Privacy Policy

Last updated: March 2026

1. Introduction

This Privacy Policy describes how R\u012bgas M\u016bzikas biedr\u012bba (the “Company”, “we”, “us”, or “our”) collects, uses, processes, stores, and protects personal data when users access or use the website biletes.okoncerts.lv, purchase tickets, register for events, or otherwise interact with our services.

The Company is committed to protecting personal data and ensuring that it is processed in accordance with applicable data protection laws, including:

• General Data Protection Regulation (EU) 2016/679 (GDPR)
• Latvian Personal Data Processing Law
• Applicable electronic communications and consumer protection legislation

This Privacy Policy applies to all users of the website, including customers, event attendees, and newsletter subscribers.

2. Data Controller

The entity responsible for processing personal data under this Privacy Policy is:

For any inquiries related to personal data processing or data protection rights, users may contact the Company via the email address above.

3. Scope of This Policy

This Privacy Policy applies to personal data collected through:

• the website biletes.okoncerts.lv
• ticket purchase and booking systems
• customer support communications
• marketing and newsletter subscriptions
• cookies and analytics technologies
• event participation and registration

It does not apply to third-party services that operate under separate privacy policies.

4. Categories of Personal Data Collected

We may collect and process the following categories of personal data.

4.1 Identity and Contact Data

Information provided directly by the user, including:

• Name and surname
• Email address
• Telephone number
• Communication preferences

4.2 Transaction and Purchase Data

Information related to ticket purchases and event participation:

• Order number and ticket details
• Event name and seat selection (if applicable)
• Payment confirmation information
• Transaction timestamps

Payment card information is not stored by the Company and is processed exclusively by certified payment providers.

4.3 Communication Data

Information contained in:

• Customer service inquiries
• Email communication
• Feedback or support requests

4.4 Technical and Usage Data

When accessing the website, certain technical information may be automatically collected:

• IP address
• Device type and operating system
• Browser type and version
• Session data and browsing behavior
• Referring pages and interaction metrics

This data helps us maintain the security, performance, and reliability of the platform.

4.5 Marketing and Subscription Data

If users subscribe to newsletters or marketing communications, we may process:

• Email address
• Subscription preferences
• Campaign engagement metrics (such as email open or click statistics)

Users may unsubscribe from marketing communications at any time.

5. Purposes of Processing

Personal data may be processed for the following purposes:

Service Provision

• Processing ticket purchases
• Generating and delivering electronic tickets
• Administering event registrations

Customer Support

• Responding to inquiries
• Managing ticket-related issues or requests

Platform Operation

• Maintaining website functionality
• Ensuring security and fraud prevention

Marketing and Communication

• Informing users about upcoming concerts and events
• Sending newsletters and promotional offers (with consent where required)

Analytics and Improvement

• Analyzing website performance
• Improving user experience and services

6. Legal Basis for Processing

Personal data is processed in accordance with Article 6 of the GDPR, based on the following lawful grounds:

• Performance of a contract (Art. 6(1)(b)) \u2014 for ticket purchases and event participation
• Legitimate interest (Art. 6(1)(f)) \u2014 for customer service, fraud prevention, platform security, and service improvement
• Consent (Art. 6(1)(a)) \u2014 for newsletters, promotional communications, and certain cookies where required
• Legal obligation (Art. 6(1)(c)) \u2014 for accounting, tax, and other statutory compliance requirements

Where processing is based on consent, users may withdraw consent at any time.

7. Data Sharing and Processors

The Company may share personal data with trusted service providers acting as data processors, strictly for the purposes described in this Privacy Policy. These may include:

• Payment processing providers
• Cloud hosting and infrastructure providers
• Email delivery services
• Analytics providers
• Ticket distribution systems

All processors are required to comply with GDPR and operate under Data Processing Agreements (DPA) ensuring confidentiality, security, and lawful processing.

The Company does not sell or rent personal data to third parties.

8. International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA), appropriate safeguards are implemented in accordance with GDPR requirements. These safeguards may include:

• Standard Contractual Clauses (SCC) approved by the European Commission
• Adequacy decisions
• Contractual, organizational, and technical security measures

Such transfers occur only where necessary for service delivery or operational continuity.

9. Data Retention

Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected. Typical retention periods include:

• Transaction and accounting data: up to 5 years or longer where required by applicable law
• Customer communications: up to 2 years
• Newsletter subscription data: until consent is withdrawn or the user unsubscribes
• Analytics data: limited retention depending on the provider and configuration used

After expiration of applicable retention periods, data is securely deleted or anonymized.

10. Cookies and Tracking Technologies

The website uses cookies and similar technologies to provide core functionality, improve user experience, and support analytics. Cookie categories may include:

• Essential Cookies \u2014 required for website operation and ticket purchasing
• Functional Cookies \u2014 remember user preferences and improve usability
• Analytics Cookies \u2014 measure traffic and user behavior
• Marketing Cookies \u2014 support campaign measurement and communication features

Users may control cookie preferences through browser settings or consent tools made available on the website, where applicable. Disabling cookies may affect certain website functionality.

11. Security Measures

The Company implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk. Security practices may include:

• Encrypted HTTPS communication
• Access control and authentication procedures
• Restricted administrative access
• Secure server infrastructure
• Logging, monitoring, and incident response procedures
• Internal confidentiality and access limitation measures

Access to personal data is limited to authorized personnel and service providers with a legitimate operational need.

12. Data Subject Rights

Under GDPR, individuals have the following rights regarding their personal data:

• Right of access (Art. 15)
• Right to rectification (Art. 16)
• Right to erasure \u2014 “right to be forgotten” (Art. 17)
• Right to restriction of processing (Art. 18)
• Right to data portability (Art. 20)
• Right to object to processing (Art. 21)
• Right to withdraw consent where processing is based on consent

Requests may be submitted via email to info@okoncerts.lv. We may request reasonable identity verification before fulfilling such requests.

13. Complaints

If a user believes that personal data has been processed unlawfully, they have the right to lodge a complaint with the competent supervisory authority. In Latvia, this authority is the Data State Inspectorate (Datu valsts inspekcija).

However, we encourage users to contact us first so that we may address any concerns promptly and professionally.

14. Third-Party Links

Our website may contain links to third-party websites or services. These services operate independently and have their own privacy policies. The Company is not responsible for the privacy practices, content, or security of such third-party services.

15. Policy Updates

The Company reserves the right to update this Privacy Policy at any time in order to reflect changes in legal requirements, technology, service providers, or operational practices. The latest version will always be available on the website together with the updated revision date.

16. Contact Information

For questions regarding this Privacy Policy or personal data processing, please contact: