PRIVACY NOTICE

Effective date: May 2026

1. About us

The City Events LLC, based in the United States (EIN 99-1009117), is registered at 2140 S Dupont HWY, Camden, Delaware, 19934 (“Us” or “we”). As the “controller” or “business,” we manage our website, including subdomains, country-specific variations, and related components (the “Website”). While delivering our services, we may process identifiable user information (“Personal Data”).

We handle Personal Data responsibly, using it only as needed for our services and in compliance with data protection regulations. Please review this Privacy Notice to understand how we process Personal Data. If you provide Personal Data about other attendees, ensure they are informed of this Privacy Notice.In case of discrepancies, the English version of this Privacy Notice will prevail.

2. Personal Data We Process
   2.1 Data You Provide Directly: We collect Personal Data when you:

• Purchase a ticket on our Website to any of our experiences.
• Contact or correspond with our support team via phone, email, or the Website.
• Complete forms, respond to surveys, subscribe to newsletters, or join competitions or promotions.
• Share reviews, opinions, and feedback about experiences you attended through our services. 

This may include:

• Name, surname, email address, phone number, and date of birth.
• Location (based on IP address or device details).
• Profile picture (if you use social login).
• Records of conversations and messages with our user support team, including call recordings.
• Pictures you may upload as part of your review.
  
  2.2 Data Collected from Your Use of Our Services:

• Technical Data: IP address, login details, browser type, time zone, device information (e.g., IMEI number, VPN usage), operating system, and network details.
• Usage Data: Links clicked, pages visited, search queries, page interactions, and browsing behavior.
• Transaction Details: Information about purchases made.
  
  2.3 Information Received from Other Sources: We collect data from fraud prevention agencies, partners, and other third parties to improve our services.
• Technical Data:
  • Information from analytics providers inside and outside the EU, such as Google Analytics.
  • Data from advertising networks, including Facebook Audience Network.
  • Search information from providers like Adobe Audience Manager within the EU.
• Contact and Transactional Data: Data from payment service providers regarding transactions and contact details.
• Third-Party Services: Information from services integrated into our Website, such as user feedback forms, newsletter subscriptions, and competition administration.
  

3. How We Use Your Personal Data

We process your Personal Data based on a valid lawful basis, which includes:

• Fulfilling a Contract: We require certain Personal Data to provide our services. Without this data, we cannot fulfill our agreement with you.
  • Processing ticket transactions and payments through compliant third-party payment providers.
  • Offering user support and responding to inquiries, with potential recording and monitoring of communications for record-keeping, training, and service improvement.
• Consent: With your consent, we collect and use your Personal Data for specific purposes, such as sending newsletters with promotions or sharing your data with event organizers for marketing purposes. Additionally, we will rely on your consent or on the choices you make when directly submitting the review on the Website. You can withdraw your consent for processing your Personal Data at any time by updating your preferences or contacting us (see section 11).
• Legal Obligations: In some cases, we are legally required to collect and store your Personal Data, such as retaining transaction details under tax regulations.
  • Sharing Personal Data with organizations (e.g., law enforcement, tax authorities, fraud prevention agencies) to comply with legal obligations or assist in crime prevention.
  • Responding to data subject requests, handling complaints, or addressing legal claims/disputes.
  • Conducting any necessary processing to meet legal or regulatory requirements.
• Legitimate Interests: We may use your Personal Data when it is necessary for our legitimate business purposes, provided this use is balanced against your rights and freedoms.
  • Ensure security of our services and IT systems and maintain efficient operations.
  • Recommend similar events.
  • Gather feedback and reviews about experiences you have attended or purchased through our services. 
  • Measure the effectiveness of promotional campaigns and advertising.
  • Maintain records of marketing communication preferences.
  • Analyze and improve our services, including content, features, and events.
  • Use IP addresses and device locations to identify and block unauthorized users.

Note that if we need your Personal Data to fulfill a purchase agreement with you and you fail to provide it, we may be unable to deliver our services. Should this occur, we will inform you and may need to cancel the services.

4. Additional Uses of Your Personal Data.

We use your Personal Data to tailor marketing communications about our services, making them more relevant and engaging for you (where permitted by law). This may involve analyzing your use of our services and ticket transactions.

4.1 Experience Recommendation

• Personalized Suggestions: We may use your name, contact details, and data on your use of our services to recommend experiences available on the Website that may interest you.
• Marketing Communications: You will receive marketing messages if you have requested information, purchased a ticket, or participated in a sweepstake, competition, or promotion, and have not opted out.

4.2 Third-party marketing: We will seek your consent, as required by applicable regulations, before sharing your Personal Data with any company outside our group for marketing purposes. Additionally, we may share limited Personal Data (name, surname, and email) with a sponsor, event organizer, or venue for a specific experience. These third parties will be clearly identified for the experience you choose to participate in. Consent for further data processing or marketing communications may be requested by us or the third party during or after the experience.

4.3 Third-party advertising companies:

• Personalized Advertising: We work with third-party advertising and technology companies to ensure ads and marketing are relevant to you. These companies collect data about your interactions with our services to build a profile of your preferences and analyze your behavior after viewing ads.
• Web Analytics: We use tools like Google Analytics to analyze your use of our services and improve ad delivery.
• Cookies and Tracking: These third parties use cookies and other tracking technologies to collect, store, and use your data. For more details and control options, refer to our Cookie Notice.
• Third-Party Data Use: In some cases, these companies may use aggregated data for their own purposes, such as providing services to other clients or collaborating with other advertising companies.
• Social Media Advertising: We may share data with platforms like Facebook (e.g., via Facebook Custom Audiences) to serve relevant ads.
• Your Control: Restricting tracking may result in ads that are not tailored to your preferences. Visit our Cookie Notice to learn how to manage your data.
  

5. Sharing Your Personal Data

We share your Personal Data in specific circumstances to provide and improve our services while ensuring compliance with applicable regulations:

• Group Entities: Personal Data may be shared within our group entities to:
  • Deliver a seamless user experience and services, including the improvement or development of new services.
  • Prevent fraud and harmful behavior.
  • Improve existing or develop new services.
  • Send updates and marketing communications.
• Third-Party Service Providers: We work with service providers acting as data processors to assist with:
  • IT infrastructure and support.
  • Analytics and user research.
  • Communication services like email, push notifications, and surveys.
  • Payment processing and other service-related tasks.
• Legal Compliance: Personal Data may be shared to comply with legal obligations, respond to court orders, investigate or prevent crimes, address fraud, or ensure safety.
• M&A: In case of a merger, acquisition, or sale, your Personal Data may be transferred to the new entity. You’ll be informed of ownership changes and given options regarding your Personal Data use.
• Social Media and Advertising Partners: Limited hashed data (e.g., name, email) may be shared with social media platforms to:
  • Show you ads relevant to new products or services.
  • Avoid ads for services you already use.
  • Target “lookalike audiences” for marketing.
• Event Organizers: When purchasing tickets or participating in events, your Personal Data may be shared with organizers or their third-party collaborators for event logistics. We are not responsible for how these parties process your data or comply with data protection laws.
  

6. International Data Transfers

If you are a resident of the European Economic Area (EEA), we generally aim to store your Personal Data within the EEA. However, in certain situations, your Personal Data may need to be transferred to third-party service providers located outside the EEA or the United Kingdom (UK) for purposes such as:

• Providing our services,
• Ongoing user support,
• Compliance with legal and regulatory requirements, and
• Fraud prevention or cooperation with law enforcement.

When transferring Personal Data to countries that do not provide an equivalent level of data protection as the EEA or UK, we ensure your data is adequately protected by implementing contracts with strict data protection safeguards. European residents can learn more about data transfer rules outside the EEA and the mechanisms we use by visiting the  European Commission website.

When purchasing tickets or enrolling in events outside the EEA, your Personal Data may be shared with the organizer to manage your participation. By proceeding with the purchase, you consent to this transfer.

7. Cookies and tracking technologies

We use cookies to analyze how you interact with our services. For details, refer to our Cookies Notice. Additionally, we and our partners may use technologies like pixels, web beacons, and scripts for purposes such as measuring email campaign performance, tracking user behavior, analyzing trends, and managing the services. Reports and dashboards are created based on individual and aggregated data from these tools.

Cookies also help us remember user settings, like language preferences. You can manage cookies in your browser, but rejecting them may limit some features of our services.

8. Security

We take strong technical and organizational measures to protect your Personal Data. However, as no internet transmission is completely secure, we cannot fully guarantee the security of data you send to us online.

Our measures include access controls and other safeguards to ensure your Personal Data remains confidential, secure, and protected against unauthorized access or misuse.

9. Data Retention

We retain your Personal Data only as long as necessary for the purposes it was collected and in compliance with applicable regulations. Even after these purposes are fulfilled or if you request deletion, we may need to retain your Personal Data to meet legal requirements, resolve disputes, or enforce agreements, as retention periods vary by country and regulation.

In some cases, we may anonymize your Personal Data for internal research, analytics, or statistical purposes. Anonymized data cannot identify you and may be retained indefinitely.

10. Your Rights

You have specific rights regarding your Personal Data. For more information or to exercise these rights, contact our team at privacy@tourism-tickets.com. Your rights include:

1. Access: Request details about how we use your Personal Data and obtain a copy of it (excluding data about others, ongoing investigations, or privileged communications).
2. Correction: Ask us to update inaccurate or incomplete Personal Data, subject to verification.
3. Deletion: Request deletion of your Personal Data, unless legal obligations or retention requirements apply.If we delete your data, this applies only to the specific service. For other services or accounts, separate requests are needed.
4. Objection: Opt-out of marketing or processing based on legitimate interests. Note that this may affect our provision of the services.
5. Restriction: Request a pause on processing your Personal Data, e.g., during accuracy disputes or legal claims.
6. Data Portability: Ask for your Personal Data in a structured, machine-readable format for transfer to another provider, where applicable.
7. Withdraw Consent: Update your permissions or privacy preferences via email.

We aim to respond to requests within legal timeframes. Some data may be exempt from these requests due to specific circumstances, which we will explain if applicable. To process your request, we may require identity verification.

11. Minors

DO NOT USE THE WEBSITE IF YOU ARE MINOR. We do not knowingly collect information from children under 13. If you are under 13, you may only use the services with explicit permission from your parent or guardian.

12. Third-party Sites

Our services may include links to third-party websites. This Privacy Notice applies only to the Personal Data we collect through our own websites. We are not responsible for how third parties collect, store, or use your data on their websites. Be sure to review the Privacy Notices of any website you visit.

13. Updates to this Privacy Notice

This Privacy Notice was last updated in May 2026. Please review it regularly for updates. If significant changes are made and we have your email address, we will notify you directly.

14. Complaints

You have the right to file a complaint with the appropriate data protection authority if you believe we have not adhered to applicable data protection laws. The relevant authority may vary depending on the country from which you are accessing our services. Please refer to the table below to identify the appropriate data protection authority for your location.

In California, users are entitled to specific rights under privacy regulations, including the “Do not sell my personal information” option. We comply with these regulations, ensuring it does not sell or share personal information in violation of the law. However, Section 5 of this Privacy Notice outlines specific circumstances where data may be shared, such as with service providers, partners, event organizers, or with user consent.

To manage data sharing through cookies or tracking technologies, users can opt out via the “Do not sell my personal information” or “Cookies management” panel available at the bottom of the webpage.

Annex I – Data Protection Authorities by country

Below, you can find information about the local data protection authorities in some of the countries in which we operate.