67223131).

8. Personal Data Security

The Organiser implements appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction or disclosure. These measures include:

• SSL/TLS encryption during data transmission;
• access controls — data is accessible only to authorised personnel;
• regular data security audits and staff training;
• secure server infrastructure within the EU.

In the event of a personal data breach posing a risk to individuals' rights and freedoms, the Organiser will notify the Data State Inspectorate within 72 hours and the affected persons without undue delay.

9. Links to Third-Party Websites

Our website may contain links to social media profiles (Facebook, Instagram, YouTube) and resources of other organisations. These websites operate under their own privacy policies, for which the Organiser bears no responsibility. We encourage you to review the privacy policies of the relevant websites.

10. Protection of Minors' Data

The services of our website are not intended for persons under the age of 16 without parental or guardian consent. We do not knowingly collect personal data from persons under 16. If we discover that such data has been collected in error, we will delete it immediately. We encourage parents to monitor their children's online activity.

11. Changes to This Policy

The Organiser reserves the right to update this Policy at any time to reflect changes in legislation, website functionality or data processing practices. Material changes will be communicated by publishing the updated version on the website with a reference to the new effective date. Continued use of the website following publication of changes constitutes acceptance of the revised Policy.

12. Contact Information

All enquiries regarding personal data processing should be directed to: