Effective Date: 19 December 2024
Disquerouge SA (hereinafter referred to as "Disquerouge" or "we"), a company established in Switzerland, is the data controller for the "de rouge" ticketing platform. This Privacy Policy outlines how we collect, use, and protect your personal data when you interact with our platform through our website or mobile application.
1. Definitions
Throughout this document, the following terms have the meanings assigned to them:
- Account: A personalized and secure digital environment created by the user on our platform.
- User: Any individual or entity interacting with our platform, including Customers, Organizers, and Visitors.
- Platform: Refers to the de rouge website and mobile application.
- Event: Any live performance, festival, or event promoted and managed by an Organizer through the platform.
- Organizer: An individual or entity using the Platform to promote events and manage ticket sales.
- Customer: Any individual purchasing tickets for personal use through the Platform.
- Visitor: Any individual visiting the Platform without creating an Account.
2. Data Processing and Retention
2.1 Disquerouge and Partners Disquerouge collaborates with various technology providers to securely process and store user data.
2.2 Purposes and Legal Bases for Data Processing Disquerouge processes user data for the following purposes, each of which is grounded in a specific legal basis:
| No | Data Processing Activity | Purpose | Legal Basis |
|---|---|---|---|
| 1 | Website Visitor Data Analysis | Analyzing visitor behavior on the platform to offer personalized content | User Consent |
| 2 | Account Registration and Management | Creating and managing user accounts | Performance of a Contract |
| 3 | Authentication and Access Control | Verifying user identities and securing account access | Performance of a Contract |
| 4 | Compliance with Contractual Obligations | Ensuring compliance with user agreements and terms | Performance of a Contract |
| 5 | Order and Payment Processing | Processing orders and managing payments; data processed by Stripe only | Performance of a Contract |
| 6 | Billing and Tax Obligations | Fulfilling accounting and tax obligations | Legal Obligation |
| 7 | Customer Support Services | Providing support and resolving user issues | Performance of a Contract |
| 8 | Personalized Content Delivery | Offering content and event suggestions based on user interests | User Consent |
| 9 | Marketing and Communication | Informing users about Disquerouge's services | Disquerouge’s Legitimate Interest |
| 10 | Platform Improvement Activities | Analyzing platform usage to enhance user experience | Disquerouge’s Legitimate Interest |
| 11 | Legal Obligations and Defense | Responding to legal claims and organizing legal defense | Disquerouge’s Legitimate Interest |
| 12 | Security and Fraud Prevention | Ensuring platform security and preventing fraud | Disquerouge’s Legitimate Interest |
| 13 | Technology Operations | Managing the technical infrastructure and organizing data processing activities | Disquerouge’s Legitimate Interest |
2.3 Data Retention Period and Location User data is retained for the duration of the user's relationship with Disquerouge. Following the termination of this relationship, data will be retained for up to 6 months for legal obligations or business needs. After this period, all personal data will be securely deleted or anonymized. All data processed by Disquerouge is stored on servers located at Amazon Web Services in Zurich, Switzerland. These servers are operated in full compliance with Swiss and European Union data protection regulations, ensuring the highest level of data security.
2.4 Data Security Disquerouge takes the highest standard security measures to protect your data. All our data processing and storage activities are designed to ensure the confidentiality and integrity of user data. Your data will only be retained as long as necessary for the purposes outlined in this Policy.
3. Roles and Responsibilities
3.1 Disquerouge as Data Controller Disquerouge is the data controller for the following personal data:
- General user information (login details, first name, last name, date of birth, password, email addresses, phone number);
- Session information (login, password, session start and end times, IP address, location, session history, cookie identifier);
- Legal information related to the Organizer or Event (company name, responsible person’s name, company registration number, live event license number, registration address, tax identification number, event name, date, and location, artists, number of tickets sold, ticket revenue, number of orders, Disquerouge fees, refund information, bank account information linked to the Organizer’s account, and other documents requested by Disquerouge to verify the accuracy of this information);
- Customer profile (previously attended Events, followed Events, friends, music library, and preferred artists if the Customer has linked their address book, social media accounts, or music streaming accounts to their Disquerouge account);
- Organizer profile (types of Events);
- Customer order data (Event name and date, type, number, and price of purchased or resold tickets, email address to which the ticket will be sent, contact details of the Customer’s guest, if applicable);
- Payment and billing data (billing address, payment method, transaction history);
- User preferences when visiting the Platform (language and display);
- Responses to customer satisfaction and other surveys, if the user consents to share this data (satisfaction, comments, questions related to specific events or the use of the Platform);
- Other user data in the context of support requests (issues encountered by users, tracking of user sessions).
The Disquerouge platform is intended solely for individuals aged 18 and above. Disquerouge does not knowingly collect personal data from individuals under 18 without parental consent. If such users are identified, their accounts will be disabled and all data will be deleted promptly. Disquerouge may process behavioral data to provide personalized recommendations. However, such profiling does not involve any automated decision-making processes with legal or similarly significant effects on users. Users may object to such profiling by contacting Disquerouge. Depending on the data sharing context, Disquerouge may act as a data controller or a data processor. Where necessary, these roles will be further specified in separate contractual agreements with partners. For any questions regarding the processing of personal data or to exercise any of the rights mentioned above, users can contact Disquerouge through the following means:
- By filling out the support form;
- By e-mail at support@derouge.app;
- By mail at Rue Haldimand 17, 1003 Lausanne, Switzerland
3.2 273 Medya Teknoloji AS as Data Processor 273 provides technological infrastructure and maintenance services for the de rouge platform. Under the direction of Disquerouge, 273 acts as a data processor and processes the necessary data for the following activities:
- Technical data related to platform usage (IP address, device information, session logs);
- Support requests and troubleshooting information.
3.3 Organizer and Venue Data Sharing Organizers and Venues who choose to collaborate with de rouge acknowledge and accept that they may share personal data in their possession—including customer names, emails, or contact information—with Disquerouge SA. They are solely responsible for ensuring that such data sharing is done lawfully, with the necessary consents or legal basis under applicable data protection laws (such as the FADP and GDPR). Disquerouge processes such data only for legitimate operational purposes in accordance with its role as a data controller or processor, as applicable.
4. Recipients of Personal Data
The processed personal data is necessary for the fulfillment of all the purposes mentioned above and is directed only to Disquerouge’s internal services and, when necessary, to third-party data processors. The categories of third-party data processors to whom personal data may be transferred include:
- Daily Operations: Third parties providing digital solutions for Disquerouge’s daily operations (data hosting solutions, customer and prospect management, software bug detection or issue resolution, monitoring the use and proper functioning of the Platform);
- Maintenance Operations: Third parties providing emergency technical issue resolution or maintenance operations for Disquerouge technology;
- Marketing and Communication: Third parties providing online marketing and advertising solutions;
- Financial Services: Third parties providing specialized financial services, including payment processing services.
Disquerouge or its data processors do not sell your personal data to third parties.
5. Storage of Personal Data
Users' personal data will be retained for the duration of the relationship with Disquerouge and for up to 6 months after the termination of this relationship to meet legal obligations.
6. Rights of the Data Subject
You have the right to access, correct, delete, and object to the processing of your personal data. To exercise these rights, you may contact Disquerouge using the contact information provided above.
- Users have the right to access, correct, delete, and object to the processing of their personal data.
- Non-essential cookies are disabled by default unless consent is given. Rejecting them will not prevent use of essential platform functionalities.
- Additionally, users can view, edit, or delete their personal data shared on the platform at any time via their account settings. Requests made via account dashboard or support@derouge.app will be processed within 30 days, subject to identity verification.
- When a user deletes their account, all personal data will be removed from active databases within 7 days. Backup and archival systems will retain anonymized or secure versions of such data for up to 6 months to meet legal obligations.
7. Data Transfers and Storage
7.1 Disquerouge and Partners Disquerouge collaborates with various technology providers to securely process and store user data. Additionally:
- Authentication: We use Auth0 as our service provider for platform logins. Authentication information such as usernames and emails are stored by both Auth0 and Disquerouge. However, user passwords are only stored by Auth0 and are inaccessible to both Disquerouge and 273.
- Payment Processing: We use Stripe as our payment infrastructure provider. Credit card and banking information are processed and stored directly by Stripe. Disquerouge and 273 do not have access to this sensitive financial data, which is stored exclusively on Stripe’s secure infrastructure.
7.2 Data Storage Location Disquerouge stores user data on servers located in Amazon Web Services in Zurich, Switzerland. These servers compliance with Switzerland and European Union data protection regulations, ensuring the highest level of data security.
7.3 Data Processing Activities Our data processing procedures are organized as required by the services we offer to our users:
- Registration and Login: Information necessary for users to register and log in to the platform (such as username and email address) is processed by Clerk. User passwords are stored exclusively on Clerk, with no access granted to Disquerouge or 273.
- Payment Processing: Credit card and other financial information required to securely process user payments are processed by Wallee. This information is stored only on Wallee’s secure servers, with no access granted to Disquerouge or 273.
- Technology Operations: 273 manages the platform's technical infrastructure and organizes data processing activities. The security, confidentiality, and integrity of user data are ensured by 273.
7.4 Data Retention Period User data is retained for the duration of the user's relationship with Disquerouge. Following the termination of this relationship, data will be retained for up to 6 months for legal obligations or business needs. After this period, all personal data will be securely deleted or anonymized.
7.5 Data Security Disquerouge and 273 take the highest standard security measures to protect your data. All our data processing and storage activities are designed to ensure the confidentiality and integrity of user data. Your data will only be retained as long as necessary for the purposes outlined in this Policy.
8. Cookies
De rouge uses cookies to enhance user experience, remember your preferences, and personalize our services. Cookies are small data files placed on your browser when you visit our website. These cookies may be used to analyze users' Browse habits on the site and offer the most relevant content to them.
- Users can withdraw their consent to the use of cookies at any time. This can be done easily through browser settings or the cookie management tool provided on the de rouge website. Rejecting cookies may affect the proper functioning of certain features on our website and negatively impact the user experience.
- Cookie usage is initiated only with the user’s explicit consent upon first visit to the platform. Users may withdraw or update their cookie preferences at any time through browser settings or the cookie management tool. Rejecting cookies may affect the availability of some features.
9. Data Security and Breach Notifications
Disquerouge takes physical, logical, and organizational security measures to protect your personal data. These measures are designed to prevent unauthorized access, alteration, damage, or disclosure of data.
- In accordance with Article 33 of the GDPR, any serious personal data breach will be reported to the competent supervisory authority within 72 hours. If the breach poses a high risk to individuals’ rights and freedoms, affected users will also be informed without undue delay.
- In the event of a data breach, Disquerouge and 273 will promptly assess the situation and take necessary actions. If the breach involves the unauthorized disclosure of personal data or other significant consequences, the relevant supervisory authority will be notified immediately. Additionally, in cases of high-risk data breaches, affected users will be informed as soon as possible.
10. Policy Changes
Disquerouge may update this Policy from time to time. Any significant changes to the Policy will be communicated to you at least 15 days before they take effect, either via email or through a notice on the platform.