This is the privacy statement of Tibbaa B.V. In this privacy statement we explain how we collect and use your personal data.
When does this privacy statement apply?
Who is responsible for your data?
What information do we collect and how?
How do we use your data?
Which third parties have access to your data?
How do we protect your data and how long do we keep it?
How can you exercise your statutory rights?
This privacy statement applies to all personal data we collect, use, share and store about you when you book an event ticket with us, visit our website or when you contact us.
Our website contains links to third party websites. This privacy statement does not apply to the collection of data via the websites mentioned and we are not responsible for this. See the privacy policy of the relevant website (if available) for more information.
This privacy statement was last modified on November 15, 2023 and supersedes all previous versions. We may change this privacy statement from time to time and inform you of any changes by publishing the amended statement on this website and informing you by e-mail before these changes take effect.
Tibbaa [selling tickets together] is a brand name of Tibbaa B.V. one of the largest Dutch online ticketing company with several independent websites: For more information, visit the Tibbaa website.
Tibbaa B.V., located at Stadionweg 41, 3077 AS Rotterdam (ZH), is responsible for collecting and using your personal data as described in this privacy statement. If you have questions, comments or complaints about the use of your personal data by Tibbaa, please contact our support@tibbaa.com (For the attention of our Data Protecting Officer).
We collect five categories of personal data from and about you: (A) name and contact details, (B) booking details, (C) information we record when you contact our customer service, (D) information we record when you visit our website or newsletter reads, (E) social media data and (F) ID check and access accreditation.
The data that you enter yourself when you book an event ticket, typically is your first and last name, date of birth, address and place of residence, your telephone number and the e-mail address.
When you create a Tibbaa account, we register your login details and other information that you enter or change in your account.
Booking details are the details of the event ticket that you have purchased from us, for example Event information (date, location, price, etc.), details of the event you have booked (date, number of days, type of ticket, price etc. ) or the lockers that you have rented (type locker, price etc.). We also record additional services you have purchased, such as an event ticket guarantee, preferences, service package, event spending coins or a parking space.
To book an event ticket we need your passport number for certain events. You can also enter discount codes (such as your coupons and offers) if you want to be eligible for the associated privileges or other benefits. With your permission, consent and authorization we store these songs and your
preferences (for example your favorite artist, your music genre) in your Tibbaa account.
When you order an event ticket, you will be redirected to the payment environment to complete your order. To complete the payment, you must enter your payment details, for example a bank account, PayPal account or credit card number; this is handled by our Payment Service Provider, with whom we have a processing agreement. (Adyen)
Through our website you can indicate whether you want to take special options for the event, for example medical restrictions, which the organization must be taken into account or a wheelchair or special needs. These datas
are considered sensitive under privacy legislation because they relate to your health information specifically. By entering this type of data, you agree that we collect, use and share this data with third parties for the purposes described in Paragrpah D (the eventual visit of the event).
When you contact our customer service via e-mail, WhatsApp, social media or telephone, we record these contact moments in our systems. We may record telephone conversations for training purposes or to prevent or combat fraud.
When you visit our website, we register, among other things, your IP address, browser type and surfing behavior. We also collect this information through cookies, scripts, pixel tags and similar operative technologies. See our cookie statement for more information. If you receive a newsletter from us, we will record when you open this newsletter or when you click on a link.
Depending on the settings of your social network, we may receive information from the provider of the service. For example, if you create a Tibbaa account through your Facebook or Google account, we may receive a portion of your public social media profile, including your username, profile photo, “likes” and friends. Also when you communicate with us via our social media pages (for example if you post a comment, upload a photo or click on the “like” button) we can receive this information. See the privacy policy of your social media provider for more information about the personal information we receive and how you can change your settings.
We collect the above data in three ways: (1) we record the data you enter yourself when you book an event ticket, create a Tibbaa account or contact our customer service; (2) we automatically record data when you visit our website, open a newsletter or when you communicate with us via social media and (3) we receive information about you from Tibbaa group companies, social media networks and our partners, for example event organizations we work with.
Based on its security, identity of a person and social importance, Tibbaa offers event organizers and location owners the opportunity to be admitted to the event as a visitor or a business invitee as a purchaser of tickets by means of a legal identification and a confirmed verification process. For this we use a so-called ID scanner, which checks whether your legal ID is genuine or not and if it passes our security checks and the verification process. When you scan your ID, this privacy statement will appear and as a result of agreeing to this condition you also agree that the following data will be stored; your name, your age, your date of birth, your gender and the face photo of your legal ID.
Tibbaa uses your data for four purposes: (A) to provide our services and to maintain contact with you, (B) for research to improve our services, (C) for direct marketing based on your preferences and behavior and (D) for our administration, fraud prevention and compliance with laws and regulations.
When you book an event ticket, we use the data described in section 3 for this purpose. We use your name, passport number and other personal
information, for example, to issue the e-ticket and to reserve your hotel and car reservation as necessary. We will pass on your frequent flyer number to your airline so that they can book points saved on your account.
We only provide your medical details (such as a requested wheelchair) to the airline so that they can provide you with the requested care. We do not use this information for other purposes at all we use your contact information to communicate with you. Think for example of sending your e-ticket or to warn you by e-mail that you can check in with your airline. We also use your contact information to answer your questions if you have contact with our customer service.
We use your payment details for handling your payment. Our fraud department checks with our payment provider if there is a fraudulent booking using, for example, a stolen or blocked credit card.
We conduct research into trends regarding the way visitors and customers use our services, website, customer service and social media. We do
this in order to understand the behavior and preferences of our visitors and customers, so that we can improve our services, the content on our website and our customer service. We also use these insights to develop new services. For this research we use automatic tools to analyze the data described in section 3, including your booking details, extra services you have purchased and information about you (such as gender and your place of residence). Names, e-mail addresses or other information that can be traced to specific people are not analyzed, as we are interested in general trends only. We also do not use special data. We may also combine the analyzed data with information that we collect with cookies and similar technologies when you visit our website or information that we receive from group companies or from other sources
We use your information to send you newsletters, offers or other promotional messages which are you interested in receiving. We do this via e-mail and other digital channels, such as apps and social media. In order to be able
to adapt these messages to your preferences and analyze behavior, we combine your data. We use automatic tools to analyze your data stored in our data management platform. For this we use your booking details, information about additional services you have purchased and information about you (such as gender, place of residence and your flight preferences). We analyze and combine not only the data that you have entered yourself, but also data that we collect through cookies, scripts, pixel tags and similar technologies (see our cookie statement for more information), social media and if you have contact with our customer service.
In our e-mails we can include personalized offers from Tibbaa and our partners with regard to our services and products. For example, we can include offers for our own extra services (extra baggage or insurance) or for car rental services and hotels offered by third parties. We tailor these offers based on your interest.
We use Custom Audiences from Facebook, DoubleClick and other networks
to show your Tibbaa advertisements when visiting the mentioned network or a connected website. To this end, we can send your e-mail address or other identifying information to (for example) Facebook, so that it can check whether you have a Facebook account or not. To determine our target group we can use your booking details. If you do not want us to use your
e-mail address for Custom Audiences, please contact our data processing officer (support@tibbaa.com). See the website of your social network for more information about Custom Audiences. You may also have given permission to receive personalized ads on your Facebook timeline or other social media through our cookie policy. See our cookie policy how you can withdraw your consent.
We process your personal data as described in this section for our legitimate interest and the interests of third parties to be able to send you relevant updates and offers. You can unsubscribe at any time for receiving newsletters, offers or other promotional messages by clicking on the unsubscribe link
in the email or by adjusting your newsletter preferences in your Tibbaa account or by contacting our support@tibbaa.com. If you unsubscribe, you will still receive our service e-mails (such as your booking confirmation and e-ticket). You can object at any time to the use of your personal data for direct marketing purposes (under statutory rights).
We use your personal data for internal, administrative purposes, such as our administration and to comply with our legal and tax obligations. We collect and use your personal information to provide you with our services, to fulfill our legal obligations, for the protection of our legitimate interest or the interests of a third party or with your consent, for example in situations
where we use your medical data. If you withdraw your consent or if you do not provide the information that we need to execute the agreement with you or
in order to comply with our legal obligations, you may not be able to use our services or make only limited use of them to the extent the consent is given.
When we process your data for our legitimate interest or the interests of a third party, we have weighed these interests against your privacy interests. If applicable, we will take measures to protect your privacy interests and prevent unjustified damages. Our legitimate interest includes, for example, fraud prevention, security and safety purposes, or providing better services and offers. See above the purposes for which we process your personal data for more information about these interests. More information about this assessment is available on request. When we process your personal data
for our legitimate interest or the interests of a third party you have the right to object to it at any time for reasons related to your specific situation (see below on statutory rights on removal of information).
We may exchange your information with or make it available to third parties for the following three purposes:
with partners for carrying out your bookings;
with our group companies and brands for support services, statistical research and direct marketing and;
with our suppliers who provide support services. Only when Tibbaa is legally obligated to do so, we will provide your details to regulators, tax authorities and investigative authorities.
We provide your details to partners who are directly involved in your booking. We provide your information to event organizations and other service providers (such as for parking) that are involved in the execution of your purchased event ticket. If you have chosen a Ticketplus option, we will provide your details to the insured. If you book a parking space, book a hotel or rent a car, we provide your data to the relevant providers.
For the provision of our services we use support services provided by group companies within Tibbaa. We have a call center, so that we can offer you customer service at any time. These group companies have access to your data if necessary for their business operations. Your data is available to Tibbaa B.V. based on your provided consent and are used within the framework of Tibbaa and other group companies of Tibbaa. Your data will be used for research and direct marketing within these brands (see section 4).
For the provision of our services we use third parties, such as IT suppliers, marketing agencies, online advertising companies, credit card companies, payment providers, service providers in the field of fraud prevention and online bookings. We conclude agreements with these third parties which, among other things, stipulate that they will treat your data confidentially and will adequately protect this data.
Our group companies, partners and service providers are based in the European Union, but also outside as well. If such a party has access to your data, this will create an international transfer of personal data. For example, a North and South American, Eastern European, Asian event organization that receives your information from us in the context of a booked entrance ticket.
Tibbaa provides information to, among others, group companies, partners and service providers. The regulations for these companies do not always provide the same level of protection of personal data as the regulations in the Netherlands. Where necessary,Tibbaa has taken appropriate measures to comply with the requirements of the applicable privacy legislation for the (international) transfer of personal data.
For example, we conclude so-called European Model Agreements for the transfer of personal data with our group companies and service providers (see Article 46 GDPR / AVG). We may also provide personal data to recipients based in the US if they have valid EU-US Privacy Shield certification (Article 45 GDPR / AVG). In some cases we can ask for your explicit consent for the transfer of personal data outside the European Union (article 49 GDPR
AVG). If you wish to receive a copy of these (contractual) guarantees, please contact our support@tibbaa.com.
Tibbaa has taken technical and organizational security measures to protect your data against loss or unauthorized use, such as unauthorized access to data. In this respect, we take into account the state of the art and the costs of implementation, so that we can guarantee an appropriate security level in view of the risks involved in the processing and the nature of the data to be protected.
We keep your data for as long as necessary to realize the purposes as described in this privacy statement, but in general no longer than 2 years after your last interaction with us, unless and insofar as this is necessary to comply with our legal obligations or for potential disputes. When we no longer need data, we destroy this data.
You can contact our customer service (support@tibbaa.com) to exercise the rights you have been granted under applicable data protection laws, including
(A) the right of access to your data; (B) correct it; (C) remove it; (D) limit the processing of your data; (E) the right of data portability and (F) the right to object to processing. Please note that we will need more information to verify your identity.
You can ask us whether or not we process your personal data and if so, give you access to that data in the form of a copy. When we comply with an access request, we will also provide you with additional information, such as the purposes of the processing, the categories of personal data involved and any other information that you need to be able to exercise the essence of this right.
You have the right to have your data corrected if they are inaccurate or incomplete. On request we will correct incorrect personal data about you and, taking into account the purposes of the processing, we will fill in incomplete personal data, which may include providing a supplementary statement. You can also view your data via your Tibbaa account and you can always view or correct this data yourself.
You also have the right to have your personal data deleted, which means that we will delete your data and where possible be erased by any other administrator to whom your data was previously disclosed by us. Removal of your personal data only takes place in certain cases described in the law and listed in Article 17 of the GDPR / AVG. This includes situations in which your personal data are no longer necessary in connection with the initial purposes for which they were processed as well as in situations where they were processed unlawfully. Because of the way we maintain certain services, it may take some time before backup copies are deleted.
You have the right to restrict the processing of your personal data, which means that we suspend the processing of your data for a certain period of time. The circumstances that may give rise to this right include situations in which the accuracy of your personal data was disputed, but in which we need some time to verify its (in) correctness and authenticity. This right does not prevent us from keeping your personal data stored. We will inform you before the restriction is lifted.
Your right of data portability means that you can ask us to provide your personal data in a structured, widely used and machine-readable form and where technically possible to pass this information directly to another administrator on request as it needs to be done. On request and where technically possible, we will forward your personal data directly to the other manager.
You also have the right to object to the processing of your personal data, which means that you can ask us to no longer process your personal data. This only applies if the reason ‘legitimate interest’ (including profiling) forms the legal basis for processing (see section infra You can object to direct marketing purposes at any time and free of charge if your personal data are processed for such purposes, including profiling purposes insofar as these relate to such direct marketing. You can exercise this right at any time by withdrawing your previously given consent by following the instructions in the relevant marketing communication. If you exercise this right, we will no longer process your personal data for such purposes.
There may be situations in which we have the right to reject or limit your rights as described in this section. In any case, we will carefully assess when such exclusion applies and inform you about this.
For example, we may reject your request for access if it is necessary
to protect the rights and freedoms of other persons or refuse to delete your personal data if the processing of such data is necessary to comply with legal obligations and / or fraud prevention / control. The right of data portability, for example, does not apply if the personal data has not been provided by you or if we do not process the data on the basis of your consent or the execution of an agreement.
If you have questions, comments or complaints regarding this privacy statement, please contact us via email support@tibbaa.com. If you are left with unresolved questions, you also have the right to file a complaint with the Dutch Personal Data Registration Authority.