Privacy Notice

1. Introduction

This Privacy Notice outlines the general approach of Nomad to the handling of personal data across its platform, including its website, mobile applications, and related services ("Platform"). Nomad endeavors to process personal data in accordance with applicable data protection regulations, such as the General Data Protection Regulation (GDPR), where and to the extent they apply.

This notice is intended for users of the Platform in various roles, including but not limited to individuals with user accounts ("Basic Users"), artists ("Artists"), event organizers ("Event Creators"), and unregistered visitors ("Visitors").

By accessing or interacting with the Platform, users acknowledge this Privacy Notice and accept that their personal data may be processed as described herein, subject always to Nomad's discretion and applicable law.

2. Definitions

For purposes of this Privacy Notice:

• "Personal Data" refers to information that can reasonably be linked to an individual.
• "Processing" encompasses a wide range of actions, including but not limited to collection, storage, modification, and deletion of personal data.
• "Data Controller" designates the entity that determines how and why personal data is processed - Nomad, in this case.
• "Data Processor" refers to a third party acting under instruction from the Data Controller.
• "Cookies" are passive data files stored on a user's device to support operational and analytical needs.

3. Data Controller and Data Processors

Nomad acts as the Data Controller for personal data that it collects directly. Payments made through the Platform are processed by third-party payment service providers. Nomad does not store or directly process payment card information. These providers act as independent controllers or processors, depending on their role, and are responsible for their own legal compliance regarding data security and financial regulations.

In connection with the operation of the Platform, Nomad may work with third-party service providers (Data Processors) for technical infrastructure, analytics, payment services, marketing support, or other operational needs. These third parties are contractually obliged to process data only under Nomad's instructions and in a manner that satisfies applicable security and confidentiality obligations.

Data may be transferred to jurisdictions outside of the European Economic Area (EEA). Nomad adopts appropriate safeguards for such transfers, including, where feasible, Standard Contractual Clauses or other legally recognized mechanisms.

4. Lawful Basis for Processing

Nomad processes personal data where there is a valid legal basis to do so. These bases include, but are not limited to: performance of a contract, compliance with a legal obligation, pursuit of legitimate interests, and, where appropriate, the user's consent.

Consent is obtained explicitly through the user's agreement to these policies when using Platform. Such agreement constitutes explicit and informed consent to the processing of personal data as described therein.

Nomad reserves the right to determine and adjust the applicable lawful basis for processing depending on operational needs, legal obligations, or evolving regulatory interpretations.

5. Data Collection

5.1 User-Provided Information

Users may voluntarily submit personal data, including but not limited to names, email addresses, profile content, and business credentials. Submission of such data may be required to access certain features of the Platform.

5.2 Automatically Collected Data

The Platform may collect technical data such as IP addresses, device identifiers, system configurations, and usage metrics. This data is generally used to ensure technical reliability, maintain security, and evaluate service trends.

5.3 External Data Sources

Nomad may, where permitted, obtain data from external sources, including social platforms, advertising networks, and business partners. Data obtained in this manner is processed under this Notice and in accordance with permissions established by the originating platform.

6. Use of Personal Data

Nomad processes data for general operational and functional purposes. These purposes may include service access, personalization, event management, communication, regulatory compliance, and performance monitoring.

Automated tools may be used to support decision-support and content delivery. Nomad does not rely on automated processing for decisions that produce legal effects without oversight. Nomad retains broad discretion over how such tools are applied, subject to applicable legal boundaries.

7. Data Disclosure

Nomad may share personal data with vendors, infrastructure providers, business affiliates, or legal authorities where such disclosure is appropriate or legally required. Such disclosures are limited to the extent necessary for the performance of relevant tasks or obligations. Nomad does not sell personal data.

Where required, Nomad may share user information in connection with business transfers or legal processes. Data shared under such conditions will be subject to relevant contractual or statutory safeguards.

8. Data Security

Nomad employs commercially reasonable safeguards designed to protect personal data against unauthorized access, disclosure, or destruction. These may include physical, technical, and procedural controls. Absolute security cannot be guaranteed.

In the case of a verified data breach affecting user information, Nomad will follow all applicable notification laws and its internal incident response protocols.

9. Data Retention

Nomad retains data only for as long as is necessary to fulfill the purpose for which it was collected or as may be legally required. Retention policies may vary based on data category, jurisdictional requirements, or business needs. Data that is no longer required will be archived, anonymized, or securely deleted at Nomad's discretion.

10. Children's Data

The Platform is not intended for individuals under the age of 16. Nomad does not knowingly collect data from such individuals and will take appropriate steps to remove such data if discovered. Guardians who believe data may have been collected from a minor are encouraged to contact Nomad.

11. User Rights

Users may have rights under applicable privacy laws, including the rights to access, correct, delete, restrict, or object to the processing of personal data, and to request data portability. The ability to exercise such rights may vary depending on the user's jurisdiction and the context of processing.

Requests should be submitted to Nomad via the contact details provided below. Nomad may take steps to verify the identity of the requester and reserves the right to decline requests that are manifestly unfounded, excessive, or repetitive. Where applicable, Nomad will respond to valid data subject requests within one month of receipt, subject to lawful extensions and exceptions.

Users may also have the right to lodge a complaint with a supervisory authority, including the Dutch Autoriteit Persoonsgegevens, or their local data protection authority.

12. Cookies and Tracking Technologies

Nomad uses cookies and similar tracking technologies to facilitate core functionality, support analytics, and deliver a tailored user experience. These technologies may also support limited advertising and cross-platform services, in accordance with applicable regulations.

By using the Platform, users consent to the use of these technologies as described in the Cookie Policy, which provides more detailed information about cookie categories, purposes, and user controls. Users may manage or withdraw consent at any time by adjusting their browser settings or using available cookie management tools embedded in the Platform.

13. Cross-Border Transfers

Nomad may transfer and store personal data outside of the user's jurisdiction, including to countries not subject to an adequacy decision by the European Commission or other relevant authorities. In such cases, Nomad will apply appropriate safeguards, which may include the use of Standard Contractual Clauses, binding corporate rules, or other legally valid mechanisms. Users acknowledge that by using the Platform, they understand and accept that such transfers may occur.

14. Updates to This Notice

Nomad may revise this Privacy Notice to reflect legal, operational, or technological changes. Any changes will be effective upon posting unless otherwise specified. Nomad may, where feasible and appropriate, notify users of material changes through the Platform or via other direct communication. Continued use of the Platform after changes are posted constitutes acknowledgment of the revised terms.

15. Governing Law and Jurisdiction

This Privacy Notice and any disputes arising from or in connection with it shall be governed by the laws of the Netherlands. Users agree to submit to the jurisdiction of Dutch courts unless otherwise mandated by applicable local legislation. Nothing in this clause limits any mandatory legal rights users may have under the law of their habitual residence.

16. Contact

For inquiries, data subject access requests, or other communications related to this Privacy Notice, users may contact Nomad at:

Use of the Platform signifies acknowledgment of and agreement with the terms of this Privacy Notice and any referenced supplemental policies.