Privacy Policy | Official Formula 1

Privacy Policy

PRIVACY NOTICE

**Applicable to the sale of Products through the F1 Ticketing Website **

Effective date: 1 July 2026

Index

  • Who we are

  • Scope of this Privacy Notice

  • Our values

  • Children

  • What Personal Data we collect about you

  • How we use your Personal Data

  • How we use your Personal Data for marketing

  • How we share your Personal Data and who we share it with

  • The role of Formula One Digital Media Limited (FODM)

  • Sign-in and account access

  • International data transfers

  • Cookies and tracking technologies

  • Security

  • Data retention

  • Personal Data relating to other people

  • Your rights and how to exercise them

  • Complaints, questions and suggestions

  • Annex I — Local variations

1. Who we are

We are Fever Labs, Inc. ("Fever", "we", "us"), a corporation organised under the laws of Delaware, USA, TIN 99-0368536, with registered office at 50 Greene St 3 Fl, New York, NY 10013.

Fever provides its services to you through different group companies. The Fever entity responsible for your personal data depends on where you are and how you use our services. In general, the entity acting as data controller is determined by the country or region you are in, or where the service is provided. You can find details of the relevant Fever entity for your location, along with any country-specific information that may apply to you, in Annex I.

Fever is a data controller responsible for processing your Personal Data when you purchase Products through the F1 Ticketing Website (the "Website"), as operated by Fever under licence from Formula One Digital Media Limited.

Within the European Union, the Spanish Data Protection Authority (Agencia Española de Protección de Datos — AEPD) has been designated as Fever's Lead Supervisory Authority.

2. Scope and Application of this Privacy Notice

This Privacy Notice applies to the processing of Personal Data by Fever in connection with the sale and fulfilment of Products through the Website (the ‘Services’).

"Products" means the products sold to you by Fever through the F1 Ticketing Website, including:

  • grandstand and general access tickets to Formula 1 race events;

  • where applicable, hospitality tickets offered by event promoters; and

  • official programmes and other items made available for sale by Fever from time to time.

When you purchase a Product, you are contracting with Fever, not with Formula One Digital Media Limited or any of its affiliates. Fever is the official seller of the Products and the data controller of the Personal Data processed for that purpose.

Formula One Digital Media Limited (FODM) operates the broader Formula 1 ecosystem, licenses the Formula 1 brand to Fever for the operation of the Website, and is a separate, independent controller in respect of certain Personal Data described in this Notice. FODM's role is explained in section 9. Fever is an Official Supplier to FODM and is responsible for the sales of the Products.

This Privacy Notice does not apply to:

  • the sale of hospitality tickets and other products sold directly by FODM or its affiliates through the Hospitality Ticketing Site — those sales are governed by FODM's own privacy notice accessible here;

  • your use of third-party websites and services (including www.formula1.com and other Formula 1 digital products outside the Website — those services are governed by FODM's privacy notice here and event promoter websites), even when this Website contains links to such third-party websites - please review the privacy notice of any third party website you visit; and

  • products and services purchased through other Fever channels (such as the Fever app or feverup.com) — those purchases are governed by the Fever Global Privacy Notice.

**IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, PLEASE DO NOT ACCESS OR USE OUR SERVICES. **By using and accessing the Website, you acknowledge that you have read and agreed to this Privacy Notice and that you have been fully informed of the collection and use of your Personal Data. Before any purchase, you will be asked to confirm your acceptance of our Terms and Conditions and this Privacy Notice. If you do not agree to this privacy notice, please cease using the Website.

This Privacy Notice constitutes the entire and only agreement between you and Fever regarding privacy aspects related to the Products.

We may update this Privacy Notice from time to time. When we make material changes, we will notify you in advance — for example, by email (if we hold your email address) or by a prominent notice on the Website. The "Effective date" at the top of this Notice indicates when it was last updated.

If you have any questions, comments or requests regarding this notice, please contact Fever’s Data Protection Officer using this form.

3. Our values

We value your privacy and aim to be accountable, fair and transparent in how we collect and use your Personal Data. We comply with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the UK GDPR and Data Protection Act 2018, and equivalent laws in other jurisdictions where we operate.

4. Children

The Website is not directed to children. We do not knowingly collect Personal Data from any child under the age of 18 (or the equivalent minimum age under applicable local law). If you wish to buy tickets for children under the age of 18 or the equivalent minimum age under applicable local law, you are responsible for obtaining consent from the parents/legal guardians of each child you wish to buy tickets for. By completing your purchase for children under the age of 18, you confirm and certify that you have obtained such consent.

5. What Personal Data we collect about you

Fever wants to provide as much detailed information as possible regarding what Personal Data we may collect and use:

Type of Personal Data

Details

Information you give us

We may collect information you provide when you:

  • register and create an account to buy tickets through the Website. Users may browse and use certain features of the Website without registering, but an account is required to complete a ticket purchase;
  • provide information in connection with the event or experience, including special needs, requirements or preferences (for example, accessibility needs or dietary restrictions), where applicable;
  • contact or correspond with our user support team (phone, email or even through the Website);
  • fill in any forms;
  • respond to any of our surveys; and
  • share information with us on social media.

We may collect the following Personal Data and additional information:

  • your name and surname;
  • email address;
  • phone number (if you add it to your profile);
  • date of birth (if you add it to your profile or as may be required by local laws);
  • location based on IP address or details of the device you use;
  • your profile picture (image) if you create a Fever account using social login;
  • records of our conversations and messages, if you contact us or we contact you (including records of phone calls)
  • your image and/or voice in photo or video form

If you provide us Personal Data about other people (such as the attendees with whom you are going to attend the event), you confirm that you have brought this privacy notice to their attention beforehand.

Information collected from your use of the Services

Whenever you use the Website, we may collect certain information about your device, usage and interactions, including:

  • Technical and device information, such as your Internet Protocol (IP) address, login data, browser type and version, time zone, device language, operating system and platform, device type, unique device identifiers (for example, IMEI), mobile network information, and whether your device uses a virtual private network (VPN);
  • Usage and interaction information, such as the pages or screens you view, searches you make, links you click, features you use, the date and time of your activity, page response times, errors, length of visits, and how you navigate through and away from the Website (for example, scrolling and clicks);
  • Transaction information, including details of purchases or bookings made through the Website (such as tickets acquired). However, please note that most of your payment details are handled by our payment service providers (e.g., Stripe);
  • Social media information, where you choose to log in or connect your account using a third-party service (such as Facebook or Google), in which case we may receive certain profile information from that provider (please refer to their privacy policies for more details);
  • Device permissions and stored information, such as access to your contacts or other information stored on your device, only where you have granted us permission.

Information from third parties or publicly available sources

We may receive Personal Data about you from third parties and other sources, including service providers and partners that support our operations and service delivery, fraud prevention and security providers, and third-party platforms where you choose to interact with us or our services.

This may include:

  • Third-party social login accounts: If you log into the services using a third-party account (such as Facebook, Apple or Google), we may receive certain Personal Data from that provider, such as your name, email address, profile image and other information available on your profile (for example, age range or gender, where applicable). You can control what information is shared with us through the privacy settings of the relevant third-party platform.
  • Technical and usage data from partners: We may receive information about how you use our services from third-party partners, such as analytics providers (e.g. Google Analytics), advertising networks (e.g. Facebook Audience Network), and audience insight providers. This may include details like your device, IP address and how you interact with the Website. We use this information to understand usage, improve our services and make our content and advertising more relevant.
  • Contact details and transaction data: We may receive contact details and transaction-related information from payment service providers and partners involved in processing your bookings or ticket purchases.
  • Third-party service providers through the Website: Some third parties provide services through the Website (for example, managing feedback forms, newsletter subscriptions or promotions), and may share relevant information with us in connection with those services.

We use this information to provide and improve our services, process transactions, personalise your experience, and maintain the security and integrity of the Website, in accordance with applicable data protection laws.

6. How we use your Personal Data

In order to process your Personal Data, we must have a legal basis (a valid legal reason). Our legal basis will be one of the following:

  • It is necessary to fulfil a contract or agreement that we have with you. We need certain Personal Data to provide our Services and cannot provide them without this Personal Data.

  • It is required for our legitimate interests. We sometimes collect and use your Personal Data because we have a reason to use it and this is reasonable when balanced against your rights and freedoms.

  • It is permitted because you have provided your consent to us. Where you’ve agreed to us collecting your Personal Data, for example when you tick a box to indicate you’re agreeing for us to use your Personal Data in a certain way (send newsletter with promotions, discounts or new experiences or events; or share your Personal Data with FODM, and as the case may be and as referenced in the specific tick-box, event promoters, organisers or other relevant partners, for marketing purposes).

  • It is required in order for us to comply with legal obligations. In some cases, we have a legal responsibility to collect and store your Personal Data (for example, under tax regulations we must retain certain information about transactions and our customers).

Where we need to collect Personal Data in order to comply with a legal obligation or under the terms of a contract or agreement we have with you and you fail to provide that Personal Data when requested, we may not be able to perform the contract we have or are trying to enter into with you (in this case, to provide you with the Services). In this case, we may have to cancel the Services but we will notify you if this is the case at the time.

Our legal basis for using your Personal Data

For what purposes we use your Personal Data

Necessary to fulfil a contract or agreement that we have with you

  • Provision of our Services, account administration and informing about changes to our Services;
  • Processing your ticket transactions and payments (payment process handled by third-party payment service providers that comply with Payment Card Industry Data Security Standards);
  • Provision of user support services and responses to your enquiries and requests. We may record and monitor any communications between you and Fever, including phone calls, to maintain appropriate records, check your instructions, analyse, assess and improve our services, and for training, monitoring and quality control purposes;

Legitimate interests

  • Detect and prevent fraud;
  • Keep our Services and IT systems secure, as well as ensuring that Fever processes, procedures and systems run as efficient and effective as possible (including troubleshooting, data analysis, testing, research, statistical and survey purposes);
  • Suggest events or experiences similar to those previously purchased that may be of interest to you under the scope of our Services and personalise your in-app experience and marketing messages about our Services to make them more relevant and interesting to you. This may include analysing how you use our Services and your ticketing transactions;
  • Ask your opinion about our Services through specific surveys;
  • Analyse and enhance the information that we collect, your use of the Services to improve them or develop new ones, including but not limited to our content, features, scheduling, technology and events;
  • Determine the effectiveness of our promotional campaigns and advertising;
  • Use your IP addresses and device location to identify the location of users and block any unauthorised users;
  • Keep records of your marketing communications preferences;
  • We collect anonymised statistical datasets and details about visitors to our website and about our users' transactions patterns for the purposes of aggregate statistics, data analytics, dashboards and insights, reporting purposes and to understand how our users use our Services. These datasets may be shared internally or externally with others, including our partners. However, no single individual will be identifiable from the anonymised details we have collected for these purposes.

Consent

  • Allow our FODM, partners and other organisations (such as sponsors or venues, among others) to provide you with information about their products or services, discounts or promotions if you agree through the enabled mechanisms (based on opt-in or opt-out solutions);
  • Sending newsletters or promotional communications about news, sponsorships or future special events;
  • Where you have given us your express consent for other specific data processing actions, we will use your data for such actions.

If we rely on your consent for us to process your Personal Data in a particular way, but you later change your mind, you may withdraw your consent at any moment by updating your preferences or by contacting our Data Protection Officer through our Privacy Form.

Legal Obligations

  • Where we must comply with our legal obligations or to help detect or prevent a crime, we may share your Personal Data with other organisations (example: law enforcement authorities, tax authorities, fraud prevention agencies, etc.);
  • Response to data subject requests, complaints or handle legal claims/disputes;
  • Any ancillary processing activity in the event it is necessary to meet our legal or regulatory obligations;

7. How we use your Personal Data for marketing

If you have purchased a Product or otherwise provided your details to us through the Website, we may send you marketing communications about products, services, experiences, offers and events available on the Website.

What we may market to you. Subject to the legal basis below, we may market the full range of products and services available on the Website to you.

Legal basis:

  • In the European Economic Area, the United Kingdom and other jurisdictions that require opt-in consent, we will only send you marketing communications if you have given your explicit consent or by relying on the soft opt-in rule, as applicable.

  • In other jurisdictions where the law permits opt-out marketing (for example, where we have collected your details in the context of a purchase and you have not objected), we may send you marketing communications on the basis of our legitimate interest, until you opt out.

You can find jurisdiction-specific information in Annex I.

FODM marketing. Separately, you may be given the option to opt in to receive Formula 1-related marketing materials directly from FODM and the Formula 1 group. FODM is a separate controller for that marketing, and its processing is governed by FODM's own privacy notice accessible here. If you opt in to FODM marketing, we will share your contact details with FODM for that purpose.

Personalisation, recommendations and advertising. We may also analyse your purchase history, activity on the Website and other data we hold about you to personalise the content, offers and recommendations you see — including on the Website itself, and on third-party platforms (such as social media, search engines and advertising networks) where we run advertising campaigns. This may include the use of custom audiences, lookalike audiences and retargeting. Where required by law, we will obtain your consent for this activity.

How to opt out. You can opt out of marketing communications at any time by:

  • clicking the unsubscribe link in any marketing email;

  • updating your preferences in your account on the Website;

  • adjusting notification settings on your device for push notifications; or

  • contacting Fever’s Data Protection Officer via this Privacy Form.

Opting out of marketing will not affect service communications related to your purchase or account.

8. How we share your Personal Data and who we share it with

We may share your Personal Data and other information under the following circumstances:

  • Fever group subsidiaries. These subsidiaries of Fever Labs Inc. are required to process such information based on our instructions, internal procedures and protocols and in accordance with this Privacy Notice. Unless there is a legitimate enabling basis, they have no power to share your Personal Data independently. We may share your Personal Data within the Fever group subsidiaries to:

    • provide you with the best user experience and Services;

    • protect you, other users and our systems from fraud or harmful behaviour;

    • improve existing, or develop new Services;

    • send you information about Fever services we think you’ll be interested in hearing about.

  • Formula One Digital Media Limited (FODM). As a separate and independent controller, in the circumstances described in section 9.

  • Third-party service providers. We may share your Personal Data with third-party service providers, acting as our data processors, in order to facilitate or provide certain services on behalf of Fever. By way of example and not limitation, it may include:

    • Mobile & Tech Companies to enhance communication services and optimize mobile experiences. Sharing excludes text messaging originator opt-in data and consent; this information will not be shared with any third parties.

    • IT infrastructure and support providers that facilitate our provision of the Services to you;

    • Analytics and user research providers that help us improve the Website;

    • Communications and survey services providers to help us provide our Services to you and help us send you emails, push notifications and text messages; and

    • Other third-party service providers, for the purpose of providing our Services or tracking our users' use of the Services (including but not limited to payment service providers).

These providers are authorised to process your Personal Data only as necessary to provide their services to us.

  • Compliance with legal obligations. When we respond to court orders or legal processes, or to exercise our legal rights or defend ourselves against legal claims. When we believe it is necessary to share your Personal Data in order to investigate/prevent a crime or take actions against illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Use, or as otherwise required by law.

  • Mergers & Acquisitions. When we need to transfer Personal Data about you if we are acquired by or merged with another company. If we are involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified afterwards via email and/or a prominent notice on our Services of any change in ownership or uses of your Personal Data, as well as any choices you may have regarding your Personal Data.

  • Social media and advertising partners. When we use social media for marketing purposes, your Personal Data (limited to only your name and email address) may be shared with the social media platforms so that they can check if you also hold an account with them. If you do, we may ask the advertising company or social media provider to:

    • use your Personal Data to send our ads to you, because we think that you might be interested in new Fever products or services;

    • not send you our ads, because the marketing is related to a service that you already use;

    • send our ads to people who have a similar profile to you (lookalike audiences) and custom audiences.

Please note that your Personal Data is hashed before we send it to the advertising partner and they are only allowed to use it in the ways described above.

  • Experience or Event organisers and local promoters. By default, no Personal Data is shared with the event promoter, and entry to the venue is managed using anonymous ticket codes (such as barcodes or QR codes). For certain events, where this is required by local law, by the entry requirements set by the event promoter, or to manage specific incidents (for example, lost or reissued tickets, complaints or refunds), we may share limited Personal Data (typically your name, ticket category and seat/zone allocation, and any identification data required by applicable law) with the relevant event promoter. The event promoter acts as a separate independent controller for the data it receives and is responsible for its own compliance with applicable data protection laws. We may share your Personal Data with the entity organising that experience or event, notably FODM. Sometimes, these organisers might have others help them set up the event. We call these helpers "Third-Party Organizers." In these cases, we might share your Personal Data with them for logistical or operational purposes due to it being necessary for the proper execution of the contract with you. Remember, we're not responsible for how these experience or event organisers, local promoters, or Third-Party Organisers process your Personal Data or if they comply with applicable data protection laws.

We do not sell your Personal Data. Where laws such as the California Consumer Privacy Act apply, please see Annex I for further information on "sale" and "sharing" of Personal Data and your rights.

9. The role of Formula One Digital Media Limited (FODM)

FODM operates the Formula 1 brand and digital ecosystem, and licenses the Formula 1 brand to Fever for the operation of the Website. FODM is a separate, independent controller of Personal Data collected through the Website.

We share Personal Data with FODM under a written data sharing arrangement that requires both parties to comply with applicable data protection law.

FODM processes Personal Data received from us for the following purposes:

  • operating, administering and developing the broader Formula 1 digital ecosystem (including www.formula1.com and the F1 Account);

  • customer relationship management — building and maintaining a single view of Formula 1 customers across the Formula 1 ecosystem;

  • digital security - fraud prevention, abuse detection, account security and protection of the Formula 1 digital ecosystem;

  • analytics, reporting and research — understanding how customers engage with Formula 1 products to improve the fan experience (including via the tailoring of marketing materials to individual customers);

  • direct marketing of Formula 1 products, services and experiences if you have opted in to receive such communications (see section 7); and

  • compliance with FODM's own legal and regulatory obligations.

FODM's processing of your Personal Data — including the legal bases it relies on, the recipients with whom FODM shares your data, and the rights you can exercise against FODM — is governed by FODM's own privacy notice, available here. We encourage you to read it.

Fever is not responsible for FODM's processing of your Personal Data as an independent controller. Likewise, FODM is not responsible for Fever's processing of your Personal Data as the controller for the sale of Products.

10. Sign-in and account access

To purchase Products on the Website, you will be asked to sign in.

Sign-in is provided through Fever's single sign-on (SSO) solution. When you create an account or sign in using Fever SSO, Fever is the controller of the authentication data and the account profile associated with that sign-in. This authentication mechanism is designed to provide a seamless experience across the F1 digital ecosystem (including for the purchase of any FODM-controlled products on the Hospitality Ticketing Site).

11. International data transfers

Fever operates globally, which means that your Personal Data may be accessed or processed in countries other than the one in which you are located to (i) help us provide our services; (ii) provide ongoing user support; (iii) comply with legal and regulatory requirements; and (iv) fraud prevention and response to law enforcement authorities, among other purposes. As a general rule, if you are a user resident in the European Economic Area (EEA), please note that Fever aims to store your Personal Data in the EEA territory.

When transferring Personal Data outside the EEA, the UK, or another jurisdiction with data transfer restrictions, we will ensure that any transfer of your Personal Data to third countries that do not provide an equivalent level of data protection is carried out in accordance with applicable data protection laws and with appropriate safeguards in place.

These safeguards may include, for example:

  • entering into standard contractual clauses or equivalent approved mechanisms with the recipient;

  • relying on adequacy decisions issued by relevant authorities; or

  • implementing other legally recognised transfer mechanisms, where applicable.

We may transfer your Personal Data internationally within the Fever group or to trusted service providers and partners for purposes such as providing our services, supporting users, ensuring security, preventing fraud, and complying with legal obligations.

In addition, when you book, purchase or participate in an experience or event, your Personal Data may be shared with the organiser of that experience (notably FODM), who may be or have local entities located in a different country. Where this involves an international transfer, we will ensure that appropriate safeguards are applied where required by law.

For more information on international data transfer mechanisms, you can contact us directly, or you may also refer to the guidance available from your corresponding local data protection authority available in Annex I.

12. Cookies and tracking technologies

We use cookies to analyse how you use the Website. In addition, pixels, web beacons, tags and scripts may be used by Fever and our partners, affiliates, analytics or service providers. These technologies are used for measuring performance of our email campaigns, analysing trends, administering the Website, analytics and tracking users' behaviours regarding the Website, and to gather demographic information about our user base as a whole. We receive reports and build internal dashboards based on the use of these technologies on an individual as well as aggregated basis.

We use cookies, for example, to remember your settings (such as language preference). You can control the use of cookies at the individual browser level. If you reject cookies, you may still use the Website, but your ability to use some features or areas of the Website may be limited.

12.1 What is a cookie?

Cookies are small text files sent by us to your computer or mobile device, which enable Website features and functionalities and allow the Website to, among other things, store and retrieve information about the number of visits, your browsing habits or your device and, depending on the information they contain and the way you use your device, can be used to recognise you. They are unique to your account or your browser. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them or until they expire.

12.2 How does Fever use cookies?

Some cookies are associated with your account and Personal Data to remember that you are signed in (see section 10 on Fever SSO and the future F1 Account transition). Other cookies are not tied to your account but are unique and allow us to carry out analytics and customisation, among other things.

Cookies can be used to recognise you when you visit the Website, remember your preferences, and give you a personalised experience consistent with your settings. Cookies also make your interactions faster and more secure.

Categories of use:

  • Authentication: If you are signed in to the Website (via Fever SSO or, in due course, F1 Account), cookies help us show you the right information and personalise your experience.

  • Security and functionality: We use cookies to enable and support security features, and to help detect malicious activity. They are strictly necessary and allow you to navigate through the Website and use its different features. For example, these cookies help us identify your session, access restricted areas, remember the items in your cart, process your purchase order, and use security features while browsing.

  • Personalisation, preferences, features and services: Cookies record which language you prefer and what your communication preferences are. They can help fill out forms on the Website more easily. They also provide you with features, insights and customised content.

  • Marketing: We may use cookies to help deliver marketing campaigns and track their performance (for example, that a user visited the Website and then made a ticket purchase). Similarly, our partners may use cookies to provide us with information about your interactions with their services; use of those third-party cookies is subject to the third party's policies. They help us manage content relevance more efficiently based on your preferences and refine our product offering in line with your interests.

  • Performance, analytics and research: Cookies help us learn how well the Website performs. We also use cookies to understand, improve and research products, features and services, including to create logs and record when you access the Website from different devices. This includes creating user navigation profiles on the Website to inform improvements to our services. Google Analytics is an example included in this category.

  • Social cookies and pixels:

    • Social cookies: These may be used to enable you to share our content with your friends and networks. They are capable of tracking your browser across other websites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these technologies you may not be able to use or see these sharing tools. This category may include platforms such as Facebook and X (formerly Twitter).

    • Pixels: These are small, virtually invisible, pixel-sized programs hosted on the Website that create a link between your visit and a third party. When the pixel is loaded, the third party places a cookie on your device for analytical and advertising purposes.

12.3 What categories of Personal Data does Fever process through cookies?

While the specific data collected and processed through cookies may differ based on your individual settings and preferences, we typically gather the following information related to your usage and device:

  • the date and time you last accessed the Website;

  • the pages or content you engaged with during your initial visit to the Website;

  • the language setting you prefer to use by default;

  • details about your device, such as the type and model, the operating system and its version, the type of browser and its configuration, your IP address or another unique identifier for your device, and a unique token for your device;

  • information categorising you as a user, which may include your behaviour, likes and dislikes, or purchasing history.

If you consent to the activation of personalisation cookies, we may combine your Personal Data with other data to create a profile of your interests and activities.

12.4 What kinds of cookies do we use?

  • First-party cookies (Fever): these cookies are created and used by Fever and the Website. They help the Website function properly, save your settings for future visits, and tailor your Website experience.

  • Third-party cookies: these cookies come from external sources, not from the Website. They are often used by our advertising or analytics partners (e.g. Google, Meta) to follow your activity across various sites, which allows for personalised advertising and helps gather broad usage statistics.

12.5 Cookie retention period

The data collected via cookies will be used strictly for the duration required to achieve the specified purposes, based on the cookie type:

  • Session cookies: temporary and expire once you close your browser (or once your session ends).

  • Persistent cookies: remain on your hard drive until you (or your browser) erase them or until they reach their expiration date. They should not last longer than 12 months, but in practice may remain on your device longer if you do not take action.

  • Proprietary cookies: will not remain active for longer than 12 months from the time you gave your consent for their installation. We may retain the data they collect in restricted form until any potential legal claims are time-barred.

Even after a cookie has expired, we may renew it if you agree to its use again.

12.6 Information sharing from cookies

Subject to your consent (where required), data gathered via cookies may be shared with selected partners and service providers who assist us with functions such as Website analytics, advertising, and improving user experience.

Some of these service providers may be based outside of the European Economic Area (EEA), in countries that may not initially provide the same level of data protection as within the EEA. In those cases, Fever conducts those data transfers in accordance with standard contractual clauses pre-approved by the European Commission (or, for the UK, the UK International Data Transfer Addendum). For further information on these safeguards, please contact Fever’s Data Protection Officer via this Privacy Form.

12.7 How can you manage the use of cookies?

When you first visit the Website, a cookie banner will inform you about our use of cookies as described in this section. The banner enables you to provide informed consent (where required by applicable law) from the outset for the use of cookies, by agreeing to the installation of particular categories of cookies. You can always adjust your preferences or withdraw your consent at any time, both for our first-party cookies and those set by third parties.

To use certain features that we offer, it is necessary for you to have cookies enabled in your browser. In particular, these strictly necessary cookies allow us to identify you as a signed-in user each time you access the Website, allowing you to access and use the features that require sign-in.

  • Managing cookie preferences: You can modify your settings directly via the cookie banner or through the cookie preference centre accessible from the footer of the Website.

  • Disabling cookies: You can disable cookies using the settings in your web browser. For guidance on how to manage cookies in your specific browser, please refer to the following instructions:

You should always consult the most up-to-date support information of your browser, since cookie management options may change between versions and operating systems. If you use another browser (e.g. Vivaldi or Brave), please consult the cookie settings options that may be available in it.

If you decide not to accept cookies on the Website, you will still be able to use the Website, although your user experience may be slightly impaired.

12.8 Your rights regarding the use of cookies

Under applicable data protection laws, you have the rights set out in section 16 of this Privacy Notice in respect of the Personal Data we collect via cookies. To exercise these rights, contact Fever’s Data Protection Officer via this Privacy Form. Please note that to process your request, we may need to ask you for additional information to identify you. We will use that information solely for the purpose of managing your request and then block it until any potential legal liabilities are time-barred.

13. Security

In accordance with applicable laws, we implement appropriate technical and organisational measures to protect your Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, alteration or damage. These measures include encryption in transit and at rest, access controls, network security, monitoring, incident response procedures and staff training.

We maintain PCI-DSS certification for payment processing and align our information security management with ISO/IEC 27001 and equivalent industry standards.

No transmission over the internet can be guaranteed to be 100% secure. If you believe your account or Personal Data has been compromised, please contact Fever’s Data Protection Officer immediately via this Privacy Form.

14. Data retention

We keep your Personal Data only for as long as is necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, tax or reporting requirements, resolving disputes and enforcing our agreements.

The retention period for each category of Personal Data depends on the purpose for which we hold it, the nature of the data, the existence of any ongoing relationship with you, and applicable legal retention requirements.

In some circumstances we may anonymise your Personal Data (so that it can no longer be associated with you) for research, analytics, statistical and reporting purposes, in which case we may use that information without further notice to you.

15. Personal Data relating to other people

If you provide us with Personal Data about another person (for example, an attendee accompanying you to an event), you confirm that you have informed that person about this Privacy Notice and have a lawful basis to share their Personal Data with us.

16. Your rights and how to exercise them

Depending on your country of residence and the applicable data protection law, you may have the following rights in respect of your Personal Data:

  • Right to be informed about how we use your Personal Data.

  • Right of access — to obtain a copy of the Personal Data we hold about you.

  • Right of rectification — to have inaccurate or incomplete Personal Data corrected.

  • Right of erasure ("right to be forgotten") — to have your Personal Data deleted in certain circumstances.

  • Right to restrict processing — to limit how we use your Personal Data in certain circumstances.

  • Right to object — to object to processing based on legitimate interests, and to object at any time to direct marketing.

  • Right to data portability — to receive certain Personal Data in a structured, commonly used and machine-readable format, and to have it transmitted to another controller where technically feasible.

  • Right to withdraw consent — where we rely on your consent, you can withdraw it at any time, without affecting the lawfulness of processing carried out before withdrawal.

  • Right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects (we do not currently carry out such automated decision-making on the Website).

  • Right to lodge a complaint with a data protection authority (see section 17 and Annex I).

Local laws may grant you additional rights or modify the rights above (see Annex I).

How to exercise your rights. You can exercise your rights by submitting a request to Fever’s Data Protection Officer through this Privacy Form.

We may need to verify your identity before responding to your request. We will respond within the timeframes required by applicable law (typically one month under the GDPR and UK GDPR, with a possible extension for complex requests).

If your request concerns Personal Data processed by FODM as an independent controller (see section 9), please contact FODM directly using the details in FODM's privacy notice.

17. Complaints, questions and suggestions

If you have any questions or concerns about this Privacy Notice or how we process your Personal Data, please contact our Data Protection Officer via our Privacy Form. We will investigate your complaint and aim to resolve the issue.

If you consider that your concerns are not fully addressed, you also have the right to lodge a complaint with the data protection authority in your country. Within the European Union, Fever's Lead Supervisory Authority is the Spanish Agencia Española de Protección de Datos (AEPD). See Annex I for a list of authorities in other countries.

Annex I — Local variations and contact details

Below you can find information about the local data protection authorities and any country-specific variations to this Privacy Notice in some of the jurisdictions in which Formula 1 events take place.

Country

Details

Australia

Local Entity: Kzemos Australia Pty Ltd located at Level 4, 80 Market Street, South Melbourne, Victoria 3205

Supervisory Authority: Office of the Australian Information Commissioner. GPO Box 5218, Sydney NSW 2001.

Variation: Legal bases above are read consistently with the Australian Privacy Principles.

We are likely to disclose your personal information to recipients located outside Australia, principally in the European Union (where our group operations and primary hosting are based) and in the country where the Formula 1 event for which you have purchased tickets takes place. This annex includes the current list of Formula 1 Championship host countries.

Austria

Local Entity: Kzemos Austria GmbH located at Parkring 2, 1010 Vienna, Austria.

Supervisory Authority: Austrian Data Protection Authority (Österreichische Datenschutzbehörde). Barichgasse 40-42, 1030 Wien.

Azerbaijan

Local Entity: Kzemos UK Ltd. located at 4th Floor, The Wingate, 93-107 Shaftesbury Avenue, London W1D 5DY

Supervisory Authority: Ministry of Digital Development and Transport. Baku city, 77 Zarifa Aliyeva St., AZ1000.

Variation: Legal bases above are read consistently with the Law on Personal Data. Legitimate interest is not a stand-alone legal basis as it is under the GDPR. In Azerbaijan, we rely on consent and contract necessity.

Bahrain

Local Entity: Kzemos UK Ltd. located at 4th Floor, The Wingate, 93-107 Shaftesbury Avenue, London W1D 5DY

Supervisory Authority: Personal Data Protection Authority (PDPA).

Belgium

Local Entity: Kzemos Belgium Srl located at Esplanade Heysel 1 PB 94, Bruxelles 1020, Belgium

Supervisory Authority: Autorité de protection des données. Rue de la Presse 35, 1000 Bruxelles.

Brazil

Local Entity: Kzemos Brasil Ltda. located at Alameda Santos 647, 9º andar, Cerqueira César, CEP 01.419-901, Cidade de São Paulo, Estado de São Paulo.

Supervisory Authority: Autoridade Nacional de Proteção de Dados (ANPD). Zona Cívico-Administrativa BL C - Brasília, DF, 70297-400

Variation: Legitimate interest is available as a legal basis under the LGPD; we rely on contract performance, consent, legal obligation and legitimate interest.

Your rights under LGPD Article 18 are as follows: confirmation of processing; access; correction of incomplete, inaccurate, or outdated data; anonymisation, blocking, or deletion of unnecessary, excessive, or non-compliant data; portability of data to another service or product provider; deletion of data processed with your consent; information about public and private entities with which we have shared use of data; information about the possibility of not providing consent and the consequences of refusal; withdrawal of consent.

Canada (Québec)

Local Entity: Kzemos Events Inc. located at SUITE 2700, 1133 MELVILLE STREET

VANCOUVER BC V6E 4E5, CANADA

Supervisory Authority:

  • Federal: Office of the Privacy Commissioner of Canada (OPC). 30 Victoria Street, Gatineau QC K1A 1H3
  • For Québec: Commission d’accès à l’information du Québec (CAI). 525, boulevard René-Lévesque Est,bureau 2.36, Québec (Québec) G1R 5S9 (in Québec);

Variation: Legal bases above are read consistently with PIPEDA and (in Quebec) the Act respecting the protection of personal information in the private sector. Legitimate interest is not a stand-alone legal basis under either regime. In Canada, we rely on consent (express or implied as permitted), contract performance and legal obligation.

For Québec, please note that your personal information may be communicated outside Québec.

Hungary

Local Entity: Kzemos Hungary KFT located at 1137 Budapest, Jászai Mari tér 5-6.

Supervisory Authority: Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH). Falk Miksa utca 9-11, 1055 Budapest.

Italy

Local Entity: Kzemos Italy s.r.l. located at Via Ceresio, 7, 20154, Milano (MI), Italy

Supervisory Authority: Garante per la protezione dei dati personali, Piazza Venezia 11, 00187 Roma.

Japan

Local Entity: Kzemos Japan G.K. located at Hibiya Fort Tower 10th Floor, 1-1-1 Nishi-Shimbashi, Minato-ku, Tokyo

Supervisory Authority: Personal Information Protection Commission (PPC). Kasumigaseki Common Gate West Tower, 32nd Floor, 3-2-1 Kasumigaseki, Chiyoda-ku Tokyo 100-0013

Variation: Legal bases above are read consistently with the Act on the Protection of Personal Information (APPI). Legitimate interest is not a recognised basis under APPI. In Japan, we rely on consent and contract necessity.

Mexico

Local Entity: Kzemos S.A. de C.V located at Calle Orizaba 32, Roma Norte., Cuauhtémoc, 06700 Ciudad de México, Ciudad de México

Supervisory Authority: Secretaría Anticorrupción y Buen Gobierno. Avenida de los Insurgentes Sur 1735, Guadalupe Inn, C.P. 01020, Álvaro Obregón, Ciudad de México.

Variation: Legal bases above are read consistently with the Ley Federal de Protección de Datos Personales en Posesión de los Particulares (LFPDPPP). Legitimate interest is not a stand-alone legal basis under Mexican law. In Mexico, we rely on consent, contract performance and legal obligation.

Monaco

Local Entity: Kzemos Production France SAS located at 18 rue Yves Toudic, 75010 Paris

Supervisory Authority: Autorité de Protection des Données Personnelles (APDP). Le Concorde 4ème étage, 11 rue du Gabian, 98000 Monaco

Portugal

Local Entity: Frenetic Rituals Lda. located at Praça Marquês de Pombal, 14, 1250-161, Lisbon, Portugal

Supervisory Authority: Comissão Nacional de Proteção de Dados (CNPD). Av. D. Carlos I, 134, 1º, 1200-651 Lisboa

Qatar

Local Entity: Kzemos Gulf LLC located at C/O Media City Qatar, Floor No. 16, Tornado Tower, No. 17, Doha, Qatar

Supervisory Authority: National Cyber Security Agency (NCSA). P.O. Box 24100, Wadi Al Sail Street, Doha or privacy@ncsa.gov.qa

Variation: Legal bases above are read consistently with the PDPPL. Legitimate interest and contract performance are not stand-alone legal bases as they are under the GDPR. In Qatar, we rely on consent, compliance with a legal obligation or public interest, data obtained from publicly available sources, and statistical/research purposes.

Saudi Arabia

Local Entity: Kzemos Arabia LLC located at Office no. 108, Building No. 8087, Handhalah Bin Malik Street, Secondary No. 2995, Al Wurud District, 12253, Riyadh, Kingdom of Saudi Arabia

Supervisory Authority: Saudi Authority for Data and Artificial Intelligence (SDAIA). An Nakheel, Riyadh 12382.

Variation: Legal bases above are read consistently with the Saudi Personal Data Protection Law. Where the narrow legitimate-interest basis under the Implementing Regulations is not available as it is under the GDPR, we rely on consent for those activities.

Singapore

Local Entity: Kzemos SG Pte. Ltd. located at 20 Collyer Quay #11-07 Singapore 049319

Supervisory Authority: Personal Data Protection Commission (PDPC). 10 Pasir Panjang Road, #03-01 Mapletree Business City, Singapore 117438.

Variation: Legal bases above are read consistently with the Personal Data Protection Act (PDPA). In Singapore, we notably rely on consent (including deemed consent), the legitimate interests exception, and the business improvement exception.

Spain

Local Entity: Eventos Singulares Flander S.L.U. located at Calle de Fernando el Santo, 16, 28010, MADRID SPAIN.

Supervisory Authority: Agencia Española de Protección de Datos (AEPD). C/ Jorge Juan 6, 28001 Madrid (Fever's Lead Supervisory Authority in the EU).

Turkey

Local Entity: Kzemos Turkey A.S. located at Hürmet Keçeli Business Center, Büyükdere Avenue No. 53, Inner Door No. 4, Mecidiyeköy, Şişli, Istanbul, Türkiye

Supervisory Authority: Kişisel Verileri Koruma Kurumu (KVKK). Nasuh Akar Mahallesi 1407. Sok. No:4, 06520 Çankaya/Ankara.

United Arab Emirates (Abu Dhabi)

Local Entity: Kzemos FZ-LLC (Dubai) located at Al Thuraya Tower 1, Floor 5 offices 501 & 509, Dubai Internet City, 81, Al Falak street, Al Sufouh 2, Jumeirah, Dubai, 13805 76280, United Arab Emirates

Supervisory Authority: UAE Data Office; for DIFC, the Commissioner of Data Protection.

Variation: Legal bases above are read consistently with Federal Decree-Law on the Protection of Personal Data. Legitimate interest is not a recognised basis under UAE Federal law. In the UAE, we rely on consent and on the consent exceptions, including the controller's statutory obligations, the establishment or defence of legal claims, the protection of public interest, the processing of data made publicly available by the data subject, and archival or research purposes.

United Kingdom

Local Entity: Kzemos UK Ltd. located at 4th Floor, The Wingate, 93-107 Shaftesbury Avenue, London W1D 5DY

Supervisory Authority: Information Commissioner's Office (ICO). Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

United States

Local Entity: Mad Hatter Experience LLC, located at 2140 S DUPONT HWY, CAMDEN, DE 19934

Supervisory Authority: Attorney General of your State of residence, or as otherwise provided in the applicable State law.

Variation: US state privacy laws do not operate on a "legal basis" model equivalent to the GDPR. Our collection, use and disclosure of personal information of US residents is governed by the laws of the relevant State. Where applicable State law provides rights additional to those described above — including the right to opt out of targeted advertising, the sale of personal data, or profiling, or the right to appeal our decision regarding any of your requests — you may exercise those rights via the Privacy Form. If you appeal a denial, we will respond within the timeframe required by applicable State law (typically 60 days).

California

Supervisory Authority: California Privacy Protection Agency (CPPA). 2101 Arena Blvd., Sacramento, CA 95834 (concurrent enforcement by the California Attorney General)

Variation: California privacy law does not operate on a "legal basis" model equivalent to the GDPR. Our collection, use and disclosure of personal information of California residents is governed by the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA).

We do not "sell" Personal Data and do not "share" Personal Data for cross-context behavioural advertising in violation of the CCPA. You can manage cookie-based sharing through the cookie preference centre and may submit "Do Not Sell or Share My Personal Information" requests via our Privacy Form. California residents have additional rights (right to opt-out of the sale of personal data, right to limit use of sensitive personal information, right to non-discrimination). We will respond to your right exercise request within 45 days, extendable by a further 45 days where reasonably necessary.

More information on other European Countries’ Supervisory Authority is available here: https://www.edpb.europa.eu/about-edpb/our-members_en.

If your country does not appear on the above list, the Fever entity acting as the data controller is Fever Labs, Inc., you may contact us through this form to request information about your supervisory authority.