Privacy Policy
Better World
VERSION : 2026.06.02
VERSION : 2026.06.02
ROCK WORLD LISBOA, S.A. (“ROCK WORLD LISBOA”), NIPC 506 652 041, with registered offices at Edifício LACS, Cais da Rocha de Conde D’Óbidos, 1350-352 Lisbon, is the entity responsible for processing your personal data under the General Data Protection Regulation (GDPR).
This policy explains how we collect, use, retain and share your data, as well as your rights as a data subject.
1. PURPOSES OF PROCESSING
We collect and process your personal data for the following purposes:
Data subjects may, at any time, withdraw given consent or object to the processing of their data for direct marketing and profiling purposes.
2. LEGAL BASIS FOR PROCESSING
The processing of your personal data is carried out on the basis of the following legal grounds provided for under the GDPR:
Where processing is based on legitimate interests, you may exercise your right to object in accordance with the GDPR.
3. DATA RETENTION
We retain your data only for as long as necessary to fulfil the purposes for which it was collected. Retention periods may vary depending on the nature of the relationship:
4. SHARING DATA WITH PARTNERS AND SPONSORS
Your personal data may be shared with third parties in the following circumstances:
You may, at any time, withdraw consent given for the sharing of data for marketing purposes, without prejudice to the lawfulness of processing previously carried out.
ROCK WORLD LISBOA ensures that all entities with which personal data is shared adopt appropriate technical and organisational measures to protect personal data, in accordance with the GDPR and applicable legislation.
5. INTERNATIONAL TRANSFERS
Your personal data may be processed by entities located outside the European Economic Area (“EEA”), in particular by technology service providers, communication platforms, hosting, data analytics or digital marketing services.
Whenever an international transfer of personal data takes place to countries that do not benefit from an adequacy decision by the European Commission, ROCK WORLD LISBOA will ensure the adoption of appropriate safeguards to guarantee a level of protection essentially equivalent to that required under the GDPR, including, where applicable:
Data subjects may request further information about international data transfers and obtain a copy of the applicable safeguards, subject to applicable legal limitations.
6. DATA SUBJECT RIGHTS
Under applicable personal data protection legislation, you may, at any time, exercise the following rights:
ROCK WORLD LISBOA will respond to requests submitted within the timeframes set out in applicable legislation.
You may also manage your consents, communication preferences and cookie settings through the preference centre available on the website.
7. SECURITY AND TRACEABILITY
ROCK WORLD LISBOA adopts technical and organisational measures appropriate to the risk, aimed at ensuring the security, integrity, availability and confidentiality of the personal data processed.
The measures implemented include, in particular:
8. COOKIES AND TRACKING TECHNOLOGIES
Our website uses cookies and similar technologies to ensure its functioning, improve the browsing experience, analyse website usage and, where applicable, personalise content and communications.
The cookies used may include:
For further information on the types of cookies used, their purposes, retention periods and the entities involved, please consult our Cookies Policy.
You may, at any time, change or withdraw your consent through the cookie settings available on the website.
9. CHANGES TO THE PRIVACY POLICY
ROCK WORLD LISBOA may update this Privacy Policy whenever necessary, in particular to reflect legal, regulatory or operational changes in the processing of personal data.
Whenever relevant changes are introduced that may affect your rights or the way your personal data is processed, appropriate information will be made available, in particular through the website and/or other appropriate means of contact.
The date of the last update will always be indicated in this Privacy Policy.
We recommend consulting this Privacy Policy regularly to stay informed about how your data is processed.
10. PRIVACY CONTACT
Requests concerning data protection should be directed to: privacidade.pt@rockinrio.com
This policy explains how we collect, use, retain and share your data, as well as your rights as a data subject.
1. PURPOSES OF PROCESSING
We collect and process your personal data for the following purposes:
- Provision of services and management of the relationship with users, clients, partners and sponsors, on the basis of contract performance or pre-contractual steps;
- Management of registrations, accreditations and event access control, on the basis of contract performance and legitimate interests related to event organisation and security;
- Sending institutional communications related to ROCK WORLD LISBOA events and initiatives, on the basis of legitimate interests;
- Sending newsletters, marketing campaigns, invitations and competitions, on the basis of your consent, where legally required;
- Personalisation of content and communications based on your interests and interactions (profiling), on the basis of your consent or our legitimate interests — you may object to this processing at any time;
- Sharing data with commercial partners and sponsors associated with the events, as described in this Privacy Policy and, where applicable, on the basis of your consent;
- Measuring the effectiveness of advertising campaigns, audience analysis and retargeting actions, through the use of cookies and similar technologies, subject to your consent where legally required;
- Compliance with legal and regulatory obligations;
- Ensuring network security, information systems and fraud prevention, on the basis of legitimate interests;
- Improving services, digital platforms and the user experience, including statistical and aggregated usage analysis.
Data subjects may, at any time, withdraw given consent or object to the processing of their data for direct marketing and profiling purposes.
2. LEGAL BASIS FOR PROCESSING
The processing of your personal data is carried out on the basis of the following legal grounds provided for under the GDPR:
- Your explicit consent, in particular for the sending of marketing communications, newsletters, competitions, the use of non-essential cookies and, where applicable, the sharing of data with commercial partners and sponsors;
- The performance of a contract or pre-contractual steps, in particular for the management of registrations, ticketing, accreditations, service provision and user support;
- Compliance with legal obligations to which ROCK WORLD LISBOA is subject;
- The legitimate interests pursued by ROCK WORLD LISBOA, in particular for system and event security, fraud prevention, service improvement, statistical analysis, institutional communication and operational management, provided that the fundamental rights and freedoms of data subjects do not override such interests.
Where processing is based on legitimate interests, you may exercise your right to object in accordance with the GDPR.
3. DATA RETENTION
We retain your data only for as long as necessary to fulfil the purposes for which it was collected. Retention periods may vary depending on the nature of the relationship:
- Marketing data will be retained for up to 3 years after the last contact;
- Contractual data will be retained for the legally required period;
- Consent records will be retained for as long as they remain active or until revoked.
- Data processed for marketing and promotional communications purposes will be retained for up to 3 years after the data subject’s last interaction with ROCK WORLD LISBOA, or until consent is withdrawn, whichever occurs first;
- Data related to contractual relationships, invoicing and compliance with legal obligations will be retained for the legally required periods, including applicable tax, accounting and limitation periods;
- Consent records may be retained for the period necessary to demonstrate compliance with legal and regulatory obligations;
- Data processed for security and fraud prevention purposes will be retained for the strictly necessary period for those purposes.
4. SHARING DATA WITH PARTNERS AND SPONSORS
Your personal data may be shared with third parties in the following circumstances:
- With commercial partners and sponsors associated with Rock in Rio Lisboa, for the sending of commercial communications, promotional activations, offers, competitions, personalised advertising and marketing activities, exclusively where you have given your specific consent to that sharing;
- With service providers acting on behalf of and for ROCK WORLD LISBOA, including technology suppliers, communication platforms, ticketing services, customer support, data analytics, hosting and security providers, who act under contracts ensuring the confidentiality and security of personal data;
- With administrative, judicial, law enforcement or regulatory authorities, where required by law or necessary for the defence of rights and legitimate interests.
You may, at any time, withdraw consent given for the sharing of data for marketing purposes, without prejudice to the lawfulness of processing previously carried out.
ROCK WORLD LISBOA ensures that all entities with which personal data is shared adopt appropriate technical and organisational measures to protect personal data, in accordance with the GDPR and applicable legislation.
5. INTERNATIONAL TRANSFERS
Your personal data may be processed by entities located outside the European Economic Area (“EEA”), in particular by technology service providers, communication platforms, hosting, data analytics or digital marketing services.
Whenever an international transfer of personal data takes place to countries that do not benefit from an adequacy decision by the European Commission, ROCK WORLD LISBOA will ensure the adoption of appropriate safeguards to guarantee a level of protection essentially equivalent to that required under the GDPR, including, where applicable:
- Standard contractual clauses approved by the European Commission;
- Appropriate certification mechanisms;
- Binding Corporate Rules;
- Other legally admissible safeguards.
Data subjects may request further information about international data transfers and obtain a copy of the applicable safeguards, subject to applicable legal limitations.
6. DATA SUBJECT RIGHTS
Under applicable personal data protection legislation, you may, at any time, exercise the following rights:
- Right of access to your personal data;
- Right to rectification of inaccurate or incomplete data;
- Right to erasure of personal data, under applicable legal terms;
- Right to restriction of processing;
- Right to object to the processing of your personal data, in particular for direct marketing and profiling purposes;
- Right to data portability, where applicable;
- Right to withdraw previously given consent, without affecting the lawfulness of processing carried out on the basis of that consent prior to its withdrawal;
- Right not to be subject to solely automated decisions, including profiling, where applicable;
- Right to lodge a complaint with the Comissão Nacional de Proteção de Dados (CNPD).
ROCK WORLD LISBOA will respond to requests submitted within the timeframes set out in applicable legislation.
You may also manage your consents, communication preferences and cookie settings through the preference centre available on the website.
7. SECURITY AND TRACEABILITY
ROCK WORLD LISBOA adopts technical and organisational measures appropriate to the risk, aimed at ensuring the security, integrity, availability and confidentiality of the personal data processed.
The measures implemented include, in particular:
- Recording and management of consents given by data subjects, including information on the date, channel and associated purposes;
- Secure storage systems with access control mechanisms and restricted permissions;
- Monitoring and protection of systems against unauthorised access, loss, destruction, disclosure or misuse of personal data;
- Periodic audits, compliance assessments and security testing;
- Use of Consent Management Platforms (CMPs) appropriate for recording and demonstrating users’ privacy preferences;
- Implementation of measures to ensure the resilience and ongoing protection of information systems.
8. COOKIES AND TRACKING TECHNOLOGIES
Our website uses cookies and similar technologies to ensure its functioning, improve the browsing experience, analyse website usage and, where applicable, personalise content and communications.
The cookies used may include:
- Cookies strictly necessary for the website to function;
- Performance and statistical analytics cookies;
- Functionality and personalisation cookies;
- Marketing and advertising cookies, including retargeting technologies.
For further information on the types of cookies used, their purposes, retention periods and the entities involved, please consult our Cookies Policy.
You may, at any time, change or withdraw your consent through the cookie settings available on the website.
9. CHANGES TO THE PRIVACY POLICY
ROCK WORLD LISBOA may update this Privacy Policy whenever necessary, in particular to reflect legal, regulatory or operational changes in the processing of personal data.
Whenever relevant changes are introduced that may affect your rights or the way your personal data is processed, appropriate information will be made available, in particular through the website and/or other appropriate means of contact.
The date of the last update will always be indicated in this Privacy Policy.
We recommend consulting this Privacy Policy regularly to stay informed about how your data is processed.
10. PRIVACY CONTACT
Requests concerning data protection should be directed to: privacidade.pt@rockinrio.com
Buy