Privacy policy
Last Updated: 03.04.2026
Introduction
This policy sets out how we collect, process and hold your personal data if you visit our website or otherwise provide personal data to us.
The data controller is:
Lokal Society OÜ
Ahtri tn 12
10151 Tallinn, Estonia
Registry Code: 17474251
Email: contact@lokalmunich.com
This policy affects your legal rights and obligations so please read it carefully. If you have any questions, please contact us at the email address above.
Personal data we collect
We collect, process, store and use personal data when you book a ticket and buy any of our associated products and services to an event including your name, address and email address together with payment information. We may also collect personal data that you give to us about other people if you register them to attend an event. You agree that you have notified any other person whose personal data that you provide to us of this privacy notice and, where necessary, obtained their consent so that we can lawfully process their personal data in accordance with this policy.
All personal data that you provide to us must be true, complete and accurate. If you provide us with inaccurate or false data, and we suspect or identify fraud, we will record this.
You do not need to provide us with any personal data to view our website. However, we may still collect the information set under the Data we automatically collect section of this policy, and marketing communications in accordance with the Marketing Communications section of this policy.
When you contact us by email or post, we may keep a record of the correspondence and we may also record any telephone call we have with you.
Data we automatically collect
When you visit our website, we, or third parties on our behalf, automatically collect and store information about your device and your activities. This information could include (a) your computer or other device's unique ID number; (b) technical information about your device such as type of device, web browser or operating system; (c) your preferences and settings such as time zone and language; and (d) statistical data about your browsing actions and patterns.
We collect this information using cookies in accordance with the Cookies section of this policy. Non-essential cookies are only set with your explicit consent. We use the information we collect on an anonymous or pseudonymous basis to improve our website, our events and the products and services we provide, and for analytical and research purposes.
Marketing Communications
If you opt in to receive marketing communications from us you consent to the processing of your data to send you such communications, which may include newsletters, blog posts, surveys and information about new events. We retain a record of your consent.
You can choose to no longer receive marketing communications by contacting us at contact@lokalmunich.com or clicking unsubscribe from a marketing email. If you do unsubscribe to marketing communications, it may take up to 5 business days for your new preferences to take effect. We shall therefore retain your personal data in our records for marketing purposes until you notify us that you no longer wish to receive marketing emails from us.
Lawful processing of your personal data
We only process your personal data where we have a lawful basis to do so under the General Data Protection Regulation (GDPR). The table below sets out the purposes for which we process your personal data and the legal basis we rely on for each.
Contract performance (Art. 6(1)(b) GDPR)
We process your personal data as necessary to perform our contract with you, including:
Processing and fulfilling your ticket orders and product purchases.
Contacting you with information relating to your event or order (e.g. booking confirmations, event updates, changes to event details).
Delivering products and services to you in accordance with your requests.
Dealing with questions, comments or complaints relating to your orders or events.
Consent (Art. 6(1)(a) GDPR)
Where you have given us your explicit consent, we process your personal data for the following purposes:
Sending you marketing communications such as newsletters, event announcements, surveys and promotional content.
Setting non-essential cookies on your device, including analytics and advertising cookies.
You may withdraw your consent at any time by contacting us at contact@lokalmunich.com, clicking the unsubscribe link in any marketing email, or updating your cookie preferences. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
Legitimate interests (Art. 6(1)(f) GDPR)
We process your personal data where it is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. This includes:
Providing customer service and support.
Improving our website, events and services based on how users interact with our platform.
Enforcing the terms of any agreement between us.
Internal administrative purposes, including accounting, auditing and record-keeping.
Protecting against fraud and ensuring the security of our services.
Legal obligation (Art. 6(1)(c) GDPR)
We process your personal data where necessary to comply with a legal obligation, including:
Tax and accounting obligations under Estonian and German law.
Anti-money laundering and other regulatory requirements.
Responding to lawful requests from public authorities.
Is providing your personal data a requirement?
When you purchase a ticket or a product from us, providing your name, email address, and payment information is a contractual requirement. Without this data, we are unable to process your order, issue your ticket, or deliver your purchase.
When you sign up for marketing communications, providing your email address is voluntary and based on your consent. You are under no obligation to provide it, and choosing not to will have no impact on your ability to purchase tickets or use our services.
When you visit our website without making a purchase, you are not required to provide any personal data. Non-essential cookies will only be set with your consent.
Who do we share your data with?
We share your personal data with the following third-party service providers who process data on our behalf and in accordance with our instructions. We have appropriate data processing agreements in place with each of these providers.
Event Ticketing
Ticket Tailor (operated by Zimma Ltd, London, United Kingdom)
Purpose: Processing and fulfilling ticket orders, issuing tickets, managing attendee data
Data shared: Name, email address, order details
Server location: EU (Ireland)
Privacy policy: https://www.tickettailor.com/legal/privacy-policy
Payment Processing
Stripe (Stripe Payments Europe, Ltd., Dublin, Ireland)
Purpose: Processing payments for ticket purchases and product orders
Data shared: Name, billing address, payment card details, transaction data
Transfer safeguard: Stripe Payments Europe is based in the EU. Where data is transferred to Stripe, Inc. in the United States, the EU-US Data Privacy Framework applies.
Privacy policy: https://stripe.com/privacy
Email Marketing
Mailchimp (operated by Intuit Inc. / The Rocket Science Group LLC, Atlanta, United States)
Purpose: Sending marketing communications such as newsletters and event announcements, only to users who have given their explicit consent
Data shared: Name, email address, consent status
Transfer safeguard: EU-US Data Privacy Framework
Privacy policy: https://www.intuit.com/privacy/statement/
Advertising
Meta Platforms, Inc. (Menlo Park, United States)
Purpose: Measuring the effectiveness of advertising campaigns, building targeted audiences via the Meta Pixel (Facebook/Instagram)
Data shared: Website usage data, page visits, events (e.g. ticket purchases), device and browser information, IP address
Transfer safeguard: EU-US Data Privacy Framework
Privacy policy: https://www.facebook.com/privacy/policy/
Website Hosting
Squarespace, Inc. (New York, United States)
Purpose: Hosting our website, providing site functionality, built-in analytics
Data shared: IP address, device information, browsing behaviour, form submissions, order data
Transfer safeguard: EU Standard Contractual Clauses (SCCs)
Privacy policy: https://www.squarespace.com/privacy
We may also disclose your personal data where required by law, regulation, or legal process – for example, in connection with anti-money laundering obligations or to protect the rights, property, or safety of a third party.
We may also share your personal data in connection with, or during negotiations of, any merger, sale of assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company.
Where we hold and process your personal data
Your personal data is primarily processed within the European Union and the European Economic Area. However, some of our service providers are based in the United States. Where personal data is transferred outside of the EU/EEA, we ensure that an appropriate safeguard recognised under the GDPR is in place to protect your data. The safeguards we rely on include:
EU-US Data Privacy Framework: Stripe, Mailchimp (Intuit), and Meta Platforms are certified under the EU-US Data Privacy Framework, which has been recognised by the European Commission as providing an adequate level of data protection (adequacy decision of 10 July 2023).
EU Standard Contractual Clauses (SCCs): Where a provider is not covered by an adequacy decision, we rely on Standard Contractual Clauses approved by the European Commission to ensure your personal data is protected.
For details on which safeguard applies to each provider, please see the "Who do we share your data with?" section above.
Cookies
A cookie is a small text file containing a unique identification number that is transferred through your browser from a website to your device. Cookies are used to identify your browser and to collect information about how you interact with our website.
When you first visit our website, a cookie consent banner will appear. Non-essential cookies are only placed on your device after you have given your explicit consent. You can change or withdraw your cookie preferences at any time by clicking the cookie settings link in the footer of our website.
We use the following categories of cookies:
Essential Cookies
These cookies are strictly necessary for the functioning of our website and cannot be switched off. They include cookies required for site navigation, security, and basic functionality. These cookies do not require your consent.
Provider: Squarespace
Purpose: Site functionality, session management, security
Duration: Session / up to 6 months
Analytics Cookies
These cookies help us understand how visitors interact with our website by collecting and reporting information about usage patterns. This information is collected on an anonymous or pseudonymous basis and helps us improve our website and services. These cookies are only set with your consent.
Provider: Squarespace Analytics
Purpose: Measuring website traffic, page views, visitor behaviour
Duration: Up to 2 years
Legal basis: Consent (Art. 6(1)(a) GDPR)
Marketing and Advertising Cookies
These cookies are used to track visitors across websites in order to display advertising that is relevant and engaging. These cookies are only set with your consent.
Provider: Meta Platforms, Inc. (Facebook/Instagram Pixel)
Purpose: Measuring the effectiveness of advertising campaigns on Meta platforms, building targeted audiences, retargeting
Data transferred: Page visits, events (e.g. ticket purchases), device and browser information, IP address
Data transfer to: United States (covered by the EU-US Data Privacy Framework)
Duration: Up to 180 days
Legal basis: Consent (Art. 6(1)(a) GDPR)
For more information about how Meta processes your data, please see Meta's Privacy Policy at https://www.facebook.com/privacy/policy/.
How to manage your cookies
You can manage your preferences at any time by clicking the cookie settings link in the footer of our website. You can also configure your browser to refuse cookies or to alert you when cookies are being sent. Please note that disabling essential cookies may affect the functionality of our website.
Security
We shall process your personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. All information you provide to us is stored on our secure servers. Any payment transactions are encrypted using SSL technology.
Where we have given, or you have chosen a password, you are responsible for keeping this password confidential.
However, you acknowledge that no system can be completely secure. Therefore, although we take these steps to secure your personal data, we do not promise that your personal data will always remain completely secure.
Your rights
You have the following rights under applicable data protection law:
The right to access the personal data we hold about you and to obtain a copy of it.
The right to require us to correct any inaccurate or incomplete personal data.
The right to require us to delete your personal data (right to erasure).
The right to restrict the processing of your personal data.
The right to data portability, meaning you can request your personal data in a structured, commonly used and machine-readable format.
The right to object to processing of your personal data where we rely on legitimate interests as the legal basis.
The right to withdraw your consent at any time, where processing is based on consent. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
The right to lodge a complaint with a supervisory authority.
To exercise any of these rights, please contact us at contact@lokalmunich.com.
Please note, we reserve the right to charge an administrative fee if your request is manifestly unfounded or excessive.
Right to lodge a complaint with a supervisory authority
If you believe that our processing of your personal data infringes applicable data protection law, you have the right to lodge a complaint with a supervisory authority.
As Lokal Society OÜ is registered in Estonia, our lead supervisory authority is:
Andmekaitse Inspektsioon (Estonian Data Protection Inspectorate)
Tatari 39, 10134 Tallinn, Estonia
Email: info@aki.ee
Website: www.aki.ee
If you are located in Germany, you may also contact your local data protection authority. For Bavaria:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18, 91522 Ansbach, Germany
Email: poststelle@lda.bayern.de
Website: www.lda.bayern.de
Our website may contain links to other sites of interest. Once you have used these links to leave our website, you should note that we do not have any control over that other site. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this policy. You should exercise caution and look at the privacy policy applicable to the site in question.
Retention
We retain your personal data only for as long as necessary for the purpose for which it was collected, or as required by law. The specific retention periods are as follows:
Account data: If you register an account with us, we retain your personal data until you request the closure of your account. Upon closure, we will delete your data unless we are required by law to retain it for longer.
Purchase and transaction data: If you purchase a ticket or product from us, we retain your order and transaction data for up to 10 years following the end of the calendar year in which the transaction took place. This is necessary to comply with tax and accounting obligations under German law (§ 147 AO, § 257 HGB) and Estonian law.
Marketing data: If you subscribe to our marketing communications, we retain your name, email address, and consent record until you opt out. Upon opting out, we will delete your marketing data promptly, unless we are required to retain certain records for legal compliance.
Customer enquiries: If you contact us with a question or comment without making a purchase, we retain your personal data for 12 months following your last contact, after which it will be deleted.
Cookie data: Data collected through cookies is retained for the periods specified in the Cookies section of this policy.
General
If any provision of this policy is held by a court of competent jurisdiction to be invalid or unenforceable, then such provision shall be construed, as nearly as possible, to reflect the intentions of the parties and all other provisions shall remain in full force and effect.
This policy shall be governed by and construed in accordance with the law of Germany, and you agree to submit to the exclusive jurisdiction of the German Courts.
Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or data processing practices. Where we make material changes, we will notify you by posting a prominent notice on our website or, where appropriate, by email.
Where any change affects processing that is based on your consent, we will seek fresh consent from you before applying the change to your personal data.
We encourage you to review this policy periodically. The date of the most recent update is noted at the top of this page.
Last Updated: 03.04.2026