1. Scope
This privacy statement (hereinafter: “Privacy Statement”) applies to the processing of your personal data by WEAREONE.WORLD (THAILAND) CO.LTD, a private limited company incorporated under Thai law, having its registered office at 88/7 Srinagarindra - Rom Klao Road, Lat Krabang, Bangkok 10520, Thailand, and registered under company number 0105568164524 (hereinafter “we”, “us”, “our”), and your rights in relation to that processing. If you use our services, purchase our products, or participate in our activities, we will inform you of any special conditions that apply to the processing of your personal data, in derogation or addition to what is stipulated in this Privacy statement. We advise you to consult all the documents provided.
For the purposes of this Privacy Statement, “personal data” has the meaning given in the “Personal Data Protection Act B.E. 2562” (hereinafter “PDPA”) of Thailand, namely “any information relating to a person which enables the identification of such person, whether directly or indirectly, but not including information of deceased persons”.
“Tomorrowland” is a brand of the WEAREONE group. By “Tomorrowland” we mean all festivals, events, products, and activities that are organized, produced, or offered by or on behalf of the WEAREONE group under the name Tomorrowland or under related brands, concepts, and companies. Tomorrowland Thailand is the organiser of the Thai edition of Tomorrowland (“Tomorrowland Thailand”).
We may change this Privacy Statement at any time. To find out when we last updated the Privacy Statement, please refer to the “Last Updated” date at the bottom of this page. Any changes to this Privacy Statement will become effective as soon as we make them available on our websites.
If you have any questions about this Privacy Statement or about the way in which we process your personal data, please contact us by email at dataprotection@tomorrowlandthailand.com or via the contact form if you have a Tomorrowland account.
2. Why we process your personal data
2.1 Pre-registration and ticketing
During the pre-registration process for ticket sales for our events and events we co-promote, we process your personal data to contact you prior to the start of the actual ticket sale. To carry out the ticket sales, we process your identification details such as your name, date of birth, gender and nationality. We also process certain specifics of your purchase, such as the type of ticket you prefer. To complete the purchase process, we need to process necessary payment details, such as credit card number of the ticket buyer.
To confirm your order and send your tickets, we process your contact details. If your ticket is delivered electronically, this will be your email address. If your ticket is delivered physically, such as the Tomorrowland Bracelet, we process your delivery address.
When we process your personal data during the pre-registration process, we do so at your request and based on your consent. Once your pre-registration leads to the purchase of a ticket, we rely on the necessity to execute the purchase agreement for processing your personal data. To the extent that we are subject to a legal obligation to perform fraud prevention and we process your personal data for this purpose, we rely on our legitimate interest in efficiently fulfilling that legal obligation. We also rely on our legitimate interest when we process your personal data to make the ticket sales as efficient and secure as possible, and to use statistical information about the pre-registration process and ticket sales to assess and improve our procedures for the future.
2.2 Event attendance
Our tickets are issued in the registered name. This means that we may ask you for your identification details such as your name, at the entrance to our events to verify whether it matches the name on your ticket. When you purchase Pearls and/or make purchases on-site, we also process your payment details. We rely on external suppliers for the secure processing of these transactions.
For these processing activities, we rely on the necessity to execute our purchase agreement. Since we are highly committed to providing our visitors with unique and unforgettable moments, we may also process your personal data in certain circumstances, such as when responding to your special requests. In these cases, we rely on our legitimate interest in providing you and other visitors with a unique experience. To the extent that we process statistical information about your visit, we rely on our legitimate interest in continuing to create unique visitor experiences in the future.
2.3 Atmospheric images and close-ups
During our events, we capture atmospheric images which we use in content such as aftermovies and social media posts. If we feature you specifically, this is based on your consent. Please note that permission to capture and use your image is not always required and can also be implicit. For the processing of your personal data, we rely on our legitimate interest in promoting our events to a wider audience and keeping archives of our various events.
2.4 Travel and accommodation
We offer certain travel and accommodation options, whether or not through our travel and accommodation partners. When you wish to link such an option to your visit, we process, among other things, identification details such as your name, contact details such as your email address, and certain specifics such as your preferred travel class. This information is necessary for making the required reservations and confirming them to you. To complete your purchase, we also process necessary payment details, such as your bank account number. The legal basis for processing these personal data is the necessity to execute the agreement.
To optimize your travel and accommodation experience, you can also share certain preferences, such as your interest in specific Global Journey activities. In this case, we process your preferences along with your identification and contact details so that we can contact you with suggestions. For this, we ask for your consent.
2.5 Communication
Customer service and complaint handling
We communicate directly with you when you contact us with questions, comments or complaints. To communicate with you, we process your identification details such as your name, contact details such as your email address, and any other information you provide to us. To handle your question, comment or complaint, we also process the content of your communication and its practical details. Depending on the type of request, we may share your request with others if necessary for handling it. The legal basis for this processing is our legitimate interest in responding to questions and comments and in handling complaints smoothly. To the extent that we use contextual information from your communications to train our staff internally to provide better customer service, we rely on our legitimate interest in improving our customer interactions.
Practical communications
We send you practical information about the events, activities and other initiatives for which you are registered. These communications may include, among other things, information about special access conditions, accessibility, payment options available in Thailand, weather conditions, and local transport options or disruptions.Additionally, these practical communications may also contain relevant details about products and services offered by our partners at the event for which you are registered. For these communications, we process identification details such as your name, contact details such as your email address, and registration information.
We only send you our updates if you have given your consent or have requested to stay informed, for example by subscribing to a specific newsletter, unless you are an existing customer and we keep you informed about similar products and services that we believe may be of interest to you. If we are mistaken in this, you can always adjust your preferences or unsubscribe by clicking the “unsubscribe” link at the bottom of our emails.
Targeted communications
We would like to keep you informed about our events and activities, as well as our other projects, brands and initiatives such as the Tomorrowland Store. Where you have provided your consent, we will also inform you about products or services of partners with whom we collaborate. For this type of communication, we process identification data such as your name and contact details such as your email address
Marketing based on your personal preferences
In order to make our messages as relevant as possible, we may, but only where you have given your explicit consent, combine personal data from different sources to create a profile of your interests. This may include preferences you have stored in your account or information about your purchases.
This data is collected via our digital channels (such as the website, emails, apps, and purchase history) and processed through a central platform. You can modify or withdraw your preferences at any time via the preference portal of your Tomorrowland account. Withdrawal of consent does not affect the lawfulness of processing carried out before the moment of withdrawal.
Customer satisfaction surveys and broader inquiries
To optimize our overall services, we may invite our existing customers to participate in satisfaction surveys or to share experiences in broader inquiries. For this, we process identification details such as your name, and contact details such as your email address. Additionally, we process any other information about you that emerges from the research and that you provide to us in this context. We rely on our legitimate interest in inviting you to voluntarily participate in our inquiries. Participation is, of course, not mandatory, and the choice is entirely yours. We will try as much as possible to dissociate your responses from you as an individual. However, this also means that we may not always be reasonably able to respond to certain follow-up requests, such as an access request.
2.6 Website
To provide content on our website, optimize its functionality, and allow you to browse it, we may process your personal data. These will primarily be technical data about the device you use, such as the type of browser, and technical identifiers like your IP address.
The legal basis for this processing is our legitimate interest in offering our website and allowing you to use it. If legally required, for example, for placing analytical cookies, we ask for your consent for this processing.
2.7 Tomorrowland Account
When you create a Tomorrowland account, for example, to make purchases in the Tomorrowland Store, we process identification details such as your name, date of birth, gender and nationality. We also process contact details such as your (email) address and phone number. Furthermore, we store certain preferences and interests, such as your music preferences if you have shared this information with us.
For the processing necessary to manage your account, we rely on the necessity to execute the agreement. For the processing of your preferences, we ask for your consent. If we process your account information to ensure the security of your account and safeguard its use, we rely on our legitimate interest in providing our products and services securely and in continuously optimizing them. If you delete your account, we will keep your account information for at least as long as it takes to fully close the account. If we have legitimate grounds, we may retain your account information for a longer period based on our legitimate interest. This could include situations where we are involved in legal proceedings or an ongoing dispute. In such cases, your account information will be stored separately from other active accounts.
2.8 Tomorrowland App
To enable you to use the Tomorrowland app, we process identification details such as your first name. We also process your account information (as mentioned above) and technical data from the device you use to log in. Additionally, we collect information about your usage and interactions within the app. If you have given your consent, we process your location data.
We process your personal data in this context to provide you with the requested service, based on the necessity to fulfill our agreement. For the data we process to ensure the use and security of the app, we rely on our legitimate interest in offering our products and services securely and in continuously optimizing them. For processing location data, we ask for your consent.
2.9 Tomorrowland Store
We process your personal data when you purchase items in our Tomorrowland Store, either on-site or online. You can make your online purchase using your Tomorrowland account (see section 2.7). Additionally, we process contact details such as your email address and delivery address to confirm and deliver your purchase. For these purchases, we process your bank account number to enable financial transactions. Finally, we process certain preferences, interests, and consumption behavior, such as your personal purchase history.
The processing necessary to facilitate the sale of our Tomorrowland Store items is based on the necessity to execute our agreement. The processing of your personal data for keeping track of your purchase history is based on our legitimate interest in offering our products and services as customer-friendly as possible and in optimizing our services. For the processing of your preferences, interests, and consumption behavior, we ask for your consent.
2.10 Matching through advertising platforms
We employ a secure matching technique in which your data is first encrypted and pseudonymized so they can no longer directly be linked back to you. Only this hashed information is compared, within a protected environment, with equally encrypted data held by advertising platforms. The platform will display a targeted advert only if an exact match is found. If there is no match, nothing happens. At no point do your name, e‑mail address or any other identifying details leave our systems.
2.11 Safety and security
We take a range of safety and security measures to protect our visitors, employees, partners, and others, both in physical environments (such as event locations, venues, and office buildings) and in our digital environments. These measures aim to protect individuals as well as property, including physical assets (such as buildings, land, and goods) and other assets (such as intellectual property, digital environments, and IT systems).
In general, we rely on our legitimate interest in ensuring safety and security in the broadest sense for processing personal data in this context. In certain cases, we may also rely on legal obligations, for example where we are required to take specific measures under applicable laws and regulations.
2.12 Compliance and legal obligations
Where necessary, we process your personal data for compliance purposes. This means that when we are legally required, we will process your personal data to comply with our legal obligations. This is the case, for example, when we process your personal data to comply with our obligations under applicable legislation to prevent money laundering and the financing of terrorism.
Additionally, we may be required to process your data to comply with a request from a competent authority, such as a competent data protection authority. In such cases, too, we process your personal data to meet a legal obligation.
To the extent that we are not legally required to comply with government requests, or if we take the initiative to share certain information about you with competent authorities (e.g., when there are reasonable suspicions of an illegal act or crime linked to you), we rely on our legitimate interest in helping authorities prevent or investigate illegal activities, protecting our property in the broadest sense from misuse and illegal activities, and enforcing our own policies.
2.13 Fraud prevention, incidents and access management
We may process your personal data, such as identification and contact details, ticket and order information, information about your use of our ticketing and sales channels, and information and documentation you provide in this context (such as proof of identity, proof of residence, proof of payment or any other supporting documents necessary to verify compliance with our General Terms and Conditions), to prevent, detect and investigate fraud, ticket abuse and serious breaches of our General Terms and Conditions, and to manage measures such as temporary or permanent access bans.
For this processing, we rely on our legitimate interest in promoting safety and security of our events and services, preventing misuse and fraud, and enforcing our terms and conditions, in particular our strict zero-tolerance policy towards fraud and misuse of the sales process as described in our General Terms and Conditions, and where applicable, on the necessity to comply with legal obligations and to cooperate with competent authorities.
We may keep a record of access bans (a “blacklist”), including your identification data, the reason and duration of the ban, and, where relevant, information about the underlying incident or breach and the documentation collected in that context. This information is retained for up to 3 years after the end of the ban, unless a longer retention period is required by law or necessary to establish, exercise or defend legal claims.
2.14 Administration and organization of business activities
We believe it is important to continue growing in a creative and innovative manner. This means that we are constantly focused on further developing and expanding our business activities and strengthening our relationships with others. In addition to the purposes specified above, we therefore also process your personal data – albeit to a limited extent, meaning only when strictly necessary –to generally manage, organize, and develop our business activities.
This includes, for example, processing your personal data to ensure high-quality customer management, and approaching you as a supplier or partner to maintain our professional relationship. Furthermore, we may use your personal data to monitor compliance with our internal procedures and policies, for example in the context of audits and reporting, and to verify if they comply with applicable regulations. Where necessary, we may also use your personal data to inform relevant parties in the context of business transactions, such as a possible merger, acquisition, or reorganization.
For these data processing activities, we rely on our legitimate interest in conducting and organizing our business activities efficiently, enforcing our policies, and continually evaluating and improving our business processes to remain flexible and future-oriented as an organization.
3. How do we obtain your personal data
In most cases, we receive the personal data we process about you directly from you. This happens, for example, when you purchase a festival ticket, register to receive certain communications, or contact us for information or support.
However, there are situations where we receive your personal data from others. This can happen when someone else purchases a festival ticket for you or when we receive information about you from our partners, such as when purchasing a Global Journey package offered in collaboration with external parties.
In specific circumstances, we may also receive information about you from official authorities such as the police or other competent government bodies. This can occur in the context of legal obligations or during security incidents where your personal data is relevant.
4. How we keep your personal data
We retain your personal data for as long as necessary to achieve the purposes described in this Privacy Statement, or for as long as required or permitted by applicable laws and regulations. When determining the appropriate retention period, we take into account factors such as the purposes for which we process the data, the categories of personal data involved, and any legal, regulatory, accounting, tax, employment, or other obligations that require us to keep data for a certain minimum period.
Where the processing of your personal data is based on your consent, we will stop processing and, in principle, no longer retain your personal data once you withdraw your consent, unless another legal basis allows or requires us to continue to retain certain data (for example, for compliance with legal obligations or for the establishment, exercise, or defence of legal claims).
After the applicable retention period expires, or when the personal data is no longer necessary for the purposes for which it was collected, we will anonymise or delete your personal data. We may retain certain data for longer where there is an overriding legitimate interest for us or a third party in doing so, or where a legal obligation or judicial or administrative order prevents us from anonymising or deleting the data.
5. How we share your personal data with others
5.1 Recipients of your personal data
We ensure that access to your personal data is limited to those business units and persons hat need to process these data in order to achieve the above-mentioned purposes.
Even when we share your personal data with others, this is done exclusively for the same purposes. Possible recipients of your personal data include service providers, partners, advisors, and government authorities.
For example, we may share your data with external service providers who support us in our business operations, such as IT service providers, logistics companies, financial institutions, and mobility partners. These parties help us to manage our services and infrastructure that are essential for our day-to-day operations.
In addition, we may, but only with your explicit consent, share personal data about your lifestyle and interests with trusted partners that wish to send their own promotional communications. These partners act as independent data controllers.
We also work with various advisors, such as accountants, lawyers, and other professionals who assist us in protecting our interests or enforcing our rights. We may share your personal data with potential parties in the context of business transactions, such as a possible merger, acquisition, or reorganization.
In certain cases, we may share your personal data with courts and authorities where this is required by law or when it is necessary to protect our interests or safeguard our rights. We also share your personal data with government authorities when we are legally required to provide certain data, for example, to meet our tax or administrative obligations.
5.2 Transfer of personal data to other countries
We may transfer your personal data to recipients located outside Thailand, for example to other entities within our group or to external service providers that support our activities. Any such transfer will be carried out in accordance with the PDPA.
Where we send or transfer personal data to a foreign country, we will, where required, ensure that the destination country or international organization has an adequate personal data protection standard, and that the transfer is carried out in line with the rules issued by the Personal Data Protection Committee.
If the destination country or international organisation does not have an adequate personal data protection standard, we will only transfer your personal data where the transfer falls under one of the grounds permitted by the PDPA.
Where none of these mechanisms is available, we will not transfer your personal data unless and until we can implement suitable protection measures in line with the PDPA.
6. How we protect your personal data
We treat the personal data we process confidentially, and we protect it in accordance with applicable regulations and our internal policies and procedures for data security.
We use commercially reasonable efforts to ensure that your personal data is securely stored and protected against loss or unauthorized disclosure and use. However, you understand that security is an obligation of effort, not result, and that the outcome can never be guaranteed.
7. Your choices and rights
In accordance with the PDPA and other applicable Thai data protection laws, you have the following rights, subject to the conditions and limitations set out in those laws, in relation to our processing of your personal data:
- Right to withdraw consent: Where we rely on your consent, you may withdraw it at any time (without affecting processing that took place before withdrawal).
- Right of access: You may request access to, and a copy of, the personal data we hold about you.
- Right to data portability: In certain cases, you may receive your personal data in a commonly used, machine-readable format and have it transmitted to another controller.
- Right to rectification: You may request that inaccurate, incomplete, or misleading personal data be corrected or completed.
- Right to object: In the cases provided under the PDPA, you may object to our collection, use, or disclosure of your personal data, including for direct marketing.
- Right to erasure / anonymisation: In certain situations, you may request that we erase, destroy, or anonymise your personal data.
- Right to restriction of use: You may request that we restrict the use of your personal data instead of erasing it in specific circumstances.
- Right to lodge a complaint: You may lodge a complaint with the Office of the Personal Data Protection Committee in Thailand if you believe that our handling of your personal data infringes applicable law.
You can send your request to exercise the above rights by email to dataprotection@tomorrowlandthailand.com. In your request, please clearly indicate which right you wish to exercise and, where relevant, provide any information needed to help us identify the personal data concerned. We may ask you for additional information if we need to verify your identity or if your request is unclear. We will handle your request in accordance with the procedures and time limits prescribed by the PDPA and other applicable Thai laws.
Last updated: January 5, 2026
