Privacy Policy

Privacy Policy

Controller

Controller. For EU/EEA users, the controller is Broadcasting Commercial Operations OÜ (trading as "LiveArena"), registry code 16289209, Ruunaoja tn 3, 11415 Tallinn, Estonia.

Contact: [[email protected]].
You may also contact us via [email protected].

Supervisory authority. You have the right to lodge a complaint with your local supervisory authority or with our lead EU authority: Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon), Tatari 39, 10134 Tallinn, Estonia; [email protected]; +372 627 4135; https://www.aki.ee/en.

1. Introduction

1.1 Broadcasting Commercial Operations OÜ ("Broadcasting Platforms") respects the privacy of its Users and is committed to protecting the personal data shared with us. This Privacy Policy explains how we collect, use, store, disclose, and protect your personal information.
1.2 The processing of personal data by Broadcasting Platforms is carried out in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable privacy laws.

2. Personal Data We Process

2.1 We collect and process the following categories of personal data:

• Identification information: e.g. name, username
• Contact details: e.g. email address, phone number
• Account information: e.g. login credentials, subscription status
• Transactional data: e.g. payment history, purchase activity
• Technical data: e.g. IP address, browser type, operating system
• Usage data: e.g. content viewed, session duration, preferences

3. Purpose and Legal Basis for Processing

3.1 Broadcasting Platforms processes personal data for the following purposes:

• To provide and manage access to the Platform
• To process payments and manage subscriptions
• To send transactional and promotional communications
• To improve our services and user experience through analytics
• To comply with legal obligations (e.g. financial reporting, anti-fraud)

3.2 The legal bases for the processing of personal data include:

• Performance of a contract: e.g. account management
• User’s consent: e.g. for marketing communications
• Compliance with a legal obligation: e.g. tax and accounting laws
• Legitimate interests: e.g. improving the platform and services

4. Who we share your personal data with

Event Organizers/Promoters (independent controllers). For events you purchase or access, we share necessary viewer information with the relevant Event Organizer so they can manage access, provide support, and secure the event (e.g., name, email, ticket/product purchased, order ID, price/currency, purchase and access timestamps, access status, country/region, and anti-fraud/anti-piracy signals). Event Organizers act as independent controllers of the data they receive and will process it in line with their own privacy notices.

Legal bases (GDPR): – Art. 6(1)(b) – processing necessary to perform the contract (provide your purchased stream and associated services). GDPR.eu European Data Protection Board

– Art. 6(1)(f) – legitimate interests in fraud prevention, security and anti-piracy enforcement (balanced against your rights; you can object where applicable). European Data Protection Board GDPR.eu

Payment service providers / Merchant-of-Record partners (processors or independent controllers). We use established payment providers to process transactions, handle taxes, and manage chargebacks. Where they act on our behalf, they are processors bound by contracts; in some cases they may act as independent controllers for regulatory purposes.

Hosting/CDN, customer support, analytics and anti-fraud vendors (processors). We share only what is necessary for them to provide their services under data-processing agreements.

Legal and enforcement recipients. We may disclose information to courts, authorities, or online platforms when we believe it's necessary to comply with law or enforce rights (including reporting and taking down unauthorized streams). Legal bases: Art. 6(1)(c) legal obligation; Art. 6(1)(f) legitimate interests in protecting our services and IP. GDPR.eu

4.1 If personal data is transferred outside the UK or EEA, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses.

5. Lawful bases

Legal bases for sharing with Event Organizers. We rely on GDPR Art. 6(1)(b) where sharing is necessary to deliver your purchased access and related support, and on GDPR Art. 6(1)(f) where sharing is necessary for security, fraud prevention, and anti-piracy enforcement, taking into account your reasonable expectations and implementing safeguards. You can object to Art. 6(1)(f) processing where applicable.

6. Retention and Security

6.1 Personal data is retained for as long as necessary to fulfill the purposes outlined in this policy, or as required by law.
6.2 We implement appropriate technical and organizational security measures to protect personal data against loss, misuse, unauthorized access, disclosure, or alteration.

7. Your Rights

7.1 As a data subject, you have the following rights:

• Right to access the personal data we hold about you
• Right to rectification of inaccurate or incomplete data
• Right to erasure ("right to be forgotten") under certain conditions
• Right to restrict or object to certain types of processing
• Right to data portability
• Right to withdraw consent at any time (where processing is based on consent)

7.2 You may exercise your rights by contacting: [email protected]. You also have the right to contact the local national Data Protection Authority.