De Kunstfabriek Rotterdam
Privacy Policy
Version 1.0 · Effective from 2025 · Rotterdam, the Netherlands
De Kunstfabriek Rotterdam ('we', 'us', 'the venue') is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and what rights you have under the General Data Protection Regulation (GDPR) and applicable Dutch law.
De Kunstfabriek Rotterdam acts as the data controller for all personal data processed under this policy.
1. Who We Are
Organisation: De Kunstfabriek Rotterdam
Location: Rotterdam, the Netherlands
Role: Data Controller
Applicable law: EU General Data Protection Regulation (GDPR) / AVG
For any privacy-related questions or requests, please contact us via our official email address.
2. What Personal Data We Collect
2.1 Ticket Buyers (via Stager)
When you purchase a ticket for a De Kunstfabriek event through our ticketing platform (Stager), we collect:
Full name
Email address
Phone number
Transaction details (ticket type, date, quantity) — processed by Stager as payment processor
Payment card data is handled directly by Stager and their payment partners. De Kunstfabriek does not store or have access to full payment card details.
2.2 Private Hire & Marketing Clients
When you engage De Kunstfabriek for venue hire or marketing services, we collect:
Name and contact details of the booking contact
Company name and billing information
Project briefs, creative materials, and correspondence
Invoice and payment records
2.3 Artists & Performers
For artist and performer bookings, we collect:
Name and contact details (direct or via management/agency)
Bank account details for fee payment
Technical rider and performance requirements
2.4 Website & Marketing Visitors
When you interact with our website or social media content, we may collect data via the following tools:
Meta Pixel (Facebook/Instagram): tracks interactions with our social ads and website for campaign optimisation and audience targeting
Email marketing platform (e.g. Mailchimp): collects email address and engagement data (opens, clicks) for newsletter subscribers
Standard website analytics (e.g. visit count, page views, device type)
3. Why We Process Your Data & Legal Basis
Under the GDPR, we are required to have a lawful basis for processing personal data. The table below outlines our purposes and corresponding legal bases:
Ticket sales & event access
Purpose: To process your ticket purchase, send booking confirmations, and manage entry to events.
Legal basis: Performance of a contract (Article 6(1)(b) GDPR)
Event communication
Purpose: To notify you of event changes, cancellations, or important updates related to a ticket you have purchased.
Legal basis: Performance of a contract / Legitimate interest (Article 6(1)(b) and (f) GDPR)
Marketing & newsletter
Purpose: To send you updates about upcoming events, artist news, and promotions via email, and to serve you relevant ads on Meta platforms (Facebook/Instagram).
Legal basis: Consent (Article 6(1)(a) GDPR). You may withdraw your consent at any time.
Client & artist agreements
Purpose: To manage venue hire, marketing projects, and artist bookings including invoicing and payment.
Legal basis: Performance of a contract (Article 6(1)(b) GDPR)
Legal & financial compliance
Purpose: To comply with Dutch tax, accounting, and legal obligations (e.g. invoice retention).
Legal basis: Legal obligation (Article 6(1)(c) GDPR)
4. Third-Party Services & Data Sharing
De Kunstfabriek uses the following third-party platforms that may process your personal data:
Stager (ticketing)
Stager processes ticket purchase data as an independent data controller under their own privacy policy. We recommend reviewing Stager's privacy policy at stager.co.
Meta Platforms (Facebook/Instagram)
We use the Meta Pixel on our website and run paid campaigns via Meta Ads Manager. Meta may process data about your interactions with our content and ads. Meta acts as an independent data controller for this processing. You can manage your ad preferences via your Facebook or Instagram account settings.
Email marketing platform (Mailchimp or equivalent)
We use an email marketing platform to manage our mailing list and send newsletters. Your email address and engagement data (opens, clicks) are stored on their servers. You can unsubscribe at any time via the link in any email we send you.
We do not sell your personal data to third parties. We do not share your personal data with other third parties except where required by law or with your explicit consent.
5. How Long We Keep Your Data
Ticket buyer data: retained for 2 years after the event date, then deleted
Client and artist financial records (invoices, contracts): retained for 7 years in accordance with Dutch tax law (Belastingdienst requirements)
Marketing email list: retained until you unsubscribe or withdraw consent
Project correspondence and creative files: retained for the duration of the project plus 1 year
After the relevant retention period, data is securely deleted or anonymised.
6. Your Rights Under the GDPR
As a data subject under the GDPR (AVG), you have the following rights:
Right of access: you may request a copy of the personal data we hold about you
Right to rectification: you may request correction of inaccurate or incomplete data
Right to erasure ('right to be forgotten'): you may request deletion of your data, subject to legal retention obligations
Right to restriction: you may request that we limit how we use your data in certain circumstances
Right to data portability: you may request your data in a structured, machine-readable format
Right to object: you may object to processing based on legitimate interest, including for direct marketing
Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing
To exercise any of these rights, please contact us via our official email. We will respond within 30 days. If you believe your rights have not been respected, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.
7. Data Security
De Kunstfabriek takes appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. These measures include:
Access to personal data limited to authorised staff only
Use of reputable, GDPR-compliant third-party platforms
Secure storage of digital records
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the Autoriteit Persoonsgegevens within 72 hours and inform affected individuals without undue delay.
8. Cookies & Tracking
Our website may use cookies and similar tracking technologies, including the Meta Pixel, to improve user experience and measure the performance of our marketing campaigns. A cookie banner will request your consent for non-essential cookies when you visit our website.
You can manage or withdraw cookie consent at any time via your browser settings or our cookie preferences tool. Withdrawing consent for cookies does not affect data already collected.
9. Children's Privacy
De Kunstfabriek does not knowingly collect personal data from children under the age of 16 without verifiable parental consent, in accordance with Article 8 GDPR and the Dutch UAVG. If you believe we have inadvertently collected data from a child, please contact us immediately so we can take appropriate action.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Material changes will be communicated via our website or by email where we hold your contact details. The effective date at the top of this document indicates when it was last updated.
11. Contact
For any questions, requests, or concerns regarding this Privacy Policy or our handling of your personal data:
De Kunstfabriek Rotterdam
Rotterdam, the Netherlands
Please reach out via our official website or email address.
Supervisory authority:
Autoriteit Persoonsgegevens (Dutch Data Protection Authority)
autoriteitpersoonsgegevens.nl · +31 (0)70 888 85 00
By purchasing a ticket, engaging our services, or subscribing to our communications, you acknowledge that you have read and understood this Privacy Policy.
