Now playing

One World Radio

Privacy Policy

Privacy Policy

Your privacy matters. Learn how we handle and protect your data.

1. Controller and Contact Information

The controller responsible for data processing on this website is:

TML.GUIDE
Email: privacy@tml.guide

If you have any questions regarding data protection or wish to exercise your rights, please contact us at the email address provided above.

2. Hosting and Infrastructure

Frontend Hosting

The frontend of this website is hosted on Vercel (Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA). Vercel processes data exclusively in data centers located in the European Union. Vercel acts as a data processor in accordance with Art. 28 GDPR.

For more information: Vercel Privacy Policy

Content Delivery Network (CDN)

We use AWS CloudFront (Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxembourg) to deliver static content such as images efficiently. Data is processed exclusively within the EU. AWS acts as a data processor under Art. 28 GDPR.

File Storage

Static files and media assets are stored on AWS S3 (Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxembourg). All data is stored in EU data centers (Frankfurt region). AWS acts as a data processor under Art. 28 GDPR.

DNS and DDoS Protection

Domain Name System (DNS) services are provided by Cloudflare (Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA). Cloudflare processes only technically necessary data (e.g., IP addresses for routing) and provides GDPR-compliant services through its European infrastructure. Data processing is based on our legitimate interest in ensuring website availability and protection against attacks (Art. 6(1)(f) GDPR).

For more information: Cloudflare Privacy Policy

Backend and Database

Our backend infrastructure, including databases containing all user-related data (especially data from the Personalization Helper), is hosted on dedicated servers located in Germany. This ensures that all personal data remains within the EU and is subject to German and European data protection laws.

Important: User data from the Personalization Helper and other tools is never transferred to the United States or other third countries outside the EU.

3. Collection and Processing of Personal Data

a) General Website Usage

When you visit our website, our servers temporarily store the following data for technical reasons:

  • • IP address of the requesting device
  • • Date and time of access
  • • Browser type and version
  • • Operating system
  • • Referrer URL (previously visited page)
  • • Requested pages and files

Legal Basis: Art. 6(1)(f) GDPR (legitimate interest in ensuring system security and stability)
Retention Period: These access logs are deleted after 7 days

b) Personalization Helper

Our Personalization Helper tool allows group administrators to collect and manage participant data for Tomorrowland ticket personalization.

Data Processed:

  • Administrator: Name, email address
  • Participants: Name, email address, phone number, date of birth, address

Purpose: To assist with Tomorrowland ticket personalization and provide a convenient data management tool.
Legal Basis: Art. 6(1)(b) GDPR (performance of a contract/service) and Art. 6(1)(a) GDPR (consent of participants)
Storage Location: All data is stored on our servers in Germany
Retention Period: Data is stored until the administrator deletes the group or requests deletion

Your Rights:

  • Participants can update their submitted data at any time using their unique link
  • Administrators can view, modify, download (CSV export), and delete all participant data
  • Complete deletion can be requested at any time via email to privacy@tml.guide

c) Treasure Case Tracker

Data Processed: Tomorrowland order number and recipient ZIP code

Purpose: These details are forwarded to Bpost (Centre Monnaie, 1000 Brussels, Belgium) to retrieve package tracking information.

This data is NOT stored on our servers. It is only used temporarily to query Bpost's API and is immediately discarded.

Legal Basis: Art. 6(1)(f) GDPR (legitimate interest in providing package tracking service)

d) Email Communication

We use Amazon Simple Email Service (AWS SES) (Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxembourg) to send automated transactional emails, such as:

  • Personalization Helper invitation emails
  • Data submission confirmations
  • Administrative notifications

Legal Basis: Art. 6(1)(b) GDPR (performance of a contract/service)

Data Processing: AWS SES processes email addresses only for the purpose of email delivery. AWS acts as a data processor under Art. 28 GDPR.

We do not send marketing or promotional emails without your explicit consent.

e) Local Storage and Preferences

We use your browser's local storage to save user preferences such as:

  • Selected currency (EUR, USD, SOL, etc.)
  • Language preference
  • Audio player settings

Purpose: To improve user experience by remembering your preferences
Legal Basis: Art. 6(1)(f) GDPR (legitimate interest in providing a user-friendly website)

ℹ️ This data is stored locally in your browser only and is never transmitted to our servers.

f) External Content and APIs

Our website integrates content from third-party services:

  • Omny.fm: Audio player for Tomorrowland sets and radio shows
  • One World Radio: Live radio stream metadata and schedule
  • NFT Price APIs: Market data for Tomorrowland NFT collections

When you use these features, connections to the respective third-party servers are established, and your IP address may be transmitted. Please refer to the privacy policies of these services for more information.

Legal Basis: Art. 6(1)(f) GDPR (legitimate interest in providing rich content and functionality)

4. Web Analytics

Plausible Analytics

We use Plausible Analytics (Plausible Insights OÜ, Västriku tn 2, 50403, Tartu, Estonia) to collect anonymous usage statistics and understand how visitors use our website.

Why Plausible is privacy-friendly:

  • No cookies: Plausible does not use cookies or store any data in your browser
  • No personal data: All data is fully anonymized and aggregated
  • EU hosting: All data is processed and stored exclusively in the European Union
  • GDPR compliant: Designed to comply with GDPR, CCPA, and PECR
  • No tracking across websites: No cross-site or cross-device tracking

Data collected (all anonymized):

  • • Page URL (without query parameters)
  • • HTTP Referrer (source of traffic)
  • • Browser type
  • • Operating system
  • • Device type (desktop/mobile/tablet)
  • • Country (based on anonymized IP address)

Important: Your IP address is never stored. Plausible uses it only to determine your approximate location (country) and then immediately discards it. No unique identifiers are assigned to visitors.

Legal Basis: Art. 6(1)(f) GDPR (legitimate interest in understanding website usage and improving user experience).
Data Processor: Plausible acts as a data processor under Art. 28 GDPR.
More information: Plausible Privacy Policy

Note: We do not use Google Analytics, Facebook Pixel, or any other invasive tracking technologies. Plausible is our only analytics tool, chosen specifically for its privacy-first approach.

5. Data Retention

We retain personal data only as long as necessary to fulfill the purposes for which it was collected:

Access logs
7 days

Then automatically deleted

Personalization Helper
Until deletion requested

By admin or participant

Email records
Service duration

As long as necessary

Data may be retained longer if required by law (e.g., tax retention requirements) or if retention is necessary for legal defense.

6. Data Sharing and Third-Party Processors

We share data only with the following categories of recipients:

Infrastructure providers

Vercel, AWS, Cloudflare (as data processors under Art. 28 GDPR)

Email service

AWS SES (as data processor)

Package tracking

Bpost (only temporary transmission, data not stored)

Legal authorities

When required by law or to protect our legal rights

We do not sell, rent, or share your data with third parties for marketing purposes.

All data processing by third parties is governed by Data Processing Agreements (DPAs) in accordance with Art. 28 GDPR, ensuring GDPR compliance and appropriate security measures.

7. International Data Transfers

While some of our service providers are based in the United States (Vercel, AWS, Cloudflare), data processing occurs exclusively in the European Union through their EU data centers. All providers are certified under the EU-US Data Privacy Framework or have implemented EU Standard Contractual Clauses.

EU Data Protection Guaranteed

User data from the Personalization Helper is never transferred outside the EU and remains on our German servers.

8. Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR), you have the following rights:

Right of Access

Art. 15 GDPR

Request confirmation of whether we process your data and obtain a copy of your data

Right to Rectification

Art. 16 GDPR

Request correction of inaccurate or incomplete personal data

Right to Erasure

Art. 17 GDPR

Request deletion of your personal data ("right to be forgotten")

Right to Restriction

Art. 18 GDPR

Request restriction of processing under certain circumstances

Right to Data Portability

Art. 20 GDPR

Receive your data in a structured, machine-readable format

Right to Object

Art. 21 GDPR

Object to processing based on legitimate interests

Right to Withdraw Consent

Art. 7 GDPR

Withdraw previously given consent at any time

Right to Lodge a Complaint

EU Data Protection

File a complaint with your local data protection supervisory authority

How to exercise your rights:

To exercise any of these rights, please contact us at privacy@tml.guide

We will respond to your request within 30 days as required by GDPR.

9. Data Security

We implement comprehensive technical and organizational security measures to protect your data:

🔒
Encryption

All data transmissions are encrypted using HTTPS/TLS

🔐
Access controls

Strict access limitations to personal data

🛡️
Secure infrastructure

Regular security updates and monitoring

📊
Data minimization

We collect only data that is necessary for service provision

🇩🇪
Secure servers

Backend systems hosted in secure German data centers

Disclaimer: While we strive to protect your data using industry-standard security measures, please note that no method of transmission over the internet is 100% secure.

10. Children's Privacy

⚠️

Our services are not directed at children under the age of 16. We do not knowingly collect personal data from children.

If you are a parent or guardian and believe that your child has provided us with personal data, please contact us at privacy@tml.guide.

11. Changes to this Privacy Policy

We reserve the right to update this privacy policy to reflect changes in our practices, legal requirements, or services. The latest version is always available at this URL. Material changes will be highlighted on our website.

📅 Last updated: December 5, 2024

12. Disclaimer

ℹ️

TML.GUIDE is an independent fan-made platform and is not affiliated with, endorsed by, or connected to Tomorrowland, ID&T, or any related entities. All trademarks, logos, and brand names are the property of their respective owners.