🍬 PRIVACY POLICY 🍬

Welcome to the Hansel & Gretel: An EDM Fairytale Festival (referred to herein as "we," "us," "our," or "the Festival"), proudly produced and operated by The Imagine Universe LLC. Your privacy and digital safety are paramount to us. This Comprehensive Privacy Policy explains how we collect, utilize, disclose, and secure your personal information when you visit our website, purchase tickets, utilize our digital applications, attend our live events, or interact with our services in any capacity.

1. COMPREHENSIVE INFORMATION WE COLLECT

To deliver a safe and seamless festival experience, we collect various categories of information directly from you, automatically through our digital platforms, and via our physical event infrastructure:

Personal Information You Provide Directly

• Identity & Demographic Data: Full legal name, date of birth, age verification documents (18+ entry requirement), and preferred username or handle.
• Contact Data: Valid email address, mobile phone number, and physical mailing address required for wristband/ticket fulfillment and official correspondence.
• Financial & Transactional Data: Comprehensive purchase history, VIP/GA tier selections, billing address, and payment method details (securely vaulted and processed by PCI-DSS compliant partners, not stored directly on our servers).
• Direct Communications: Any inquiries, customer support transcripts, survey responses, or direct messages sent via our official social media channels.

Information Collected Automatically Online

• Technical Device Data: IP address, device identifiers (MAC address), browser type and version, time zone configuration, operating system, and mobile network information.
• Digital Footprint & Activity: Pages visited, duration of sessions, click-through pathways, referral URLs, and interaction metrics with our marketing emails.

On-Site & Physical Event Data Collection

• RFID & Access Control: If utilizing an RFID festival wristband, we collect timestamped data regarding your entry and exit from the festival grounds, VIP areas, and specific stage zones for crowd management and capacity compliance.
• Cashless Transactions: Records of on-site purchases made via your registered cashless wristband or mobile payment application, including food, beverage, and merchandise selections.
• Media, Audio & Visual Recording: By entering the festival footprint, you acknowledge and consent to being filmed, photographed, and recorded by closed-circuit television (CCTV) and official media teams. This footage is utilized for security monitoring, live broadcasting, and future promotional materials.
• Health & Incident Data: In the event you require on-site emergency or medical services, our contracted medical providers may document necessary health information to treat you safely. This data is handled with strict medical confidentiality.

2. HOW WE UTILIZE YOUR INFORMATION

We process your personal information strictly for the following operational and legitimate business objectives:

• Fulfillment & Logistics: To process your financial transactions, verify mandatory age requirements (18+), distribute entry credentials, and grant secure access to the festival environment.
• Essential Communications: To deploy critical order confirmations, shipping logistics, daily schedule updates, severe weather alerts, and emergency safety broadcasts.
• Safety & Security Operations: To monitor venue capacity, manage crowd flow, prevent unauthorized access, investigate fraudulent ticket resales, and collaborate with local law enforcement when legally obligated.
• Service Optimization: To analyze digital traffic patterns and on-site behavior to improve future site layouts, stage designs, line-up curation, and digital user interfaces.
• Targeted Marketing (Subject to Consent): To deliver tailored promotional content regarding upcoming events, merchandise drops, and exclusive partnership offers from The Imagine Universe LLC. You retain the right to opt out of marketing communications at any time.

3. LEGAL GROUNDS FOR DATA PROCESSING

In accordance with global privacy frameworks, our processing of your personal data relies on the following legal justifications:

• Contractual Necessity: Essential processing required to fulfill our ticket purchase and event entry agreement with you.
• Legitimate Interests: Processing necessary for optimizing our business operations, ensuring attendee safety, mitigating fraud, and executing direct marketing campaigns.
• Legal & Regulatory Obligations: Strict compliance with local age verification laws, municipal event permitting requirements, taxation codes, and legally binding court orders.
• Informed Consent: Explicit permission obtained for deploying non-essential cookies, SMS marketing lists, and specific promotional initiatives.

4. COOKIES, PIXELS & TRACKING TECHNOLOGIES

Our digital ecosystem utilizes cookies, web beacons, and tracking pixels to orchestrate a seamless digital experience. These small data files allow our systems to recognize your device. Our deployment includes:

Cookie Classification	Operational Purpose	Standard Duration
Strictly Essential	Facilitates secure checkout, cart retention, and user authentication.	Session / Persistent
Functional Preferences	Remembers targeted city selections, language, and display settings.	30 days
Analytical Tracking	Monitors site performance and visitor behavior (e.g., Google Analytics).	14 months
Marketing & Pixels	Enables retargeting advertisements via platforms like Meta and TikTok.	90 days

You maintain the ability to govern cookie permissions via your browser settings. Be advised that neutralizing strictly essential cookies will inherently disrupt the ticket purchasing portal.

5. THIRD-PARTY DATA DISCLOSURE

To effectively produce an event of this scale, we selectively share essential data with vetted, contractually bound third-party partners:

• Financial & Ticketing Processors: Entities such as TicketSpice, Stripe, or PayPal for secure payment execution and credential issuance.
• Operational Event Partners: Venue management, professional security contractors, and medical first responders dedicated strictly to logistical execution and physical safety.
• Brand Activations & Sponsors: If you voluntarily interact with sponsor booths on-site (e.g., scanning your RFID wristband at a brand activation), your specific contact information may be shared with that sponsor pursuant to your direct action and consent.
• Legal & Civil Authorities: We will disclose information to law enforcement or governmental agencies only when presented with a valid subpoena, warrant, or in situations involving immediate threats to public safety.

The Imagine Universe LLC unequivocally refuses to sell your personal information to third-party data brokers.

6. DATA SECURITY PROTOCOLS

We deploy rigorous, industry-standard cybersecurity protocols to safeguard your personal profile:

• Cryptographic Encryption: All sensitive data transmitted across our networks utilizes advanced TLS/SSL encryption standards.
• Access Minimization: Strict internal access policies dictate that only explicitly authorized personnel require access to personal data for operational tasks.
• Continuous Monitoring: Routine security audits, penetration testing, and firewall optimizations protect our foundational infrastructure.

While we implement exhaustive measures, no digital transmission or cloud storage environment is infallibly secure. We cannot guarantee absolute security against highly sophisticated cyber threats.

7. DATA RETENTION LIFECYCLE

We maintain your personal information strictly for the duration necessary to satisfy the objectives outlined in this policy:

• Financial & Tax Records: Retained for 7 years to satisfy federal and state auditing regulations.
• Marketing Profiles: Maintained actively until you formally revoke consent or request account erasure.
• Aggregated Analytics: Stripped of personally identifiable markers and retained indefinitely for historical modeling.

8. STRICT AGE VERIFICATION & CHILDREN'S PRIVACY

Hansel & Gretel: An EDM Fairytale Festival is exclusively designed for adults. Admittance requires individuals to be 18 years of age or older. We fundamentally do not intentionally solicit or collect data from minors under the age of 18. Mandatory, government-issued ID verification is enforced at the gates. Should we identify data mistakenly collected from a minor, it will be purged from our databases immediately.

9. CALIFORNIA PRIVACY RIGHTS ACT (CPRA)

For residents of California, the CPRA grants expanded provisions regarding your personal data:

• The right to know exactly what personal information and sensitive personal information is being collected and shared.
• The right to formally request the deletion of accumulated personal information.
• The right to opt out of the "sale" or "sharing" of personal information for cross-context behavioral advertising.
• The right to limit our use of your sensitive personal information to strictly necessary operational functions.
• The right to non-retaliation and equal service regardless of exercising your privacy rights.

California residents may execute these rights by contacting privacy@hgfest.com with the subject line "CPRA Privacy Request."

10. EUROPEAN ECONOMIC AREA (GDPR) RIGHTS

Should you interact with our digital properties from within the European Economic Area, you are protected under the GDPR:

• Access & Rectification: The right to demand copies of your data and correct inaccuracies.
• The Right to be Forgotten: The right to mandate the deletion of your personal data when no longer legally required.
• Processing Restrictions: The right to temporarily halt the processing of your data under specific disputes.
• Data Portability: The right to request your data in a machine-readable format to transfer to another entity.

Direct all GDPR inquiries to our designated Data Protection Officer at dpo@hgfest.com.

11. TELECOMMUNICATIONS & SMS POLICIES

By opting into our mobile SMS program, you consent to receive recurring automated promotional and personalized marketing text messages (e.g., cart reminders, set time alerts). Consent is not a condition of any purchase. Message frequency varies. Standard message and data rates may apply depending on your cellular provider. You may opt out at any time by texting STOP. Cellular carriers are not liable for delayed, dropped, or undelivered messages.

12. EXTERNAL LINKS & PLATFORMS

Our digital presence features integration with external platforms (e.g., TicketSpice, Spotify, Instagram, Discord). When you navigate away from our domain, you are subject to the unique privacy policies of those independent entities. We hold no liability for the data practices or security infrastructures of third-party platforms.

13. POLICY MODIFICATIONS

As festival operations and privacy legislations evolve, we reserve the right to amend this Comprehensive Privacy Policy. Material alterations will be communicated via a prominent notification on our website or a direct email to registered ticket holders. Continued interaction with our services following an update constitutes acknowledgment of the revised policy.

14. OFFICIAL CONTACT DIRECTORY

For questions, formal data requests, or concerns regarding our privacy architecture, please reach out to our team:

• General Privacy Inquiries: privacy@hgfest.com
• Data Protection Officer (DPO): dpo@hgfest.com
• Corporate Mailing Address: The Imagine Universe LLC, Attn: Privacy Department, Hansel & Gretel Festival Operations