Personal Data Policy
Last updated: 23 June 2022
We’re in a new digital era with a much-needed focus on personal data. We want to be fully transparent about what we do with the data we have on you and where we get it from. Below, you can see some of the cases in point.
For the volunteer personal data policy, please look here.
It is Roskilde Festival Charity Foundation, VAT no. 26465745, and Roskilde Festival Charity Society, VAT no. 39122715, located at the address Rabalderstræde 7, 4., 4000 Roskilde, Denmark (hereinafter Roskilde Festival Group) that is the data controller for the collection and processing of personal data described in this policy.
Inquiries can be directed to email@example.com or +45 46366613.
What personal information do we process and why?
Overall, we process your personal data on the basis of EU Regulation 2016/679 of 27 April 2016 on the protection of natural persons in connection with the processing of personal data and on the free exchange of such data and in accordance with the Danish Data Protection Act no. 502 of 2018. Our processing of your personal data is based on your consent to us, cf. EU regulation art. 6 pieces. 1, letter a and/or because our processing of your information is necessary in order for us to fulfill our obligations to you in relation to the provision of services (Roskilde Festival) and goods you would like, cf. EU regulation nature. 6 pieces. 1, letter b.
Below, we describe in detail in which specific contexts, when and why we process your personal data.
Roskilde Festival account
- When you create a Roskilde Festival account, we register your name, e-mail address, telephone number, nationality, year of birth and consent to marketing. You can read more about our profile conditions here and consent statement here.
- If you want to receive, change and/or delete your data, contact firstname.lastname@example.org.
App and website
- When you use our app, a tracking code gives us information about the usage. It also shows us where on the festival site you are if you have agreed to share your location, allowing us to send push messages to users in a certain area. We do this for safety reasons. We can evaluate on audience flows for future festivals, predict audience attendance and communicate safety precautions based on your location. Another reason is enhancing your experience. We can suggest experiences close to your location or guide you to the festival areas you visit.
- When you use the Wi-Fi at Roskilde Festival, we get to know your mobile device's network address. Other than that, it's an open network and all users remain anonymous.
Ticket sale and shopping at Roskilde Festival
- When you buy a ticket, we get to know your name, phone number, address and e-mail address. We appreciate that info because it tells us something about where in the world our audience is from. Furthermore, we can send you practical information, updates and, most importantly, your ticket to Roskilde Festival.
- When you buy a product or service via shop.roskilde-festival.dk, we register your name, e-mail address, telephone number, nationality and year of birth. This information is required in order for us to fulfill your order. You can read more about our terms and conditions.
- When you buy stuff at the festival, be it beer or silly hats, we don't record any personal data. We've heard one critical voice say that we could in fact trace everybody personally based on their purchases. Let's be straight about this: We can't and, most importantly, we won't! At Roskilde you're free. We simply make it possible for you to pay for stuff you'd like to buy, just like shops do.
E-mail, text messages and push notifications
- If you have given consent for us to send you e-mails, text messages and/or push notifications, you let us send you stuff about Roskilde Festival Group. We do this because you've shown an interest in our little event. Look here for our statement of consent.
- When you contact us at email@example.com, your e-mails will be saved in our inbox until you get the answers you need. Thereafter, we’ll make sure that our e-mail thread will be deleted within 6 months after the festival.
Images, video and audio recordings
- When we shoot photos and video at the festival, you might end up being in the recordings. If you’re the focal point of the content, we will always ask your approval to use the content in any commercial context. You may also be in some photos alongside a lot of other happy festival-goers. When that happens we’re not able to ask for everybody’s approval. If you have any questions, please contact us at firstname.lastname@example.org.
Social media and third party-plugins
- When you post an image on Instagram and tag it #RF50 we may show it on our big screens by the Orange and Arena stages. We do a screening of the photos first and we prefer happy faces and cheerful moments. If you prefer to stay off the screen, you can make your posts private, avoid using #RF50 or just let us know at email@example.com and we will leave you out.
- When you visit a Facebook or Instagram page owned by Roskilde Festival, Facebook (who also owns Instagram) will collect data about your visit and your interactions with our pages. We use this to target you with digital ads in these channels. We do this because you've shown an interest in our festival, and to make sure you stay updated on our line-up, tickets, donations and much more. All users are anonymous to us.
Video surveillance at the festival site
- For security reasons, there is video surveillance in various locations at the festival site. The recordings are shared on an ongoing basis with the Central and West Zealand Police. The recordings will be deleted no later than 30 days after the festival.
In some cases, we pass on or transfer your personal information to data processors (e.g. app providers) so that they can process our data about you on our behalf in connection with our delivery of services and goods to you. The data processors must not use the information they receive about you through us for anything and must not pass it on to anyone.
We do not transfer your personal information to recipients outside the EU and the EEA.
The right to withdraw your consent
You can withdraw your consent to our processing of your personal data at any time. You can do this under the individual applications and functionalities on our website or you can do it by contacting us at firstname.lastname@example.org
If you choose to withdraw your consent, it does not affect the legality of our processing of your personal data on the basis of your previous consent. Therefore, if you withdraw your consent, it will only take effect from this time.
Under the Data Protection Regulation, you have a number of rights in relation to our processing of information about you.
If you want to make use of your rights, please contact us at email@example.com.
Right to access information (right of access)
You have the right to gain insight into the information we process about you as well as a range of information.
Right to rectification (correction)
You have the right to have incorrect information about yourself corrected.
Right to erasure
In special cases, you have the right to have information about you deleted before the time of our general deletion occurs.
Right to restrict processing
In certain cases, you have the right to have the processing of your personal data restricted. If you have the right to have the processing restricted, we may in the future only process the information – g apart from storage -– with your consent, or for the purpose of establishing, enforcing or defending legal claims, or to protect a person or important public interest.
Right to object
In certain cases, you have the right to receive your personal information in a structured, commonly used and machine-readable format and to have this personal information transferred from one data controller to another without hindrance.
You can read more about your rights in the Danish Data Protection Agency's guide on the rights of data subjects, which you can find at www.datatilsynet.dk.
Complaint to the Danish Data Protection Agency
You have the right to lodge a complaint with the Danish Data Protection Agency if you are dissatisfied with the way we process your personal data. You will find the Danish Data Protection Agency's contact information at www.datatilsynet.dk .