Privacy Policy

Welcome to elrow Family Group Privacy Policy.

We consider the protection of your privacy to be extremely important. We are bound by and use your personal data in accordance with the Spanish Act 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights (the “Spanish Data Act”), the General Data Protection Regulation 2016/679 of April 27th 2016 (the “GDPR”) and the Spanish Act 34/2002, of July 11, on Information Society Services and Electronic Commerce (the “Spanish eCommerce Act”).

We want to inform you as much as possible, respect you and give you control over what happens to your personal data and what you share with us.

Our Privacy Policy is mainly designed to make you aware of what personal data we are collecting, how we process it and inform you about your rights.

Please take time to read through our Privacy Policy and Cookies Notice to understand your rights.

1. Data controllers

elrow Family Group is formed by several companies in Spain and abroad. Usually, there will be two different and independent data controllers (within elrow Family Group) for certain data processing activities relating to an elrow branded event: on the one hand our parent company and, on the other hand, the elrow Family Group company organizing such event (note that some events might be (co)organized by/with third parties as set out below).

The Spanish parent company of the elrow Faily Group, is ELROW GLOBAL, S.L., (the “ELROW GLOBAL”). Among its duties, ELROW GLOBAL assumes the individual responsibility of centralizing our users, clients, partners, providers, artists, performers, and collaborators’ database to offer and/or enhance the coordination of comprehensive products, services, and communications to our global community. The details of ELROW GLOBAL are as follows:

ELROW GLOBAL S.L. Tax ID. No. (N.I.F.): B-66,084,625 Address: Avda. Esplugues, 79, 08034 Barcelona, Spain Tel.: +34 932 063 034 Email:

On the other hand, in all elrow events, there is another company of elrow Family Group involved in the organization, production, coproduction, promotion (or participating in any manner) of the event (the “ELROW AFFILIATE”). Therefore, ELROW AFFILIATE serves as the company dealing with the particular event (for instance contracting providers or, in some cases, selling tickets). For each event, you will find full details of the ELROW AFFILIATE involved, in the relevant documents related to the event (e.g., festival conditions available in the event website, ticketing platform selling tickets for such event, invoices, agreements, etc.).

Finally, some elrow events, are organized by elrow Family Group in collaboration with local promoters (venue managers or local partners), which are not part of elrow Family Group, but act as the legal entity promoting the event. In such cases, usually these local promoters will have access to your data and will act also as independent data controllers. When this happens, you will find their corporate details in the ticketing platforms selling tickets for the event, contracts, invoices, etc. The local promoter privacy policy will also apply to the processing of your personal data. We will not be liable neither for complying with privacy information duties nor for the data processing activities performed by such local promoter since they will act as independent and separate data controllers.

On our part, we will simplify the process as much as possible for you. So, just contact ELROW GLOBAL, and we will assist you by directing you to the appropriate entity.

2. What personal data do we collect and how?

Personal data shall mean any information relating to an identified or identifiable person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to physical, physiological, genetic, mental, economic, cultural or social identity.

We currently collect and process the following personal data of our website users:

  • personal identifiers and contact details (for example, name and email);
  • cookies, provided that website users' consent is dully collected, when mandatory;
  • other personal data you may voluntarily disclose to us when you use our platform, website or services at any time or is generated in the course of our communications; and
  • your interaction with us, as well your performance within such interactions.

When our customers (our collaborators) may have specific requirements that need to be specially attended in an event such as, for example, food allergy, taking a particular medication, people with reduced mobility, or any other circumstance that requires special care, such customers may contact us, so we are able to reasonably provide them with such special attention.

Additionally, we may also collect further information of our partners, providers, artists, media, press, performers, and collaborators as set forth in the relevant agreement, invoice, communications, forms, and/or other documents relating to the commercial (pre) relationship between them and us.

We also may process information when we interact with users in a social network such as pictures, videos, nickname, profile, posts, or other information made publicly available by users to us.

Finally, from our website site we may also collect data from those candidates that apply for a specific job offer published in our website, which may include standard personal, curricular, and educational information for this kind of selection processes.

3. How do we collect your personal data?

We will collect your personal data directly from you when you:

  • purchase a ticket to attend any elrow event;
  • contract with us for performing a service;
  • contact us to know about our events;
  • send an email, phone or online request;
  • participate in promotional activities;
  • subscribe to our newsletters or mailing lists;
  • agree to use our services; and
  • visit our platforms or websites (see more in our Cookies Notice).

4. Other information we collect about you and information we receive from third-party sources

We may also receive personal data indirectly from third parties outside elrow Family Group where you have agreed to receive information about our events and/or where this data sharing is necessary for providing you with the services related to an elrow event.

Additionally, we may also receive information not directly from you when your details are referred to us by a third party such as, for example, a friend or relative to give you access to an event, or an agency representing you as a performer or artist.

5. What do we use your data for? Which are our legal grounds for that?

Purpose Legal basis Data controller
To provide you with our services and/or products
To provide you with the products and/or services you request from us.
Art. 6.1.(b) GDPR
The need to offer and provide you with the services and/or products that you request from us. Therefore, the legal basis is the performance of a (pre)contract.
To provide customer support
To respond to your requests for information, including customer service and support, even via a chatbot.
Art. 6.1.(b) GDPR
Our legitimate interest to implement a customer service and support in benefit also of our community.
To provide media requests
To attend media requests and/or press access to our events.
Art. 6.1.(f) GDPR
Our legitimate interest to attend media requests and/or press access to our events.
To attend specific needs
To provide our customers and/or collaborators having specific needs (e.g., food allergy, reduced mobility, etc.) with special attention.
Art. 6.1.(b) and Art. 9.2(a) GDPR
The need to provide such people with special services to attend their specific needs provided that they previously request so and, if applicable, explicitly consent that we process their personal data of special category.
To deal with job offer application to which you may apply for.
Art. 6.1.(f) and (b) GDPR
Our legitimate interest to offer job positions in our organization and deal with the selection process and, afterwards, the need to negotiate the hiring conditions under the basis of the performance of a (pre)contract.
Social Networks
Dealing with our social network profiles (e.g., TikTok, Instagram y Facebook) and interact with other users.
Art. 6.1.(f) and (b) GDPR
Our legitimate interest to manage our social network profiles and to interact with other users.
Legal obligations
We will also process your data to fulfil our legal obligations (tax, accounting, money laundering, etc.), as well as to attend your rights.
Art. 6.1.(c) GDPR
The need to comply with our legal obligations and enable the exercise of your rights.
To send you electronic marketing communications and newsletters. Please note that you may object at any time by sending an e-mail to, or by following the instructions contained in each communication.
Art. 21.1 Spanish eCommerce Act + Art. 6.1.(a) GDPR (non-customers) or Art. 21.2 Spanish eCommerce Act (customers)
If you are a customer, we will rely on exception to consent set out in art. 21.2 Spanish eCommerce Act to send you information electronically about our products and services. If you are not a customer, we will only send you this information if you give us your consent.
Customer satisfaction surveys
To send you customer satisfaction surveys about our products and services.
Art. 6.1.(f) GDPR
Legitimate interest to conduct surveys on our business activity in order to improve our products and services.
We will irreversibly anonymize your personal data, so it is no longer personal data in order to improve our products and services.
Art. 6.1.(f) GDPR
Without prejudice of being also a security measure, we will anonymize your dated based on our legitimate interest to the above mentioned purpose.
To perform analysis of aggregated data (not directly associated with any individual).
Art. 6.1.(a) GDPR + Art. 22 Spanish eCommerce Act and Art. 6.1.(f) GDPR
Consent to the installation and use of non-technical cookies as explained in the Cookies Notice. Further processing of this data will be based on legitimate interest in order to improve our products and services.
Retargeting ads and social media advertising
To display advertisements during the use of our website, services, your navigation, and interaction on social media based on your interests through the use of cookies.
Art. 6.1.(a) GDPR + Art. 22 Spanish eCommerce Act (cookies installation and information collection) and Art. 6.1. (f) GDPR (cookies information processing)
Consent to the installation and use of non-technical cookies as explained in the Cookies Notice. Further processing of this data will be based on legitimate interest in order to improve our products and services.

6. Who will your data be shared with?

We share this information with:

  • elrow Family Group entities: We may share your data with affiliated companies within our group (in accordance with data processing agreements in place with those entities) for operational purposes and, where the intragroup data communication is controller to controller, we will rely on legitimate interest for such communication to carry out internal administrative tasks within the elrow Family Group.
  • Providers: We will grant access to your personal data to those providers who require such access to deliver their services to us, such as cloud hosting, accounting, customer service management platforms, or marketing agency providers, (co)promoters of the event, media, broadcasters, social security authorities necessary, security and health staff, cashless providers, and any other third party helping us in organizing and/or managing the event. Before sharing any of your personal data with our external providers when acting as our (sub)processors, we require them to sign a data processing agreement pursuant to Art. 28 GDPR, confirming that your data will be kept secure. This means that in such cases we determine the purpose for which and the manner in which your data is to be processed, and the data (sub)processor is only allowed to handle your data according to the instructions and security standards that we follow.
  • Payment service providers: These providers will act as data controllers since they determine which personal data must be processed and the means for the correct execution of a payment. Our primary provider is Mollie, but we may use others such as Adyen. These providers offer its customers (for instance, elrow) the option to accept online payments from their consumers (payers). They are supervised by the relevant national (regulatory) authorities and institutions as a regulated payment service provider. When such payment service providers do not act as data controllers, we will execute the corresponding data processing agreement pursuant to Art. 28 GDPR, as outlined above for providers/processors.
  • Selling tickets platform: Howler is our primary selling tickets platform provider, but we may use others. When these providers act as our data processors, we will have in place appropriate safeguards to protect your personal information, including the corresponding data processing agreement pursuant to Art. 28 GDPR, as set out above for providers/processors.
  • Other: We will share your personal data with third parties if we are required to do so by law, by an administrative or judicial authority, or in the public interest or for public order, such as, for example, to comply with anti-money laundering and counter-terrorism regulations, tax or social security obligations.

Finally, in the event of a business restructuring, merger, split, or sale, we may transfer all of your personal information to the third party arising from such transaction based on legitimate interest in accordance with article 21 of Spanish Data Act.

7. How do we protect your personal data?

We take all reasonable and appropriate technical and organisational measures to protect the security of your personal data throughout the course of our business, taking into consideration the risks associated to the processing activities being carried out. Technical safeguards are for example restrictive access, encryption, antivirus software, regular testing and evaluation.

8. Do we carry out international transfers?

We take all reasonable and appropriate technical and organisational measures to protect the security of your personal data throughout the course of our business.

We do not carry out international transfers of data. We store all your personal data within the EU (in particular, in Ireland).

In the event that in the future we need to contract a service provider, for example an IT provider, whose servers are located outside the European Economic Area (EEA) and, therefore, an international transfer is needed, we will execute all necessary contractual agreements or other measures with any recipients of your information to ensure your personal data will be equally protected.

9. How long will we keep your personal data for?

Your information is securely stored at Ireland (EU).

We keep the information we collect only for as long as necessary for the purpose we collected it. We may also store your data for dealing with any complaints regarding our products and services. We will then dispose your information by removing all files and back-ups from all personal computers, one drive and hard drive. Our retention periods are being determined as per the legal requirements.

Prior to deleting any personal data, our company will retain it dully blocked, in order to comply with the legal obligation envisaged under Article 32 of the Spanish DP Act.

10. How do we approach to children’s privacy?

Our platform/website is designed and intended for adults. We understand the importance of taking extra precautions to protect the privacy and safety of children.

If you learn that a child has, in violation of this Privacy Policy, registered for email newsletters, or otherwise provided their personal data, please report it to us If we become aware that an underage user has provided Personal Data without parental permission, we will delete all Personal Data provided by that user to the extent feasible and as soon as practicable.

11. What are your rights?

You are not required to pay any charge for exercising your rights (but a fee may be charged when requests are unfounded, excessive or repetitive). If you exercise any of the data protection rights detailed below, we have one month to respond to you, although we will do our best to provide you with a response in less than a month. In any case, pursuant to applicable data protection regulations, please note that such time period may be extended for extra 2-months period, if needed.

Under data protection law, you can exercise the following rights:

Your right to withdraw consent - You can withdraw your consent at any given time by contacting us at

Your right of access - You have the right to ask us for copies of your personal data.

Your right to rectification - You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure - You have the right to ask us to erase your personal data in certain circumstances i.e., if your personal data are no longer necessary for the purpose they were collected for or if you withdraw your consent.

Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal data in certain circumstances i.e., if you think that the information we process is inaccurate or unlawful.

Your right to object to processing - You have the right to object to the processing of your personal data only if we process the relevant information on legitimate or public interest grounds.

Your right to data portability - You have the right to ask that we transfer the personal data you directly gave us to another organisation, or to you, if we process the relevant information on consent or contract grounds**.**

Your right to not be subjected to a decision based solely on automated processing - You have the right to ask not to be subjected to a decision based solely on automated processing which produces legal effects concerning you or significantly affects you in a similar way, if the legal requirements are not met.

Without prejudice to any other remedies, you also have the right to lodge a complaint with the competent supervisory authority at any time, in accordance with your place of residence. In the case of Spain, this is the Spanish Data Protection Agency (AEPD). You may enquire about the different supervisory authorities by contacting us at In any case, before initiating any complaint, please contact us by e-mail in order to try to resolve any discrepancy or dispute amicably.

12. How to contact us

Please contact us at if you wish to make a request or complain or have any questions on how we use your personal data.

13. How do we keep this Privacy Policy up to date?

We may update this Privacy Policy periodically and will revise the date at the bottom of this Privacy Policy to reflect the date when such update occurred. If we make any material changes in the way we collect, use, and/or share the personal data that you have provided, we will endeavor to provide you with notice before such changes take effect, such as by posting prominent notice on our platform/website.

We encourage you to periodically review this page for the latest information on our privacy practices.

This Privacy Policy was last updated on April 2024.