Privacy Policy

JOINT DATA CONTROLLERS

USHUAÏA ENTERTAINMENT S.L. and THE NIGHT LEAGUE, S.L. (hereinafter, “joint controllers”) are particularly committed to protecting the personal data of the Users of the website services and their customers. Through this Privacy Policy (or Data Protection Policy), Users of the website are informed about the uses to which their personal data is subjected, so they can decide freely and voluntarily whether they wish to provide the requested information.

The joint controllers reserve the right to modify this Policy. Any modifications will be announced in advance to ensure users are fully informed of its content.

There is joint responsibility for data processing between THE NIGHT LEAGUE, S.L., with NIF B16596009 and located at Apartado de Correos 1020, 07817 Sant Jordi de Ses Salines, (Balearic Islands), Spain, and USHUAÏA ENTERTAINMENT S.L., with NIF B57794620 and located at Avenida Bartolomé Roselló, 18, 07800 Ibiza (Balearic Islands), Spain, which has a Data Protection Officer whose email address is data.protection@thenightleague.com.

PURPOSES

The data processing performed by THE NIGHT LEAGUE, S.L. and USHUAÏA ENTERTAINMENT S.L., as joint controllers, is aimed at:

  1. Promotion of events and shows.
  2. Management of the website.
  3. Sending commercial communications. This includes, in all cases:
    1. Managing subscription and, if applicable, unsubscription from the USHUAÏA COMMUNITY newsletter to send updated information about activities, products, and services of USHUAÏA ENTERTAINMENT S.L. and THE NIGHT LEAGUE S.L., as well as exclusive promotions.
    2. Sending commercial communications by any means (including electronic) to inform you about news, offers, events, and products or services that may interest you, always based on your consent granted by the joint controllers.

For USHUAÏA ENTERTAINMENT S.L., the data processing is carried out to manage the leisure establishment and/or event, including ticket sales/purchases and reservations, as well as the management and representation of artists. This includes:

  1. Management of ticket sales/purchases and reservations for shows and events online. This includes:
    1. Managing your reservation request and purchase made through our website or a third party.
    2. Sending confirmation of ticket purchase or space reservation.
    3. Managing the distribution of tickets on behalf of the event promoter to provide the best service and attention at each event or show.
    4. Managing your contact requests to manage, cancel, or modify your reservation or ticket purchase.
  2. Management of access and video surveillance at the venue.
  3. Managing information and contact requests via the specific channels and/or forms available to respond to inquiries about activities, events, and shows offered by USHUAÏA ENTERTAINMENT S.L.

The processing is based on:

  • The execution of a service contract, under Article 6.1.b) of the General Data Protection Regulation (GDPR), for the formalization and execution of reservations and ticket purchases. In case of online ticket purchases, for the ticket distributor to communicate your data to the event promoter.
  • The explicit consent given by you, where requested, for one or more specific purposes as provided in Article 6.1.a) of the GDPR, when completing forms and ticking the box provided for that purpose. In these cases, the interested party has the right to withdraw consent at any time without affecting the legality of the processing based on consent prior to its withdrawal.
  • Compliance with a legal obligation imposed on the data controller according to Article 6.1.c) of the GDPR, where a law requires the processing of personal data.

SOURCE OF THE DATA

The personal data comes from the reservation of spaces and ticket purchase made by the interested party or from the forms completed by them, or from the user experience at events or shows. If the data does not come directly from the interested party, it will originate from the reservation or ticket purchase made by the interested party through a third party.

RETENTION PERIOD

The personal data provided will be retained during the course of our relationship and later for the period required to comply with legal obligations or to respond to potential claims during the civil prescription period, adopting security measures for its storage.

SECURITY MEASURES

The involved entities have adopted security measures aimed at protecting the confidentiality, integrity, and availability of the information, both with organizational and technical measures. Among other measures, the entities have the following: a) Data blocking procedures: In accordance with Article 32 of Organic Law 3/2018 on Personal Data Protection and Digital Rights Guarantee, the entity blocks the data to prevent processing. b) Security breach management procedures: The entities have technical measures to detect security incidents that may affect data processing. Once a security incident is detected, the entities have established measures to address the incident and, if necessary, notify the relevant authorities and/or the affected parties. c) Pseudonymization and data encryption procedures: With this measure, the joint controllers ensure that the data is handled with maximum confidentiality. d) Procedures to restore the availability and access to personal data in case of technical or physical incidents.

The involved entities regularly evaluate the effectiveness of technical and organizational measures to ensure the security of data processing.

RECIPIENTS OF THE DATA

The personal data you provide to the joint controllers may be communicated to the following categories of recipients:

  • Third parties to whom the entities are obligated to transmit information, such as public authorities, to comply with requests from these authorities and applicable regulations (Article 6.1.c) GDPR).
  • Other companies that need to process your personal data to provide our services based on the execution of a contract or pre-contractual measures (Article 6.1.b) GDPR).

The entities acting as controllers do not sell, market, or engage in similar activities with your personal data. They only process your data for the purposes stated. These entities may have service providers with access to personal data (Data Processors). Some of these service providers may be located outside the European Economic Area, and thus international data transfers may occur, in any case complying with the appropriate safeguards in accordance with Chapter V of the GDPR.

USER RIGHTS

However, the data subject may exercise the following rights under the General Data Protection Regulation:

  • The right to request information and access to personal data concerning the data subject.
  • The right to request rectification or erasure.
  • The right to request restriction of processing.
  • The right to object to processing.
  • The right to data portability.
  • The right to withdraw consent previously given.

The data subject may exercise these rights by submitting a request specifying which right they wish to exercise, addressed to either of the joint controllers at the addresses provided above. In any case, USHUAÏA ENTERTAINMENT S.L. has been designated as the point of contact for the exercise of rights at Avenida Bartolomé Roselló, 18, 07800 Ibiza (Balearic Islands), or by email at data.protection@thenightleague.com. If the entity has doubts about your identity, it may request a passport/official identity document or equivalent identification. You may also contact the Data Protection Officer at USHUAÏA ENTERTAINMENT S.L. at data.protection@thenightleague.com.

If you consider your personal data protection rights have been violated, you may file a complaint with the relevant supervisory authority: the Spanish Data Protection Agency (www.aepd.es).

Last update: November 2024