Privacy Policy

1. General information

This Privacy Policy sets out the rules for processing and protecting personal data provided by Users in connection with their use of FanTix.pl (hereinafter referred to as the "Service").

2. Personal data controller

The controller of the personal data contained in the Service is FanTix Prosta Spółka Akcyjna, headquartered in Warsaw (00-666), ul. Noakowskiego 12/20, Warsaw, registered in the Register of Entrepreneurs maintained by the District Court for the Capital City of Warsaw, 12th Commercial Division of the National Court Register, under KRS number: 0001200690, with share capital of PLN 1,000, NIP (VAT ID): 7011282856., e-mail: info@fantix.pl (hereinafter the “Controller”).

3. Data Protection Officer

The Controller has appointed a Data Protection Officer (DPO), who can be contacted regarding matters related to the protection of personal data via email at iod@fantix.pl or in writing at the Controller’s registered office address.

4. Purposes and Legal Bases for the Processing of Personal Data

The Controller processes the personal data of Service Users for the following purposes:

a) Performance of a contract for the provision of electronic services, in particular related to managing accounts for FanTix.pl Users including enabling login using a Google account (Article 6(1)(b) of the GDPR)

b) Conducting marketing activities carried out by the Controller, either independently or in cooperation with other entities (Article 6(1)(f) of the GDPR)

c) For the purposes of the Controller’s business activities, including conducting analyses, preparing reports, and compiling statistics (Article 6(1)(f) of the GDPR)

d) Responding to letters and requests (Article 6(1)(f) of the GDPR)

e) Archiving (Article 6(1)(f) of the GDPR)

f) Carrying out activities related to ensuring security (Article 6(1)(f) of the GDPR)

5. Data Retention Period

The personal data of Users will be stored for the following period:

a) In the case of the Controller performing a contract – for the duration of the contract and until the expiration of the limitation period for claims arising from that contract.

b) In the case of sales contracts concluded between Users – for the duration of these contracts and until the expiration of the limitation period for claims arising from them.

c) In the case of marketing – until an objection to such processing is lodged.

6. Recipients of the Data

The recipients of Users’ personal data may include:

a) Entities processing data on behalf of the Controller, such as IT service providers and marketing agencies.

b) Co-controller.

c) Entities entitled to obtain data based on consents given when opening an Account (e.g., Google) or required for concluding a Sales Agreement through the Service.

d) Entities entitled to obtain data under applicable law, such as courts or law enforcement authorities.

7. Users’ Rights

Users are entitled to the following rights in relation to the processing of their personal data:

a) The right to access their data and to receive a copy of it.

b) The right to rectification (correction) of their personal data.

c) The right to have their personal data deleted. d) The right to restrict the processing of their personal data.

e) The right to object to the processing of their personal data.

f) The right to data portability.

g) The right to lodge a complaint with a supervisory authority (the President of the Personal Data Protection Office).

8. Information on the Voluntary Nature of Providing Data

Providing personal data is voluntary, but it may be necessary to use the Service or to perform a contract.

9. Automated Decision-Making and Profiling

Within the Service, Users’ personal data may be processed in an automated manner, including profiling. Profiling involves analysing information about a User’s activity within the Service (e.g., types of events viewed, location, purchase history, preferred categories, and additional products) in order to tailor displayed offers, prices, and recommended products to individual interests. Automated decision-making may include, among others: a) determining dynamic ticket prices based on seat availability, demand, and the User’s previous purchases,

b) selecting additional products or services (e.g., VIP packages, merchandise, or extra services) in accordance with the User’s preferences,

c) displaying personalised marketing content.

Such processing will not produce legal effects for the User or similarly significantly affect them within the meaning of Article 22 of the GDPR. The User has the right to object to profiling at any time, as well as to request human intervention, express their point of view, or challenge a decision made through automated processing.

10. Cookies

The Service uses cookies. Detailed information about the use of cookies can be found in the Cookies Policy available at https://fantix.pl/pl/cookies.

11. Data Security

The Controller implements appropriate technical and organisational measures to ensure the security of processed personal data, proportionate to the risks and the categories of data being protected.

12. Amendments to the Privacy Policy

The Controller reserves the right to amend this Privacy Policy. Users will be informed of any amendments through the publication of updates on the Service’s website.

13. Contact

For matters related to personal data, please contact us at the email address: iod@fantix.pl. Date of last update: 03.04.2026.