Line-Up Data Processing Terms

These Data Processing Terms ("Terms") form part of the agreement for provision of the Line-Up service on the Line-Up Terms of Service ("Agreement") between: (i) Planvine Ltd, a limited company registered in England and Wales under company number 07433966 and whose registered office is at 8 Pipers Close, Burnham, Slough, Buckinghamshire, SL1 8AW (“Line-Up”); and (ii) the person specified in the Agreement as the Organiser ("Organiser”).

The terms used in these Terms shall have the meanings set forth in these Terms. Capitalised terms not otherwise defined in these Terms shall have the meaning given to them in the Agreement.

References in these Terms to the Agreement are to the Agreement including these terms.

Definitions

In these Data Processing Terms:

Applicable Law: means as applicable and binding on the Organiser, Line-Up and/or the Services:
  1. any law, statute, regulation, by-law or subordinate legislation in force from time to time to which a party is subject and/or in any jurisdiction that the Services are provided to or in respect of;
  2. the common law and laws of equity as applicable to the parties from time to time;
  3. any binding court order, judgment or decree; or
  4. any applicable direction, policy, rule or order that is binding on a party and that is made or given by any regulatory body having jurisdiction over a party or any of that party’s assets, resources or business;
Appropriate Safeguards: means such legally enforceable mechanism(s) for transfers of Personal Data as may be permitted under Data Protection Laws from time to time;
Data Controller: has the meaning given to that term (or to the term ‘controller’) in Data Protection Laws;
Data Processor: has the meaning given to that term (or to the term ‘processor’) in Data Protection Laws;
Data Protection Laws: means as applicable and binding on the Organiser, Line-Up and/or the Services:
  1. in the United Kingdom, the GDPR, and/or any corresponding or equivalent national laws or regulations;
  2. in member states of the European Union: the GDPR, once applicable, and all relevant member state laws or regulations giving effect to or corresponding with any of them; and
  3. any Applicable Laws replacing, amending, extending, re-enacting or consolidating any of the above Data Protection Laws from time to time;
Data Subject: has the meaning given to that term in Data Protection Laws;
GDPR: means the General Data Protection Regulation (EU) 2016/679;
Personal Data: has the meaning given to that term in Data Protection Laws;
Personal Data Breach: means any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, any Protected Data;
processing: has the meanings given to that term in Data Protection Laws (and related terms such as process have corresponding meanings);
Protected Data: means Personal Data received from or on behalf of the Organiser to the extent that it is processed by Line-Up on Organiser’s behalf in connection with the performance of Line-Up’s obligations under the Agreement;
Services: means the services to be provided under the Agreement;
Sub-Processor: means another Data Processor engaged by Line-Up for carrying out processing activities in respect of the Protected Data on behalf of the Organiser; and
Supervisory Authority: means any local, national or multinational agency, department, official, parliament, public or statutory person or any government or professional body, regulatory or supervisory authority, board or other body responsible for administering Data Protection Laws.

Specific interpretive provision(s)

In these Terms:

  1. references to any Applicable Laws (including to the Data Protection Laws and each of them) and to terms defined in such Applicable Laws shall be replaced with or incorporate (as the case may be) references to any Applicable Laws replacing, amending, extending, re-enacting or consolidating such Applicable Law (including the GDPR and any new Data Protection Laws from time to time) and the equivalent terms defined in such Applicable Laws, once in force and applicable;
  2. a reference to a law includes all subordinate legislation made under that law; and
  3. references to “paragraph numbers” are to paragraphs of these Terms.

Data Processing Provisions

  1. Data Processor and Data Controller
    1. The parties agree that, for the Protected Data, the Organiser shall be the Data Controller and Line-Up shall be the Data Processor.
    2. Line-Up shall process Protected Data in compliance with the obligations of Data Processors under Data Protection Laws in respect of the performance of its obligations under the Agreement.
    3. The Organiser shall comply with:
      1. all Data Protection Laws in connection with the processing of Protected Data, the Services and the exercise and performance of its respective rights and obligations under the Agreement, including maintaining all relevant regulatory registrations and notifications as required under Data Protection Laws; and
      2. the terms of the Agreement.
    4. The Organiser warrants and undertakes that:
      1. it shall ensure that Data Subjects are provided with appropriate information regarding the processing of their Personal Data, including by means of a transparent and easily accessible privacy notice.
      2. all instructions given by it to Line-Up in respect of Personal Data shall at all times be in accordance with all applicable laws including Data Protection Laws.
    5. The Organiser shall not withhold, delay or condition its agreement to any change to the Agreement or the Services requested by Line-Up in order to ensure the Services and Line-Up (and each Sub-Processor) can comply with Data Protection Laws.
  2. Instructions and details of processing
    1. Insofar as Line-Up processes Protected Data on behalf of the Organiser, Line-Up:
      1. unless required to do otherwise by Applicable Law, shall process the Protected Data only on and in accordance with the Organiser’s documented instructions as set out in this paragraph 2 and Schedule 1 (Data processing details) and (Processing Instructions);
      2. if Applicable Law requires it to process Protected Data other than in accordance with the Processing Instructions, shall notify the Organiser of any such requirement before processing the Protected Data (unless Applicable Law prohibits such information on important grounds of public interest); and
      3. shall inform the Organiser if Line-Up becomes aware of a Processing Instruction that, in Line-Up’s opinion, infringes Data Protection Laws, provided that:
        1. this shall be without prejudice to paragraphs 1.3 and 1.4;
        2. to the maximum extent permitted by mandatory law, Line-Up shall have no liability howsoever arising (whether in contract, tort (including negligence) or otherwise) for any losses, costs, expenses or liabilities arising from or in connection with any processing in accordance with the Organiser's Processing Instructions following the Organiser's receipt of that information.
    2. The processing of Protected Data to be carried out by Line-Up under the Agreement shall comprise the processing set out in Schedule 1 (Data processing details), as may be updated from time to time by agreement between the parties.
  3. Technical and organisational measures
    1. Line-Up shall implement and maintain, at its cost and expense, the technical and organisational security measures in relation to the processing of Protected Data by Line-Up, as set out in Schedule 1 (Technical and organisational security measures).
  4. Using staff and other processors
    1. The Organiser provides general written authorisation to Line-Up to engage Sub-Processors to perform the Services. The Organiser shall be notified of, given the opportunity to and state its grounds for any objection to, any new Sub-Processor. The Organiser acknowledges that Sub-Processors are essential in order for Line-Up to provide the Services and that objecting to the use of a Sub-Processor may prevent Line-Up from continuing to provide the Services to the Organiser. In the event that Line-Up is unable to adequately address those objections, either party may terminate the Agreement upon notice without liability to the other. For the avoidance of doubt, in such circumstances Line-Up shall not be obliged to refund any Subscription Fees paid by the Organiser. The Organiser confirms that it has no objection to the use of the Sub-Processors listed here: Third Party Data Sub-Processors - Line-Up as a Data Processor.
    2. Line-Up shall:
      1. prior to the relevant Sub-Processor carrying out any processing activities in respect of the Protected Data, appoint each Sub-Processor under a written contract substantially on the standard terms of business of that Sub-Processor, or containing materially the same obligations as under these Terms, that is enforceable by Line-Up;
      2. ensure each such Sub-Processor complies with all such obligations; and
      3. remain fully liable for all the acts and omissions of each Sub-Processor which constitutes a breach of these terms as if they were its own.
    3. Line-Up shall ensure that all persons authorised by it to process Protected Data are subject to an obligation to keep the Protected Data confidential (except where disclosure is required in accordance with Applicable Law.
  5. Assistance with the Organiser’s compliance and Data Subject rights
    1. Line-Up shall refer all Data Subject Requests it receives to the Organiser within 7 days of receipt of the request, provided that if the number of Data Subject Requests exceeds 5 per calendar month, the Organiser shall pay Line-Up’s charges calculated on a time and materials basis at Line-Up’s then current rates for recording and referring the Data Subject Requests in accordance with this paragraph 5.1.
    2. Line-Up shall provide such reasonable assistance as the Organiser reasonably requires (taking into account the nature of processing and the information available to Line-Up) to the Organiser in ensuring compliance with the Organiser’s obligations under Data Protection Laws with respect to:
      1. security of processing;
      2. data protection impact assessments (as such term is defined in Data Protection Laws);
      3. prior consultation with a Supervisory Authority regarding high risk processing; and
      4. notifications to the Supervisory Authority and/or communications to Data Subjects by the Organiser in response to any Personal Data Breach,

      provided the Organiser shall pay Line-Up’s reasonable charges for providing the assistance in this paragraph 5.2, such charges to be calculated on a time and materials basis at Line-Up’s then-current rates.

  6. International data transfers
    1. The Organiser agrees that Line-Up may transfer Protected Data to Sub-Processors in countries outside the United Kingdom (an International Recipient), provided all transfers by Line-Up of Protected Data to an International Recipient shall (to the extent required under Data Protection Laws) be effected by way of Appropriate Safeguards and in accordance with Data Protection Laws.
  7. Records, information and audit
    1. Line-Up shall maintain, in accordance with Data Protection Laws binding on Line-Up, written records of all categories of processing activities carried out on behalf of the Organiser.
    2. Line-Up shall, in accordance with Data Protection Laws, contribute and allow for audits either by (at its option): (i) making available to the Organiser upon request interviews with staff, reports or documents, which the Organiser must treat confidentially under the confidentiality provisions of the Agreement or under a non-disclosure agreement concluded between the Parties; or (ii) responding to a written security questionnaire submitted to it by the Organiser provided that the Organiser will not exercise this right more than once per year and will hold Line-Up’s responses in confidence under the confidentiality provisions of the Agreement.
  8. Breach notification
    1. In respect of any Personal Data Breach involving Protected Data, Line-Up shall, without undue delay:
      1. notify the Organiser of the Personal Data Breach; and
      2. provide the Organiser with details of the Personal Data Breach.
  9. Deletion or return of Protected Data and copies
    1. Line-Up shall, at the Organiser’s written request, either delete or return all the Protected Data to the Organiser within a reasonable time after the earlier of:
      1. the end of the provision of the relevant Services related to processing (including any period following termination of the Agreement during which, under the terms of the Agreement, Line-Up agrees to use efforts to retrieve a copy of the Protected Data); or
      2. once processing by Line-Up of any Protected Data is no longer required for the purpose of Line-Up’s performance of its relevant obligations under the Agreement,

      and delete existing copies (unless storage of any data is required by Applicable Law and, if so, Line-Up shall inform the Organiser of any such requirement).

Schedule 1 - Data Processing Details

  1. Subject-matter of processing:
    Use by the Organiser of the online Line-Up ticketing platform.
  2. Duration of the processing:
    For the duration of the provision of the Services.
  3. Nature and purpose of the processing:
    To provide the Services to the Customer.
  4. Type of Personal Data:
    First name, last name, email adress, telephone number, address, payment card details, IP address, browser and device details
  5. Categories of Data Subjects:
    Attendees (as defined in the Agreement) of the Organiser.
  6. Technical and Organisational Security measures applied to the Protected Data.
    As set out in Line-Up Technical and Organisational Security Overview.