Information on the Processing of Personal Data | TICKETPORTAL Tickets at hand - theater, music, concert, festival, musical, sports

Personal Data Processing Policy

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter “GDPR”) and related legislation, we hereby provide you with information on the processing of your personal data, including the scope of your related rights.

Who is the controller of personal data?

The controller of your personal data is PLG Czech Republic, s.r.o., Company ID No.: 01901613, VAT ID No.: CZ01901613, registered office at Italská 2581/67, 120 00 Prague 2, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, File 90221 (hereinafter “we” or “Ticketportal”). When selling tickets, Ticketportal acts as a sales intermediary for the organiser of the specific event. In such a case, Ticketportal and the organiser act as independent controllers of personal data, each being responsible for the processing of personal data separately. The identification of the organiser is always shown in the purchase form and subsequently on the ticket (hereinafter the “organiser”).

From what sources do we obtain personal data?

We obtain personal data directly from you, based on your ticket purchase or based on your registration on the website www.ticketportal.cz.

What personal data do we collect?

When purchasing a ticket:

first name, surname, e-mail address and telephone number, payment details, and where necessary also an address, e.g. for ticket or goods delivery,
other data required by the organiser, necessary for the proper execution of the event and marked in the purchase form with the (i) icon.

If you register:

first name, surname, e-mail address,
the same data as when purchasing a ticket, if you purchase tickets through your registration.

For what purposes do we use personal data?

Sale of tickets and related services

We process personal data for the purpose of fulfilling the ticket sale agreement concluded with you and for the provision of related services (Art. 6(1)(b) GDPR), in particular for the purposes of:

delivering the ticket,
informing you of changes to the event date or venue, cancellation of the event, or other details and arrangements related to the event,
ticket inspection and enabling entry to the event,
handling complaints and possible ticket refunds.

Registration

If you register on the Ticketportal website, we process your personal data for the purpose of creating, managing and operating your registration (Art. 6(1)(b) GDPR), in particular for the purposes of:

purchasing tickets,
viewing your purchase history.

Marketing

We process personal data for marketing purposes based on the legitimate interest of Ticketportal (Art. 6(1)(f) GDPR), in particular for the purposes of:

offering similar products and services related to the event (e.g. concert tickets, accommodation, transport, accompanying programme),
analysing purchasing behaviour.

If you give your explicit consent (Art. 6(1)(a) GDPR) to the sending of commercial communications, we may provide your e-mail address to the event organiser, who may contact you with offers of other events that may be of interest to you. In such a case, the conditions of processing are governed by the organiser’s terms. Under the law, explicit consent to receive commercial communications may only be given by a person over 15 years of age.

Exercise of claims and prevention of unlawful activity

We also process personal data for the purposes of exercising and handling legal claims of customers or Ticketportal, and for the prevention and detection of unlawful activities (e.g. unauthorised ticket reselling for profit without a business licence), i.e. on the basis of Ticketportal’s legitimate interest (Art. 6(1)(f) GDPR).

Fulfilment of legal obligations

We also process personal data for the fulfilment of our statutory obligations, in particular in the field of taxation and accounting (Art. 6(1)(c) GDPR).

How long do we store personal data?

We store personal data for the period strictly necessary to fulfil the purpose of their processing. Specifically, we store personal data for the duration of the event and subsequently for three (3) years after its end for the purposes of exercising or handling potential legal claims of the customer or Ticketportal. If any legal claim is made during this three-year period, we retain the relevant personal data until the claim has been resolved or for as long as necessary to carry out related legal steps.

After the expiry of three years, personal data may continue to be stored if required by law, in particular to comply with obligations under the Accounting Act (Act No. 563/1991 Coll.) or the Value Added Tax Act (Act No. 235/2004 Coll.), under which certain data must be stored for up to five (5) or ten (10) years.

We do not retain personal data for longer than authorised; once the legal basis expires, we delete the relevant personal data.

If you provide consent to the processing of personal data (e.g. for the sending of commercial communications by Ticketportal or the organiser), we process your personal data until you withdraw your consent, but for a maximum of 3 years from the date it was granted.

To whom may we provide personal data?

We may provide your personal data, to the extent necessary to fulfil the purpose of processing, to the following categories of recipients:

Event organisers

Personal data may be provided to the organiser of the specific event identified on the ticket, for the purpose of fulfilling the ticket sale agreement and for processing based on its legitimate interest, or with your consent for the purposes of sending commercial communications.

Payment service providers

Depending on the method of payment, personal data may be provided for the purpose of processing and reconciling the payment to the following recipients:

Twisto payments a.s., Company ID No.: 01615165, registered office at Újezd 450/40, 118 00 Prague 1, if you pay via Twisto;
benefit programme providers (e.g. Edenred, Pluxee, Benefit Plus), if you pay through such a provider;
SAZKA a.s., Company ID No.: 26493993, registered office at Evropská 866/69, Vokovice, 160 00 Prague 6, if you make a cash payment at its terminal.

Digital marketing and advertising service providers

If you grant consent for marketing purposes, we may share your data with:

Google Ireland Limited, ID: 368047, Gordon House, Barrow Street, Dublin 4, Ireland, in accordance with the Google Privacy Policy;
Meta Platforms Ireland Limited, ID: 462932, Merrion Road, Dublin 4, D04 X2K5, Ireland, for the purposes of personalised advertising on Facebook and Instagram, in accordance with the Meta Privacy Policy.

Use of cookies and similar technologies

We use cookies and similar technologies on our website. Detailed information on the cookies used, their purposes and configuration options can be found in our Cookies Policy.

YouTube API Services provider

If you use functions connected to the YouTube service (e.g. video playback on our website), personal data is processed in accordance with the YouTube API Services and the Google Privacy Policy.

Contractual processors

Your personal data may also be made available to our contractual partners who provide us with services, in particular in the fields of IT, accounting, tax and legal services or customer support. All such entities act as personal data processors and are bound by a data processing agreement pursuant to Art. 28 GDPR.

Public authorities and other entities authorised by law

Your personal data may also be provided to public authorities or other entities authorised to request them under the law (e.g. courts, law enforcement authorities, administrative bodies).

Is the provision of personal data voluntary?

The provision of your personal data is entirely voluntary and is based on a contractual relationship; however, if you refuse to provide the required personal data, it will not be possible to sell you a ticket or create a registration through Ticketportal.

If you grant consent to the processing of personal data (e.g. for the sending of commercial communications by Ticketportal or the organiser), you provide such consent voluntarily and may withdraw it at any time.

How do we protect children’s personal data?

In accordance with Article 8 GDPR and Czech law, special rules apply to the processing of children’s personal data:

if you are under 15 years of age, you may create a registration only with the consent and supervision of your legal guardian;
if you are between 15 and 18 years of age, you may create a registration independently, however we recommend consultation with your legal guardians, especially when purchasing tickets.

If we discover that you have provided false information about your age, we may cancel your registration and delete your personal data.

If you find out that your child under 15 years of age is using our services without your knowledge, please contact us. We will be happy to provide you with information about the processing of your child’s data and help resolve the situation.

What rights do you have in relation to personal data in connection with ticket purchases?

Right of access to personal data:

you have the right to request a copy of your personal data that we process.

Right to rectification of personal data:

you have the right to request the updating, supplementation or correction of your personal data if you believe it is inaccurate or incomplete.

Right to erasure of personal data:

you have the right to request the erasure of your personal data if it is no longer necessary for the purpose for which it was processed.

Right to restriction of processing of personal data:

you have the right to request restriction of processing if you contest the accuracy of your personal data, or if the processing is unlawful but you oppose deletion of such personal data.
you also have this right if Ticketportal no longer needs the personal data for processing purposes, but you require their further (limited) processing in order to exercise a claim before a court or other authority, for which the personal data processed by us are necessary.

Right to data portability:

you have the right to the portability of your personal data to another controller, where technically feasible.

Right to object to processing of personal data:

you may object at any time to processing carried out on the basis of legitimate interest. In such a case, we will no longer process your personal data unless we have a legal basis to continue and/or further processing is compatible with the purpose of processing.

What are the time limits for handling my requests?

We will respond to your requests relating to the exercise of your rights without undue delay and within 30 days of receipt of the request.

Ticketportal will also, without undue delay, inform recipients of personal data of any request for restriction of processing, rectification, supplementation or deletion of personal data, except in cases where such notification is impossible or would require disproportionate effort.

How does Ticketportal ensure the protection of personal data?

We have implemented technical and organisational measures appropriate to the nature, scope, context and purposes of personal data processing, which protect your personal data against unauthorised access or transfer, loss, destruction or other misuse.

In particular, we have implemented the following measures:

Access to personal data is restricted through access control, protected by strong passwords and multi-factor authentication.
We use encryption, firewalls, antivirus and anti-malware protection, regular backups and secure storage of backups.
Systems are subject to regular updates and monitoring of security incidents.
Employees and contractual partners who process personal data are bound by confidentiality obligations.
All activities related to personal data processing are governed by internal regulations and control mechanisms.
Access to premises where personal data is processed is physically restricted and protected against unauthorised entry.
The availability of personal data and access to it in the event of a physical or technical incident is ensured through regular backups enabling data restoration to a specific point in time within a reasonable period.
The effectiveness of the adopted measures is tested, evaluated and, where necessary, updated to reflect current technological and operational standards.

How can I help protect my personal data?

Below are some recommended practices that may help you protect your data:

If you log in to our systems using a password, always use a unique strong password that you do not use for other devices and services. Do not disclose or share your password with anyone, including our employees. We will never ask you to reveal your password — be especially cautious of e-mail requests asking for login credentials, even if they appear to be sent on behalf of our company, as these are likely scams intended to obtain and misuse your password.
If you send us confidential data, please use a secure method of communication, e.g. password-protecting files combined with encryption and providing the password via a separate communication channel.
If you feel that our obligations have not been fully met, that unauthorised data leakage has occurred, or that someone is falsely claiming to act on behalf of our company, please inform us as soon as possible. Our contact details are provided below.

Do we transfer your personal data outside the EU or to an international organisation?

In connection with the use of third-party marketing and analytics tools (e.g. Google, Meta), your personal data may be transferred to third countries outside the European Union and the European Economic Area, in particular to the United States of America, where required by the conditions of such services. Such transfers are always based on an adequacy decision of the European Commission (EU-US Data Privacy Framework), or on standard contractual clauses adopted by the European Commission. Appropriate technical and organisational measures have been implemented to ensure a level of protection required by EU law.

Where can you lodge a complaint regarding the processing of personal data?

You have the right to lodge a complaint if you believe that the processing of your personal data violates data protection rules, with the supervisory authority:

Office for Personal Data Protection

Pplk. Sochora 27

170 00 Prague 7

phone: +420 234 665 111

How can I contact Ticketportal or the Data Protection Officer?

If you wish to exercise any of the above-mentioned rights or have any questions regarding personal data, you may contact us by e-mail, or you may contact our Data Protection Officer, Blažek a Bureš, advokátní kancelář s.r.o., Company ID No.: 09117091, registered office at Na Březince 1232/16, Smíchov, 150 00 Prague 5, at info@bblegal.cz.

Policy updates

Ticketportal may amend or update this Policy from time to time. By continuing to use Ticketportal services after such amendments or updates, you express your agreement with the updated wording.

Last update: 1 January 2026