![logo-1.png]](https://help.appmiral.com/hs-fs/hubfs/logo-1.png?height=34&name=logo-1.png){kind=logo}
Standard Privacy Policy
All the Appmiral apps are installed with our standard privacy policy, in line with current GDPR requirements. Note that you can add your own policy as well; ask your CSM.
Important Notice – Template Use Only
This privacy statement is provided as a non-binding template to assist event organizers (“Controllers”) in fulfilling their obligations under the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and related applicable data protection laws.
CM.com, in its capacity as a data Processor, does not assume or accept any legal responsibility for the accuracy, completeness, adequacy, or lawfulness of the content of this template when used by the Controller.
The Controller remains solely responsible for verifying that the privacy statement accurately reflects their actual data processing operations; Ensuring that all necessary notices, consents, and legal bases for processing are in place; Complying with national and EU data protection laws applicable to their use of the Application.
This template is not legal advice. Controllers are strongly encouraged to consult with qualified legal counsel to ensure that the final privacy statement used in their Application is complete, accurate, and fully compliant with all applicable laws and their specific processing activities. Use of this template is at the sole risk of the Controller. CM.com expressly disclaims all liability arising from the use of this document or any reliance placed upon it by the Controller or third parties.
CM.com, in its capacity as a data Processor, does not assume or accept any legal responsibility for the accuracy, completeness, adequacy, or lawfulness of the content of this template when used by the Controller.
The Controller remains solely responsible for verifying that the privacy statement accurately reflects their actual data processing operations; Ensuring that all necessary notices, consents, and legal bases for processing are in place; Complying with national and EU data protection laws applicable to their use of the Application.
This template is not legal advice. Controllers are strongly encouraged to consult with qualified legal counsel to ensure that the final privacy statement used in their Application is complete, accurate, and fully compliant with all applicable laws and their specific processing activities. Use of this template is at the sole risk of the Controller. CM.com expressly disclaims all liability arising from the use of this document or any reliance placed upon it by the Controller or third parties.
Appmiral Standard Privacy Statement
Last modified on 10 November 2025
1. Introduction
We value your privacy and are committed to protecting your personal data. This privacy statement explains how we collect, use, and protect your personal data when you use ourmobile application (the “App”).
By using the App, you acknowledge that your personal data will be processed as described in this privacy statement. If you have questions or concerns, please contact us at GDPR@client.com.
2. What Personal Data We Collect
Depending on your use of the App and the features you choose, we may process the following types of personal data:
- a. Profile Information (optional)
If you fill out the optional profile form, we collect your first name, last name, email address, and whether you consent to receive marketing communications. These fields are not mandatory and not validated. - b. External Single Sign-On (optional)
If you log in using an external account (for example, via AWS Cognito, Microsoft Azure B2C, OpenID, or Sentinel), we may process your name, email address, phone number, date of birth, gender, and nationality. Tokens used for authentication may be processed but are not stored. - c. Location Data (optional)
If you allow the App to access your location, we may use your location to provide location-based functionalities, such as navigation, event recommendations, or crowd information. Your location data are shared only in pseudonymized form with selected partners (e.g., Crowd Connected). These data contain only a unique device identifier (UUID), coordinates, and optionally a push token. - d. Tickets, Cashless Wallets, and Loyalty Features (optional)
If you use these features, we may process information related to your tickets, wristbands, or loyalty cards, such as ticket type, price, balance, or rewards. - e. Spotify Recommendations (optional)
If you connect your Spotify account, we may use your Spotify token to suggest artists or playlists based on your listening preferences. - f. App Usage and Analytics
We collect data on app usage (page views, clicks) to improve our services. These events are tracked via Google Firebase / Google Analytics 4 and processed in de-identified, IP-truncated form. If the App is connected to additional analytics platforms (such as CM.com CDP, Braze, Insider, Tealium, or Salesforce Marketing Cloud), data may also be processed there according to our configuration.
3. Purposes of Processing
We process your personal data for the following purposes:
We process your personal data for the following purposes:
- to enable you to use the App and its features;
- to personalize the App experience and display relevant content;
- to send updates or marketing information (only with your consent);
- to analyze and improve the performance of the App;
- to handle your questions or requests;
- to comply with legal obligations or legitimate interests (e.g., security, fraud prevention).
- your consent (e.g., marketing or location use),
- performance of a contract (providing app functionalities),
- legal obligation or our legitimate intrests.
4. Data Storage and Retention
All data are stored securely in the European Union on servers provided by Amazon Web Services (AWS) in the region eu-west-1 (Ireland).
By default, your personal data is retained for a period of two (2) years after your last activity in the App. However, if the App is connected to additional analytics platforms (such as CM.com CDP, Braze, Insider, Tealium, or Salesforce Marketing Cloud), data may also be processed there according to our configuration. De-identified aggregated data may be kept longer for analytical purposes in accordance with applicable data protection laws.
All data are stored securely in the European Union on servers provided by Amazon Web Services (AWS) in the region eu-west-1 (Ireland).
By default, your personal data is retained for a period of two (2) years after your last activity in the App. However, if the App is connected to additional analytics platforms (such as CM.com CDP, Braze, Insider, Tealium, or Salesforce Marketing Cloud), data may also be processed there according to our configuration. De-identified aggregated data may be kept longer for analytical purposes in accordance with applicable data protection laws.
5. Data Security
We take appropriate technical and organizational measures to protect your personal data, including:
- encryption in transit and at rest;
- secure database access through credentials and IP whitelisting;
- restricted access for authorized personnel only;
- monitoring and logging.
6. Sharing of Personal Data
Your data are not shared with third parties except:
- with our trusted partners and service providers who support us in delivering the App (e.g., hosting, analytics, support);
- when required by law;
- or when you give us your consent.
7. Data Transfers
All personal data are stored within the European Union (EU). Data processing takes place within the EU, with the exception of Cloudflare based in the USA, which is used to ensure the security, performance, and availability of the App and its content.
Any transfer of personal data outside the EU will only occur on the basis of legally permitted transfer mechanisms, such as adequacy decisions or the European Commission’s Standard Contractual Clauses,ensuring an adequate level of protection for your personal data.
All personal data are stored within the European Union (EU). Data processing takes place within the EU, with the exception of Cloudflare based in the USA, which is used to ensure the security, performance, and availability of the App and its content.
Any transfer of personal data outside the EU will only occur on the basis of legally permitted transfer mechanisms, such as adequacy decisions or the European Commission’s Standard Contractual Clauses,ensuring an adequate level of protection for your personal data.
8. Your Rights
You have the right to:
- access your personal data;
- correct inaccurate data;
- request deletion (“right to be forgotten”);
- restrict or object to processing;
- request data portability;
- withdraw consent at any time.
You can exercise these rights by emailing GDPR@client.com and including proof of identity.
9. Location and Permissions
You can change your consent for location or push notifications at any time in your device settings. You can change your consent for location or push notifications at any time in your device settings. Location data, if enabled, are processed in pseudonymized form.
10. Third-Party Links
The App may contain links to third-party websites or services. We are not responsible for their privacy practices or content. We advise you to read the privacy statement of each website you visit.
11. Changes to This Privacy Statement
We may update this privacy statement from time to time. The most recent version is always available in the App.