Privacy Policy

Privacy Policy

Your privacy is very important to us. The Provider respects your privacy and understands the concerns that may arise regarding privacy and the protection of personal data that you provide when visiting or using our website or ticket sales platform. Therefore, we kindly ask you to read how the Provider processes your personal data.

The purpose of this Privacy Policy is to explain, in a simple and transparent manner, which personal data we collect about you, on what legal bases and for which purposes we process it, what options you have regarding the management of your privacy, and which rights you have in relation to the processing of your personal data.

This Privacy Policy complies with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR), as well as the applicable legislation of the Republic of Slovenia.

This Privacy Policy contains the following information:

  • the Provider’s contact details and the contact details of the Data Protection Officer;

  • the legal bases and purposes of personal data processing;

  • the types of personal data we collect;

  • privacy settings management;

  • the disclosure of personal data;

  • personal data retention periods;

  • the protection of personal data;

  • the rights of individuals regarding personal data, including the right to lodge a complaint;

  • changes to the Privacy Policy.

1. CONTROLLER AND DATA PROTECTION OFFICER

Controller of personal data:

Deal Done Serbia
(u daljem tekstu: Pružalac)

Email: dealdone.serbia@gmail.com
Veb-stranica za prodaju ulaznica: https://tickets.dealdoneserbia.com/platform

Data Protection Officer:

  • WPM, spletne storitve, d.o.o.

  • Brnčičeva ulica 13

  • 1231 Ljubljana - Črnuče

  • Email: info@wpm.si

You may contact the Controller and/or the Data Protection Officer using the contact details provided above.

The responsible person of the Controller and/or the Data Protection Officer will answer your questions regarding this Privacy Policy, the confidentiality of your personal data, the manner of processing, or your requests regarding the exercise of your rights related to personal data.

2. LEGAL BASES AND PURPOSES OF PROCESSING

The Provider collects, records, organizes, stores, discloses and otherwise processes personal data we hold about you on different legal bases and for the purposes specified below.

2.1 Processing based on a contract – purposes

The Provider processes personal data of individuals for the exercise of rights and obligations arising from concluded contracts, in particular within contracts relating to the sale, purchase or reservation of products or tickets.

This includes the processing of personal data of customers or users of the online store for purchasing or reserving tickets at the website referred to in Article 1, regardless of whether the individual creates a user account.

For the purpose of exercising rights and fulfilling contractual obligations, the Provider processes personal data for:

  • identifying the individual;

  • concluding a contract (a contract is deemed concluded when the Provider sends the customer an email regarding the status of their purchase or reservation);

  • communicating with the individual;

  • providing customer support;

  • processing an order or reservation;

  • sending notifications related to the order or reservation;

  • other purposes necessary for the performance of the contract.

In the case of a purchase, the Provider also processes personal data for debt collection procedures, as well as for its accounting and tax purposes.

2.2 Processing based on legal obligations – purposes

The Provider also processes personal data based on legal obligations applicable to the Provider, particularly obligations arising from tax, accounting and other applicable legislation.

2.3 Processing based on legitimate interests – purposes

The Provider may process personal data on the basis of legitimate interests pursued by the Provider, except where such interests are overridden by the interests or fundamental rights and freedoms of the individual requiring the protection of personal data.

Where further processing of personal data collected about an individual is concerned, the Provider shall perform an assessment in accordance with the GDPR.

Such further use of data in pseudonymised or aggregated form may constitute lawful use of data for the Provider’s marketing, business and technical analyses. As an additional safeguard, partial deletion or anonymisation of data may also be used in certain cases.

On the basis of legitimate interests, the Provider processes personal data to the extent necessary and proportionate for:

  • ensuring the operation of online services;

  • improving user experience;

  • protecting intellectual property rights related to online services.

On the basis of legitimate interests, the Provider may also process customers’ personal data for direct marketing purposes relating to products and services associated with ticket purchases or reservations, including information about similar events, offers, news or benefits.

The individual has the right to object to such processing at any time, free of charge and in a simple manner.

The Provider may also process personal data on the basis of legitimate interests for the prevention of misuse, the assertion of claims or defence against claims in administrative, judicial or other proceedings.

2.4 Processing based on consent – purposes

The Provider processes personal data based on the individual's explicit consent for the following purposes:

direct marketing and receiving notifications about events, offers, news and benefits;

marketing analysis, customer segmentation and profiling, and providing personalised offers of products and services.

By purchasing or reserving tickets, the individual is informed about the possibility of processing personal data for direct marketing purposes and may consent to receiving marketing notifications and personalised offers by email, SMS, MMS or in printed form at the provided address.

Where consent includes direct marketing based on an individual's profile, the Provider may segment individuals based on their use of the Provider's websites and services solely for personalised marketing content.

The individual may withdraw their consent at any time in a simple manner as described in this Privacy Policy. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

Direct marketing is not carried out using automated decision-making that produces legal effects concerning the individual or similarly significantly affects them.

3. PERSONAL DATA WE COLLECT

The Provider collects various information about you, including personal data by which you can be directly or indirectly identified, where you or others choose to share such data with the Provider.

We receive data in various ways, including through purchases in the online store, subscriptions to newsletters (direct marketing) or visits to the Provider’s websites.

The Provider also collects information about your use of our services.

Personal data we collect:

basic personal data such as first and last name, date of birth, email address, residential address (street, house number, postal code, city, country) and telephone number.

4. COOKIES

When you use our online services, cookies are stored on your computer.

In general, cookies and similar technologies assign a unique identifier to your browser or device that has no meaning outside the Provider.

The Provider uses these technologies to personalise your experience and help provide content tailored to your usage.

You can manage the collection of information through cookies or similar technologies using your browser or mobile device settings.

The Provider undertakes to provide privacy and sharing controls but does not assume responsibility for missed "Do Not Track" browser signals.

Rejecting cookies may result in some features of the services being unavailable.

5. DISCLOSURE OF PERSONAL DATA

5.1 Contracted processors

The Provider may disclose your personal data to third parties with whom data processing agreements have been concluded (hereinafter: contracted processors) for purposes such as support, analytics, continuous service improvement, payment processing or order delivery.

Contracted processors have access only to the personal data necessary for providing their services and may use such data solely for those purposes.

They are obliged to protect your personal data.

The Provider may also cooperate with processors that analyse anonymised statistical data regarding the use of our services for advertising purposes or for displaying information that may be of interest to you.

5.2 Joint controllers

Your personal data may be shared with contractual partners acting as joint controllers who process your personal data in accordance with this Privacy Policy.

5.3 Universal legal succession

In the event of a merger, business combination, division or transfer of business activities to a third party, your personal data may be transferred to the entity involved in acquiring the Provider.

5.4 Public authorities

Irrespective of the retention periods stated in this Privacy Policy, we may retain your personal data for longer and disclose it to public authorities such as the police, prosecution authorities, courts and other competent state authorities within or outside the Republic of Slovenia where required by law.

Personal data may also be disclosed where necessary for the establishment, exercise or defence of legal claims.

5.5 Transfers to countries outside the EU or EEA

When using online services outside the EU Member States, transferred data may be transmitted, stored or processed in third countries where personal data protection legislation may differ from EU or EEA standards.

By using services outside the EU, you acknowledge that personal data may be transferred to entities in third countries.

However, the Provider itself will not transfer your personal data outside the EU or EEA.

6. RETENTION PERIODS OF PERSONAL DATA

We retain personal data for as long as necessary to provide our services or longer if required by law.

Data related to ticket orders and associated contact information may be retained for the duration necessary to fulfil contractual obligations, until full payment is made, or until the expiry of any applicable limitation periods, which may extend up to five years.

In accordance with tax legislation, issued invoices are retained for 10 years after the end of the year in which the invoice was issued.

Personal data obtained on the basis of ticket orders are retained until consent is withdrawn, but for no longer than five years.

Data no longer required for the purposes for which they were collected may be anonymised and combined with other non-identifiable data for statistical purposes beneficial to the Provider.

7. PROTECTION OF PERSONAL DATA

We implement various technical and organisational measures to ensure the security of personal data during collection, transmission and storage.

The Provider strives to adequately protect your personal data but cannot guarantee absolute security and shall not be liable for theft, destruction, loss or intentional or unintentional disclosure of your personal data.

The Provider uses SSL (Secure Sockets Layer) technology to ensure encryption of personal data and cooperates with companies that provide security for our services and your personal data.

Users are also responsible for safeguarding their mobile devices or computers, usernames, passwords and antivirus protection.

Secure websites begin with https:// rather than http:// and display a security icon, usually a padlock.

Limitation of liability: No internet connection is 100% secure and the Provider cannot guarantee complete security of the data you provide. You provide your personal data at your own risk.

8. RIGHTS OF INDIVIDUALS

Requests relating to the exercise of rights may be submitted to the Provider's email address or to info@wpm.si, or by post to the addresses stated above.

The Provider will respond in accordance with applicable legislation.

Individuals have the following rights regarding their personal data:

8.1 Right of access

An individual may request confirmation as to whether personal data concerning them are being processed and, where this is the case, obtain access to the data and information regarding such processing.

8.2 Right to erasure

Subject to applicable legislation, an individual may request the erasure of their personal data (the so-called “right to be forgotten”).

8.3 Right to data portability

An individual may request that personal data be provided in a structured, commonly used and machine-readable format or transmitted to another controller where technically feasible.

8.4 Right to object

Where processing is based on legitimate interests, the individual may object to such processing in certain circumstances.

8.5 Withdrawal of consent

An individual may withdraw consent at any time where processing is based on consent.

Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

8.6 Right to lodge a complaint with a supervisory authority

An individual has the right to lodge a complaint with the Information Commissioner of the Republic of Slovenia if they believe that their personal data are being processed contrary to applicable data protection legislation.

9. CHANGES TO THE PRIVACY POLICY

The Provider reserves the right to amend this Privacy Policy in accordance with circumstances and developments in personal data protection legislation.

Please review it periodically.

You will be informed in advance of any changes concerning the processing of your personal data and/or amendments to this Privacy Policy.

If you do not agree with this Privacy Policy, please discontinue using our online services and withdraw any consents you have provided.

This Privacy Policy was last updated on 18 May 2026.