Operabase Home

Data protection and privacy policy

Arts Consolidated is the data controller in respect of the processing of your personal data. Our contact information is as follows:

Arts Consolidated ApS
Central Business Register no. (CVR no.) 35529160
Lyngbyvej 20
DK-2100 Copenhagen Ø
Denmark

1. Introduction

1.1 - This data protection and privacy policy (the “Policy”) describes how Arts Consolidated ApS (“us”, ”we” or ”our”) collects and processes personal data relating to the purchase of services, membership, products or general use of our websites.

1.2 - The Policy is prepared and made available to comply with the general data protection regulation (2016/679 of 27 April 2016) (the ”GDPR”) and the rules included herein on information to be provided to you.

2. Cookies

2.1 - By visiting and using our website(s), data may be collected via cookies on the basis of Article 6(1)(a) of the GDPR (consent) for marketing purposes. Information in these cookies include browser type, search terms on our website(s), search terms on other website(s), IP address, and location at login (hereinafter "Cookie Data"). Processing for other purposes, such as statistics in respect of website visits, optimization of functionalities, etc., will take place on the basis of Article 6(1)(f) of the GDPR (the balancing of interests-rule), the legitimate interest of us is to develop and maintain a relevant website with the best possible functionalities.

2.2 - Cookie Data is used for improvement of the website(s) and the user experience, to deliver our products, services or goods, to analytics, personalization, prevention of unauthorized logins, prevention of fraud, scams and illegal use of our website(s) or services, and customer support.

2.3 - Use of cookies for the purpose of collecting personal data is in accordance with the Cookie Order (No. 1148 of 9 December 2011), section 3.

2.4 - If you wish to limit or decline the cookies placed on your computer when visiting our website(s), you can do so at any time by changing your browser settings. Please be aware that if you decline or reject cookies, it will impact the functionality of the website(s) which means that there are features on the website(s) that you will not be able to see. Any browser allows that you delete cookies collectively or individually. How this is done depends on the used browser. Remember to delete the cookies in all browsers if you use several different browsers.

2.5 - We disclose and/or share Cookie Data with advertisers, analytics providers and service providers acting as data processors which includes:

  • CookieBot
  • Google Analytics
  • Hubspot
  • VWO (Visual Web Optimiser) 
  • MarkerIO
  • Fingerprint
  • LinkedIn
  • Facebook 

3. Types of personal data processed

3.1 - We process personal data about you when this is necessary and in accordance with the applicable legislation. Depending on the specific circumstances, the processed personal data include the following types of personal data: address, name, telephone number, email, username, IP addresses, invoicing and bookkeeping data and documentation, payment card details, purchasing history, password, account status (customer points, payments etc.), age, Facebook data, Google data, data received via forms/signups etc. 

3.2 - When it is relevant, personal data is collected directly from you or from external sources. We may receive personal data about you if you use other websites we operate or the other services we provide. 

In this case we will have informed you when we collected the data that it may be shared internally, to any other users of our services, and combined with data collected on this site. We are also working closely with third parties (including, for example, business partners, including arts organizations, event organizations and theatre owners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.

3.3 - If we need to collect more personal data than what is specified above, we will inform you about this. Such information may be provided by our updating of this Policy.

4. Purposes for processing the personal data

4.1 - We only process personal data for legitimate purposes in accordance with the GDPR. Depending on the circumstances, the personal data is processed for the following purposes:

  1. To deliver products or services to a user, customer or member.
  2. To improve our products, services or website(s).
  3. To answer enquiries or complaints from users, customers or members.
  4. To provide service messages and information to users, customers or members.
  5. To store personal data to comply with applicable legislation requirements such as bookkeeping acts.
  6. To prevent fraudulent behavior or misuse of our IT Systems.
  7. To send newsletters by email.
  8. To perform profiling of users, customers or members to analyze and predict their preferences and/or behavior.
  9. To give support and service messages, including answering questions and complaints and send updates about our products and services.
  10. To prevent fraudulent behavior or misuse of our products, services and website(s), including the processing of personal data for the purpose of legal actions.
  11. k) To facilitate a sales process.
  12. To send direct marketing to users, customers or members.

5. Legal basis for processing personal data

5.1 - We only process your personal data when we have a legal basis to do so in accordance with the GDPR. Depending on the specific circumstances, the processing of personal data is done on the following legal basis:

  1. The processing is necessary for the purposes of the legitimate interests where such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, cf. the GDPR, article 6(1)(f).
  2. The processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract, cf. the GDPR, article 6(1)(b).
  3. The processing is necessary to comply with a legal obligation, cf. the GDPR, article 6(1)(c). 

5.2 - Should we need to process your data for the purpose of direct marketing, we will always inform you about this and obtain your consent to such processing, cf. Article (6)1(a) of the GDPR and the Danish Marketing Practices Act. You may withdraw your consent at any time.

6. Disclosure and transfer of personal data

6.1 - We only transfer personal data to others when the law allows it or requires it, including when relevant and asked to do so by you or a data controller when applicable.

6.2 - We may transfer personal data to the following recipients within the EU/EEA:

  1. Data processors
  2. Collaborators
  3. Suppliers
  4. Banks (for example in connection with payments etc.) acting as data controllers
  5. Tax authorities (for example in connection with accounting etc.) acting as data controllers

6.3 - From time to time we use external companies as suppliers to assist us in delivering our services. The external suppliers will not receive or process personal data unless the applicable law allows for such transfer and processing. Where the external parties are data processors, the processing is always performed on the basis of a data processor agreement in accordance with the requirements under GDPR. Where the external parties are data controllers, the processing of personal data will be performed based on said external parties’ own data privacy policy and legal basis which the external parties are obligated to inform about unless the applicable legislation allows otherwise.

6.4 In the context of our development, the corporate structure may change, e.g., by the total or partial sale of the company. In the case of a partial transfer of assets containing personal data, the processing basis for the related transfer of personal data is, as a rule, Article 6(1)(f) of the GDPR, since we have an interest in transferring parts of our assets and making commercial/structural changes.

6.5 - We may transfer personal data to third countries (countries or international organisations outside the EU/EEA). Personal data is transferred to the following countries: USA. Such transfers are based on the standard contractual clauses about data protection made or approved by the EU Commission and possibly approved by a national supervisory authority, ensuring a sufficient level of protection such as the EU-US Data Privacy Framework.

6.6 - If you have any questions about our use of data processors, cooperation with other data controllers, including subsidiary companies, or transferring of data to third countries, please contact us for more information or documentation of our legal basis for said transfers, etc.

7. Erasure and retention of personal data

7.1 - We ensure that your personal data is deleted when it is no longer relevant for the processing purposes as described above. 

7.2 – However, we retain personal data to the extent that it is an obligation from applicable law, as is the case with for example accounting and bookkeeping materials and records, cf. the Danish Consolidated Bookkeeping Act (‘bogføringsloven’). The data may also be processed and stored for a longer period if it is anonymised.

Any personal data included in bookkeeping records will be stored for 5 (five) years as from expiry of the financial year at which time the data will be deleted. The storage period has been determined on the basis of the storage requirements laid down in sec 10 of the Consolidated Bookkeeping Act and, consequently, with a view to complying with applicable law.

Any documentation of your consent under marketing law will be stored for 2 (two) years as from the date when you withdrew your consent to receive direct marketing material. The storage period has been determined on the basis of our legitimate interest in being able to document that direct marketing took place in accordance with applicable law.

7.3 - If you have any questions about our retention of personal data, please contact the email mentioned in section 10 of this Policy.

8. Your rights

8.1 - You have a number of rights that we can assist with. If you wantto make use of your rights, please do not hesitate to contact us. The rights include the following:

8.1.1 - The right of access: You have a right to access the information that we process about you, including relevant additional information.

8.1.2 - The right to rectification: You have a right to ask for rectification of inaccurate personal data concerning you. 

8.1.3 - The right to erasure: Under certain circumstances, youhave a right to obtain the erasure of personal data concerning you prior to the time when erasure would normally occur.

8.1.4 - The right to restrict processing: You have, in certain situations, a right to have the processing of your personal data restricted. If youhave the right to have the processing of your personal data restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest in the European Union or of a European member state.

8.1.5 - The right to object: You havea right to object to the legal processing of your personal data under certain circumstances. Objection can also be to the processing of personal data for the purpose of direct marketing.

8.1.6 - The right to data portability: In certain situations, you have a right to receive your personal data in a structured, commonly used and machine-readable format and have the right to transmit those data to another data controller without hindrance from the data controller to which the personal data has been provided.

8.1.7 - If our processing of your personal data is based on your consent, you may at any time revoke your consent. To do so, you need to contact us (see below).

8.2 - More information about data subject rights can be found in the guidelines of the national data protection authorities. If you wish to make use of your rights as described above, please use the contact details provided at the end of this Policy. In connection with inquiries concerning your rights, we ask that you provide us with adequate information to process your inquiry, including your full name and your email address, so that we may identify you and respond to your inquiry. We strive to do everything to meet wishes regarding our processing of personal data and the rights of data subjects. 

8.3 - If you wish to file a complaint, this can be done by contacting the national data protection authorities:

The Danish Data Protection Agency
Carl Jacobsens Vej 35
2500 Valby
Denmark
Telephone: + 45 33 19 32 00
Email: dt@datatilsynet.dk

9. Changes to the Policy

9.1 - We reserve the right to update and amend this Policy. If we change the Policy,we correct the date and the version at the bottom of this Policy. In case of significant changes, we will provide notification in the form of a visible notice, for example on our website or by direct message.

10. Contact

10.1 - If you have questions or comments concerning this Policy or if you would like to invoke one or more data subject rights, for example if you want us to change or delete personal data, we have registered about you, please contact us at info@artsconsolidated.com.

This Policy is version 7 which was last updated the October 2024.