This Policy applies to your use of our Services, which include the following:

Our Offline Services: in-person services you use when you visit our Events or Venue, purchase a ticket in person or over the phone, or visit a venue owned, operated, promoted, or serviced by the Company.

Our Digital Services: our products, services, or technology in Venue and events we own or operate and our websites, mobile applications, social media pages, and other online services.

The Company is the owner and operator of Brooklyn Storehouse, New York (the Venue) and producers/promoters of entertainment events and (the Events).

The controller of your Personal Data under this Policy is Brooklyn Storehouse LLC and you may contact us at +1 646 846 2426

The following describes how we process data relating to identified or identifiable individuals and households (Personal Data).

The categories of Personal Data we process may include:

Audio/Visual Data: Recordings and images collected from surveillance cameras, as well as audio files and records, such as voicemails, call recordings, and the like.

Transaction Data: Information about the Services we provide to you and about transactions you make with us or other companies for goods and services at our Events and Venue, and similar information.

Contact Data: Identity Data we can use to contact you, such as email and physical addresses, phone numbers, social media or communications platform usernames/handles.

Device / Network Data: Browsing history, search history, and information regarding your interaction with a website, application, or advertisement (e.g. IP Address, MAC Address, SSIDs, application ID/AdID/IDFA, session navigation history and similar browsing metadata, and other data generated through applications and browsers, including cookies and similar technologies or other device identifiers or persistent identifiers), online user ID, device characteristics (such as browser/OS version), web server logs, application logs, first party cookies, third party cookies, web beacons, clear gifs and pixel tags.

Identity Data: Information such as your name; address; email address; telephone number; gender; date of birth, age and/or age range; account login details, e.g. username and password, avatar, or other account handles/usernames; ticket/RFID identifiers; or license plates.

Preference Data: Personal Data generated reflecting your preferences, characteristics, predispositions, behavior, demographics, household characteristics, market segments, likes, favorites and other data or analytics.

General Location Data: Non-precise location data, e.g. location information derived from social media tags/posts, or general areas of our Events and Venue you visited.

Sensitive Personal Data: Personal Data deemed “sensitive” under New York law, such as social security, driver’s license, state identification card, or passport number; account log-in and password, financial account, debit card, or credit card number; precise location data; racial or ethnic origin, religious or philosophical beliefs, etc. We collect the following categories of Sensitive Personal Data:

• “Government ID Data” Data relating to official government identification, such as driver’s license or passport numbers, including similar Identity Data protected as Sensitive Data under applicable law.
• “Health Data” Information about your health.
• “Payment Data” Information such as bank account details, payment card information, including similar data protected as Sensitive Data under applicable law, and relevant information in connection with a financial transaction.
• “Precise Location Data” data from GPS, WiFi triangulation, certain localized Bluetooth beacons, or technologies used to locate you at a precise location and time.
• “Race or Ethnic Origin” data relating to your race, ethnic, or national origin.

User Content-Unstructured/free-form data that may include any category of Personal Data, e.g. data that you give us in free text fields such as comment boxes.

We collect Personal Data from various sources, which include:

Data you provide us: We receive Personal Data when you provide them to us, when you purchase our products or services, complete a transaction via our Services, or when you otherwise use our Services.

Data we collect automatically: We collect Personal Data about or generated by any device used to access our Digital Services, the websites of any ticketing service provider used to purchase a ticket to our Events and Venue, RFID, or when you use WiFi at any of our Events and Venue.

Service Providers: We receive Personal Data from ticket agents, and others, who transfer Personal Data to us when you purchase a ticket from them for our Events and Venue, and other service providers performing services on our behalf.

Promoters and event partners: We collaborate with various entities to put on events, which may include co-promoters, artists, sports teams or leagues, Venue, and other parties (Event Partners). We receive Personal Data from Event Partners if you purchase relevant products and services from them, or when you express interests (e.g mailing list sign up) that relate to the Company.

Social media companies: We receive Personal Data from Meta (e.g. Facebook and Instagram) and other social media companies when you use social media sign on, or interact with that social media company on or in connection with our Services.

We process Identity Data, Preference Data, and Contact Data when you register and create an account for our Services. We process Payment Data if you associate payment information with that account.
We use this Personal Data to create and maintain your account, to provide the products and services you request, and for our Business Purposes as below.

We process Identity Data, Transaction Data, Payment Data, Preference Data, General Location Data, and Contact Data when you use digital ticketing or RFID technologies at an Event or Venue. See above for information collected in connection with original Ticket Purchases.

We process Identity Data, Transaction Data, Payment Data, Preference Data, General Location Data, and Contact Data to authenticate your access to an Event, complete a transaction you request, for our Business Purposes and our other legitimate interests, including:

• verifying your identity for authentication and security purposes;
• helping us to ensure ticket purchasers are genuine and to prevent fraud;
• to help us to return lost property to its rightful owner;
• to share data with partners in accordance with user direction/authorizations;
• managing access to specific areas of Events; and
• to create market research and statistical analysis of guest engagement, movement, or other matters.

We may process Identity Data, Transaction Data, Preference Data, General Location Data, and Contact Data for our Commercial Purpose (which may include data sales/sharing).

• We process Device/Network Data, Contact Data, Identity Data, and Preference Data in connection with marketing emails, SMS, push notifications, telemarketing, or similar communications, and when you open or interact with those communications. You may receive marketing communications if you consent.

We process Identity Data, Transaction Data, Payment Data, Preference Data, General Location Data, and Contact Data when you visit our Events and Venue. If provided or due to an incident at our Events or Venue, we may also process Health Data. We may collect Audio/Visual Data in relation to the use of CCTV cameras.

You may interact with RFID or Digital Tickets or Our Digital Services at our Events and Venue.

We process Identity Data, Transaction Data, Payment Data, Preference Data, General Location Data Audio/Visual Data, and Contact Data as necessary to operate our Events and Venue and provide our services to you, for our Business Purposes, and our other legitimate interests, including:

• verifying your identity for authentication and security purposes;
• helping us to ensure our customers are genuine and to prevent fraud;
• to help us to return lost property to its rightful owner; and
• managing access to specific areas of our Events and Venue.

We process Health Data only as necessary to provide you with appropriate services (for example, a wheelchair accessible space) or to help us investigate an incident which may have taken place at our Events and Venue.

We process Device/Network Data, Contact Data, Identity Data, General Location Data, and Preference Data. You may also be able to complete purchases, register for an account or enroll in marketing communications through our Digital Services.

We use this Personal Data as necessary to operate our Digital Services, such as keeping you logged in, delivering pages, etc., for our Business Purposes, and our other legitimate interests, such as:

• ensuring the security of our websites, mobile applications and other technology systems; and
• analyzing the use of our Services, including navigation patterns, clicks, etc. to help understand and make improvements to the Services.

We process Identity Data, Device/Network Data, Contact Data, Preference Data, and General Location Data, in connection with our use of cookies and similar technologies on our Digital Services. We may collect this data automatically.

We and authorized third parties may use cookies and similar technologies for the following purposes:

• for “essential” purposes necessary for our Digital Services to operate (such as maintaining user sessions, CDNs, and the like);
• for “functional” purposes, such as to enable certain features of our Digital Services (for example, to allow a customer to maintain an online shopping cart);
• for “analytics” purposes and to improve our Digital Services, such as to analyze the traffic to and on our Digital Services (for example, we can count how many people have looked at a specific page, or see how visitors move around the website when they use it, to distinguish unique visits/visitors to our Digital Services, and what website they visited prior to visiting our website, and use this information to understand user behaviors and improve the design and functionality of the website);
• for “retargeting”, Targeted Advertising, or other advertising and marketing purposes, including technologies that process Preference Data or other data so that we can deliver, buy, or target advertisements which are more likely to be of interest to you; and
• for “social media” e.g. via third-party social media cookies, or when you share information using a social media sharing button or “like” button on our Services or you link your account or engage with our content on or through a social networking website such as Facebook or X.

We may also process this Personal Data for our Business Purposes and Commercial Purposes (which may include data sales/sharing). See below regarding opt-out rights for cookies and similar technologies.

Third parties may view, edit, or set their own cookies or place web beacons on our websites. We, or third party providers, may be able to use these technologies to identify you across platforms, devices, sites, and services. Third parties may engage in Targeted Advertising using this data. Third parties have their own privacy policies and their processing is not subject to this Policy.

We may collect and process Identity Data, Preference Data, certain Contact Data, and User Content when you enter a contest/sweepstakes or take part in a promotion.

We process this Personal Data as necessary to provide the contest/promotion, notify you if you have won, or to process delivery of a prize, for our Business Purposes, and other legitimate interests, such as:

• verifying your identity for authentication, anti-fraud, and security purposes (in which case we may process Government ID Data to complete verification);
• to improve our Services and to create a personalized user experience; and
• to contact you about relevant products or services, and in connection with marketing communications and Targeted Advertising.

Some programs and offers are operated/controlled by our third-party partners or their affiliates or partners. We may receive this data from third parties to the extent allowed by the applicable partner; otherwise, this Privacy Policy will not apply to data processed by third parties.

Your Personal Data may be public. If you win a contest/sweepstakes, we may publicly post some of your data. We do not post Personal Data without consent where required by law. See any program agreement(s) for additional details and terms.

We process Identity Data, Preference Data, Contact Data, and User Content you post (e.g. comments, forum and social media posts, etc.) on our Digital Services. We also process Identity Data, Contact Data, and User Content if you interact with or identify us, or relevant promoters, artists, sponsors or other partners on social media or communication platforms (e.g. if you post User Content that engages with or tags our official accounts or participate in a Discord server moderated by us.)

We process this Personal Data for our Business Purposes and Commercial Purposes (which may include data sales/sharing).

Posts may be public, or reposted on our Services. Content you provide may be publicly available when you post it on our Services, or in some cases, if you reference, engage, or tag our official social media accounts or communications platforms.

We and our Service Providers process Personal Data we hold for numerous Business Purposes, depending on the context of collection, your Rights & Choices, and our legitimate interests. We generally process Personal Data for the following “Business Purposes.”

We process Personal Data as necessary to provide our Services and the products and services you purchase or request. For example, we process Personal Data to authenticate users and their rights to access the Services, Events, or Venue, as otherwise necessary to fulfill our contractual obligations to you, provide you with the information, features, and services you request, and create relevant documentation.

We may use any Personal Data we process through our Services as necessary in connection with our legitimate interests in improving the design of our Services, understanding how our Services are used or function, for customer service purposes, for internal research, technical or feature development, to track service use, QA and debugging, audits, and similar purposes.

We may process Personal Data in connection with our legitimate interest in ensuring that our Services, and Events and Venue are secure, identify and prevent crime, prevent fraud, verify or authenticate users/individuals, and ensure the safety of our guests. Similarly, we process Personal Data on our Digital Services as necessary to detect security incidents, protect against, and respond to malicious, deceptive, fraudulent, or illegal activity. We may analyze network traffic, device patterns, and characteristics, maintain and analyze logs and process similar Personal Data in connection with our information security activities.

We may display contextual advertising on our Services. In which case, we may customize such advertisement using data processed based on your current interaction with the Service (e.g. time, General Location). We may also document and audit ad impressions and related data relating to the delivery and display of contextual advertisements.

We process certain Personal Data as necessary in connection with our legitimate interest in personalizing our Digital Services. For example, aspects of the Digital Services may change so they are more relevant to you. We may personalize based on Preference Data and your current interactions with the Service, or obtain it from third parties, using Personal Data we hold about you. We may also personalize based on Profiles, where permitted by law, e.g. by displaying your name and other appearance or display preferences, to display content that you have interacted with in the past, or to display content that we think may be of interest to you based on your interactions with our Digital Services and other content.

We process Personal Data in order to identify trends, including to create aggregated and anonymized data about buying and spending habits, use of our Services, and other similar information (Aggregated Data). Aggregated Data that does not contain Personal Data is not subject to this Privacy Policy.

We may also process Personal Data as necessary to comply with our legal obligations, such as where you exercise your rights under data protection law, for the establishment and defense of legal claims, where we must comply with requests from government or law enforcement officials, and as may be required to meet national security or law enforcement requirements or prevent illegal activity. We may also process data to protect the vital interests of individuals, or on certain public interest grounds, each to the extent required or permitted under applicable law. Please see below for more information about how we disclose Personal Data in extraordinary circumstances.

We and certain third parties process Personal Data to further our commercial or economic interests (Commercial Purposes) depending on the context of collection and your Rights & Choices.

We may personalize marketing communications based on your profile. If consent to consumer profiling or Targeted Advertising is required by law, we will seek your consent.

In some jurisdictions, the Company, and certain third parties operating on or through our Services, may engage in advertising targeted to your interests based on Personal Data that we or those third parties obtain or infer from your activities across non-affiliated websites, applications, or services in order to predict your preferences or interests (Targeted Advertising). This form of advertising includes various parties and service providers, including third party data controllers, engaged in the processing of Personal Data in connection with advertising. These parties may be able to identify you across sites, devices, and over time.

The parties that control the processing of Personal Data for Targeted Advertising purposes may create or leverage information derived from personalisation, profiles and Marketing Communications. In some cases, these parties may also develop and assess aspects of a Profile about you to determine whether you are a type of person a company wants to advertise to, and determine whether and how ads you see are effective. These third parties may augment your profile with demographic and other Preference Data, and may track whether you view, interact with, or how often you have seen an ad, or whether you purchased advertised goods or services.

We generally use Targeted Advertising for the purpose of marketing our Services and third-party goods and services, and to send marketing communications, including by creating custom marketing audiences on third-party websites or social media platforms.

We may share Personal Data with the following categories of third-party recipients and/or for the following reasons:

Service Providers– We may share your Personal Data with service providers who provide certain services or process data on our behalf in connection with our general business operations, product/service fulfillment and improvements, to enable certain features, and in connection with our (or our Service Providers) for Business Purposes.

Sponsors, Advertisers, and Social Media Platforms– We may share certain Personal Data with social media platforms, advertisers, ad exchanges, data management platforms, or sponsors in support of our Commercial Purposes. We may allow these third parties to operate through our Services.

Public Disclosure – If you use any social media plugin, API, or other similar feature, use an event hashtag or similar link, or otherwise interact with us or our Services via social media, we may make your post available on our Services or to the general public. We may share, rebroadcast, or redisplay Personal Data or other information in the post to the extent permitted by the relevant social media service.

Event Partners– Where allowed by law, or with your consent, we will share your Personal Data with Event Partners e.g. promoters, artists, or sponsors that perform, promote, or operate an Event or Venue.

Lawful Recipients-In limited circumstances, we may, without notice or your consent, access and disclose your Personal Data, any communications sent or received by you, and any other information that we may have about you to the extent we believe such disclosure is legally required, to prevent or respond to a crime, to investigate violations of our Terms of Use, in the vital interests of us or any person (such as where we reasonably believe the use or disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of any individual or to public health or safety) or in such other circumstances as may be required or permitted by law. These disclosures may be made to governments that do not ensure the same degree of protection of your Personal Data as your home jurisdiction. We may, in our sole discretion (but without any obligation), object to the disclosure of your Personal Data to such parties.

If you are located outside the US, we may transfer or process your Personal Data in the US, UK, European Economic Area (EEA). Where required by local law, we ensure your data remains protected in connection with any international transfers.

You may have certain rights and choices regarding the Personal Data we process.

You can withdraw your consent to receive marketing communications by clicking on the unsubscribe link in an email (for email), by responding with “OPT-OUT”, “STOP”, or other supported unsubscribe message.

If you do not want information collected through the use of cookies, you can manage/deny cookies (and certain technologies) using your browser’s settings menu or our “Manage Cookie Preferences” page. You may need to opt out of third-party services directly via the third party. For example, to opt-out of Google’s analytic and marketing services.

Targeted Advertising– You may opt out or withdraw your consent to Targeted Advertising by visiting your privacy choices.

We implement and maintain commercially reasonable security measures to secure your Personal Data from unauthorized processing. While we endeavor to protect our Services and your Personal Data against unauthorized access, use, modification and disclosure, we cannot guarantee that any information, during transmission or while stored on our systems, will be absolutely safe from intrusion by others.

Our Services are neither directed at nor intended for use by persons under the age of 18. We generally collect information relating to this age group only from parents or with parental consent and we only knowingly collect Personal Data from such individuals directly in limited circumstances where reasonably necessary to provide the Service (such as registration for age-specific camps or clinics). We do not otherwise knowingly collect information from such individuals. If we learn that we have inadvertently done so, we will promptly delete such Personal Data if required by law. Do not access or use our Services if you are not of the age of majority in your jurisdiction unless you have the consent of your parent or guardian

We retain Personal Data for so long as it is reasonably necessary to achieve the relevant processing purposes described in this Privacy Policy, or for so long as is required by law. What is necessary may vary depending on the context and purpose of processing.

We will review retention periods periodically and may pseudonymize or anonymize data held for longer periods.

Except for processing by our service providers (described below), this Privacy Policy does not apply to third party websites, products, or services.

We may change this Policy from time to time. We will post changes on this page. We will notify you of any material changes, if required, via email or notices on our Digital Services. Your continued use of our Services constitutes your acknowledgement of any revised Policy.

Non-US Individuals may have the following rights. Applicable law may provide exceptions and limitations to all rights.

Access– You may have a right to access the Personal Data we process.

Rectification– You may correct any Personal Data that you believe is inaccurate.

Deletion/Erasure-You may request that we delete your Personal Data. We may delete your data entirely, or we may anonymize or aggregate your information such that it no longer reasonably identifies you.

Data Export/Portability-You may request that we send you a copy of your Personal Data in a common portable format of our choice.

Restriction -You may request that we restrict the processing of Personal Data to what is necessary for a lawful basis.

Objection-You may have the right under applicable law to object to any processing of Personal Data based on our legitimate interests by contacting us at: +1 646 846 2426 We may not cease or limit processing based solely on that objection, and we may continue processing where our interests in processing are appropriately balanced against individuals’ privacy interests. In addition to the general objection right, you may have the right to object to processing:

• for Profiling purposes;
• for direct marketing purposes (we will cease processing upon your objection); and
• involving automated decision-making with legal or similarly significant effects (if any).

We process data in the United States and other countries where our subprocessors are located. In cases where we transfer Personal Data to jurisdictions that have not been determined to provide “adequate” protections by your home jurisdiction, we will put in place appropriate safeguards to ensure that your Personal Data are properly protected and processed only in accordance with applicable law. Those safeguards may include the use of EU/UK standard contractual clauses, or similar data transfer agreements in relevant jurisdictions, reliance on the recipient’s Binding Corporate Rules program, or requiring the recipient to certify to a recognized adequacy framework.