Personal data protection rules

Last updated: 13. svibnja 2024.

CoreEvent d.o.o. Basic Privacy Principles

The Privacy Policy on the website www.core-event.co, together with the General Terms and Conditions for customers on the website www.core-event.co, constitutes a legal entity, and by accessing and using the Portal, the Customer accepts and agrees to the content of these Policies and General Terms.

CoreEvent will process personal data in accordance with the positive regulations of the Republic of Croatia and in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals concerning the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (hereinafter: General Data Protection Regulation).

In accordance with positive provisions, these Privacy Policies on the website www.core-event.co govern the following legal terms:

“Personal data” means any information relating to an identified or identifiable individual (“data subject”); an identifiable individual is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that individual;

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction;

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to an individual, in particular, to analyze or predict aspects concerning that individual’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements;

“Pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable individual;

“Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

“Processor” means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller;

“Recipient” means a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

“Third party” means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data;

“Consent of the data subject” means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

“Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed;

“Relevant and reasoned objection” means an objection to a draft decision as to whether there is an infringement of this Regulation or whether the envisaged action in relation to the controller or processor complies with this Regulation, which clearly demonstrates the significance of the risks posed by the draft decision concerning the fundamental rights and freedoms of data subjects and, where applicable, the free flow of personal data within the Union.

All other terms used in these Policies are defined by the provisions of the General Data Protection Regulation and the General Terms and Conditions for third parties (customers) on the website www.core-event.co.

“CoreEvent” is a company registered under Croatian law under the name CoreEvent d.o.o. in the Commercial Court Registry in Zagreb with OIB: 36611335369 and MBS: 081377997, headquartered in Zagreb, Dunjevac 15. Based on an agency agreement with the Organizer, CoreEvent negotiates and concludes ticket sales agreements with Customers (third parties) on behalf of and for the account of the Organizer. The Organizer is obliged to pay CoreEvent a fee determined by this agency agreement for each contract that CoreEvent has concluded or has been concluded through its actions.

CoreEvent is a processor concerning the personal data determined by the Organizer as the controller. Regarding the personal data for which lawful and legitimate consent has been obtained from the Customer, and whose purpose of collection is determined by CoreEvent, CoreEvent represents the controller.

CoreEvent will store the personal data provided by the Customer during the registration process in its databases and use them in processes necessary to fulfill contractual obligations towards the Organizer and the Customer, and for the purpose for which the Customer (data subject) has given consent.

Regarding the personal data processed as the controller or processor, they are regulated as follows:

  1. We will use your personal data (name, surname, address, contact phone, email address) exclusively for the purpose for which we received your consent, and they are a necessary condition for concluding a ticket sales contract as they are required to fulfill the contractual obligations of CoreEvent, the Customer, and the Organizer.

  2. We will not misuse your personal data in any way contrary to the General Data Protection Regulation.

  3. We will share your contact and personal data with the Event Organizers for the event for which you are purchasing tickets and, if necessary, with delivery services to ensure the purchased tickets reach you successfully.

  4. Upon your request, we will provide you with access to your personal data, the processing activities they are involved in, and enable you to correct your personal data.

  5. Upon your request, we will delete all your personal data that we have stored, provided their retention is not regulated by legal obligation.

  6. Upon your request, we will enable you to withdraw previously given consent for the processing of personal data.

  7. In accordance with the rights and obligations of the General Data Protection Regulation, the Customer (data subject) has the right to correction, the right to erasure, the right to restriction of processing, the right to data portability, the right to object to the controller and/or processor, and the supervisory authority. These rights are exercised through appropriate forms which are annexed to these Privacy Policies on the website.


CoreEvent is not responsible for accidental errors or errors caused by force majeure or other objective reasons that cause accidental violations of the guaranteed protection of your data, but guarantees that the error, if possible, will be rectified as soon as possible.

By entering personal data on the Portal, the Customer confirms that they are over 16 years old and confirms that the entered personal data are entirely accurate and that the Customer agrees that the data will be used and collected in accordance with the law and the terms of our Privacy Policy and the General Data Protection Regulation.

How We Use Your Personal Data

CoreEvent will store the personal data provided by the Customer during the registration process in its databases and use them in processes necessary to fulfill contractual obligations towards the Organizer and the Customer, and for the purpose for which the Customer (data subject) has given consent, as well as for the fulfillment of CoreEvent’s legal obligations.

The purpose of processing personal data is to process personal data necessary to conclude a ticket sales contract with the Organizer and fulfill the contractual obligations of CoreEvent towards the Organizer and the Organizer towards the Customer. These data are stored for the period necessary to fulfill all legal and contractual obligations, up to a maximum of 10 years.

The processing of personal data concerning banking data (card number, card expiration date, etc.) is not stored or processed by CoreEvent or the Organizer but is processed through secure technical means by third parties that provide online payment services (e.g., WSPay).

WSPay is a secure system for online payments, real-time payments, credit, and debit card payments, and other payment methods. WSPay ensures secure entry and transfer of card data for both the customer and the merchant, which is confirmed by the PCI DSS certificate held by WSPay. WSPay uses a 256-bit encryption SSL certificate and TLS 1.2 cryptographic protocol as the highest levels of protection during data entry and transfer.

CoreEvent will use the personal data entered into the Portal system by the Customer, concerning the given purpose and consent of the Customer (data subject), in the following processes necessary to fulfill its legal and/or contractual obligations:

  1. Creating your profile in our user account database if the Customer (data subject) has requested such action from CoreEvent in the Portal system.

  2. Contacting and identifying for ticket purchase and delivery to a specified address if the Customer (data subject) has requested such action from CoreEvent in the Portal system.

  3. Recording purchase data, invoice amount, and payment method.

  4. Supporting all your inquiries, comments, and suggestions if the Customer (data subject) has requested such action from CoreEvent in the Portal system.

  5. Redirecting your data to our payment system partners for successful payment processing when you purchase tickets.

  6. Sharing your data with the Event Organizer to ensure your entry when you purchase a ticket for an event.

  7. Sharing basic identification data necessary for seamless entry to the event with the service provider responsible for entrance control.

Use of Cookies

CoreEvent uses cookies on its Portal.

Cookies are short records sent to you by the website you visit and stored by your web browser on your computer. They do not contain your personal data but allow the website to display information tailored to your needs (language settings, website display, etc.). Cookies are stored on your computer according to the settings taken from the website.

By accessing the Portal, the Customer (data subject) consents to the use and storage of cookies on the Portal.

CoreEvent uses two types of cookies - necessary cookies and optional cookies.

Necessary cookies are those required for the Portal to perform all functions fully and properly to display event offers and conduct ticket purchases. This type of cookie cannot be independently disabled.

Our website uses application session cookies (JSESSIONID) of this type.

Optional cookies include cookies used to track the Portal’s visit and usage (e.g., “Google Analytics”). This type of cookie does not process personal data, and the tracking results are received in the form of statistical data that help improve the Portal.

Obrasci

The right to access, process, correct, delete data, and withdraw consent is exercised by filling out the appropriate forms:

Withdrawal of Existing Consent,
Objection to Data Processing,
Request for Erasure of Personal Data,
Request for Rectification of Personal Data,
Request for Data Portability,
Request for Access to Personal Data.
Any device, any location
Cookie

Cookies

We use cookies for the proper functioning of this website and to improve your user experience. More information can be found at Privacy Settings.
Necessary Cookies always included

Necessary cookies are those that the Portal needs in order for it to fully and functionally perform all procedures for Event displaying and Tickets purchasing. This type of cookie cannot be disabled independently.

Optional cookies

Optional cookies include cookies that serve us to track visits and Portal usage (e.g. „Google Analytics“). By using this type of cookie, no personal data is processed, and the monitoring results are received in the form of statistical data that help improve the Portal.

Thank you for contacting us. You will receive a reply in a timely matter.