PRIVACY POLICY

PRIVACY POLICY FOR FLYTIME FEST 2025

FlytimeFest respects your privacy and protects personal information according to international and national data protection laws, including the EU General Data Protection Regulation (GDPR), the Nigeria Data Protection Act (NDPA), the UK Data Protection Act 2018, and relevant privacy laws in other regions where our attendees live or access our services.

1. Data We Collect

We collect only what is necessary for event operation and customer service:
• Identification and contact details such as name, email address, phone number, and postal address.
• Payment and billing details processed through secure third-party providers.
• Technical data such as IP address, browser type, device, and session logs for security and analytics.
• Preferences and communications when you subscribe, register, or contact us.
• Photos and recordings taken during the festival for documentation and publicity, within lawful limits.

2. Purpose of Processing

We use data to:
• Process and confirm ticket sales.
• Provide access control and manage event logistics.
• Deliver updates, service messages, and marketing where you have given consent.
• Maintain site performance, prevent fraud, and ensure safety.
• Meet accounting, tax, and regulatory obligations.

3. Legal Basis

Processing occurs under one or more lawful grounds:
• Contract performance when you buy a ticket or use our services.
• Legitimate interests in managing and improving operations.
• Compliance with legal duties and safety obligations.
• Consent, which you may withdraw at any time.

4. Data Sharing

We share data only when required:
• With ticketing, payment, and IT service providers operating under strict data protection agreements.
• With law enforcement or public authorities where legally compelled.
• With insurance and security partners for verified incident investigations.
We never sell or rent personal information.

5. International Transfers

Data may be processed or stored outside your country. We ensure protection through contracts using approved safeguards such as Standard Contractual Clauses or recognised adequacy decisions.

6. Retention Periods

We keep personal data only as long as necessary:
• Ticketing and payment data for up to seven years for statutory record-keeping.
• Marketing data until you withdraw consent or opt out.
• Security and operational logs for up to one year unless required longer for legal reasons.

7. Cookies and Analytics

The website uses cookies to maintain sessions, measure site use, and improve services. You may refuse non-essential cookies through your browser settings.

8. Security Measures

We apply encryption, access controls, network monitoring, and staff training to reduce risk. While no system is entirely secure, we act promptly on any suspected breach.

9. Your Rights

You may request to:
• Access and receive a copy of your data.
• Correct or erase personal information.
• Object to or restrict processing.
• Withdraw consent for marketing.
• Request data portability in a structured format.
Contact us to exercise these rights or to raise a complaint.

10. Children's Data

We do not knowingly collect information from anyone under sixteen without parental or guardian consent.

11. Contact

For privacy questions, rights requests, or complaints, contact hello@flytimefest.com
If you believe your data protection rights have been violated, you may also contact your local supervisory authority such as the Nigeria Data Protection Commission or the data protection authority in your country of residence.

12. Policy Review

This policy is reviewed annually or after any major change in law or operations.
Last updated 1 November 2025.