Privacy Statement

Last Updated: June 3, 2026

About this Privacy Statement

This Privacy Statement (this “Statement”) explains how QuintEvents, LLC; QuintEvents International, LLC; Exclusive GP Ltd.; Hammerhead B.V.; QuintEvents Australia Pty. Ltd.; Sportsnet Corporation Pty. Ltd.; Quint Events International LLC London Ltd.; Monaco Star Events; and Goldman & Goldman Enterprises, LLC (collectively “Quint,” “we,” “our” or “us”) processes personal data about individuals in connection with providing our products and services, including through our websites, apps, and digital platforms that link to or display this Privacy Statement (the “Online Services”) and our events, experiences, and other programs (together, the “Services”). This Statement describes the type of personal data we obtain, how we may use the data, to whom we may disclose it, the choices available regarding our use of the data, and other information about our privacy practices.

Quint operates globally and is subject to various data protection laws, including the European Union’s General Data Protection Regulation (“GDPR”); the California Privacy Rights Act (“CPRA”); and other global and U.S. state laws and regulations. We partner with premier sports organizations, entertainment venues, and lifestyle brands worldwide to provide official ticket and hospitality packages for prestigious events and experiences. The privacy practices of our partners may also be subject to their own privacy notices describing how they process personal data.

By using any of our Online Services, you acknowledge that you have read and understand this Statement. Where we rely on consent as a legal basis for processing your personal data, we will seek your consent separately at the time of collection.

1. Personal Data We Collect

We process your personal data only for the specific purposes listed below, supported by a valid legal basis under applicable law.

We do not use or disclose Sensitive Personal Information for purposes other than those permitted by the CPRA unless otherwise disclosed.

Identifiers & Account Data
- Data: Name, email, phone, address, government/tax ID, username, and authentication credentials.
- Legal Basis: Performance of a Contract (to manage your account) and Legal Obligation (for tax reporting) [Article 6(1)(b) & (c)].
Financial & Transactional Data
- Data: Payment card details, billing address, and purchase and transaction history.
- Performance Basis: Performance of a Contract (to process payments and fulfill orders) [Article 6(1)(b)].
Device & Digital Activity Data
- Data: IP address, mobile device IDs, browsing history, and online interactions.
- Legal Basis: Consent (via our cookie banner) or Legitimate Interest (to maintain website security) [Article 6(1)(a) & (f)].
Location Information
- Data: General location and precise geolocation data.
- Legal Basis: Consent (explicitly requested through your device or browser settings) [Article 6(1)(a)].
Communications & Feedback
- Data: Customer service chat logs, emails, survey responses, and product reviews.
- Legal Basis: Legitimate Interest (to improve our services and resolve support queries) [Article 6(1)(f)].
Professional & Demographic Data
- Data: Job title, industry, company name, education level, age, and gender.
- Legal Basis: Legitimate Interest (for B2B relationship management) or Consent [Article 6(1)(f) & (a)].
Interests, Preferences, & Inferences
- Data: Preferred events, hospitality arrangements, food and beverage choices, and behavioral insights inferred from your interactions with our services or events.
- Legal Basis: Consent (for marketing-related profiling) or Legitimate Interest (for service improvement and fraud prevention) [Article 6(1)(a) & (f)]. Note: You have the right to object to profiling for direct marketing purposes at any time.
Third-Party & Social Media Data
- Data: Public profile data received when you choose to link third-party accounts (e.g., social media logins).
- Legal Basis: Consent (to facilitate easier login at your request) [Article 6(1)(a)].
Automated Data Collection (additional detail)

When you visit our websites, applications, or online services, we may automatically collect certain technical and usage information about your device and interactions with our services. This information may include:

IP address
Browser type and version
Device identifiers
Operating system
Referral URLs
Pages viewed and links clicked
Date and time of access
Geographic location derived from IP address
Session and usage activity
Performance and diagnostic data

We collect this information through technologies such as server logs, cookies, pixels, web beacons, scripts, APIs, and similar tracking technologies.

We use this information to:

Operate and secure our websites and services
Improve website functionality and user experience
Analyze performance and usage trends
Detect fraud, abuse, or security incidents
Personalize content and communications where permitted by law
Support analytics, advertising, and marketing activities where consent is required

Where required by applicable law, including EU/UK GDPR and ePrivacy requirements, we obtain consent before placing non-essential cookies or using similar tracking technologies on your device.

2. Use of Cookies

Your browser may tell you how to be notified about certain types of automated technologies and how to restrict or disable them. Non-essential cookies are only deployed after obtaining consent where required by applicable law. Please note that without these technologies, you may not be able to enjoy all of the features of our Online Services. For mobile devices, you may be able to manage how your device and browser disclose certain device data by adjusting the privacy and security settings on your device. Please see our Cookie Policy for more information on our use of cookies and other tracking technologies.

We may also collect your device’s geolocation information. Your device’s operating system or web browser may provide you with a notification when our apps or websites attempt to collect your location. Please note that if you decline to allow our Online Services to collect your precise geolocation, you may not be able to use all of the features of our Online Services.

3. How We Use Personal Data

We use the personal data described in Section 1 for the following purposes, each supported by a valid legal basis under applicable law.

Service Operations & Delivery
- Purpose: Providing our core products and services, enabling interactive platform features, and managing customer relationships (including responding to inquiries and maintaining customer service chat transcripts). Where required by our contractual terms, we may also enforce territorial content restrictions via geolocation.
- Legal Basis: Performance of a Contract [Article 6(1)(b)].
Security, Fraud Prevention, & Legal Enforcement
- Purpose: Protecting customer safety, detecting and preventing unauthorized activities or fraud, monitoring for security breaches, resolving disputes, and enforcing our terms of service.
- Legal Basis: Legitimate Interest (to protect our business, users, and assets) [Article 6(1)(f)].
Regulatory & Statutory Compliance
- Purpose: Complying with applicable laws, regulations, and regulatory obligations.
- Legal Basis: Legal Obligation [Article 6(1)(c)].
Business Analytics, Research, & Data Optimization
- Purpose: Conducting market research, analyzing usage trends, remembering user settings/languages, and compiling de-identified or aggregated data pools to improve our platforms.
- Legal Basis: Legitimate Interest (To improve, secure, maintain, and enhance our products and services while balancing those interests against the rights and freedoms of affected individuals.) [Article 6(1)(f)].
Personalized Marketing & Targeted Advertising
- Purpose: Delivering promotional messages, administering partner advertisements, and evaluating campaign effectiveness based on your demographics and usage trends.
- Legal Basis: Consent [Article 6(1)(a)].
Predictive Modeling & User Profiling
We do not make decisions based solely on automated processing that produce legal or similarly significant effects without meaningful human involvement.
- Purpose: Building automated predictive models to infer your preferences and dynamically tailor content, recommendations, and advertising campaigns.
- Legal Basis: Consent [Article 6(1)(a)]. Note: You may withdraw your consent at any time. You also have an absolute right to object to profiling for direct marketing purposes.

4. Sharing of Data

Cybersecurity Considerations for Data Sharing

We maintain administrative, technical, and physical safeguards aligned with industry-recognized security frameworks to safeguard personal data against accidental, unlawful, or unauthorized access, destruction, loss, alteration, disclosure, or use. Our practices also maintain alignment with data protection laws such as the EU/UK GDPR and the CPRA.

We may disclose personal data to the following categories of recipients:

Cloud Infrastructure and Hosting Providers: We utilize secure, tier-one enterprise cloud environments to host our primary databases, websites, and core application infrastructure.
Customer Relationship Management (CRM) and SaaS Platforms: We leverage enterprise-grade software-as-a-service platforms to securely manage customer interactions, sales pipelines, and marketing communications.
Corporate Collaboration and Information Management Systems: We use centralized, enterprise-level document storage and productivity suites to securely manage corporate files, internal communications, and operational records.
Professional Services and Corporate Affiliates: Data may be shared internally among our parent organization and global subsidiaries (including our establishments in the European Union and the United Kingdom) for centralized human resources, financial accounting, and global IT support.
Legal and Regulatory Authorities: We may disclose personal data if required to do so by law, court order, or a binding regulatory request from authorized law enforcement or supervisory bodies.
Event Partners, Rights Holders, and Their Service Providers: In connection with the events, experiences, hospitality packages, and services we offer, we may disclose personal data to event organizers, sports leagues, teams, venues, hospitality providers, sponsors, rights holders, and their authorized service providers or agencies where necessary to administer an event, fulfill contractual obligations, provide requested services, facilitate access, comply with event requirements, support customer service activities, or otherwise deliver the products and services you have purchased or requested.

Under certain circumstances, we may disclose personal data when we believe that disclosure is necessary to:

Comply with applicable law or respond to valid legal process.
Protect the safety and security of our customers or our products and services.
Prevent fraud, abuse, or other unlawful or unauthorized activities.
Protect our rights or property, or those of third parties, including enforcing the terms of our agreements.

We may also disclose personal data for other specific purposes communicated to you at the time of collection, or where we have obtained your consent for such disclosure.

5. Targeted Advertising

We may disclose or make available certain personal data to advertising partners, analytics providers, affiliates, and business partners for sales, marketing, advertising, analytics, and targeted advertising purposes. This may include commercial information, device data, online activity, demographic data, interests, and preferences.

Depending on applicable law, these activities may be considered “sharing,” or processing for targeted advertising. Where required, you may opt out of the sharing of your personal data, or the use of your personal data for targeted advertising, by submitting a request through the Data Request Portal described in the Data Subject Rights section below.

You may see our ads on other websites or apps because we use third-party advertising services. These services may use cookies, web beacons, logs, and similar technologies to collect information about your activity over time and across websites and apps, including device data, online activity, location, demographic data, interests, preferences, and commercial information. We use this information to tailor advertising based on factors such as demographics, inferred interests, and browsing context. To opt out of interest-based advertising, see our Cookie Policy or the Data Subject Rights section below.

6. Data Subject Rights

In accordance with Articles 15-22 of the General Data Protection Regulation (GDPR) and applicable U.S. state privacy laws (including the California Privacy Rights Act), depending on your country or state of residency, you may possess specific statutory or legal rights regarding your personal data. You may exercise any of the following rights at any time by contacting us through the methods provided in the "Contact Us" section below.

Right

CPRA (California)

GDPR (EU/EEA)

Right to Know / Access

CPRA (California): Access the categories and specific pieces of personal information a business holds.

GDPR (EU/EEA): Obtain confirmation of processing and access to all personal data held about you.

Right to Rectification/Correct

CPRA (California): Request correction of inaccurate personal data.

GDPR (EU/EEA): Rectify inaccurate or incomplete personal data.

Right to Delete / Erasure

CPRA (California): Request deletion of personal data collected from you.

GDPR (EU/EEA): Request erasure of personal data when it is no longer necessary, or when consent is withdrawn, subject to applicable exceptions.

Right to Data Portability

CPRA (California): Receive personal data in a portable format.

GDPR (EU/EEA): Receive personal data in a structured, commonly used, machine-readable format.

Right to Opt-Out of Sale/Sharing

CPRA (California): Opt-out of the sale or sharing of personal data with third parties.

GDPR (EU/EEA): Not directly applicable, but GDPR restricts transfers without lawful basis or consent.

Right to Limit Use of Sensitive Info

CPRA (California): Restrict use/disclosure of sensitive personal info (e.g., precise geolocation).

GDPR (EU/EEA): Special categories of data require explicit consent or another lawful basis for use.

Right to Object

CPRA (California): Not explicitly included, though covered under opt-out provisions.

GDPR (EU/EEA): Object to processing based on legitimate interest or direct marketing.

Right to Restrict Processing

CPRA (California): Not explicitly provided under CPRA.

GDPR (EU/EEA): Request temporary restriction of processing under specific conditions.

7. How to Exercise Your Rights

To submit a request, please complete the form provided here:

Submit Request

Verified requests will be addressed free of charge within one calendar month in accordance with Article 12 of the GDPR, or within the timeframe required by applicable U.S. state privacy law (e.g., 45 business days under the CPRA). Under the GDPR, this period may be extended by up to two additional months where necessary, taking into account the complexity and number of requests, in which case we will inform you of such extension within one month of receipt of the request. Under the CPRA, the response period may be extended by an additional 45 business days where reasonably necessary.

If we deny your privacy request, you may appeal our decision by contacting privacy@quint.co. We will review and respond to your appeal in accordance with applicable law.

If concerns have not been addressed, individuals have the right to lodge a complaint with the relevant Data Protection Authority, the Information Commissioner's Office (ICO), or other applicable regulatory authority.

8. Children and Parents

Our Online Services are not directed at children under the age of 16, and we do not knowingly collect personal data from children under the age of 16. In the United States, we also comply with the Children's Online Privacy Protection Act (COPPA), which applies to the collection of personal information from children under 13. For certain activities in which children are allowed to participate (for example, youth clinics, camps, kids clubs, and community outreach events), any request for personal data (such as registration data) is intended for and directed to the parent or legal guardian.

Under Article 8(1) of the GDPR, where we rely on consent as a legal basis for processing in relation to information society services offered directly to a child, such processing is lawful only where the child is at least 16 years old. Where the child is below 16, processing requires consent given or authorized by the holder of parental responsibility. Some EU Member States may set a lower age threshold, but not below 13 years.

If we become aware that we have collected personal data from a child without proper consent, we will take steps to delete that data promptly.

If you have reason to believe that a child under the age of 16 has provided personal data to us without parental consent, please contact us using any of the methods described in the How to Contact Us section to request that we delete the personal data.

9. Retention

Personal data shall be retained only for as long as necessary to fulfill the purposes for which it was collected, to comply with legal, regulatory, contractual, or business requirements, and in accordance with the organization's approved Records Retention Schedule. Personal data shall be securely deleted or anonymized when no longer required.

10. International Data Transfers and Regulatory Compliance

1. Data Controller and Centralized US Storage Infrastructure
Personal data collected through this website is controlled by QuintEvents, LLC (as primary data controller on behalf of the Quint group), and processed and stored by Quint, headquartered in Charlotte, NC, United States. When you interact with the website, your information may be transmitted to and stored in the United States, where it is securely hosted and managed within our cloud infrastructure, our customer relationship management (CRM) SaaS platform, and our corporate collaboration and information management SaaS system. Where personal data is transferred from the European Economic Area, United Kingdom, or Switzerland to the United States, we rely on appropriate transfer mechanisms as required by applicable law, such as Standard Contractual Clauses approved by the European Commission or other lawful safeguards.
a. Legal Basis and Purpose of Processing
Personal data is processed under the legal bases set forth in Section 1 above, pursuant to Article 6(1) of the EU/UK GDPR, including Consent, Performance of a Contract, Legal Obligation, and Legitimate Interests.
- Consent (Article 6(1)(a)): For website cookies, analytics tracking, and marketing communications that are actively opted into. For additional legal bases (including Performance of a Contract and Legal Obligation), please refer to Section 1 above.
- Legitimate Interests (Article 6(1)(f)): To maintain website security, prevent fraud, and optimize digital performance, balanced against privacy rights.
b. European Union and United Kingdom Establishments
Because Quint operates corporate locations in both the European Union and the United Kingdom, local establishments may be contacted directly regarding data governance matters:
- European Union Establishment: Hammerhead B.V., the registered EU entity, is located in Meppel, The Netherlands. This entity serves as the local establishment inside the EU under Article 3(1) of the EU GDPR.
- United Kingdom Establishment: Quint Events International LLC London Ltd., located in London, United Kingdom, serves as the local presence under the UK GDPR.
c. Data Subject Rights
Regardless of the centralized US hosting, individuals located in the EU or UK hold specific legal rights under Articles 15 through 22 of the GDPR, and individuals in certain U.S. states hold rights under applicable state privacy laws, as specified above. You may contact us to exercise the following rights:
- The Right of Access (Article 15): Request a copy of the personal data we hold about you.
- The Right to Erasure / Right to be Forgotten (Article 17): Request the deletion of personal data, subject to applicable exceptions.
- The Right to Withdraw Consent (Article 7(3)): Revoke cookie or marketing consent at any time.

11. Changes to our Privacy Statement

We may change this Statement from time to time to reflect changes in our business, products, or services, our practices and procedures, or to comply with applicable laws. Any such changes will be posted on this page and will indicate the date on which this Statement was last revised. Where changes materially affect how we process your personal data, we will provide notice through the Online Services or by other means (such as email) prior to the changes taking effect. Please check back frequently to see any updates or changes to this Statement.

12. How to Contact Us

If you have questions or concerns about this Statement or how we collect, use, and disclose personal data, you may contact our Privacy and Security Department by any of the following methods:

By writing to us at 9335 Harris Corners Pkwy, Suite 500, Charlotte, NC 28269, Attn: Privacy and Security Department

By sending an email to  privacy@quint.co

By calling us at  1-866-834-8663

13. Complaints to Supervisory Authorities

If you have any concerns about our use of personal data, you have the right to lodge a complaint with your local data protection authority or, for U.S. residents, with the applicable state attorney general or privacy agency. You may also contact the relevant supervisory authority at the following website:

Information Commissioner’s Office (ICO)
https://ico.org.uk/global/privacy-notice/how-you-can-contact-us/
Helpline: 0303 123 1113
You can find the contact details for all EU supervisory authorities here: https://edpb.europa.eu/about-edpb/board/members_en
For California residents, you may also contact the California Privacy Protection Agency at https://cppa.ca.gov/ or the California Attorney General at https://oag.ca.gov/.