Privacy Policy Mesa

We consider the protection of your privacy to be extremely important. We want toinform you as much as possible, respect you and give you control over whathappens to your personal data. Below you will find information about what data wecollect, why we do this, how long we keep it, what your privacy rights are and howyou can exercise them.We are bound by and use your personal data in accordance with the General DataProtection Regulation 2016/679 of April 27th 2016 (the “GDPR”) and itsimplementation into national law.

ARTICLE 1: WHO IS PROTECTED BY THIS PRIVACY POLICY

We consider the protection of your privacy to be extremely important. We want toinform you as much as possible, respect you and give you control over whathappens to your personal data. Below you will find information about what data wecollect, why we do this, how long we keep it, what your privacy rights are and howyou can exercise them.We are bound by and use your personal data in accordance with the General DataProtection Regulation 2016/679 of April 27th 2016 (the “GDPR”) and itsimplementation into national law.

ARTICLE 2: DATA CONTROLLER

WEAREONE.world BV, with registered offices at B – 2000 Antwerp, KorteVlierstraat 6, VAT number BE0867239782 (hereafter “Mesa”, “we” or “us”), isresponsible for processing your personal data. This means that Mesa determinesthe purpose and means for processing your personal data.Mesa is a restaurant based in Antwerp.

ARTICLE 3: PERSONAL DATA PROCESSED ABOUT YOU
Processing activities

When using the term “processing personal data” in this privacy policy, we aretalking about our use of personal information that identifies you or is able toidentity you, either directly or in combination with other information that is held orobtained externally. Your personal data may include, for example, your name andyour contact details.

Personal data is collected:
  • When you use our services and interact with us through different channels.This includes:

    • When you contact us, or make a reservation or purchase at Mesa:

      • Payment info: For some purchases we will need your paymentinformation to complete the purchase

      • Contact details: name, last name, email, and telephonenumber. For some specific purchases we will also ask for youraddress.

    • When you subscribe to our newsletter:

      • Your email address

ARTICLE 4: HOW AND WHY IS YOUR PERSONAL DATA USED?
How

We collect your personal data that you have shared with us via our website or bycontacting us directly via our communication channels.

Why?

We collect and process your personal data for various purposes, but only insofaras necessary to achieve the intended objective. Below, you can see an overview ofwhy we process specific categories of personal data.

Kind of personal data

Purpose of processing

Lawfulness of processing

Contact details

To complete your reservation atMesa or answer your question

Performance of the agreement

Payment info

To complete your purchase

Performance of the agreement

Email

To send you our newsletter thatyou have subscribed to.

Consent

The processing of personal data can be based on different legal grounds. The legalground(s) (lawfulness of processing) on which our processing is based are clearlystated in the above overview, but we believe it is important to provide you withfurther explanation of each of these concepts:

Performance of the agreement

This legal ground means we process your personal datato provide the service you have requested. This consentcan be withdrawn at any point but may result in thetermination of our services.

Consent

This legal ground means we process your personal databased on your explicit consent to do so. This consentcan be withdrawn at any point unless there is already acontract established between us.

Personal data shared with third parties

In principle, we share your personal data as little as possible. Depending on thepersonal data you provide to us and the objectives linked to the processing of yourpersonal data, we may share your personal data with the third parties below.

Suppliers, subcontractors andother service providers

We rely on other companies, independent service providers, suppliers, subcontractors or other intermediaries to provide certain services. As anexample, this includes our IT and software suppliers, communication partners, payment providers and so on.These types of suppliers may process your personaldata if required as part of their services. We alwaysensure that such parties apply appropriate technical andorganisational measures to protect your personal data.

Authorities

If required by law or under a legal procedure, we mayshare your personal data with specific authorities orgovernment institutions.

Social media platforms

Depending on your communication preferences, we may share your personal data with social media platforms toenable personalised advertising on such platforms. Tofind out how these social media platforms process personal data, please refer to the relevant privacy policy of the platform in question

Business transfer

In the event of a restructuring, business transfer ortakeover of Tomorrowland, your personal data may betransferred to the third parties involved in this process.

Resengo

We use Resengo to register your reservation at Mesaand will need to process your personal information to doso. You can find their privacy policy here.

Your responsibilities with regards to third-party services

Through our products and services, you can also use the services of other partiessuch third-party activities through social media platforms. We have no control over Consent This legal ground means we process your personal databased on your explicit consent to do so. This consentcan be withdrawn at any point unless there is already acontract established between us.the information you place there and how it is processed, nor are we responsiblefor it. It is up to you to deal with this and to read the privacy policy of these thirdparties carefully.

ARTICLE 5: HOW LONG DO WE RETAIN YOUR PERSONAL DATA?

We never retain your personal data for any longer than the period required toprocess them. Retention periods prescribed by law may also affect this.

Contact details

We will not retain your data longer than necessary: your contact information will be retained for a period of 2 years since our last contact.

Email

We will retain your email address that we use to sendyou our newsletter for as long as you stay subscribed toour newsletter services. You are able to unsubscribe atany point.

Payment info

Your payment information will be retained for a period ofx years since our last contact.

If we process any personal data purely on the basis of your consent, we will deletesuch data within a reasonable period after you have withdrawn your consent.

Depending on the category of personal data, we may retain your personal data for5 or 10 years after its receipt (i.e. for longer than described above). More specifically, these retention periods are applied for legal or evidence purposes.

ARTICLE 6: WILL YOUR PERSONAL DATA BE SHARED OUTSIDE OF THE EEA?

When we share your personal data with third parties and partners we collaboratewith, there is a possibility that your personal data will be shared outside of theEuropean Economic Area (EEA). In this case, we will ensure that such sharing isalways GDPR-compliant. For example, we can do so by including standardcontract clauses in our contracts with these companies. In other instances, thedestination country may be recognised by the European Commission as a countrythat offers appropriate data protection. Any other (future) sharing mechanismsaccepted under the GDPR may also be used in this regard.

ARTICLE 8: WILL WE USE YOUR PERSONAL DATA FOR DIRECT MARKETING?

Under an existing customer relationship or if you have given us the required consentto that effect, we may also process your personal data for direct marketingpurposes. That way, we can keep you informed about our upcoming events,promotions and related news.
The processing of your personal data for direct marketing purposes may be basedon consent you have given to use your personal data for such purposes. If you wishto withdraw this consent or object to this processing, you can do so at any time bycontacting us or by changing your preferences using the link we incorporate in our messages.

ARTICLE 9: WHAT ARE MY RIGHTS?

As a participant in our contests, we are always happy to inform you about the rightsyou have in relation to your personal data. If you wish to exercise any of theserights, feel free to contact us.

The right to access – You can ask us at any time which personal data of yours weprocess. If you wish to do so, you can also receive an overview of your personaldata we process.

The right to correction – If you notice the personal data of yours we process are nolonger correct, feel free to let us know at any time so that we can correct yourpersonal data immediately.

The right to deletion of data – If you would prefer us to no longer process yourpersonal data and delete them, you can choose to ask us to permanently deleteyour personal data. In this case, we will delete any personal data of yours weprocess on the basis of your consent.

The right to restrict processing – If you would prefer us to restrict our processing ofyour personal data, feel free to ask us any time. We will take your request intoaccount and explore how we can arrange this.The right to object – If you would like to object to our processing of your personaldata, you can do so by contacting us.

The right to transfer of data – If you would like your personal data to be transferredto a third party, we will help you do so. In this case, your personal data will be sentto the organisation of your choice in a structured, commonly used and machinereadable format.

The right to object to direct marketing – You also have the right to object to directmarketing at any time. The electronic communications we send always contain alink to unsubscribe, so you no longer receive these types of messages from us.

The right to submit a complaint – If you feel that we have not assisted you correctly,you can always choose to submit a complaint to the Data Protection Authority. Therelevant contact details can be found at the end of this privacy policy.You can exercise your rights by contacting our Data Protection Office.

ARTICLE 10: HOW CAN YOU CONTACT OUR DATA PROTECTION OFFICE?

Tomorrowland has a Data Protection Office, which is always happy to help with any questions you may have about privacy and the processing of your personal data. Our Data Protection Office can be reached via:

E-mail address :

dpo@tomorrowland.com or:

Address :

Weareone.world BV
Attn: Data Protection Officer
Korte Vlierstraat 6
B-2000 Antwerp
Belgium

ARTICLE 11: HOW CAN YOU CONTACT THE DATA PROTECTION AUTHORITY?

If you are unsatisfied with how your Tomorrowland has handled your request orcomment, or if you would like to submit a complaint, you can contact the DataProtection Authority using the details below. Please send a completed informationform (available on the website below) by e-mail to the e-mail address below or bypost to the postal address below.

Website:

Data Protection Authority

E-mail address:

contact@apd-gba.be

Address:

Drukpersstraat 35, 1000 Brussels

Telephone number:

+32 (0)2 274 48 00

ARTICLE 12: CONTACT

info@mesa.world

Kloosterstraat 99, 2000 Antwerpen

0490/49-22-37

ARTICLE 13: UPDATES

We may make changes to this privacy policy from time to time, including as part of the GDPR.
The latest version of our privacy policy is always available here.
Last update: 05/10/2021