Print

Privacy

PRIVACY POLICY ON PERSONAL DATA PROCESSING according to article 13 of EU Regulation 2016/679, General Data Protection Regulation (“GDPR”) and to Italian Legislative Decree no. 196/2003, Italian Data Protection Code ("Privacy Code") 

Version – April 2026

1. Scope, processor and definitions

1.1. Scope of application of this Privacy Policy
Dear Customer, this policy is provided for the website "www.ticketone.it" owned and operated by the company TicketOne S.p.A., having registered office in Milan, Via Fabio Filzi n. 29 (hereinafter, "TicketOne", “Controller” or the "Company"), as Data Controller, and not also for other third-party websites that may be consulted by users through link.
This policy also applies in relation to the processing of personal data through the following websites owned and/or operationally managed by TicketOne: shop.ticketone.it, www.fansale.it, sport.ticketone.it, www.tosc.it as well as the Company's "TicketOne" applications.
This policy also applies in case of access to TicketOne's e-commerce platform through our partner sites, so called Partnershop.
The website www.ticketone.it and other websites corresponding to the domain names indicated above, as subsequently modified or supplemented, as well as mobile applications will hereinafter be individually referred to as the “Site”. Any future additions or changes to this list will be duly brought to your attention.
Other websites are not covered by this privacy notice and provide their own specific data protection information.
The present policy is provided according to the art. 13 of the GDPR.
The information is intended for all individuals who interact with the web pages of the Site, both those who use the Site without making any registration, and those who, upon completion of the appropriate procedure, register with the Site and use the online services provided through it.
We inform you that, in cases where you access the Site (by registering, or without registering with a special customer account or with special registration for other services offered by the Site) to obtain information about our products and take advantage of the services offered by the Site, we will process your data for the purposes and in the manner detailed in this notice.
In addition, your data may be processed by the writer as part of marketing measures on third-party sites and social networks, for purposes that will be stated below and on the legal bases that will be listed below.
Please note that the Site does not contain information or features or services directly intended for users under the age of 16. Minors should not give any information or personal data without the consent of those exercising parental responsibility over them.
TicketOne therefore invites all users who are under 16 years of age not to disclose their personal information under any circumstances without the prior permission of a parent or the exerciser of parental responsibility.
Please refer to Chapter 9 for the definition of terms used in this Policy.

1.2. Data Controller and Data Protection Officer
Unless otherwise indicated in this policy, the data controller of your personal data is TicketOne S.p.A. having registered office in Via Fabio Filzi, n. 29 - 20124 - Milan, Italy, e-mail: privacy@ticketone.it.
We inform you that the Company has appointed its own Data Protection Officer ('DPO') who can be contacted for matters related to the processing of personal data at the above address or by e-mail at: dpo@ticketone.it.

2. Processing carried out for purposes of ensuring operation and information security

2.1. Processing by means of cookies
When you use the Site, cookies are stored on your device.
Cookies are small text files that are assigned and stored on your device by the browser you use and allow certain information to flow to the party setting the cookie. These also contain personal data, which allows us to make the Site easier to use and more effective.
Please note that cookies cannot transmit viruses to your device.
For the use of cookies on the Site, please review the Cookie Policy specifically provided at the Cookie Policy link at www.ticketone.it.
If you consent to the use of some or all cookies on your computer, a corresponding consent ID is generated and stored. You will be able to change your expressed preferences at any time by accessing the "Cookie Preference Center," located at the bottom left of each page of the Site and accessible by clicking on the cookie-shaped button.
2.2. Processing for protection and safety
We process your personal data where the processing activity is technically necessary to make the Site available for your use, as well as to ensure its stability and security during your visit. For this purpose, the processing includes the following data:

• IP address
• Browser Fingerprints
• Browser User Agents
• Cookies

For threat identification and defense (defense against bots and DDoS attacks) and for the delivery and acceleration of online applications, we use the services of Akamai Technologies (GmbH, Parkring 20-22, 85748 Garchin, Germany) on the Site. Akamai specifically processes the IP address of your device and uses this information on behalf of TicketOne to prevent technical threats and to ensure high availability of our Site. The IP address is usually transferred to Akamai's servers in the USA and processed there. This data transfer is based on standard contractual clauses adopted by the European Commission and this ensures adequate protection of your personal data in accordance with article 46 of the GDPR.
On our Site, we also use Google reCaptcha v2, which is the service offered by Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) that serves to prevent abusive automatic entries in web forms and thus protect the host's technical systems.
When you visit our Site pages where reCaptcha is integrated, a connection is established with Google's servers and a reCaptcha cookie is set. In addition, your IP address is transmitted to Google.
Google reCaptcha also collects the following data by "fingerprinting":

• browser plugins used
• cookies set by Google in the past 6 months
• number of mouse clicks and touches you have made on the screen
• CSS information for the page you are viewing at any given time
• Javascript objects
• date and language of the browser

In this case, the collection and analysis of the data has as its legal basis article 6 par. 1 lit. c) and f) of the GDPR.
Indeed, the website operator has a legitimate interest in protecting its web offerings from abusive automated snooping and spam, but in any case, in order to comply with its obligations under the Italian legislation on secondary ticketing (see Point 2.C of this notice), TicketOne is obliged to put in place all necessary measures to prevent the massive purchase of tickets by so-called bots.
Please note that to the extent that personal data is transmitted to Google in the U.S., this is done on the basis of EU standard contractual clauses, which ensure adequate protection of your personal data under article 46 of the GDPR.
You may refuse the use of cookies and fingerprinting by selecting the appropriate setting on your browser, however, please note that if you do so you may not be able to use the full functionality of the Site.
To improve the attractiveness, content and functionality of the Site we may use Google Optimize. This may allow us to make new features and content available to a percentage of our users, statistically evaluate changes in Site usage, and, as a result, to regularly improve our offerings.
Cookies linked to a pseudonymous ID may be used to perform these activities. Subject to your consent as defined in article 6 par. 1 lit. a) of the GDPR, Google may use this information to evaluate your use of the Site and to create reports on optimization testing and activities associated with the Site.
Google's privacy policy and terms of use are available at the following link: https://www.google.com/policies/privacy/ and here: https://policies.google.com/terms
If you wish to object to the processing of data for these purposes, please change your preferences in the Cookie Preference Center.

3. Processing carried out for commercial purposes

3.1. Data processing for marketing and profiling purposes
Please note that, subject to your consent, TicketOne may process the personal data you provide in order to send you advertising material and discounts regarding its own or third parties' products and/or services (marketing purpose) via the following contact channels e-mail, SMS, Push notification or other automated systems, and by mail.
In addition, the personal data you provide when you purchase on the Website may be processed by TicketOne, subject to your consent, for profiling purposes, i.e. for the analysis of your consumption choices through the detection of the type and frequency of the purchases you make, in order to send you advertising material from TicketOne or third parties of your specific interest (profiling purpose).
With reference to the processing of your data for marketing and profiling purposes, we would like to point out that the provision of your data is merely optional, and its processing is based on your consent, which is optional and revocable at any time. Failure to provide it will not have any consequence on the possibility of registering on the Site and taking advantage of the services provided by TicketOne through the Site, including the possibility of making purchases on the same, and will only imply the consequences described below:
- If you don’t give your consent to the processing of your data for marketing purposes, it wil be impossibile for you to receive advertising material relating to products and/or services of TicketOne and/or third parties;
- If you don’t give your consent to the processing of your personal data for profiling purposes it will be impossibile for TicketOne to process your commercial profile, through the detection of your choices and purchasing habits on the Website (also in order to ensure greater satisfaction of customer needs and the continuous improvement of the services offered), as well as to send you advertising material, relating to products and/or services of TicketOne and/or third parties, of your specific interest.
You may, in any case, revoke your consent, possibly given for marketing and profiling purposes, at any time, through the "Personal Data" area of the "My TicketOne" section of the Site or through the "Privacy Preferences" box made available to you during the purchase process.
It is understood that any subsequent revocation of consent will not affect the lawfulness of the data processing carried out in the period prior to such revocation.

3.2. Data processing for analytical purposes
Please note that we may analyse and document how you use the Site.
In particular, we may analyse the number of visitors to the Site, your browsing behaviour on the Site, which events and areas of the Site you are interested in, where visitors to the Site come from, and, if you purchase a ticket from us, your order and shopping cart data. For this purpose, we process the following personal data:

• IP address (abbreviated)
• Cookies
• E-mail address (hashed)

Hashing uses a function whereby your e-mail address is pseudonymized in a non-reversible manner.
In this case, we process the aforementioned data on the basis of your consent as defined in article 6 par. 1 lett. a) of the GDPR. If you wish to object to the processing of data for analytical purposes, please change your preferences in the Cookie Preference Center.
In order to be able to perform this processing we use Google Analytics 360 (GA360), which are web analytics services of Google LLC ("Google"). GA360 uses cookies that allow us to perform analysis about the use of the Site.
The information generated by the cookie may regarding the use of our websites is generally transferred via a server operated by our parent company, Cts Eventim in Europe to Google Analytics 360 in the United States and stored there. The data transfer is carried out in accordance with the standard contractual clauses for the European Union.
For more information you can visit the following link:
https://business.safety.google/adsprocessorterms/sccs/p2p-intra-group/
The IP address is reduced, and thus anonymised, by CTS Eventim before being transferred to the Google Analytics 360 server.
On the behalf of TicketOne, Google will process this information to evaluate your use of the Site, to compile reports on Site activity, and to provide TicketOne with additional services related to Site and Internet usage.
The IP address transmitted by your browser as part of GA360 is not merged with other Google data. You may refuse to use such cookies by selecting the appropriate setting on your browser.
If you do so, however, we warn you that some functionalities of the Site may not be available.
Further information on terms of use and data protection can be found at the following links:

• https://policies.google.com/terms?hl=it&gl=it
• https://policies.google.com/privacy?hl=it&gl=it

At the following link, however, you can find an explanation of Google's use of third-party data: https://policies.google.com/technologies/partner-sites?hl=it
Please note that, in connection with the use of GA360, in the event that your personal data is transferred to the United States, this data transfer is based on the EU standard contractual clauses which guarantee adequate protection of your personal data in accordance with article 46 of the GDPR.
We use the product analytics tool Mixpanel to analyse and improve the use of our websites. Mixpanel Inc. supports us in better understanding user behaviour, replaying pseudonymised sessions, conducting A/B tests and feature experiments, connecting data with our internal systems, and analysing key figures in relation to business performance.
The following information is processed using cookies and similar technologies:

• Technical data about your device and browser
• Usage interaction with the website and app (e.g., clicks, navigation, feature usage)
• Session flows and derived statistics
• Pseudonymised identifiers (e.g., hashed email address)

The processing is carried out exclusively on the basis of consent within the meaning of Art. 6 Para 1 Sentence 1 lit. a) GDPR.
As Mixpanel is based in the USA, data is transferred there.
An adequate level of protection is ensured by the partner’s certification under the EU-US Data Privacy Framework and additional technical and organisational measures. Further information can be found here: https://mixpanel.com/legal/privacy-policy/
If you wish to object to the processing of data for this purpose, please change your preferences in the Cookie Preference Center.

3.3. Data processing for purposes of individual recommendations on the Site (product recommendations)
When you visit the Site, we may analyse your usage behaviour in order to show individual recommendations based on this data. For this purpose, the processing involves the following data:
- IP address (abbreviated)
- Order and shopping cart data
- Favorites
- Cookies.
In this case we process the data on the basis of your consent under article 6 par.1 lit. a) GDPR. If you wish to object to the processing of data for this purpose, please change your preferences in the Cookie Preference Center.

3.4. Data processing for advertising and re-targeting purposes on third-party websites and social networks
When you visit the Site, we may process your personal data for remarketing and display advertising activities.
As part of display advertising, we may carry out marketing campaigns using tags (pixels) and cookies from our re-targeting providers. When you visit the Site, tags and cookies are set and associated with the products you have viewed or purchased. This allows you to view personalized and identified product offerings based on your preferences.
In addition, we may show you banner ads to Facebook users who have a similar profile to our current customers and visitors to the Site. For this purpose, we may process the following data:

• The type of web page called up
• The number of the displayed product
• In the case of a ticket purchase: the number of the product ordered, sales value and order number, as well as preferences and cookie ID

For this purpose, we process your personal data on the basis of your consent under article 6, par. 1, lit. a) of the GDPR.
If you do not want your data to be processed for these re-targeting activities, we encourage you to change your preferences in the Cookie Preference Center.
In connection with the use of Google and Facebook tags and cookies, your personal data is transferred to the United States. This data transfer is based on EU standard contractual clauses and this ensures adequate protection of your personal data, in accordance with article 46 of the GDPR.
For further details on data processing by re-targeting providers, please see the corresponding data protection information:

• Google's Privacy Policy: https://policies.google.com/privacy?hl=it

• Explanation of Google's use of third-party data: https://policies.google.com/technologies/partner-sites

• Facebook's Privacy Policy: https://www.facebook.com/privacy/explanation

If you have purchased a ticket from TicketOne, visited any page on the TicketOne website or added a product to the shopping cart, a cookie from Google Ads is set on the Site. If after performing one of the aforementioned actions you enter matching search terms on Internet search engines, through the help of this cookie you may be able to display individual suggestions for TicketOne products and services based on your purchase (search engine marketing) in the search results.
In this process we process your data on the basis of your consent in accordance with article 6, Par. 1, lit. a) of the GDPR.
If you wish to object to the processing of your data by Google Ads, please change your preferences in the Cookie Preference Center.
Please note that in connection with your use of Google Ads, your personal data is transferred to the United States. This data transfer is based on EU standard contractual clauses, and this ensures adequate protection of your personal data in accordance with article 46 of the GDPR.
For further details on how Google Ads processes your data, please see the corresponding data protection information:

• Google Ads Privacy Policy: https://policies.google.com/privacy?gl=GB&hl=it

• Explanation of Google's use of third-party data: https://policies.google.com/technologies/partner-sites

In addition, we inform you that we place advertisements, (so-called social media ads) on the social networks Facebook, Instagram and TikTok. If you have an account on these social networks and have agreed to see ads in your account setting, you may see ads related to our products and services. These ads are shown based on your interests (e.g., "likes" clicked on artists' pages) stored in your public Facebook, Instagram or TikTok profile.
As a result, the advertising shown is personalized based on your interests.
For this purpose, we inform you that we process data from your public social profile.
In particular, in order to measure the effectiveness of the campaigns carried out, we process the following data on the basis of your consent in accordance with art. 6 par.1 lit. a) GDPR:

• your IP address
• your cookie ID
• your page and feed activity
• your internet speed
• your shopping activities and social connections

In order to be able to perform the aforementioned activity, your data is transferred to the United States and, consequently, processed outside the EU/EEA space. This data transfer is based on EU standard contractual clauses and this ensures adequate protection of your personal data in accordance with article 46 of the GDPR.
For further details on this type of data processing, we invite you to take a look at the privacy policies of the social networks Facebook, Instagram and TikTok:

• Facebook: https://www.facebook.com/privacy/explanation
• Instagram: https://help.instagram.com/155833707900388
• TikTok: https://www.tiktok.com/legal/page/eea/privacy-policy/it

3.5. Data processing for use of third-party external multimedia content
This category includes cookies and other similar technologies used to offer you multimedia content delivered by third-party vendors, event venue location as well as videos and images related to the artist or event.
To provide these services to you, we use third-party embedded content on our websites.
If you consent to the use of these cookies your personal information will be processed by third-party vendors (some based in the United States). Please see the Cookie Policy for more information.
The legal basis for processing is consent in accordance with art. 6 par. 1 lett. a) of the GDPR
Below are the main providers of the services described above and how they process your data:

• Google Maps (API), a service of Google Ireland Ltd.

Google Maps/Google Earth Additional Terms of Service:
https://maps.google.com/help/terms_maps.html
Google Privacy Policy: https://www.google.com/policies/privacy/

• YouTube (API), a service of YouTube LLC

YouTube Terms of Service: https://www.youtube.com/t/terms?hl=de
Google Privacy Policy: https://www.google.com/policies/privacy/

• Apple Music (API), a service of Apple Inc.

Apple Privacy Policy: https://www.apple.com/legal/privacy/en-ww/

3.6. Communication regarding " Shopping Cart Canceller"
If you have started a purchase process on the Site but have not completed it, only entering some items in the cart without completing the order, we will send you a reminder via App Push Notification or via e-mail to the e-mail address indicated in your customer account related to the purchase process you initiated.
Please note that you will then be able, from this communication, to access the Site directly to complete your purchase.
We collect and store your personal data in order to identify unfinished shopping carts. For this activity, the collection of your personal data is based on consent (art. 6 par. 1 lit. a) del GDPR).

3.7. Fan Report
After attending an event, you may post reviews on the Site in order to let us or other visitors to the Site know whether you enjoyed the event. In order to increase our reach through marketing measures and in order to inform other customers about your experiences related to the event, we will process your data in accordance with art. 6 par. 1 lit. f) of the GDPR, based on in our legitimate interest in carrying out these activities.

3.8. Surveys
In order to continually improve our products and services and adapt them to your needs, we may invite you to participate in surveys by contacting you at the e-mail address you provided during the process of purchasing Ticket.
With regard to surveys intended to improve products and services of TicketOne, the legal basis for processing is our legitimate interest in carrying out such activities under article 6 par. 1 lit. f) of the GDPR.
If information collected in the surveys are intended to be used for the purpose of offering you marketing communications related to services and products of TicketOne or third parties or processed on the basis of your preferences, we will process your data on the basis of your consent pursuant to art. 6 par. 1 lit. a) of the GDPR.

3.9. Informational e-mails, newsletters and APP notifications
If you have purchased a ticket from us, we may send you service communications through informational emails to inform you about, for example, directions to the event venue, parking and organizer specifications (such as the size of the bag you can bring to the event), and other service information related to the event.
In this case, we process your personal data for the purpose of contract performance on the basis of article 6 par. 1 lit. b) of the GDPR.
If you wish to be informed about major upcoming events, access exclusive pre-sales, or access special promotions and discounts, you may subscribe to the Newsletter Service, even without necessarily registering with the Site. Please note that for users not registered with the Site, the request to activate the Newsletter Service is not equivalent to registration with the Site. If you wish to be informed, about the main appointments of the desired artists/events, you can also register for our Ticket Alert Service.
Please note that for users who are not registered with the Site, the request for activation of the Ticket Alert Service is not equivalent to registration with the Site.
Please note that through the Newsletter we may also provide you with information about products and services in a personalized manner, subject to your consent to profiling activities.
If you have created a customer account and have given consent, we will send you information about artists, venues and events that you have marked as your favorites.
In all these cases, we process your personal data exclusively on the basis of your consent as defined in art. 6 par. 1 lit. a) of the GDPR and article 130 Privacy Code (Legislative Decree No 196 of June 30, 2023).
From the moment you subscribe to our Newsletter and/or Ticket Alert service, we analyze and document whether you open the Newsletter and/or Ticket Alert and how you use them. In this case, we process your personal data on the basis of the consent that you provide to us in accordance with article 6 par. 1 lit. a) of the GDPR in order to structure the Newsletter/Ticket Alert service according to your needs and to improve the offering of our marketing campaigns.
In the event that you have also downloaded the TicketOne App and subject to your consent to the sending of notifications, we may send you Newsletters, Ticket Alerts and Service information not only via e-mail but also via Push Notifications on the mobile device where the App is installed and/or via other automated systems, subject to your consent to receive push notifications on your mobile device.

3.10 Soft spamming
We would like to inform you that we may use, for the purpose of direct sales of ticketing services through the Site, the e-mail coordinates provided by you in the context of a purchase on the Site, on the basis of article 130, fourth paragraph of the Privacy Code, provided that it is for a service similar to those covered by the previous sale (so-called soft spamming). You may, however, refuse this processing at any time by notifying TicketOne of your objection in the manner indicated in Section 7 of this notice. In this case, the processing is based on the legitimate interest of TicketOne, in order to allow us to make a direct offer to you of products or services similar to those that were the subject of your previous purchase, limited to the e-mail addresses you provided during the purchase process.
Also with reference to soft spamming, we remind you that you can object to the processing of data about you by sending an e-mail to the following address: privacy@ticketone.it.

3.11 Contests
In the case of participation in contests or sweepstakes we process your personal data on the basis of the consent you provide or the execution of the contract in accordance with Article 6, par. 1, litt. a) and b) of the GDPR.

3.12 Processing carried out for commercial purposes
Once you have completed your order for the event you have selected, we offer you the opportunity to purchase discount vouchers and/or special offers from Sovendus GmbH, a partner with whom we collaborate. Below you will find a detailed description of how your data will be processed.
For the selection of a voucher offer, the hash value of your email address and your IP address are transmitted in a pseudonymized and encrypted form to Sovendus GmbH, c/o Design Offices Karlsruhe Bahnhofplatz, Bahnhofplatz 12, 76137 Karlsruhe (Sovendus) (Art. 6 (1) f GDPR).
The pseudonymized hash value of the email address is used to take into account any existing objection to advertising from Sovendus (Art. 21 (3), Art. 6 (1) c GDPR). The IP address is used by Sovendus solely for data security purposes and is generally anonymized after seven days (Art. 6 (1) f GDPR).
If you are interested in a Sovendus voucher offer and you have not objected to advertising in accordance with the procedures set out in the Sovendus privacy policy, by clicking on the voucher banner displayed, we will transmit - only in this case - your title, first and last name, postal code, country, and email address in encrypted form to Sovendus for the preparation of the voucher (Art. 6 (1) b, f GDPR).
For the selection of a benefit offer, we transmit in a pseudonymized and encrypted form your title, year of birth, country, postal code, the hash value of your email address, and your IP address to Sovendus GmbH, c/o Design Offices Karlsruhe Bahnhofplatz, Bahnhofplatz 12, 76137 Karlsruhe (Sovendus) (Art. 6 (1) f GDPR). The pseudonymized hash value of the email address is also used to take into account any existing objection to advertising from Sovendus (Art. 21 (3), Art. 6 (1) c GDPR). The IP address is used by Sovendus solely for data security purposes and is generally anonymized after seven days (Art. 6 (1) f GDPR). Insofar as required for the respective benefit offer, when you click on the benefit offer, your first and last name, address details, email address are transmitted in encrypted form to Sovendus for the preparation of the request of the benefit offer with the product provider (Art. 6 (1) b, f GDPR).
Sovendus processes data as an independent data controller. For further information on the processing of your data by Sovendus, please refer to the online data privacy notice at https://online.sovendus.com/it/privacy-policy/

4. Processing carried out for operational purposes

4.1. Registration and creation of customer account on the Site, subscription to Ticket Alert service and newsletter
When you visit the Site, you may also register, thereby creating a customer account, through which you can purchase tickets, inquire about events and leisure activities. You can also create lists of your favorite artists, venues and events, bookmark them and receive information about them. On some of our sites, you may also sign up for the Ticket Alert Service or Newsletter or, also, Ticket Sales Registration in order to receive information about events and your favorite artists and take advantage of many other related benefits. Please be advised that in the event that you activate the Ticket Alert service for an artist, that artist will be designated among the preferred subjects.
Registration and use of your customer account require that you provide to TicketOne your personal information, some of which are mandatory (i.e., those marked in the input mask).
Indeed, it is necessary to enter an e-mail address and complete registration by setting a password or entering a One Time Password (OTP) validation disposable code, which is transmitted to the user at the e-mail address used for registration. In any case, it will always be possible to set a password after registration. 
In order to complete the registration, the user must fill out the appropriate form, entering his personal data in the same required.

When registering on the Site, the user may choose, by checking the appropriate box, to verify their phone number using the One-Time Password (OTP) verification code sent to them via SMS. In this regard, it should be noted that phone number verification is required by Law No. 145 of December 30, 2018, amending Article 1, paragraph 545 et seq. of Law 232/2016 (Budget Law2017), which requires that users purchasing tickets through online channels on official ticketing websites be identified via OTP validation. If the user chooses not to validate their phone number during registration on the Site, they must do so during the processing of their first purchase order. In order to prevent the account from being compromised by third parties, it is strongly recommended not to use passwords already used for other accounts.

So, we process your personal data to:

• allow you to create, use your customer account and purchase tickets
• verify you in case of any changes in your personal data in your customer account
• send you communications regarding events for which you have purchased tickets.

For this purpose, the processing is carried out on the basis of article 6 par. 1 lit. b) e f) of the GDPR, in accordance with our legitimate interest as well as for the purpose of executing the ticket purchase contract.

4.2. Purchasing tickets through TicketOne channels
When you purchase a ticket on the Site, at our authorized points of sale or through call-center, we process the personal data that you provide to us at the time of purchase.
In this case, the data is processed for the purpose of executing the ticket purchase contract in accordance with article 6 par. 1 lit. b) GDPR.
If you purchase a ticket for a third person, we process the personal data of the third person (name and, if applicable, contact data) you provide for the purpose of personalizing the ticket and, if applicable, sending the ticket to the third person. This data is also processed for the purpose of executing the purchase contract on the basis of article 6 par. 1 lett. b) of the GDPR.
If you purchase a ticket for a sporting event held abroad, we may also process data related to the trip (i.e. departure and arrival cities, means of transportation, overnight stay, etc.) as required by the Promoter and the Competent Authority for security reasons.
In this case, the data processing is carried out to fulfill the legal obligation to which the data controller is subject, based on Art. 6 par. 1, lit. c).
If you provide us with the data of a third party when purchasing a ticket, please ensure that the third party is sufficiently informed by you about the data processing carried out by TicketOne and that you are authorized to provide us with such data.
Please note that some events are subject to named ticketing, which, where applicable, makes it mandatory to issue named tickets to comply with the following regulatory provisions:
- Law against secondary ticketing: art. 1 c. 1100 Law No. 145 of December 30, 2018;
- Ministerial Decree of June 6, 2005 on "Procedures for the issuance, distribution and sale of tickets for access to sports facilities with a capacity of more than ten thousand, on the occasion of sports competitions concerning the game of soccer"
In case of events subject to nominativeness, we process your personal data (first name last name, and, in cases of nominativeness provided for under the Ministerial Decree of June 6, 2005, also place and date of birth) in order to comply with a legal obligation pursuant to article 6 par. 1 lit. c) of the GDPR.
When you buy merchandise on our websites, you may be redirected to a virtual queue in situations with particularly high visitor numbers. This is to ensure that we do not overload our websites. In order to determine your place in the queue and to enable you to buy merchandise at the right time, your IP address and possibly browser data (e.g. user agent) are processed by Queue-it ApS. This processing is based on our legitimate interest in providing our websites securely and efficiently, on the basis of art. 6 par. 1 lit. f) GDPR.
TicketOne reserves the right to refuse or cancel orders that come from (i) a user with whom it has an ongoing legal dispute; (ii) a user who violates or has previously violated these GTC and/or the conditions and/or terms of the Contract; (iii) a user who has been involved in fraud of any kind and, in particular, fraud relating to credit card payments; (iv) by users who have provided false, invented, fictitious, incomplete or in any case inaccurate identification data and/or in any way not corresponding to the truth or referring to third parties, or who have failed to promptly send TicketOne the documents requested by TicketOne as part of the procedure referred to in Articles 11.1.2 and 11.1.3 of T&C, or who have sent invalid documents; (v) by users who have purchased a plurality of Tickets or have the same name on more than one Ticket; (vi) by a user who has violated the prohibition set forth in Article 5.2 of T&C. In all these cases, we process your personal data on the basis of our legitimate interest, pursuant to Art. 6, par. 1, lit. f) of the GDPR.
If you choose to receive your tickets by shipment, we will use the Loqate service, provided by partner GB Group Plc, to verify the shipping address you provided in order to prevent any errors and ensure the tickets are delivered correctly.
For this reason, we process the IP address and the address details you provided. This processing is carried out for the purpose of performing the contract pursuant to Article 6(1)(b) of the GDPR.
Further information on data processing by Loqate is available in Loqate’s privacy policy: https://www.loqate.com/de/privacy/

4.2.1. Post-order activities for sports event tickets
After purchasing a ticket for a sporting event, you can take advantage of the following post-order activities: (i) media change; (ii) user change; (iii) ticket return; (iv) placeholder printing; (v) card authorization; (vi) ticket transfer. In all these cases, we process your personal data exclusively for the execution and processing of the contract on the basis of Art. 6 par. 1 lit. b) of the GDPR.

4.3. Payments
If you purchase a ticket through the Site and choose the "instalment purchase" payment method, Klarna (Klarna Bank AB (publ). Sveavägen 46, 111 34 Stockholm) uses its own tools in order to identify potential fraud.
In order to offer you Klarna's and Paypal's payment methods, during checkout we may transmit your personal contact information and details of your order to Klarna or Paypal (depending on the payment method you choose) as autonomous data controllers and for the purpose of the execution of the purchase contract on the basis of article 6 par 1 lit. b) of the GDPR, so that they can assess whether you are eligible to use your payment methods. Please note that in this case the transfer of your personal data is done in accordance with the Klarna and Paypal Privacy Policy:
-              Klarna Privacy Policy: https://www.klarna.com/it/privacy/
-              Paypal Privacy Policy: https://www.paypal.com/it/webapps/mpp/ua/privacy-full
In addition, we would like to point out to you that if you fail to fulfil your payment obligations, we will initiate a procedure for collection of the payment. For the execution of this procedure, we transfer your personal data to collection service providers who perform the procedure for us. In this case, we process your personal data for the execution and processing of the contract with you on the basis of article 6 par. 1 lit. b) of the GDPR and for our legitimate interest in enforcing our legal rights, including collection, on the basis of article par. 1 lit. f) of the GDPR.
Please note that for the purpose of the execution and management of the contract on the basis of art. 6 par. 1 lit. b) of the GDPR, we also process your data necessary for the 3D-Secure 2.0. procedure, which applies in case you make payments on the Site by credit card, in order to ensure the security of the same and to protect against the possible fraudulent use of credit card data.
It is a worldwide standard of card networks (eg. VISA, VISA ELECTRON, MASTERCARD, AMERICAN EXPRESS, JCB, DINERS, DISCOVER and POSTEPAY) that confirms that the person initiating a digital transaction is also authorized to use the respective payment card, i.e. it is intended to prevent the misuse of your credit card.
For more information on the procedure, see the Terms and Conditions of Purchase. Possibly, depending on the findings, the credit institution may require the cardholder to authenticate the payment transaction, e.g. by means of a transaction authentication number or via an App. This procedure was introduced by European Directive 2366/2015 (SPD2).
Likewise, in order to ensure the security of payments made on the Site and to prevent possible fraud, TicketOne reserves the right to ask you, by e-mail, to send, by the same means, a front/back copy of your ID card and in the event that the order holder is different from the card holder, of the latter's ID card. The document must be valid.
The request e-mail will specify the deadline by which the document must be received by TicketOne. This deadline will not, in any case, be more than 5 working days from the receipt of the request by the user.
For this purpose, we process your personal data in order to comply with a legal obligation under article 6 par. 1 lit. c) of the GDPR.

4.4. Purchasing a TicketOne Gift Voucher through the TicketOne website
When you purchase a TicketOne Gift Voucher on the TicketOne website we process the personal data that you provide us with at the time of purchase.
In this case, the data is processed for the purpose of the execution of the Gift Voucher purchase contract in accordance with article 6 par. 1 lit. b) GDPR.
If you provide us with the data of a third person when purchasing a Gift Voucher, please ensure that the third person is sufficiently informed by you about the data processing carried out by TicketOne and that you are authorized to provide the data.
This data is also processed for the purpose of the execution of the purchase contract on the basis of art. 6 para. 1 lit. b) of the GDPR.

4.5. Purchase and sale of tickets through FanSALE
As a private party, you may sell and purchase tickets and services offered by TicketOne through our authorized resale platform FanSALE (available at www.fanSALE.it).
At the time you are qualified as “purchaser” or “seller” of a ticket on the FanSALE platform, we process your personal data for the purpose of initiating, executing and concluding the contract in accordance with article 6 par. 1 lit. b) e c) of the GDPR.
If at the time of purchasing a ticket on FanSale you provide the delivery address of a third person, we process that person's contact data on the basis of art. 6 par. 1 lit. b) of the GDPR.
Again, please ensure that the third person is sufficiently informed by you about the data processing carried out by TicketOne and that you are authorized to provide the data.

4.6. Purchase of parking tickets via the Site
When you purchase products and/or services accessory to the event and/or venue and/or the artist, either along with the purchase of the tickets or at a later date, we process the personal data you provide us with at the time of purchase.
In this case, the data is processed for the purpose of executing the ticket purchase contract in accordance with article 6 par. 1 lit. b) e c) GDPR.

4.7. Purchasing of accessory products and/or services
We process your personal data when you purchase accessory products and/or services on our website. The processing is done for the purpose of contract performance on the basis of article 6 par. 1 lit. b) GDPR.
If you purchase accessory products and/or services for another person, we process the personal data of the third party provided for sending the merchandise to the third party. This data is processed for the purpose of contract performance on the basis of art. 6 par. 1 lit. b) GDPR.
If you provide the data of a third party at the time of purchase, please ensure that the third party is sufficiently informed about the data processing at TicketOne and that you are authorized to provide the third party's data.

4.8 Customer Service
If you have questions about events, ticket purchases, your customer account, or other products and services offered by TicketOne, if you wish to exercise your rights under this Data Protection Policy, or if you wish to file a complaint, you may contact us directly at the references you will find in Section 8 of this Policy.
Depending on the subject of your request, we may use your personal data stored in our systems and that you provided to us during other data processing activities (for example, data you provided when purchasing tickets) to answer your questions. In such a case, your data are processed for the purpose of the performance of the contract referred to in article 6 par. 1 lit. b) of the GDPR.
If is necessary to respond to your request, we can also collect data from external sources (e.g., in the case of a request to the shipping service provider as part of shipment monitoring or a request for investigation by the competent authorities).
Where the processing activity takes place in order to enable you to exercise your rights or to respond to requests from the Competent Authorities, your data is processed in order to comply with legal obligations under article 6 par. 1 lett. c) of the GDPR.
If you wish to inquire about our products and services or make a complaint, we will process your personal data the purpose of the performance of the contract referred to in art. 6 par. 1 lit. b) of the GDPR (i.e., responding to your request).

4.9. Reversal of order transactions and refund of orders
4.9.1 If necessary, we carry out the reversal of the transaction you made on the Site and in this case your data are processed for the purpose of the execution of the contract on the basis of art. 6 par. 1 lit. b) of the GDPR.
4.9.2 If you did not purchase your ticket from us personally, but received it as a gift from the purchaser, or is one of the individuals in the name of one of the tickets purchased and you intend to request a refund of your ticket due to the cancellation or postponement of the event, we process the data that you as a requester other than the purchaser provide to us informally or through our refund platform.
In such a case, we collect your personal data for the purpose of returning your ticket and refunding your order on the basis of the performance of the contract in accordance with art. 6 para. 1, lit. b) of the GDPR.
For the purposes of this section, your data may be shared with the categories of parties ("recipients") indicated in section 5.1.

4.10. Internal Audit, Compliance and Analysis
Please note that we implement industry compliance programs and measures, for example, to comply with the requirements of the Consumer Code and to identify and correct any possible misconduct. In such cases, we may process your data to comply with our legal obligations, based on article 6 par. 1 lit. c) of the GDPR.
In addition, for these purposes, we may process your personal data within the Eventim Group in Germany and abroad as part of internal group audits, in accordance with our legitimate interest in verifying the processes and efficiency of the group of companies, correcting possible misconduct and preventing fraud, and, if necessary, asserting and/or defending our rights, on the basis of art. 6 para. 1 lit. c) and f) of the GDPR.
We may conduct analyses of the data we process under Section 2 of this policy. Such analyses serve as a basis for making and modifying business decisions to improve our products and services and adapt them to the needs of our customers.
In such cases, because of our legitimate interest in improving our offerings, we process your personal data on the basis of article 6 par. 1 lit. f) of the GDPR.
We would like to inform you that the processing for the purpose of carrying out the aforementioned analyses does not contain any personal data, which means that such processing is carried out exclusively with anonymous and aggregated data and that through the same it is no longer possible to re-identify you or draw conclusions about your person.

4.11 Enforcement of Legal Claims
In the context of a legal dispute, we process your personal data to enforce and/or defend TicketOne's rights. In such cases, we process your personal data based on our legitimate interest on the basis of Article 6, par. 1, lit. f) of the GDPR.

4.12. Collection of outstanding debts
In case of outstanding receivables against you, a collection procedure is initiated. In such cases, we process your personal data for the purpose of contract enforcement pursuant to Art. 6, par. 1, lit. f) of the GDPR.

 

5. Provision of your data and consequences in case you don’t provide data
With the exception of data that is automatically collected to make navigation possible, some of the information requested on the Site may be marked as "mandatory" - for example, if marked with an asterisk (*) - as it is necessary to access the services offered by the Company through the Site. Failure to provide the data marked as "mandatory" will result in the inability of the Data Controller to provide the requested service. Failure, partial or inexact provision of data marked as "optional" will not preclude access to the services offered by the Site; however, it may affect the quality or manner of provision of the service offered or the functionality you intend to use.
In particular, the provision of data for the fulfillment of contractual obligations, for the fulfillment of legal obligations and with reference to the legitimate interest of TicketOne is mandatory.
Your personal data will be processed exclusively by authorized persons identified by the Data Controller pursuant to article 29 of the GDPR, in their capacity as data processors and/or system administrators.

5.1. Communication of data with third parties (recipients)
Your data may be communicated to the following categories of subjects ("recipients"), which will be better described later in this policy:
a) to all those subjects (including Public Authorities) who have access to personal data by virtue of regulatory or administrative measures;
b) to third-party companies whose services are offered or sold through the TicketOne Site (and, in particular, to companies or entities organizing concerts, shows, sporting or other events whose tickets are sold through the Site), for the performance of all services related to the admission and enjoyment of events;
c) to banking institutions and companies that manage national or international payment circuits through which online payments are made for products purchased through the Site, including, if necessary, for the reversal of transactions made by you on the Site;
d) to Eventim Group companies as part of an efficient work-sharing process when we provide, implement and manage our products and services;
e) to all those entities, public and/or private, natural and/or legal persons (Judicial Offices, Chambers of Commerce, Chambers and Offices of Labor, etc.), if the communication is necessary or functional to the proper fulfillment of contractual obligations undertaken, as well as obligations arising from the law.
The data concerning you will not be disseminated.
In addition to the foregoing, for the pursuit of the purposes described above, personal data may be made known to third parties operating on behalf of TicketOne, as data controllers, such as, but not limited to:
- to companies or third parties in charge of printing, enveloping, shipping and/or delivery services of tickets purchased through the Website;
- to couriers or shippers engaged for the delivery of products purchased through the Site;
- to companies, consultants or professionals that may be entrusted with the installation, maintenance, updating and, in general, the management of TicketOne's hardware and software or which the Company uses for the provision of its services;
- to companies or Internet providers in charge of sending documentation and/or informative material;
- to companies in charge of processing and/or sending advertising and informative material on behalf of our Company.
A named and updated list of the individuals appointed as data processors is available at TicketOne's headquarters.
The transfer of data to the event organizer is based on the agreements concluded by TicketOne with the event organizer pursuant to art. 6 par. 1 lett. b) of the GDPR.
Please note that we also have the right to make such a transfer if there is a suspicion that you have violated the general terms and conditions of the organizer, so that the organizer can take legal action or enforce its other legal rights against you. Such transfer is made on the basis of TicketOne's and/or the respective organizer's legitimate interests in enforcing its legal rights on the basis of article 6 par. 1 lit. f) of the GDPR.

5.2. Countries to which data are transferred
In any case, processed personal data will not be transferred to non-EU countries or outside the European Economic Area with the exception of processing carried out within the scope of the transfers stated in this policy and summarized here:

• Google: USA
• Meta Platforms (Facebook, Instagram): USA
• TikTok: USA, Malesia e Singapore
• Akamai: USA
• PayPal: USA

We inform you that for a whole range of services there is an issue about the transfer of data to countries that do not provide adequate level of security.
In cases where the transfer is unavoidable, this process will take place in compliance with Chapter V of the GDPR and the Data Privacy Framework by taking all precautions aimed at protecting the user's personal data.

6. Duration of processing activities
Please note that your personal data, processed for marketing and profiling purposes, will be kept for a defined period of time.
More specifically, we point out that:
- after 48 months, your personal data will no longer be processed for marketing purposes;
- after 24 months, your personal data will no longer be processed for profiling purposes.
All of the above is without prejudice to the fact that, should you again give your consent for one or both of these purposes, the data, including data relating to "order history," may again be used for the aforementioned profiling purposes.
Except as indicated above, the user's data for the remaining purposes inherent to the management of the contract, the fulfillment of legal obligations and/or the pursuit of the legitimate interest of protecting TicketOne's rights, will be processed and stored for the entire duration of the contractual relationship and, thereafter, for the maximum time provided for by the applicable legal provisions regarding the prescription of rights and/or forfeiture of action and, in general, for the exercise/defense of TicketOne's rights in disputes promoted by public authorities, public subjects/entities and private parties. In any case, such data will not be kept for more than 10 years after the cancellation of your account or your last purchase, barring any litigation.

7. Rights of data subjects
As a data subject, You have the following rights:

Right to access
You may ask whether or not your personal data are processed and, if so, receive access to that data and to specific information on the processing, such as information on the purposes, on the categories of personal data concerned, on the existence of other rights as set out below. You may also request copy of Your personal data.

Right to rectification
You have the right to have your data rectified in case of inaccuracy or incompleteness. Upon request, inaccurate personal data will be corrected and incomplete personal data will be completed.

Right to erasure
You have the right to have your data erased without undue delay, if
(i) such data are no longer necessary in relation to the initial purposes for which they were collected,
(ii) you withdraw Your consent, on which the processing was based (unless there is another legal ground on which the processing is based),
(iii) you object to the processing of your data (as indicated below) and there is no other legitimate and prevailing reason for processing or you object to the processing of your data for marketing purposes or for profiling purposes aimed at carrying out marketing activities,
(iv) your data are unlawfully processed,
(v) personal data of a minor under the age of 16 have been collected in relation to an offer of services addressed to the information society.
Please note that the right to erasure does not apply if the processing is necessary for, among other purposes:
- For the performance of a legal obligation;
- For the establishment, exercise or defence of legal claims.

Right to restriction of processing
You have the right to obtain the restriction of the processing of personal data, in case of:
- the accuracy of personal data was contested within the period of time necessary to the Controller (the Company) in order to verify the accuracy of such data;
- the processing is unlawful and You request restriction instead of erasure of processing;
- you need the personal data in order to assess, exercise or defend a right;
- you object to the processing, as indicated below, and wait for the assessment on the prevailing of the legitimate interests of the Controller.

Right to data portability
You have the right to request and receive personal data in a structured, commonly used and machine-readable format and to transmit the data to another Controller in case the processing is based on consent or relates to special categories of personal data processed on the basis of consent or the processing is based on the execution of a contract and it is carried out by automated means.
You also have the right to obtain direct transmission of data from one Controller to another, where technically feasible.
It remains the possibility of obtaining the erasure of data, as indicated above.

Right to object
You have the right to object at any time to the processing based on a legitimate interest of the Controller, unless the Controller can demonstrate legitimate and mandatory grounds for processing that prevail on the interests, rights and fundamental freedoms of the data subject or for the establishment, exercise or defense of a right in court.

Claim
In addition, you have the right to file a complaint with the Supervisory Authority.
The above rights may be exercised by a request addressed without formalities to the Data Controller. The request may be sent to the Data Protection Officer by letter or e-mail to the following addresses: Via Fabio Filzi n. 29 - Milan (Italy) e-mail: privacy@ticketone.it.

8. Contact
All instances and requests relating to the processing of personal data concerning you may be addressed to the Controller, at the following addresses:
- TicketOne S.p.A., via Fabio Filzi n. 29 - Milan (Italy);
- e-mail address: privacy@ticketone.it;
- through the Site, by accessing the following section: https://www.ticketone.it/help


9. Definizioni
This notice is based on the definitions set forth in article 4 of the European Data Protection Regulation (GDPR), the essential elements of which are listed below in order to facilitate the understanding of the text of the notice itself:
GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
Recipient: a natural or legal person, authority, institution or other body to whom personal data is disclosed, whether or not it is a third party. On the other hand, authorities which, in the context of a specific investigation mandate, may receive personal data under Union or Member State law, are not considered recipients; the processing of such data by these authorities is carried out in accordance with the applicable data protection directives depending on the purpose of the processing activity. Depending on the payment method chosen for the purchase of tickets, the recipients of your personal data may be the banks or postal service providers through which we send you the ticket by mail.
Personal data: information relating to an identified or identifiable natural person, i.e. the data subject. An identifiable natural person is one who can be identified directly or indirectly, in particular by the assignment of an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. Personal data can be, for example, name, contact data, user behavior or banking data.
Data controller: a natural or legal person, public authority, agency or other body which, alone or together with others, decides on the purposes and means of the processing of personal data. If the purposes and means of such processing are established by Union law or Member State law, the controller or the specific criteria for his or her appointment may be established in accordance with Union law or Member State law.
Processing of personal data means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transfer, dissemination or other making available, alignment or combination, restriction, erasure or destruction. Processing of personal data may be, for example, the collection and use of your order data for ticket sales.

This notice will be effective as of April 2026.

Finally, we would like to inform you that you can view the previous policy at the following link: www.ticketone.it/OldPrivacyStatement.