CATEGORIES AND SOURCES OF PERSONAL DATA
The following describes how we process data relating to identified or identifiable individuals and households (“Personal Data”).
Categories of Personal Data We Process
The categories of Personal Data we process may include:
Audio/Visual Data-Recordings and images collected from surveillance cameras, as well as audio files and records, such as voicemails, call recordings, and the like.
Biographical Data-Data relating to professional and employment history, qualifications, and similar biographic information.
Transaction Data-Information about the Services we provide to you and about transactions you make with us or other companies for goods and services at our Events and Venues, and similar information.
Contact Data-Identity Data we can use to contact you, such as email and physical addresses, phone numbers, social media or communications platform usernames/handles.
Device / Network Data-Browsing history, search history, and information regarding your interaction with a website, application, or advertisement (e.g. IP Address, MAC Address, SSIDs, application ID/AdID/IDFA, session navigation history and similar browsing metadata, and other data generated through applications and browsers, including cookies and similar technologies or other device identifiers or persistent identifiers), online user ID, device characteristics (such as browser/OS version), web server logs, application logs, first party cookies, third party cookies, web beacons, clear gifs and pixel tags.
Identity Data-Information such as your name; address; email address; telephone number; gender; date of birth, age and/or age range; account login details, e.g. username and password, avatar, or other account handles/usernames; ticket/RFID identifiers; or license plates.
Preference Data-Personal Data generated reflecting your preferences, characteristics, predispositions, behavior, demographics, household characteristics, market segments, likes, favorites and other data or analytics.
General Location Data– Non-precise location data, e.g. location information derived from social media tags/posts, or general areas of our Events and Venues you visited.
Sensitive Personal Data-Personal Data deemed “sensitive” under California or other laws, such as social security, driver’s license, state identification card, or passport number; account log-in and password, financial account, debit card, or credit card number; precise location data; racial or ethnic origin, religious or philosophical beliefs, etc. We collect the following categories of Sensitive Personal Data:
- “Government ID Data” Data relating to official government identification, such as driver’s license or passport numbers, including similar Identity Data protected as Sensitive Data under applicable law.
- “Health Data” Information about your health.
- “Payment Data” Information such as bank account details, payment card information, including similar data protected as Sensitive Data under applicable law, and relevant information in connection with a financial transaction.
- “Precise Location Data” data from GPS, WiFi triangulation, certain localized Bluetooth beacons, or technologies used to locate you at a precise location and time.
- “Race or Ethnic Origin” data relating to your race, ethnic, or national origin.
Regional Data Rights
User Content-Unstructured/free-form data that may include any category of Personal Data, e.g. data that you give us in free text fields such as comment boxes.
Sources of Personal Data We Process
We collect Personal Data from various sources, which include:
Data you provide us-We receive Personal Data when you provide them to us, when you purchase our products or services, complete a transaction via our Services, or when you otherwise use our Services.
Data we collect automatically-We collect Personal Data about or generated by any device used to access our Digital Services, the websites of any ticketing service provider used to purchase a ticket to our Events and Venues, RFID, or when you use WiFi at any of our Events and Venues.
Service Providers-We receive Personal Data from ticket agents such as AXS, Ticketmaster, and others, who transfer Personal Data to us when you purchase a ticket from them for our Events and Venues, and other service providers performing services on our behalf.
Promoters and event partners-We collaborate with various entities to put on events, which may include (co-)promoters, artists, sports teams or leagues, venues, and other parties (“Event Partners”). We receive Personal Data from Event Partners if you purchase relevant products and services from them, or when you express interests (e.g. team preference or mailing list sign up) that relate to the WE Companies.
Aggregators and advertisers-We receive Personal Data from ad networks, data brokers, Targeted Advertising vendors, market research, and social media companies or similar companies who provide us with additional Personal Data, e.g. Preference Data.
Social media companies-We receive Personal Data from Meta (e.g. Facebook and Instagram) and other social media companies when you use social media sign on, or interact with that social media company on or in connection with our Services.
Data we create or infer-We, certain partners, social media companies, and third parties operating on our behalf, create and infer Personal Data such as Preference Data or Aggregate Data based on our observations or analysis of other Personal Data processed under this Policy, and we may correlate this data with other data we process about you.
DATA PROCESSING CONTEXTS / NOTICE AT COLLECTION
Account registration
We process Identity Data, Preference Data, and Contact Data when you register and create an account for our Services. We process Payment Data if you associate payment information with that account.
We use this Personal Data to create and maintain your account, to provide the products and services you request, and for our Business Purposes. We may process Identity Data, Preference Data, and Contact Data for Commercial Purposes (which may include data sales/sharing). We do not sell or “share” Payment Data or use it for Business Purposes not permitted under applicable law.
Data Retention | Regional Data Rights
Purchases and transactions
We process Transaction Data, Identity Data, Payment Data, Preference Data, and Contact Data when you complete a purchase or sale transaction or charity donation. We do not permanently store your Payment Data, except at your request. If provided, we process Health Data. In some cases, Preference Data may reveal Race or Ethnic Origin (see “Profiles” for more information).
We process this Personal Data as necessary to perform or initiate a transaction with you, process your order, payment, or refund, carry out fulfillment and delivery, document transactions, and for our Business Purposes.
We may process Identity Data, Transaction Data, Contact Data, Race or Ethnic Origin, and Device/Network Data for Commercial Purposes (which may include data sales/sharing). We do not sell or “share” Payment Data or Health Data or use it for Business Purposes not permitted under applicable law.
Third party businesses/controllers may receive your information. Third Party data controllers/businesses (such as Event Partners) provide, either directly or jointly with WE or other Event Partners, many products and services you purchase through our Services. We may disclose Identity Data, Transaction Data, Contact Data, and Device/Network Data to those third parties. You may also direct us to disclose this data to or interact with these Event Partners as part of attending an Event/Venue, receiving premium upgrades, or making a purchase (which does not involve a data sale by the WE Companies). For example, when you purchase a ticket to an L.A. Kings game or other event involving the L.A. Kings and the NHL, you direct us to share your Identity Data, Contact Data, and Commercial Data relating to the ticket purchase with NHL Interactive CyberEnterprises, LLC, and its affiliates, including NHL Enterprises, L.P., NHL Enterprises Canada, L.P., and the National Hockey League (“NHL”). We share this with the NHL so that they can conduct analysis to better understand NHL fans and fan engagement across the NHL, including its member clubs. NHL may also use and share insights to enable the NHL, including its member clubs, to customize and improve their services, advertising and communications, as further set forth in the NHL Privacy Policy.
Donations. We accept online donation applications for WE community relations and other foundations from non-profit organizations only—not from individuals. Individuals should not submit their social security number.
Data Retention | Regional Data Rights
RFID Products and Digital Tickets
We process Identity Data, Transaction Data, Payment Data, Preference Data, General Location Data, and Contact Data when you use digital ticketing or RFID technologies at an Event or Venue. See above for information collected in connection with original Ticket Purchases.
We process Identity Data, Transaction Data, Payment Data, Preference Data, General Location Data, and Contact Data to authenticate your access to an Event, complete a transaction you request, for our Business Purposes, and our other legitimate interests, including:
- verifying your identity for authentication and security purposes;
- helping us to ensure ticket purchasers are genuine and to prevent fraud;
- to help us to return lost property to its rightful owner;
- to share data with partners in accordance with user direction/authorizations;
- managing access to specific areas of Events; and
- to create market research and statistical analysis of guest engagement, movement, or other matters.
We may process Identity Data, Transaction Data, Preference Data, General Location Data, and Contact Data for our Commercial Purposes (which may include data sales/sharing). We do not sell or “share” Payment Data or use it for Business Purposes not permitted under applicable law.
Marketing Communications
We process Device/Network Data, Contact Data, Identity Data, and Preference Data in connection with marketing emails, SMS, push notifications, telemarketing, or similar communications, and when you open or interact with those communications. You may receive marketing communications if you consent and, in some jurisdictions, you may receive email marketing communications as a result of account registration or a purchase. In some cases, Preference Data may reveal Race or Ethnic Origin
We process this Personal Data to contact you about relevant products or services and for our Business Purposes. We may use this data for our Commercial Purposes (which may include data sales/sharing). However, we do not share Contact Data collected as part of WE’s SMS marketing campaigns with third parties for their own marketing or Commercial Purposes. Marketing communications may also be personalized as permitted by applicable law, but will not involve Targeted Advertising or the processing of Race or Ethnic Origin where users have opted out or not provided necessary consents. See your Rights & Choices to limit or opt out of this processing.
Visiting Events and Venues
We process Identity Data, Transaction Data, Payment Data, Preference Data, General Location Data, and Contact Data when you visit our Events and Venues. If provided or due to an incident at our Events or Venues, we may also process Health Data. We may collect Audio/Visual Data in relation to the use of CCTV cameras.
You may interact with RFID or Digital Tickets or Our Digital Services at our Events and Venues.
We process Identity Data, Transaction Data, Payment Data, Preference Data, General Location Data Audio/Visual Data, and Contact Data as necessary to operate our Events and Venues and provide our services to you, for our Business Purposes, and our other legitimate interests, including:
- verifying your identity for authentication and security purposes;
- helping us to ensure our customers are genuine and to prevent fraud;
- to help us to return lost property to its rightful owner; and
- managing access to specific areas of our Events and Venues.
We process Health Data only as necessary to provide you with appropriate services (for example, a wheelchair accessible space, or a sign language interpreter) or to help us investigate an incident which may have taken place at our Events and Venues, and for certain Business Purposes.
We use Identity Data, Transaction Data, Preference Data, and Contact Data collected in this context for our Commercial Purposes (which may include data sales/sharing). We do not sell or “share” Payment Data, Health Data, or Audio/Visual Data.
Digital Services
Generally
We process Device/Network Data, Contact Data, Identity Data, General Location Data, and Preference Data. You may also be able to complete purchases, register for an account, or enroll in marketing communications through our Digital Services.
We use this Personal Data as necessary to operate our Digital Services, such as keeping you logged in, delivering pages, etc., for our Business Purposes, and our other legitimate interests, such as:
- ensuring the security of our websites, mobile applications and other technology systems; and
- analyzing the use of our Services, including navigation patterns, clicks, etc. to help understand and make improvements to the Services.
We may process this Personal Data for our Commercial Purposes (which may include data sales/sharing).
Mobile Apps
If you use our mobile apps, we may process Identity Data, Device/Network Data, Preference Data, General Location Data, and, with your consent, Precise Location Data.
We process this Personal Data to provide our mobile apps, for our Business Purposes, and our other legitimate interests, such as:
- to optimize the display and functionality of the Mobile App on your device;
- determine your location or proximity within our Events and Venues,
- provide directions and contextual information to you;
- deliver features that require the use of Precise Location Data;
- creating aggregate information about users’ location and patterns, which we use to help improve our Events and Venues and other Services.
We may process this Personal Data for our Commercial Purposes (which may include data sales/sharing). You have the right to limit our use of Precise Location Data by withdrawing consent to or disabling the collection of Precise Location Data.
Cookies and Other Tracking Technologies
We process Identity Data, Device/Network Data, Contact Data, Preference Data, and General Location Data, in connection with our use of cookies and similar technologies on our Digital Services. We may collect this data automatically.
We and authorized third parties may use cookies and similar technologies for the following purposes:
- for “essential” purposes necessary for our Digital Services to operate (such as maintaining user sessions, CDNs, and the like);
- for “functional” purposes, such as to enable certain features of our Digital Services (for example, to allow a customer to maintain an online shopping cart);
- for “analytics” purposes and to improve our Digital Services, such as to analyze the traffic to and on our Digital Services (for example, we can count how many people have looked at a specific page, or see how visitors move around the website when they use it, to distinguish unique visits/visitors to our Digital Services, and what website they visited prior to visiting our website, and use this information to understand user behaviors and improve the design and functionality of the website);
- for “retargeting,” Targeted Advertising, or other advertising and marketing purposes, including technologies that process Preference Data or other data so that we can deliver, buy, or target advertisements which are more likely to be of interest to you; and
- for “social media” e.g. via third-party social media cookies, or when you share information using a social media sharing button or “like” button on our Services or you link your account or engage with our content on or through a social networking website such as Facebook or Twitter.
We may also process this Personal Data for our Business Purposes and Commercial Purposes (which may include data sales/sharing). See your Rights & Choices for information regarding opt-out rights for cookies and similar technologies.
Third parties may view, edit, or set their own cookies or place web beacons on our websites. We, or third party providers, may be able to use these technologies to identify you across platforms, devices, sites, and services. Third parties may engage in Targeted Advertising using this data. Third parties have their own privacy policies and their processing is not subject to this Policy.
Data Retention | Regional Data Rights
Contests and Promotions
We may collect and process Identity Data, Preference Data, certain Contact Data, and User Content when you enter a contest/sweepstakes or take part in a promotion.
We process this Personal Data as necessary to provide the contest/promotion, notify you if you have won, or to process delivery of a prize, for our Business Purposes, and other legitimate interests, such as:
- verifying your identity for authentication, anti-fraud, and security purposes (in which case we may process Government ID Data to complete verification);
- to improve our Services and to create a personalized user experience; and
- to contact you about relevant products or services, and in connection with marketing communications and Targeted Advertising.
We may process Identity Data, Contact Data, and User Content information for our Commercial Purposes (which may include data sales/sharing).
Data Retention | Regional Data Rights
Some programs and offers are operated/controlled by our third-party partners or their affiliates or partners. We may receive this data from third parties to the extent allowed by the applicable partner; otherwise, this Privacy Policy will not apply to data processed by third parties.
Your Personal Data may be public. If you win a contest/sweepstakes, we may publicly post some of your data. We do not post Personal Data without consent where required by law. See any program agreement(s) for additional details and terms.
Contact Us; Support
We collect and process Identity Data, Contact Data, and User Content when you contact us, e.g. through a contact us form, or for support. If you call us via phone, we may collect Audio/Visual data from the call recording.
We process this Personal Data to respond to your request, and communicate with you, as appropriate, and for our Business Purposes. If you consent or if permitted by law, we may use Identity Data and Contact Data to send you marketing communications and for our Commercial Purposes (which may include data sales/sharing).
Data Retention | Regional Data Rights
Vendors
We process Identity Data, Contact Data, Government ID Data, Biographical Data, Preference Data, User Content, Payment Data, and Health Data (which may include Special Category Data) in connection with your application or engagement as a vendor.
We process this Personal Data as necessary to evaluate, establish, and maintain the vendor relationship, and for our Business Purposes. We do not sell or share Personal Data processed in this context. We process Sensitive Personal Data only for Business Purposes permitted under applicable law.
Data Retention | Regional Data Rights
Feedback and Surveys
We process Identity Data, Contact Data, Preference Data, and User Content collected in connection with guest surveys or questionnaires.
We process this Personal Data as necessary to respond to guest requests/concerns, for our Business Purposes, and other legitimate interests, such as:
- analyzing guest satisfaction; and
- to allow our third-party partners to communicate with guests.
We may process this Personal Data for our Commercial Purposes (which may include data sales/sharing). We may share Feedback/Survey data relating to third party partners with those partners, who may use it for their own purposes.
Data Retention | Regional Data Rights
Posts and Social Media
We process Identity Data, Preference Data, Contact Data, and User Content you post (e.g. comments, forum and social media posts, etc.) on our Digital Services. We also process Identity Data, Contact Data, and User Content if you interact with or identify us, or relevant promoters, artists, sponsors or other partners on social media or communication platforms (e.g. if you post User Content that engages with or tags our official accounts or participate in a Discord server moderated by us.)
We process this Personal Data for our Business Purposes, and Commercial Purposes (which may include data sales/sharing).
Posts may be public, or reposted on our Services. Content you provide may be publicly available when you post it on our Services, or in some cases, if you reference, engage, or tag our official social media accounts or communications platforms.
PROCESSING PURPOSES
Business Purposes
We and our Service Providers process Personal Data we hold for numerous business purposes, depending on the context of collection, your Rights & Choices, and our legitimate interests. We generally process Personal Data for the following “Business Purposes.”
Service Delivery
We process Personal Data as necessary to provide our Services and the products and services you purchase or request. For example, we process Personal Data to authenticate users and their rights to access the Services, Events, or Venues, as otherwise necessary to fulfill our contractual obligations to you, provide you with the information, features, and services you request, and create relevant documentation.
Internal Processing and Service Improvement
We may use any Personal Data we process through our Services as necessary in connection with our legitimate interests in improving the design of our Services, understanding how our Services are used or function, for customer service purposes, for internal research, technical or feature development, to track service use, QA and debugging, audits, and similar purposes.
Security and Incident Detection
We may process Personal Data in connection with our legitimate interest in ensuring that our Services, and Events and Venues are secure, identify and prevent crime, prevent fraud, verify or authenticate users/individuals, and ensure the safety of our guests. Similarly, we process Personal Data on our Digital Services as necessary to detect security incidents, protect against, and respond to malicious, deceptive, fraudulent, or illegal activity. We may analyze network traffic, device patterns, and characteristics, maintain and analyze logs and process similar Personal Data in connection with our information security activities.
Contextual Advertising
We may display contextual advertising on our Services. In which case, we may customize such advertisement using data processed based on your current interaction with the Service (e.g. time, General Location). We may also document and audit ad impressions and related data relating to the delivery and display of contextual advertisements.
Personalization
We process certain Personal Data as necessary in connection with our legitimate interest in personalizing our Digital Services. For example, aspects of the Digital Services may change so they are more relevant to you. We may personalize based on Preference Data and your current interactions with the Service, or obtain it from third parties, using Personal Data we hold about you. We may also personalize based on Profiles, where permitted by law, e.g. by displaying your name and other appearance or display preferences, to display content that you have interacted with in the past, or to display content that we think may be of interest to you based on your interactions with our Digital Services and other content.
Aggregated Data
We process Personal Data in order to identify trends, including to create aggregated and anonymized data about buying and spending habits, use of our Services, and other similar information (“Aggregated Data”). Aggregated Data that does not contain Personal Data is not subject to this Privacy Policy.
Compliance, Health, Safety, Public Interest
We may also process Personal Data as necessary to comply with our legal obligations, such as where you exercise your rights under data protection law, for the establishment and defense of legal claims, where we must comply with requests from government or law enforcement officials, and as may be required to meet national security or law enforcement requirements or prevent illegal activity. We may also process data to protect the vital interests of individuals, or on certain public interest grounds, each to the extent required or permitted under applicable law. Please see the How We Share Personal Data section for more information about how we disclose Personal Data in extraordinary circumstances.
Commercial Purposes
We and certain third parties process Personal Data to further our commercial or economic interests (“Commercial Purposes,”) depending on the context of collection and your Rights & Choices.
Please Note – We may require your consent, or we may not engage in processing of Personal Data for Commercial Purposes in some jurisdictions, or certain contexts (e.g., as a result of your enrollment in SMS campaigns). See the “Regional Supplements” section below for more information.
Profiles
Entertainment is personal, and we are always working to help you find the best concerts, festivals, sports, and other events for you to enjoy. In order to understand our customers’ preferences, and better recommend products and services that are personalized to our customers, we may create a “Profile” by linking together and analyzing Personal Data processed in the following contexts:
- Account Registration
- Purchases and Transactions
- RFID Products/Digital Tickets
- Visiting our Events and Venues
- Using our Digital Services
- Contest and promotions
- Contact Us; Support
- Feedback and Surveys
- Posts & Social Media
We may augment Profiles with Personal Data that we receive from other WE Companies, Event Partners or other third parties (including social media companies), e.g. information about Services you have used or purchased previously, Events and Venues you visited, or locations at those Events/Venues, or demographic data and data from your publicly available social media profiles.
In some cases we process Preference Data that reveals Race or Ethnic Origin as part of our Profiles. We typically process this information in relation to marketing for certain Events (e.g. cultural or heritage events.). Depending on applicable laws, we may not collect this information, and we may require your consent before collecting it. We will limit the use and disclosure of your Race or Ethnic Origin according to applicable law. See the “Regional Supplements” section below for more information about your rights in Sensitive Data.
We use Profiles for our legitimate interests in market research and statistical analysis in connection with the improvement of our Services. For example, we may analyze the Personal Data of customers who have purchased tickets for a future event, and then compare them with other customers in our database. If we identify other customers in our database who have similar Personal Data to the original purchasers, we may direct marketing about that event to the similar customers. We may conduct the profiling and send the direct marketing emails automatically.
Profiles involve processing that is automated, in whole or in part.
Personalized Marketing Communications
We may personalize Marketing Communications based on your Profile. If consent to Consumer Profiling or Targeted Advertising is required by law, we will seek your consent.
Targeted Advertising
In some jurisdictions, WE Companies, and certain third parties operating on or through our Services, may engage in advertising targeted to your interests based on Personal Data that we or those third parties obtain or infer from your activities across non-affiliated websites, applications, or services in order to predict your preferences or interests (“Targeted Advertising”). This form of advertising includes various parties and service providers, including third party data controllers, engaged in the processing of Personal Data in connection with advertising. These parties may be able to identify you across sites, devices, and over time.
The parties that control the processing of Personal Data for Targeted Advertising purposes may create or leverage information derived from Personalization, Profiles, and Marketing Communications. In some cases, these parties may also develop and assess aspects of a Profile about you to determine whether you are a type of person a company wants to advertise to, and determine whether and how ads you see are effective. These third parties may augment your profile with demographic and other Preference Data, and may track whether you view, interact with, or how often you have seen an ad, or whether you purchased advertised goods or services.
We generally use Targeted Advertising for the purpose of marketing our Services and third-party goods and services, and to send marketing communications, including by creating custom marketing audiences on third-party websites or social media platforms.
Data Sales
We may engage in “sales” of data as defined by applicable law. For example, we may “sell” certain Personal Data when we engage in marketing campaigns with or on behalf of sponsors, conduct Targeted Advertising, or we may sell or grant access to Personal Data to our marketing partners, Event Partners, and other advertisers in relation to Targeted Advertising, joint promotions, and other marketing initiatives. See the “Regional Supplements” section for a list of categories of Personal Data sold or shared.
DISCLOSURE/SHARING OF PERSONAL DATA
We may share Personal Data with the following categories of third-party recipients and/or for the following reasons:
WE Companies– we will share your Personal Data with other WE Companies in order to streamline certain business operations, and in support of our Business Purposes, and Commercial Purposes.
Service Providers– We may share your Personal Data with service providers who provide certain services or process data on our behalf in connection with our general business operations, product/service fulfillment and improvements, to enable certain features, and in connection with our (or our Service Providers’) Business Purposes.
Sponsors, Advertisers, and Social Media Platforms– We may share certain Personal Data with social media platforms, advertisers, ad exchanges, data management platforms, or sponsors in support of our Commercial Purposes. We may allow these third parties to operate through our Services. We do not share Contact Data collected in connection with WE’s SMS Marketing Communications with these parties.
Public Disclosure – If you use any social media plugin, API, or other similar feature, use an event hashtag or similar link, or otherwise interact with us or our Services via social media, we may make your post available on our Services or to the general public. We may share, rebroadcast, or redisplay Personal Data or other information in the post to the extent permitted by the relevant social media service.
Event Partners– Where allowed by law, or with your consent, we will share your Personal Data with Event Partners, e.g. promoters, venues, sports teams, leagues (such as the NHL), artists, or sponsors that perform, promote, or operate an Event or Venue. Through your use of our Service, you may direct us to disclose this data to or interact with these third parties, e.g. by attending an Event/Venue hosted, performed, or promoted by an Event Partner, or making a purchase involving these parties (in which cases, such transfers do not involve a data sale by us). However, in other cases, these parties may also receive data for Business Purposes and in connection with Data Sales. We do not share Contact Data collected in connection with WE’s SMS Marketing Communications with these parties.
Data Aggregators– We may share Personal Data with data aggregators in support of our Commercial Purposes and in connection with Data Sales. These disclosures/sales can help better personalize our Services, the services of third parties, enrich Profiles, and help ensure that you see advertisements that are more relevant to your interests.
Successors-We may share Personal Data if we go through a business transition, such as a merger, acquisition, liquidation, or sale of all or a portion of our assets. For example, Personal Data may be part of the assets transferred, or may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential transaction.
Lawful Recipients-In limited circumstances, we may, without notice or your consent, access and disclose your Personal Data, any communications sent or received by you, and any other information that we may have about you to the extent we believe such disclosure is legally required, to prevent or respond to a crime, to investigate violations of our Terms of Use, in the vital interests of us or any person (such as where we reasonably believe the use or disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of any individual or to public health or safety) or in such other circumstances as may be required or permitted by law. These disclosures may be made to governments that do not ensure the same degree of protection of your Personal Data as your home jurisdiction. We may, in our sole discretion (but without any obligation), object to the disclosure of your Personal Data to such parties.
INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA
If you are located outside the US, we may transfer or process your Personal Data in the US, UK, European Economic Area (EEA), and other jurisdictions where any WE Companies or our service providers operate. Where required by local law, we ensure your data remains protected in connection with any international transfers. See the “Regional Supplements” section below for more information.
YOUR RIGHTS & CHOICES
You may have certain rights and choices regarding the Personal Data we process. Please note, these rights may vary based on the country or state where you reside, and our obligations under applicable law. See the following sections for more information regarding your rights/choices in specific regions:
- US States/California
- EEA/UK/Switzerland and Other Non-US Countries
- Australia
Your Rights
You may have certain rights and choices regarding the Personal Data we process. See the “Regional Supplements” section below for rights available to you in your jurisdiction. To submit a request, contact our Data Privacy Team. We verify your identity in connection with most requests, as described below.
Verification of Rights Requests
If you submit a request, we typically must verify your identity to ensure that you have the right to make that request, reduce fraud, and to ensure the security of Personal Data. If an agent is submitting the request on your behalf, we reserve the right to validate the agent’s authority to act on your behalf.
We may require that you match Personal Data we have on file in order to adequately verify your identity. If you have an account, we may require that you log into the account to submit the request as part of the verification process. We may not grant access to certain Personal Data to you if prohibited by law.
Your Choices
Marketing Communications
You can withdraw your consent to receive marketing communications by clicking on the unsubscribe link in an email (for email), by responding with “OPT-OUT”, “STOP”, or other supported unsubscribe message (for SMS), by adjusting the push message settings for our mobile apps using your device operating system (for push notifications), or for other communications, by contacting us using the information below. To opt-out of the collection of information relating to email opens, configure your email so that it does not load images in our emails.
Withdrawing Your Consent/Opt-Out
You may withdraw any consent you have provided at any time. The consequence of you withdrawing consent might be that we cannot perform certain services for you, such as location-based services, personalizing or making relevant certain types of advertising, or other services conditioned on your consent or choice not to opt-out.
Precise Location Data
You may control or limit Precise Location Data that we collect through our Services by changing your preferences in your device’s location services preferences menu, or through your choices regarding the use of Bluetooth, WiFi, and other network interfaces you may use to interact with our Services. Note, we may collect general location data even if you opt out of the collection of Precise Location Data.
Cookies, Similar Technologies, and Targeted Advertising
If you do not want information collected through the use of cookies, you can manage/deny cookies (and certain technologies) using your browser’s settings menu or our “Manage Cookie Preferences” page. You may need to opt out of third-party services directly via the third party. For example, to opt-out of Google’s analytic and marketing services, visit Google Analytics Terms of Use, the Google Policy, or Google Analytics Opt-out.
Targeted Advertising– You may opt out or withdraw your consent to Targeted Advertising by visiting Your Privacy Choices. In some cases, you may be able to opt-out by submitting requests to third party partners, including for the vendors listed below:
- Google Ads
- Doubleclick
- Facebook Custom Audience Pixel
- Twitter Audience Pixel
- Digital Advertising Alliance’s opt-out
- Network Advertising Initiative opt-out
Global Privacy Control (GPC)– Our Digital Services may support certain automated opt-out controls, such as Global Privacy Control (“GPC”). GPC is a specification designed to allow Internet users to notify businesses of their privacy preferences, such as opting-out of the sale/sharing of Personal Data. To activate GPC, users must enable a setting or use an extension in the user’s browser or mobile device. Please review your browser or device settings for more information regarding how to enable GPC.
Please note: We may not be able to link GPC signals to your Personal Data in our systems, and as a result, some sales/sharing of your Personal Data may occur even if GPC is active. See the “Regional Supplements” section below for more information regarding other opt-out rights.
Do Not Track – Our Services do not respond to your browser’s do not track signal.
DATA SECURITY
We implement and maintain commercially reasonable security measures to secure your Personal Data from unauthorized processing. While we endeavor to protect our Services and your Personal Data against unauthorized access, use, modification and disclosure, we cannot guarantee that any information, during transmission or while stored on our systems, will be absolutely safe from intrusion by others.
CHILDREN
Our Services are neither directed at nor intended for use by persons under the age of 13 in the US, or under the age of 13 to 16 in the EEA, UK, Switzerland, and Other Non-US Countries, or 15/16 in Australia. We generally collect information relating to this age group only from parents or with parental consent and we only knowingly collect Personal Data from such individuals directly in limited circumstances where reasonably necessary to provide the Service (such as registration for age-specific camps or clinics). We do not otherwise knowingly collect information from such individuals. If we learn that we have inadvertently done so, we will promptly delete such Personal Data if required by law. Do not access or use our Services if you are not of the age of majority in your jurisdiction unless you have the consent of your parent or guardian.
DATA RETENTION
We retain Personal Data for so long as it is reasonably necessary to achieve the relevant processing purposes described in this Privacy Policy, or for so long as is required by law. What is necessary may vary depending on the context and purpose of processing. We generally consider the following factors when we determine how long to retain data (without limitation):
- Retention periods established under applicable law;
- Industry best practices;
- Whether the purpose of processing is reasonably likely to justify further processing;
- Risks to individual privacy in continued processing;
- Applicable data protection impact assessments;
- IT systems design considerations/limitations; and
- The costs associated continued processing, retention, and deletion.
We will review retention periods periodically and may pseudonymize or anonymize data held for longer periods.
THIRD PARTY WEBSITES AND MOBILE APPLICATIONS
Except for processing by our service providers (described below), this Privacy Policy does not apply to third party websites, products, or services. For example, we handle some of the purchase process on our Services directly, and third party businesses (such as payment processors) may manage others. Third parties may operate or develop some WE Companies’ websites and mobile apps, and may operate or host a contest/sweepstakes on our Services. In these cases, the terms, conditions, and privacy practices of the third party – not those of the WE Companies – may govern your transactions, and we may have no control over the Personal Data collected.
CHANGES TO OUR POLICY
We may change this Policy from time to time. We will post changes on this page. We will notify you of any material changes, if required, via email or notices on our Digital Services. Your continued use of our Services constitutes your acknowledgement of any revised Policy.
REGIONAL SUPPLEMENTS
US States/California
Scope
This section applies to individuals located in the United States.
US State & California Privacy Rights & Choices
Under the California Consumer Privacy Act (“CCPA”) and other state privacy laws, residents of certain US states may have the following rights, subject to regional requirements, exceptions, and limitations.
Confirm– Right to confirm whether we process your Personal Data.
Access/Know– Right to request any of following: (1) the categories of Personal Data we have collected, sold/shared, or disclosed for a commercial purpose; (2) the categories of sources from which your Personal Data was collected; (3) the purposes for which we collected or sold/shared your Personal Data; (4) the categories of third parties to whom we have sold/shared your Personal Data, or disclosed it for a business purpose; and (5) the specific pieces of Personal Data we have collected about you.
Portability– Right to request that we provide certain Personal Data in a common, portable format.
Deletion– Right to delete certain Personal Data that we hold about you.
Correction– Right to correct certain Personal Data that we hold about you.
Opt-Out (Sales, Sharing, Targeted Advertising, Profiling)– Right to opt-out of the following:
- If we engage in sales of data (as defined by applicable law), you may direct us to stop selling Personal Data.
- If we engage in Targeted Advertising (aka “sharing” of Personal Data or cross-context behavioral advertising,) you may opt-out of such processing.
- If we engage in certain forms of “profiling” (e.g. profiling that has legal or similarly significant effects), you may opt-out of such processing.
Opt-out or Limit Use and Disclosure of Sensitive Personal Data– Right to opt-out of the processing of certain Sensitive Data, or request that we limit certain uses of Sensitive Personal Data. This right does not apply in cases where we only use Sensitive Personal Data where necessary, or for certain business purposes authorized by applicable law.
Opt-in/Opt-out of Sale/Sharing of Minors’ Personal Data– To the extent we have actual knowledge that we collect or maintain Personal Data of a minor under age 16 in California, those minors must opt into any sales/sharing of Personal Data (as defined under CCPA), and minors under the age of 13 must have a parent consent to sales/sharing of Personal Data. All minors have the right to opt-out later at any time.
Non-Discrimination– California residents have the right to not receive discriminatory treatment as a result of their exercise of rights conferred by the CCPA.
List of Direct Marketers– California residents may request a list of Personal Data we have disclosed about you to third parties for direct marketing purposes during the preceding calendar year.
Remove Minors’ User Content– Residents of California under the age of 18 can delete or remove posts using the same deletion or removal procedures described above, or otherwise made available through the Services. If you have questions about how to remove your posts or if you would like additional assistance with deletion, contact us using the information below. We will work to delete your information, but we cannot guarantee comprehensive removal of that content or information posted through the Services.
Submission of Requests
You may submit requests as follows (please review our verification requirements section). If you have any questions or wish to appeal any refusal to take action in response to a rights request, contact us at [email protected]. We will respond to any request to appeal within the period required by law.
| Access/Know, Confirm Processing, Portability, Deletion, and Correction | You may visit our Consumer Rights Request Portal You may call us at: 1-888-681-5501. You will be directed to leave a voicemail where you will provide your email address, phone number and address we have on file, along with your request. You may send mail to our Contact Us address above with your email address, phone number and address we have on file, along with your request. |
| Opt-Out of Sales, Sharing, Targeted Advertising or Profiling Opt-out/Limit Use, and Disclosure of Sensitive Personal Data Opt-in/Opt-out of Sale/Sharing of Minors’ Personal Data | You may visit our Your Privacy Choices portal You may send mail to our Contact Us address above with your email address, phone number or address on file, along with your request. You may enable Global Privacy Control (GPC) to opt out of Targeted Advertising/sharing. Digital Services supporting GPC (or similar standards) will treat the request as a request to opt-out of Targeted Advertising/sharing on the device where the GPC setting is active. To limit the use and disclosure of Precise Location Data, update your preferences for location data using your device’s settings menu, or disable WiFi, Bluetooth, or other interfaces you use to interact with our Services. |
| List of Direct Marketers Remove Minors’ User Content | Contact us via email to our privacy team at [email protected] |
Categories of Personal Data Disclosed for Business Purposes
For purposes of the CCPA, we have disclosed to Service Providers for “business purposes” in the preceding 12 months the following categories of Personal Data, to the following categories of recipients:
| Category of Personal Data | Category of Recipients |
| Audio/Visual Data | WE Companies; Service Providers; Public Disclosure; Event and Venue Partners; Data Aggregators; Successors; Lawful Recipients |
| Biographical Data | |
| Transaction Data | |
| Contact Data | |
| Device/Network Data | |
| Identity Data | |
| Preference Data | |
| General Location Data | |
| User Content | |
| Health Data; Payment Data; Precise Location Data; Race or Ethnic Origin | WE Companies; Service Providers; Successors; Lawful Recipients |
| Government ID Data; Health Data; Precise Location | WE Companies; Service Providers; Event and Venue Partners; Successors; Lawful Recipients |
Categories of Personal Data Sold, Shared, or Disclosed for Commercial Purposes
For purposes of the CCPA, we have “sold” or “shared”, in the preceding 12 months, the following categories of Personal Data to the following categories of recipients:
| Category of Personal Data | Category of Recipients |
| Transaction Data | Sponsors, Advertisers, and Social Media Platforms; Event and Venue Partners; Data Aggregators |
| Contact Data | |
| Device/Network Data | |
| Identity Data | |
| Preference Data | |
| General Location Data | |
| Precise Location Data | |
| User Content |
Categories of Sensitive Personal Data Used or Disclosed
For purposes of CCPA, we may use or disclose the following categories of Sensitive Personal Data Government ID Data; Health Data; Payment Data; Precise Location Data; Race or Ethnic Origin. However, we do not sell or share Sensitive Personal Data, or use it for purposes other than those listed in CCPA section 7027(m).
EEA/UK/Switzerland and Other Non-US Countries
Scope
This section applies only to individuals located in the EEA, UK, Switzerland, and other countries (excluding the US and Australia) where individuals have a right to the information or to exercise rights in Personal Data as specified below (“Non-US Individuals”). Note, this section applies only to WE and its US affiliates (“WE US”), and references to WE, “us” or “we” in this section refer to WE US. WE’s European Affiliates (listed below, the “WE Europe Affiliates”) maintain supplemental privacy notices and separate rights request processes for Personal Data controlled by WE Europe Affiliates.
Rights & Choices
Non-US Individuals may have the following rights. Please review our verification requirements. Applicable law may provide exceptions and limitations to all rights.
Access-You may have a right to access the Personal Data we process.
Rectification-You may correct any Personal Data that you believe is inaccurate.
Deletion/Erasure-You may request that we delete your Personal Data. We may delete your data entirely, or we may anonymize or aggregate your information such that it no longer reasonably identifies you.
Data Export/Portability-You may request that we send you a copy of your Personal Data in a common portable format of our choice.
Restriction -You may request that we restrict the processing of Personal Data to what is necessary for a lawful basis.
Objection-You may have the right under applicable law to object to any processing of Personal Data based on our legitimate interests. We may not cease or limit processing based solely on that objection, and we may continue processing where our interests in processing are appropriately balanced against individuals’ privacy interests. In addition to the general objection right, you may have the right to object to processing:
- for Profiling purposes;
- for direct marketing purposes (we will cease processing upon your objection); and
- involving automated decision-making with legal or similarly significant effects (if any).
Regulator Contact-You have the right to file a complaint with regulators about our processing of Personal Data. To do so, please contact your local data protection or consumer protection authority.
Submission of Requests to WE US
Non-US Individuals may submit requests to exercise your rights in data with WE US by following the instructions in the table below. To submit requests to WE Europe Affiliates, please review the information set out in the WE Europe Affiliate’s privacy notices, linked above.
| Object to processing, including: Opt-Out of Sales, Sharing, Targeted Advertising or Profiling, Opt-out/Limit Use, and Disclosure of Sensitive Personal Data | You may visit the WE US Your Privacy Choices Portal in order to exercise your right to object to or restrict processing for certain purposes (see the US/State Rights section above for more information regarding the specific nature of these requests): Sales, Sharing, Targeted Advertising, Profiling Opt-out/Limit Use and Disclosure of Sensitive Personal Data Opt-in/Opt-out of Sale/Sharing of Minors’ Personal Data To the extent you have the right to object/restrict processing for other purposes or in other contexts, please contact WE US via email to our privacy team at [email protected] |
| Access, Rectification, Data Export/Portability, or Deletion/Erasure | You may visit the WE US Consumer Rights Request Portal Contact us via email to our privacy team at [email protected] You may send postal mail to our physical address (see controller section / Contact Us above) with your email address, phone number and address we have on file, along with your request. |
Lawful Basis for Processing
| Legal Basis | Description of Basis & Relevant Purposes | Relevant Contexts / Purposes / Disclosures |
| Performance of a contract | The processing of your Personal Data is strictly necessary in the context in which it was provided, e.g. to perform the agreement you have with us, to provide products and services to you, to open and maintain your user accounts, to deliver ticket(s) you have purchased, or process requests. | Contexts Contexts where Personal Data (excluding Sensitive Personal Data) is processed for purposes listed below Cookies and other tracking technologies (strictly necessary) Purposes Service Delivery Disclosures Event and Venue Partners Public Disclosure. |
| Legitimate interests | This processing is based on our legitimate interests. For example, we rely on our legitimate interest to administer, analyze and improve our Websites and related content, to operate our business, including through the use of service providers and subcontractors, to send you notifications about our Websites or products you have purchased, for archiving, recordkeeping, statistical and analytical purposes, and to use your Personal Data for administrative, fraud detection, audit, training, security, or legal purposes. See the Business Purposes of Processing section above for more information regarding the nature of processing performed on the basis of our legitimate interests. | Contexts Contexts where Personal Data (excluding Sensitive Personal Data) is processed for specified legitimate interests or purposes listed below Purposes Internal Processing and Service Improvement Security and Incident Detection Contextual Advertising Personalization Aggregated Data Profiles Personalized Marketing Communications Disclosures WE Companies Service Providers Sponsors, Advertisers, and Social Media Platforms Data Aggregators Successors Lawful Recipients |
| Consent | This processing is based on your consent. You are free to withdraw any consent you may have provided, at any time, subject to your rights/choices, and any right to continue processing on alternative or additional legal bases. Withdrawal of consent does not affect the lawfulness of processing undertaken prior to withdrawal. | Contexts Contexts where Personal Data is processed for purposes listed below Cookies and other tracking technologies (except strictly necessary) Processing of Sensitive Personal Data Marketing communications Purposes Targeted Advertising Data Sales Disclosures Sponsors, Advertisers, and Social Media Platforms |
| Compliance with legal obligations | This processing is based on our need to comply with legal obligations. We may use your Personal Data to comply with legal obligations to which we are subject, including to comply with legal processes. See the Business Purposes of Processing section above for more information regarding the nature of processing performed for compliance purposes. | Business Purposes Compliance, Health, Safety, Public Interest Disclosures Lawful Recipients |
| Performance of a task carried out in the public interest | This processing is based on our need to protect recognized public interests. We may use your Personal Data to perform a task in the public interest or that is in the vital interests of an individual. See the Business Purposes of Processing section above for more information regarding the nature of processing performed for such purposes. | Business Purposes Compliance, Health, Safety, Public Interest Disclosures Lawful Recipients |
International Transfers
We process data in the United States and other countries where our subprocessors are located. In cases where we transfer Personal Data to jurisdictions that have not been determined to provide “adequate” protections by your home jurisdiction, we will put in place appropriate safeguards to ensure that your Personal Data are properly protected and processed only in accordance with applicable law. Those safeguards may include the use of EU/UK standard contractual clauses, or similar data transfer agreements in relevant jurisdictions, reliance on the recipient’s Binding Corporate Rules program, or requiring the recipient to certify to a recognized adequacy framework. We make transfers among WE Companies pursuant to our intragroup Standard Contractual Clauses. You can obtain more information about transfer measures we use for specific transfers by contacting us using the information above.
Australia
Rights and Choices
Residents of Australia have the right under the Privacy Act to request access or correct Personal Data we hold about you. If you wish to exercise your right under the Privacy Act to access or correct your Personal Data, you may email us at [email protected]. If you make a request, we will require you to verify your identity before we provide you with any access, as described in the verification requirements section.
Purposes of Processing
In certain cases, we may not automatically process your Personal Data for certain purposes. We rely on your consent to process Personal Data as follows:
Contexts
- Cookies and other tracking technologies for Targeted Advertising
- Any context where we process Sensitive Personal Data
- Marketing communications
Purposes
- Targeted Advertising
- Data Sales
Disclosures
- Sponsors, Advertisers, and Social Media Platforms
