Dibs On Dance Privacy Policy

Part II. Scope of Personal Data processed by the Company

The scope of Personal Data processed by the Company may vary depending on which services or functionalities provided by the Company you use. To help you understand what Personal Data of yours we have in our possession, we have included information below about the categories of Personal Data we process, divided by the purpose of their processing.

During Registration, we require you to provide the following Personal Data:

When you register an Account in the Service:

• email address (in the case of Magic Link login),
• email address, name and surname (in the case of logging in via Google or Facebook).

If for some reason you do not provide this Personal Data, unfortunately, we will not be able to enter into a contract with you, and as a consequence, you will not be able to use the Company's services available to Users who have completed Registration.

For some functionalities offered by the Service, you will need to register. During Registration, we will ask you for an email address (Magic Link) or to log in to the Service via external authentication services such as Google or Facebook.

When you use your Account, we additionally process information about your actions in the Service, including your purchase history and selected payment methods.

Furthermore, we may obtain your Personal Data in connection with your use of the option to log in to the Service or Register in the Service via external authentication services offered by Google or Meta Platforms Ireland Limited (Facebook). In such a case, we obtain your Personal Data only in the form of your name and surname, and email address, and we may assign this Personal Data to your Account or process it only for the purposes of such login or Registration in the Service (the scope of data obtained may be narrower, it depends on the functionality you use). When using external authentication services, you should familiarize yourself with the regulations and personal data processing rules of the entities offering such services.

Logging in to the Service or Registering in the Service using the functionality of Meta Platforms Ireland Limited (Facebook) is done through joint administration of personal data by Meta and Dibs On Dance.

Dibs On Dance and Meta have agreed that Meta is responsible for ensuring the enforcement of the rights of data subjects, in accordance with Art. 15-20 of the GDPR, in relation to personal data stored by Meta after joint processing.

The joint administration arrangements of Dibs On Dance and Meta are available on the website: https://www.facebook.com/legal/controller_addendum, and information on the data that may be processed under joint administration is available on the website: https://www.facebook.com/legal/terms/businesstools_jointprocessing.

Regardless of the above, remember that if you use social media on your own, you share your Personal Data through a public profile (i.e., a profile that can be accessed by anyone who uses the Internet), you are sharing your Personal Data based on your own, thoughtful and conscious decision. You should carefully consider the risks that may be associated with such public disclosure of Personal Data, especially an address or exact location. Such a risk may be, for example, the possibility of being identified, loss of some privacy, and in extreme cases, even identity theft.

In the case of ordering a ticket, we require you to provide the following Personal Data:

• name,
• surname,
• gender,
• email address,
• phone number,
• dance preferences (if required for a given event).

In case you want to receive an invoice, additionally:

• Entity name,
• Tax Identification Number (NIP),
• entity address.

Making a Transaction is also possible without Registration. During the Transaction, you will be asked to accept the Regulations. In the case of making a Transaction without Registration, we will process the following data: name, surname, gender, email address, phone number, and bank account number (in the case of a bank transfer payment).

If you use Ancillary Services, we process your Personal Data necessary for their provision as an administrator or a data processor. If it is necessary for the provision of an Ancillary Service, we also receive your Personal Data, including your current payment status and data necessary to offer or conclude an insurance agreement, from external providers offering their financial or other services via Dibs On Dance.

In the scope of your use of contact forms, we process such contact data as is necessary to communicate with you (e.g., to answer your question) and to fulfill your request. This may include Personal Data such as name and surname, email address, or phone number.

Additionally, as part of User support, we can also contact you by using Personal Data provided for this purpose in your Account or submitted by you via social media channels (e.g., Facebook Messenger, Instagram, Twitter, WhatsApp). In the case of contacting the Company via social media channels offered by entities independent of the Company, the Company obtains Personal Data in the form of the User's name (e.g., in the case of Facebook Messenger, Instagram, Twitter) or phone number (e.g., in the case of WhatsApp) only for the purpose of contact. If permitted by applicable law, the Company will also be entitled to obtain (and process in another way, for example, store) other Personal Data concerning the communication with you, e.g., information about requests for support or feedback from Users.

Your Personal Data may also be processed by us during incoming calls to the Company's helpline. Incoming calls to the Company's helpline are recorded. If you decide to contact us by phone, we will process your Personal Data, including your phone number and the content of the recording (including information provided during the call), to best handle the request.

In connection with your participation in contests or promotional campaigns, we will process your Personal Data that is necessary for these events. Depending on the type of event organized, this may include your name and surname, contact details (such as a phone number or email address), or any other data necessary to meet the criteria for participation in these events. If a prize is provided in a given event, in order to be able to deliver it to you, you may be required to additionally provide us with your residential address, ID number or other document confirming your identity, PESEL number, NIP number, and other data necessary to issue the prize (e.g., bank account number).

In the scope of marketing activities, we may, based on the legitimate interest of the Company or the legitimate interest of entities cooperating with the Company, in particular within the Ancillary Services, or based on your consent, process information that helps us match advertisements and content to your preferences and expectations (including in connection with the display of behavioral advertising). This may include, among others, IP address, data from cookies, or information about your movement on the website, including the Products you have viewed and your preferences in this regard. Additionally, based on the above premises, we will also process your contact data, including the data necessary to send you information, including commercial information, in the scope you provided (phone number or email address).

Your Personal Data may also be processed by us for analytical and statistical purposes, including for conducting surveys. For these purposes, we will primarily use information about your activity in the Service, including information related to your use of individual services, as well as Personal Data regarding your preferences and expectations. Through surveys sent to Users via email or made available directly on the Service, the Company may collect Personal Data from you, which may, for example, include age. We may also use your Personal Data to ensure an appropriate level of security for the Service.

We may process your Personal Data in connection with our right to pursue claims or defend against claims. For this purpose, the Company processes your Personal Data for no longer than the entire period during which claims arising from a contract concluded between you and the Company or related to your use of the services provided by the Company, Services or Ancillary Services, have not become time-barred in accordance with applicable law. This may be, for example, the amount of debt, information related to a specific order, data on Transactions, or information obtained in connection with your contact through the Company's helpline. The scope of Personal Data processed by us may change each time, depending on the subject of the claim.

Part III. Purposes, Legal Bases, and Period of Personal Data Processing by the Company

Depending on which services provided by the Company you use, the purposes and legal bases for the Company's processing of Personal Data and the periods for which the Company may store or use your Personal Data differ.

For each processing purpose, we have defined the legal basis and the maximum period for storing Personal Data. After the indicated period, we will not use the Personal Data for the indicated purpose. However, this does not mean that we will delete it in every case. We will store your Personal Data for the longest of the indicated periods related to specific Company services. For example, after you resign from having an Account, we will stop processing your Personal Data for the purpose of providing you with services within the Account, but we will store it for a period permitted by law to enable you to pursue your rights, as well as to ensure the ability to demonstrate the history of financial settlements between you and the Company.

Below we have described the standard actions on Personal Data in connection with the use of services provided by the Company. More detailed information on the processing of Personal Data when using specific services may also be found in the regulations of these services.

REGISTRATION AND ACCOUNT MANAGEMENT, USER TRANSACTION MANAGEMENT

Using some of the functionalities available within the Service requires you to complete a Registration in accordance with the Regulations. As part of our services, we enable the creation of an Account. Creating and using an Account involves us processing your Personal Data.

The Company also processes your Personal Data in connection with the management of your Transactions. Through the Service, you can in particular:

• make purchase Transactions as a natural person or an entrepreneur within the Account;
• make purchase Transactions as a natural person or an entrepreneur without creating an Account;

In connection with the management of the Account and Transactions, we process your Personal Data according to the principles described in the table below. Additionally, your Personal Data may be processed for other purposes, including analytical, marketing, or to ensure the security of the services provided, about which you will learn more in the following sections of this part of the Policy.

In connection with some of your Transactions (Transactions subject to the obligation of archiving or VAT settlement by the Company), we are obliged by law to process, including archive, personal data, including your Personal Data, regarding these Transactions.

ANCILLARY SERVICES, INCLUDING FINANCIAL SERVICES OF EXTERNAL PROVIDERS

In connection with its business activities, the Company allows you to use Ancillary Services, provided or made available by the Company or third parties. Ancillary Services also include insurance services. Ancillary Services may be provided or made available on the terms specified in the Regulations (including in the appendices to the Regulations) or separate regulations for such services or functionalities.

The Company may also participate in the provision of Ancillary Services by third parties, for example, by:

• providing you with information about the services and offers of third parties;
• acting as an intermediary in your conclusion of agreements for the provision of Ancillary Services of third parties, including by providing services related to, among others, financing and securing Transactions, such as, for example, Ticket insurance or consumer credit for Ticket purchase.

In the case described above, the Company may act as a data processor on behalf of the administrator who provides you with the services.

In connection with the provision of Ancillary Services, we process your Personal Data according to the principles described in the table below. Your Personal Data may also be processed for other purposes, including analytical, marketing, and to ensure the security of the services provided, about which you will learn more in the following sections of this part of the Policy.

When using Ancillary Services provided by third parties independent of the Company, the rules for processing your Personal Data may be contained in documents made available by these entities on external websites or services, e.g., in the regulations of such a service or in the privacy protection policy.

USER SUPPORT AND CONTACT FORM

If you contact the User support department, including by making a phone call to the Company's helpline, the Company may process (e.g., store or analyze) your Personal Data as part of operating the Service.

The Company may also collect your Personal Data if you contact us via the tools available in the Service, including the contact form available at https://dibsondance.com. This Personal Data is necessary to enable the Company to contact you. The contact form provided by the Company is not intended for private correspondence unrelated to the execution of a Transaction, and its use for such purposes may constitute a violation of the Regulations. To prevent legal violations, including unfair practices, the Company collects data related to communication made via the aforementioned form. The Company can also analyze and block the content of messages via the aforementioned contact form using special software, especially if they are spam (unwanted advertising information), contain prohibited content, e.g., an incitement to commit crimes, or in another way threaten the safety of Users, e.g., violate the Regulations.

In connection with handling inquiries directed to the Company, including via the contact form, we process your Personal Data according to the principles described in the table below. Your Personal Data may also be processed for other purposes, including analytical, marketing, and to ensure the security of the services provided, about which you will learn more in the following sections of this part of the Policy.

PROGRAMS, CONTESTS, PROMOTIONAL CAMPAIGNS

From time to time, the Company organizes contests or promotional campaigns. These events may also involve providing you with content or services in exchange for providing your Personal Data or consenting to its processing. If you decide to participate in such an event, your Personal Data (e.g., information necessary for contact) may be used by the Company to conduct it smoothly, e.g., to notify you of a win. The contact details of Users who voluntarily participate in the events are processed by the Company in accordance with legal provisions and for purposes related to these events.

If you participate in a program, contest, or promotional campaign, your Personal Data may be used by the Company in accordance with the table below, but more detailed rules for Personal Data processing may be included in dedicated regulations for these events. Additionally, your Personal Data may be processed for other purposes, including analytical, marketing, and to ensure the security of the services provided, about which you will learn more in the following sections of this part of the Policy.

MARKETING ACTIVITIES

The Company may also use your Personal Data to conduct marketing activities, including in situations where you provide your Personal Data or consent to its processing, and the Company provides you with content or services in return. Such activities may involve:

• displaying marketing content within the Service that is not tailored to your preferences (contextual advertising). If Personal Data is used to display contextual advertising, its processing then takes place in connection with the realization of the legitimate interest of the administrator or a third party consisting of promoting the Company's own business or the business of third parties;
• displaying marketing content that is tailored to your preferences, including adjusting categories of offers or individual offers in the Service settings or settings of external entities' services based on your activity within the Service (behavioral advertising). Your Personal Data, including Personal Data collected via cookies and other similar technologies, is then processed by the Company and external entities for marketing purposes. Such actions are taken only when you express consent, which you can withdraw at any time.
• conducting other types of direct marketing activities for goods or services (sending commercial information electronically or other marketing activities) via various electronic communication channels, including via email, SMS/MMS, push. We also contact you by phone. Such actions are taken based on the legitimate interest of the Company or the legitimate interest of entities cooperating with the Company, in particular within the Ancillary Services, and on your consent to receive the aforementioned communications or information. You can withdraw your consent at any time.

Part IV. Privacy Policy for "Dibs On Dance Check-In" Mobile Application

This section supplements and specifies the principles of personal data processing in relation to our dedicated mobile application "Dibs On Dance Check-In" (hereinafter: "Scanning Application"). This application is an auxiliary tool intended exclusively for event organizers cooperating with Dibs On Dance, used to verify event entry tickets.

1. Purpose of Data Processing in the Scanning Application
The main purpose of the Scanning Application is to enable quick and effective verification of the validity of tickets for events managed within the Dibs On Dance platform. The application is used to:

• Scan QR codes/barcodes of tickets.
• Retrieve information about the ticket from the Firebase database (e.g., ticket holder's name and surname, ticket status: valid/used/non-existent, gender) for verification purposes.
• Visually display the ticket status and basic data on the screen of the scanning device.

2. Types of Processed Data (On Screen Only, No Storage)
The Scanning Application does not store or archive any Personal Data or ticket data directly on the mobile device after the verification process is complete. All data displayed on the screen (such as the ticket holder's name and surname) is retrieved in real-time from Firebase Firestore exclusively for the purpose of a one-time verification and is visible only to the person operating the scanner. After the verification of a given ticket is completed or the verification view is closed, this data is not saved in the device's memory or in the Scanning Application itself.

3. Access to Data for Verification Purposes (Firebase Firestore)
The Scanning Application connects to the Firebase Firestore database, where data about purchased tickets is stored. Access to this data is only possible after the event organizer logs in to the Scanning Application using a unique event access code, which ensures authorized access only to ticket data assigned to a given event. This data includes:

• Ticket identification data: Ticket number, status (e.g., valid, used, cancelled).
• Basic ticket holder data: Name and surname, gender (displayed to confirm identity with an ID, if required by the event organizer).

4. Used Third-Party Services (Firebase SDKs)
The Scanning Application uses the following Google Firebase services, which may process data in accordance with their own privacy policies:

• Firebase Authentication: Used to authorize access to ticket data via event access codes. It may process anonymous device identifiers to manage sessions.
• Firebase Firestore: The database from which ticket information is retrieved.
• Firebase Analytics: May collect anonymized data about the use of the Scanning Application (e.g., number of scans, application errors, device type, operating system version) to monitor performance and improve the application. This data is aggregated and is not linked to individually identifiable persons.
• Firebase Crashlytics: Collects data about errors and crashes of the Scanning Application (e.g., stacktrace, device state at the time of the crash) to diagnose and resolve technical problems. This data is anonymized and is used solely for the purposes of application maintenance and development.

5. No Collection of Personal Data of End Users (Ticket Holders) by the Scanning Application
The Scanning Application does not collect, store, or forward any personal data from people scanning tickets (i.e., event participants). The function of displaying the ticket holder's name and surname on the screen is solely a verification tool at the entry control point and does not lead to the collection of this data by the application.

6. Data Security
The data retrieved from Firebase Firestore is transmitted via secure, encrypted connections. The Scanning Application is secured with authorization mechanisms for access to events.

7. Legal Basis for Processing
Data processing in the Scanning Application is based on the legitimate interest of the administrator (Dibs On Dance), which consists of enabling effective and secure ticket verification for events and ensuring the proper functioning of the Dibs On Dance platform. The data collected by Firebase Analytics and Crashlytics is processed based on the legitimate interest, which consists of monitoring and improving application services.