How do we use your Personal Data

In principle, we will only use your Personal Data in accordance with applicable data protection laws, in particular the Philippines` the Republic Act 10173 – Data Privacy Act of 2012 (“DPA”), the General Data Protection Regulation (“GDPR”), and only as described in this Privacy Policy.

​

All Personal Data that we obtain from you via the website will only be processed for the purposes described in more detail below. This is done within the framework of the respective legal regulations mentioned or only with your consent. In particular, we only process and collect Personal Data if:

​

• you have given your consent,

• the data is necessary for the fulfilment of a contract / pre-contractual measures,

• the data is necessary for the fulfilment of a legal obligation, or

• the data is necessary to protect the legitimate interests of our company, provided that your interests are not overridden.

​

We process and store your Personal Data only for the period of time required to achieve the respective processing purpose or for as long as a legal retention period (in particular commercial and tax law) exists. Once the purpose has been achieved or the retention period has expired, the corresponding data is routinely deleted.

Processing of Automatically Collected Data

a) Hosting

To provide our website, we use the services of Wix.com Ltd who process the below-mentioned data and all data to be processed in connection with the operation of our website on our behalf. The legal basis for the data processing is our legitimate interest in providing our website.

​

b) Collection of access data and log files

We also collect data on every access to our website. The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

​

Log file information is stored for security reasons (e.g., for the clarification of abuse or fraud) for a maximum of 7 days and then deleted. Data whose further storage is necessary for evidentiary purposes is exempt from deletion until the respective incident is finally clarified. The legal basis for the data processing is our legitimate interest in providing an appealing website.

​

c) Use of cookies

We use so-called cookies on our web site. Cookies are small text files that are stored on your respective device (PC, smartphone, tablet, etc.) and saved by your browser. For further information please refer to our Cookie Policy. The legal basis for the use of cookies is your consent as well as our legitimate interest.

​

Data processing when you submit it to our website and when you use our services

When you contact us through our website or use our services, some data is collected and processed by us or on our behalf by our selected third-party providers.

​

a) Contacting us

If you contact us, we process the following data from you for the purpose of processing and handling your request: first name, last name, e-mail address, and, if applicable, other information if you have provided it, and your message. The legal basis for the data processing is our obligation to fulfil the contract and/or to fulfil our pre-contractual obligations and/or our legitimate interest in processing your request.

We also offer to contact us via the messaging services of Facebook Messenger and WhatsApp. If you contact us via those on the occasion of a specific transaction, we store and use the mobile phone number you use on and - if provided - your first and last name in accordance with the provision of a contractual or pre-contractual measure to process and respond to your request.

b) Booking a Meeting

For booking a meeting in an easy and convenient way, we use Calendly. Your data from the form will be transferred to our appointment account at Calendly after you press the "Book appointment" button. You will then receive a confirmation email with a link to the event. Your data will be kept at Calendly until the purpose for storing the data no longer applies (appointment made) or you request us to delete it. Calendly undertakes not to pass on your data to third parties. The legal basis is your consent as well as our legitimate interest.

c.)Payment
We do not store your credit card or any other payment details, nor do we share customer payment details with any third parties. For now, all payments made on our website are processed by Stripe and our website is encrypted to ensure the secure handling of credit/debit card information from our store and its service providers. We do not have access to your credit/debit card details nor do we store, download or export any customer payment information on outside servers or platforms. You can read more about Stripe’s and Privacy Policy to get a better idea of how information and payments are processed with these platforms. When making purchases on our website you confirm that you are the owner of the credit/debit card that you are using or you have been authorized and have legal rights to use the given card or account. In case of certain problems with the issuer of your payment, we will not be held responsible for any delay or non-delivery. By placing an order, you confirm that the payment details provided by you are valid and complete and after we accept and process your order, payment will be made in the full amount.
 

d) Data processing in the context of providing our services

The protection of your data is particularly important to us in the performance of our services. We therefore only want to process as much Personal Data (for example, your name, address, e-mail address or telephone number) as is absolutely necessary. Nevertheless, we rely on the processing of certain Personal Data, to fulfil our contractual obligations to you or to carry out pre-contractual measures.

When using our services, you can submit, share and publish Personal Data. Some of the Personal Data you provide may be considered “special” or “sensitive”. This includes Personal Data concerning for example your health, racial or ethnic origins, sexual orientation, and religious beliefs. By choosing to provide this data, you consent to our processing of that data.

You have choices about the Personal Data you upload and share. You don’t have to provide Personal Data; however, Personal Data helps you to get more from our Services. It’s your choice whether to include special category data and to make that special category data public. Please do not post, upload or add data that you would not want to be available.

The legal basis for the processing of your personal and special category data is the establishment and implementation of the user contract for the use of the service as well as your consent. We store the data until you delete your user account. Insofar as legal retention periods are to be observed, storage also takes place beyond the time of deletion of a user account.

You may withdraw your consent and request us to stop using and/or disclosing your personal and special category data by submitting your request to us in writing to info@arcticket.com.

d) Data management

For optimal customer support, your data may be stored on our website and/or our customer relationship management system ("CRM system") provided by Bitrix Inc. This data processing is based on our legitimate interest in providing our service.

e) Administration, financial accounting, office organization, contact management

We process data in the context of administrative tasks as well as organization of our non-profit organization, and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The processing bases are our legal obligations and our legitimate interest.

​

Data processing through integration of third-party services and content

We use content or service offers of third-party providers on the basis of our legitimate interests in order to integrate their content and services ("content").

This always requires that the third-party providers of this content are aware of the IP address of the user, as without the IP address they would not be able to send the content to their browser. The IP address is therefore necessary for the display of this content.

The following provides an overview of third-party providers and their content, together with links to their privacy policies, which contain further information on the processing of data and so-called opt-out measures, if any:

• Remarketing: Facebook Remarketing by Meta Platforms Inc

• Fonts: Google Font API by Google LLC

​

Transfer of Personal Data

We will not disclose or otherwise distribute your Personal Data to third parties unless this:

​

• is necessary for the performance of our services,

• you have consented to the disclosure,

• or the disclosure of data is permitted by relevant legal provisions.

​

However, we are entitled to outsource the processing of your Personal Data in whole or in part to external service providers acting as processors within the framework of the DPA and GDPR. External service providers support us, for example, in the technical operation and support of the website (see above), data management, the provision and performance of services, marketing, as well as the implementation and fulfilment of reporting obligations.

The service providers commissioned by us however will process your data exclusively in accordance with our instructions and we remain in accordance with the DPA and GDPR responsible for the protection of your data. Doing so we always make sure that service providers commissioned by us are carefully selected, follow strict contractual regulations, technical and organizational measures, and additional controls by us.

We may also disclose Personal Data to third parties if we are legally obliged to do so e.g., by court order or if this is necessary to support criminal or legal investigations or proceedings at home or abroad or to fulfil our legitimate interests.

​

Integration of third-party services and content

We use content or service offers of third-party providers on the basis of our legitimate interests in order to integrate their content and services (hereinafter uniformly referred to as "content").

This always requires that the third-party providers of this content are aware of the IP address of the user, as without the IP address they would not be able to send the content to their browser. The IP address is therefore necessary for the display of this content.

Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of our website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our website, as well as being linked to such information from other sources.

The following provides an overview of third-party providers and their content, together with links to their privacy policies, which contain further information on the processing of data and so-called opt-out measures, if any:

• Analytics and Tracking: Google Analytics by Google LLC

• Tag Management: Google Tag Manager and Google Site Tag by Google LLC

The legal basis for the data processing is your consent and our legitimate interest.

​

Automated decision-making

Automated decision-making including profiling does not take place at Arcticket.

Direct marketing in the context of a customer relationship

Insofar as you have also given us your separate consent to process your data for marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent to.

Your data subject rights

Under the DPA and GDPR, you have the following rights:

• Right to information

• Right to have inaccurate or incomplete Personal Information corrected;

• Right to erasure;

• Right to restrict processing;

• Right to object to the processing;

• Right to data portability;

• Right to revoke consent; and

• Right to complain.

Please contact us at any time with questions and suggestions regarding data protection and to enforce your rights as a data subject.

Data Security

Our data processing is subject to the principle that we only process the Personal Data that is necessary for the use of our services. In doing so, we take great care to ensure that your privacy and the confidentiality of all Personal Data are always guaranteed.

All transmitted data is protected by TLS encryption. Transport Layer Security (TLS) is a protocol used to ensure secure data transmission on the Internet. The public-private key procedure is used here. This means that data encrypted with a publicly accessible key can only be decrypted again with a separate private key.

We also use technical and organizational security measures (TOMs) throughout the company to protect the data we manage from you against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.

Duration of data storage

We store Personal Data on our secure server and only for as long as it is necessary for the purposes for which it is processed or for as long as any consent you have given us has been revoked by you. Insofar as statutory retention obligations must be observed, the storage period for certain data may be up to 10 years, irrespective of the processing purposes.

Updating your information

If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so by contacting us.

For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer the above requests. Please keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another person.

Also, we may not be able to accommodate certain requests to object to the processing of Personal Data, notably where such requests would not allow us to provide our service to you anymore.

Withdraw your consent

You may withdraw your consent and request us to stop using and/or disclosing your Personal Data for any or all purposes by submitting your request to us. Should you withdraw your consent to the collection, use or disclosure of your Personal Data, it may impact our ability to proceed with your transactions, agreements, or interactions with us. Please note that your withdrawal of consent will not prevent us from exercising our legal rights (including any remedies) or undertaking any steps as we may be entitled to at law.

Social Media

We are present on social media on the basis of our legitimate interest currently Twitter, Facebook, YouTube and Instagram. If you contact us via those social media platforms, you should note that the chat history can neither be deleted by us nor by you. And that, in accordance with the DPA and GDPR, the relevant social media platform and we are jointly responsible for the processing of your data and enter into a so-called joint controller agreement. A Joint Controller Agreement itself if very legalistic and lengthy, but in a nutshell, it clarifies how the jointly responsible parties will fulfil the obligations arising from data protection laws that are applicable to them. The legal basis for the use of the relevant social media platform is our legitimate interest, your consent or, in the case of a (pre) contractual relationship with us, the initiation of a contractual service.

Personal information and children

Our services are aimed at people aged 18 and over. We will not knowingly collect, use or disclose Personal Data from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact.

Changes and updates

We kindly ask you to regularly inform yourself about the content of our Privacy Policy. We will amend the Privacy Policy as soon as changes to the information processing activities we carry out make this necessary.

Concerns and Contact

If you have any concerns about a possible compromise of your privacy or misuse of your Personal Data on our part, or any other questions or comments, or wish to exercise your rights under applicable laws, please contact us.

This Privacy Policy was last updated on .

If, after reading this Privacy Policy, you still have questions, please do not hesitate to contact us using the contact details below.

Who is responsible for data processing?

The person responsible for data processing is

ARCTICKET

Web: www.arcticket.com

E-Mail: info@arcticket.com

Whatsapp: +639608641218