GRAND PRIX TICKETS®GPT

Tickets worldwide - all Formula 1® and motogp races

Data Protection

Privacy Policy - Grand Prix Tickets GmbH

Grand Prix Tickets GmbH ("GPT GmbH") is part of the CAM Christoph Ammann Management Holding GmbH and a company with a registered office at Sonnenring 1, 8724 Spielberg, Austria.

GPT GmbH use your personal data when you enter into a contract with us, so we can process your order, take payments, send tickets or deposit tickets on site and to provide you customer support, such as emails including booking confirmations, event reminders and important information shortly before the event. We will also inform you about events we think you might be interested in, if you have consented to this service or if you have subscribed to our newsletter.

Newsletters will be sent within the legal framework.

The legal basis to process personal data is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract - GDPR Article 6 (1) (b)

If required, we will also use your personal data to enforce or defend legal claims.

To place an order you must be at least 16 years old, so that you are able to enter into legally binding contracts. The consent for the processing of data of minors under the age of 16 will only be effective if the person, who has custody of the child, gives consent to it. In this case, the written consent of the person, who is entitled to custody, must be sent via email to datenschutz@gpt.at before or when the order is placed.

"Personal Data" means any information relating to an identified or identifiable natural person: in particular full name, postal address, date of birth, email address, telephone number, fax number, Passport or ID Number, credit card details and bank details.

If you are making purchases on behalf of third parties and you provide us with details of third parties (e.g. names for reserved seats in VIP areas or name of a person who is entitled to collect tickets at a ticket collection point on site), you warrant that these persons are familiar with the privacy policy and that there are no objections.

In the context of changing requirements regarding security in handling e-ticket, GPT GmbH would like to point out that we may have to share your personal data with event partners (e.g. full name, telephone number & email address, Passport or ID Number, home country,…). Please refer to the information of the respective event in the online shop, if and which data may have to be shared with the event partner.

When using our web pages you remain anonymous unless you voluntarily provide us with personal data. We will treat your data as strictly confidential and it will not be transferred to third parties without your explicit consent. We will only transfer your personal data to third parties if it is required by law (e.g. court, authorities,…) or required as part of the invoicing process. In this case we have to share your data with our third party providers, such as tax consultants and cloud computing providers, who provide the IT infrastructure on which our products and systems are built. You can request a current list of all third parties to which we transfer personal data by emailing to datenschutz@gpt.at.

GPT GmbH have taken comprehensive technical and operational security precautions in order to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly revised and adapted to technological progress. We only keep your data for as long as required to provide you with the services you request, for the purposes outlined in this policy and for any legal purposes for which we are obliged to keep the information (esp. accounting or tax regulations). We will securely delete your data, in paper and digital format, when it is no longer required for these purposes. If you have any questions regarding your stored data, you want to unsubscribe from the newsletter or you want us to adjust or delete your data, you can contact us at any time:

Contact:
Email: datenschutz@gpt.at or
postal address as stated above

Expect a reply to your enquiry within a month. We ask for your understanding that we may have to request a proof of identity as we are obligated to make sure you are the entitled person. In this context, we want to point out that we cannot give information via phone before any personal identifiable information is collected. Information will only be provided by email or by post.

Cookies

Like many other websites we use so called "cookies". Cookies do not damage your computer and do not contain viruses. Cookies serve the purpose of making our service more user-friendly, more effective and also more safe. A cookie is a small text file, containing small amounts of information, that passes to your computer through your web browser so that the website can remember who you are. The length of time a cookie will stay on your computer depends on whether it is a persistent or session cookie. We primarily use temporary session cookies that stay on your computer until you leave the website. Persistent cookies stay on your computer after you have finished browsing until they expire or are deleted. These cookies make it possible to recognize your internet browser every time you are visiting the website. Most browsers will enable you to manage your cookies preferences e.g. have the browser notify you when you receive a new cookie or use it to disable cookies altogether. You can also delete cookies which are already saved to your computer at any time. Please note that our website functionality may be restricted without cookies.

We set only two strictly necessary cookies:

Cookie Purpose Duration
XSRF-TOKEN Protects against cross-site request forgery until session ends
laravel_session Maintains your server session until session ends

Under Art. 6 (1)(f) GDPR these cookies do not require consent, because the site cannot function properly without them.

Server-Log-Files

For the operation of the website some data are automatically collected. These are:

  • Browser type and the version used
  • Operating system used
  • Internet service provider of the user
  • IP address
  • Date and time of access

These data cannot be attributed to specific persons and will not be combined with other data sources. We reserve the right for subsequent verification of the data if there is concrete evidence for unlawful use. Processing is based on Art. 6 (1)(f) GDPR and our legitimate interest is to ensure the technical functionality, security and optimization of our website.

Newsletter

To register for our newsletter, we need you to provide us with a valid email address plus information allowing us to check that you are the owner of the email address provided and we ask you to confirm that you wish to receive the newsletter. More data will not be collected. The sole purpose of storing this email address is to be able to send you the newsletter and it will not be disclosed to third parties. You may withdraw your consent to receiving the newsletter at any time. You may declare such withdrawal for example by clicking on the link provided in every newsletter email. Your email address will be deleted upon revocation. The legal basis for processing the data after the user subscribes to the newsletter is Art. 6 (1)(a) GDPR, provided that the user has given their consent.

SSL (secure socket layer) Encryption

To ensure that the transmission of sensitive data over the internet (including enquiries to us) is safe, this website uses an SSL encryption. You recognise an encrypted connection by the prefix "https://" instead of "http://" in the address bar or the closed padlock icon in the browser status bar. If the SSL encryption is enabled, the data you provide us with cannot be read by third parties.

Payment Processing & Encrypted Transactions

Payments are processed via an external payment provider. The data required to complete the transaction (e.g., name, card or account details, amount) are transmitted exclusively via an SSL/TLS-encrypted connection directly to the provider and processed there.

Legal bases:

  • Art. 6 (1)(b) GDPR – performance of the contract (handling your payment)
  • Art. 6 (1)(f) GDPR – our legitimate interest in a fast and secure payment process

For details, please refer to the privacy policy of the respective payment provider: Datenschutzerklärung | Worldline Schweiz.

Hosting / Security

Our web application is hosted in AWS region EU-Central (Frankfurt). Beyond the measures described elsewhere, we use:

  • AWS Web Application Firewall (WAF) to block malicious traffic,
  • AWS GuardDuty for continuous threat monitoring,
  • SSL/TLS encryption for all data in transit, and
  • server-side encryption at rest for stored data.

Webflow (CMS / Hosting / CDN)

Some of our web pages are delivered via the Webflow service. The provider is Webflow, Inc., 398 11th Street, Floor 2, San Francisco, CA 94103, USA. Webflow acts as a content management system, hosting provider, and content delivery network (CDN).

When accessing the relevant pages, your browser establishes a connection to Webflow's servers. In this context, the following data is processed:

  • IP address,
  • device and browser information, and
  • timestamp

This data processing is necessary to provide our website content and to optimize loading times globally.

Processing is based on Art. 6 (1)(f) GDPR. Our legitimate interest lies in the performant and secure delivery of our online services.

Webflow processes this data on our behalf. We have concluded a data processing agreement with Webflow in accordance with Art. 28 GDPR.

Since data is transferred to the United States, we have concluded Standard Contractual Clauses (SCCs) with Webflow. In addition, Webflow has been certified under the EU-U.S. Data Privacy Framework (DPF) since 2023, ensuring an adequate level of data protection in accordance with Art. 45 GDPR.

Further information on data security and compliance at Webflow is available at: https://trust.webflow.com/

You can view the DPF program entry here: https://www.dataprivacyframework.gov/participant/6365

Microsoft 365

For internal communication, document processing and collaboration, GPT GmbH uses Microsoft 365 (formerly Office 365), a cloud-based productivity solution provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland. Data is processed on servers located within the European Union in accordance with applicable data protection laws and contractual agreements with Microsoft.

In the context of using Microsoft 365, personal data may be processed, including email content, contact information, calendar entries, and files stored on SharePoint or OneDrive. GPT GmbH has entered into a data processing agreement with Microsoft in accordance with Article 28 of the GDPR. Microsoft processes data in compliance with European data protection requirements, in particular based on the EU Standard Contractual Clauses (SCCs) and the EU Data Boundary commitments.

Further information on how Microsoft processes personal data is available at: https://privacy.microsoft.com/en-us/privacystatement

Spam mails

Any usage of contact data released within the framework of duty to publish the imprint, through third parties in order to send advertisements and information material not explicitly requested, is explicitly prohibited. The providers of this website reserve the right to take legal steps in case of unsolicited distribution of advertising information, like spam mails.