PRIVACY POLICY

Effective Date: 30/6/2025
Last Updated: 30/6/2025

This Privacy Policy explains how we collect, use, and protect your personal data when you interact with the HERE Festival website (www.here-festival.org) or contact us in relation to the festival.

1. WHO WE ARE (DATA CONTROLLER)

The HERE Festival is organized by:

Vitlycke – Centre for Performing Arts (CPA)
Vitlycke Gård 1
457 93 Tanumshede, Sweden
Email: info@vitlycke.org
Website: www.vitlycke.org

Vitlycke – CPA acts as the Data Controller, meaning we determine how and why your personal data is processed.

2. PERSONAL DATA WE COLLECT

We may collect and process the following personal data:

a) Information you provide:

  • Full name

  • Email address

  • Phone number (if you contact us or register for something)

  • Postal address (if ticket delivery or invoicing is required)

  • Any other information you voluntarily provide via email, forms, or registrations

b) Information collected automatically:

  • IP address

  • Browser type, language and version

  • Device type and operating system

  • Pages visited, referring URL, time and duration of visit

  • Cookies and other tracking technologies (see our Cookie Policy)

3. WHY WE PROCESS YOUR DATA & LEGAL BASES

We process your personal data only when allowed under Article 6 of the GDPR. These are our purposes and legal bases:

PurposeLegal BasisTo respond to your questions or requestsLegitimate interestTo send you festival updates or newslettersConsentTo process your registration, booking, or participationContractTo maintain security and prevent misuse of our siteLegitimate interestTo comply with legal obligations (e.g. accounting, taxes)Legal obligationTo understand how visitors use our website (analytics)Consent (non-essential cookies)

4. NEWSLETTERS & MARKETING

We only send email newsletters if you have explicitly subscribed and given your consent. You can withdraw your consent at any time by clicking the “unsubscribe” link in any email or contacting us directly at info@vitlycke.org.

5. WHO WE SHARE YOUR DATA WITH

We do not sell your personal data. We may share it only with:

  • Service providers and data processors under contract:

    • Website hosting and management providers

    • Email and newsletter platforms (e.g. Mailchimp or Brevo)

    • Analytics tools (e.g. Google Analytics, only if consented)

    • Ticketing platforms (if used)

  • Regulatory or legal authorities when required by law

All service providers are bound by strict data processing agreements (DPAs) and may only process data on our behalf.

6. INTERNATIONAL DATA TRANSFERS

If any data is transferred outside the EU/EEA (for example, to a U.S.-based email provider), we ensure that:

  • The recipient country has an adequacy decision, OR

  • Standard Contractual Clauses (SCCs) and supplementary measures are in place

You may request a copy of the safeguards by contacting us.

7. HOW LONG WE KEEP YOUR DATA

We retain personal data only for as long as necessary:

  • Newsletter data: Until you unsubscribe

  • Inquiries or form submissions: Up to 2 years

  • Event registration and contracts: Up to 7 years (in line with accounting laws)

  • Analytics data: Up to 26 months or as configured in the tool

After these periods, personal data is either securely deleted or anonymized.

8. YOUR RIGHTS UNDER GDPR

You have the following rights:

  • Right to access – know what data we hold

  • Right to rectification – correct incorrect data

  • Right to erasure – request deletion of your data

  • Right to restrict processing – under certain conditions

  • Right to object – to processing based on legitimate interests

  • Right to data portability – request your data in a portable format

  • Right to withdraw consent – at any time

  • Right to lodge a complaint – with the Swedish Authority for Privacy Protection (IMY)

📮 IMY (Integritetsskyddsmyndigheten):
Website: https://www.imy.se
Email: imy@imy.se
Phone: +46 8 657 61 00

9. COOKIES & TRACKING

We use cookies for site functionality, analytics, and user experience enhancement. See our full Cookie Policy for detailed information.

You can manage your cookie preferences via our consent banner or by adjusting your browser settings.

10. DATA SECURITY

We implement appropriate technical and organizational measures to protect your personal data, including:

  • HTTPS encryption

  • Secure hosting in the EU

  • Access control and password policies

  • Regular software and plugin updates

  • Staff awareness and data handling protocols

11. CHANGES TO THIS POLICY

We may update this policy as needed. When we make material changes, we will notify you via the website or email (where applicable). Please review it periodically.

12. CONTACT

For questions or to exercise your data rights, please contact:

📧 Email: info@vitlycke.org
📬 Post: Vitlycke – Centre for Performing Arts (CPA)
Vitlycke Gård 1
457 93 Tanumshede, Sweden