GDPR Article 22

GDPR Article 21 (1)

The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on points (e) or (f) of Article 6(1) of GDPR, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

Points (e) and (f) of Article 6(1) of GDPR

• Processing shall be lawful only if and to the extent that at least one of the following applies:

...

(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

By pressing this, the pop up window shall appear with the text: "According to the Limitation Act 1980 http://www.legislation.gov.uk/ukpga/1980/58

a prior or existing relationship between ASAPTICKETS and a customer/ subscriber/ user based on purchase or on the basis of the inquiry or application regarding products or services offered by ASAPTICKETS"

GDPR Article 21 (2)

Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

GDPR Article 8 (1)

Where point (a) of Article 6(1) applies, in relation to the offer of information society services* directly to a child, the processing of the personal data of a child shall be lawful where the child is at least 16 years old. Where the child is below the age of 16 years, such processing shall be lawful only if and to the extent that consent is given or authorized by the holder of parental responsibility over the child.

* ‘information society service’ means a service as defined in point (b) of Article 1(1) of Directive (EU) 2015/1535 of the European Parliament and of the Council

Point (a) of Article 6(1) of GDPR

1. Processing shall be lawful only if and to the extent that at least one of the following applies:

(a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;

...

Information Society Services

means any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services.

For the purposes of this definition:

• ‘at a distance’ means that the service is provided without the parties being simultaneously present;
• ‘by electronic means’ means that the service is sent initially and received at its destination by means of electronic equipment for the processing (including digital compression) and storage of data, and entirely transmitted, conveyed and received by wire, by radio, by optical means or by other electromagnetic means;
• ‘at the individual request of a recipient of services’ means that the service is provided through the transmission of data on individual request.

An indicative list of services not covered by this definition is set out in Annex I;

Indicative list of services not covered by the second subparagraph of point (b) of Article 1(1)

1. Services not provided ‘at a distance’

Services provided in the physical presence of the provider and the recipient, even if they involve the use of electronic devices:

• medical examinations or treatment at a doctor's surgery using electronic equipment where the patient is physically present;
• consultation of an electronic catalogue in a shop with the customer on site;
• plane ticket reservation at a travel agency in the physical presence of the customer by means of a network of computers;
• electronic games made available in a video arcade where the customer is physically present.

2. Services not provided ‘by electronic means’

• services having material content even though provided via electronic devices:
  • automatic cash or ticket dispensing machines (banknotes, rail tickets);
  • access to road networks, car parks, etc., charging for use, even if there are electronic devices at the entrance/exit controlling access and/or ensuring correct payment is made,
• offline services: distribution of CD-ROMs or software on diskettes,
• services which are not provided via electronic processing/inventory systems:
  • voice telephony services;
  • elefax/telex services;
  • services provided via voice telephony or fax;
  • telephone/telefax consultation of a doctor;
  • telephone/telefax consultation of a lawyer;
  • telephone/telefax direct marketing.

3. Services not supplied ‘at the individual request of a recipient of services’

Services provided by transmitting data without individual demand for simultaneous reception by an unlimited number of individual receivers (point to multipoint transmission):

• television broadcasting services (including near-video on-demand services), covered by point (e) of Article 1(1) of Directive 2010/13/EU;
• radio broadcasting services;
• (televised) teletext.

GDPR Article 9

Processing of special categories of personal data

1. Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation shall be prohibited.

2. Paragraph 1 shall not apply if one of the following applies:

• the data subject has given explicit consent to the processing of those personal data for one or more specified purposes, except where Union or Member State law provide that the prohibition referred to in paragraph 1 may not be lifted by the data subject;
• processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorized by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject;
• processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent;
• processing is carried out in the course of its legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and that the personal data are not disclosed outside that body without the consent of the data subjects;
• processing relates to personal data which are manifestly made public by the data subject;
• processing is necessary for the establishment, exercise or defense of legal claims or whenever courts are acting in their judicial capacity;
• processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject;
• processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3;
• processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of Union or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy;
• processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) based on Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.

3. Personal data referred to in paragraph 1 may be processed for the purposes referred to in point (h) of paragraph 2 when those data are processed by or under the responsibility of a professional subject to the obligation of professional secrecy under Union or Member State law or rules established by national competent bodies or by another person also subject to an obligation of secrecy under Union or Member State law or rules established by national competent bodies.

4. Member States may maintain or introduce further conditions, including limitations, with regard to the processing of genetic data, biometric data or data concerning health.

GDPR Article 89 (1)

Processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, shall be subject to appropriate safeguards, in accordance with this Regulation, for the rights and freedoms of the data subject. Those safeguards shall ensure that technical and organizational measures are in place in particular in order to ensure respect for the principle of data minimization. Those measures may include pseudonymization provided that those purposes can be fulfilled in that manner. Where those purposes can be fulfilled by further processing which does not permit or no longer permits the identification of data subjects, those purposes shall be fulfilled in that manner.

GDPR Article 46

Transfers subject to appropriate safeguards

• In the absence of a decision pursuant to Article 45(3), a controller or processor may transfer personal data to a third country or an international organization only if the controller or processor has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available.
• The appropriate safeguards referred to in paragraph 1 may be provided for, without requiring any specific authorization from a supervisory authority, by:
  • a legally binding and enforceable instrument between public authorities or bodies;
  • binding corporate rules in accordance with Article 47;
  • standard data protection clauses adopted by the Commission in accordance with the examination procedure referred to in Article 93(2);
  • standard data protection clauses adopted by a supervisory authority and approved by the Commission pursuant to the examination procedure referred to in Article 93(2);
  • an approved code of conduct pursuant to Article 40 together with binding and enforceable commitments of the controller or processor in the third country to apply the appropriate safeguards, including as regards data subjects' rights; or
  • an approved certification mechanism pursuant to Article 42 together with binding and enforceable commitments of the controller or processor in the third country to apply the appropriate safeguards, including as regards data subjects' rights.
• Subject to the authorization from the competent supervisory authority, the appropriate safeguards referred to in paragraph 1 may also be provided for, in particular, by:
  • contractual clauses between the controller or processor and the controller, processor or the recipient of the personal data in the third country or international organization; or
  • provisions to be inserted into administrative arrangements between public authorities or bodies which include enforceable and effective data subject rights.
• The supervisory authority shall apply the consistency mechanism referred to in Article 63 in the cases referred to in paragraph 3 of this Article.
• Authorizations by a Member State or supervisory authority on the basis of Article 26(2) of Directive 95/46/EC shall remain valid until amended, replaced or repealed, if necessary, by that supervisory authority. Decisions adopted by the Commission on the basis of Article 26(4) of Directive 95/46/EC shall remain in force until amended, replaced or repealed, if necessary, by a Commission Decision adopted in accordance with paragraph 2 of this Article.

Objection rights

For example, if you have subscribed to receive commercial emails from us, participated in promotional activities or transacted with us (requested a quote, bought our servicesproductstickets and other related services). You can easily unsubscribe from ASAPTICKETS.CO.UK marketing communications at any time by clicking on the “Unsubscribe” link included in the newsletter email/ sms or just change your subscription preferences.
Another example is a “soft opt-in” option. We will send a direct marketing if you requested a price quote or purchased our services and did not object the processing of your personal data for the direct marketing purposes.

Auto-save tool

means an online solution when ASAPTICKETS restores the data you have entered when completing online form on our Platform. ASAPTICKETS saves data for a short period in order you can recover unsaved/ not submitted data. This might happen when, for example: the customer/ passenger accidentally closed the website during filling the form; the customer/ passenger decided to go back one page and then return; to investigate possible system errors (code bugs, mixed functionality etc.) and improve our Platform usability; there is a high risk of fraud and we shall prevent it by analyzing behaviour on the Platform. In case you provided the phone / email ASAPTICKETS may contact you to confirm your abortive activities on our Platform. During the call or by replying to the email you can opt out from such communication.

Automated individual decision-making

Default text

Processing for the scientific, archiving or historical research purposes

Processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, shall be subject to appropriate safeguards, in accordance with LAWS, for the rights and freedoms of the data subject. Those safeguards shall ensure that technical and organizational measures are in place in particular in order to ensure respect for the principle of data minimization. Those measures may include pseudonymization provided that those purposes can be fulfilled in that manner. Where those purposes can be fulfilled by further processing which does not permit or no longer permits the identification of data subjects, those purposes shall be fulfilled in that manner.

“the UK GRPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018, including its amendments set in The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019.