Bresh Global

Last updated · July 2026

Privacy Policy

Bresh is committed to the protection of personal data and to compliance with the data protection legislation applicable in the Data Subject's country of residence, including, where applicable, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the “GDPR”) and any other applicable European legislation, as well as Law No. 25,326 of the Argentine Republic, the Federal Law on Protection of Personal Data Held by Private Parties of the United Mexican States, and Law No. 18,331 of the Oriental Republic of Uruguay (together, the “Applicable Data Protection Legislation”).

This Privacy Policy (the “Policy”) sets forth the categories of personal data collected by Bresh through the website bresh.com (the “Site”), the manner in which such data is processed, and the rights available to the Data Subject in connection therewith.

1. Data Controller

1.1. The controller responsible for the processing of personal data (“Personal Data”) collected through the Site is Bresh International Operation LLC, a company duly organized and existing under the laws of the State of Delaware, United States, a subsidiary of Bresh Global LLC (together, “Bresh,” “we” or the “Controller”). For purposes of this Policy, any individual who accesses the Site and whose Personal Data is processed shall be referred to as the “Data Subject” or “you.”

1.2. Notwithstanding the foregoing, please note that Bresh does not manage, process or administer, directly or indirectly, the sale of tickets or the registration of attendees for events organized under the Bresh brand through the Site. Accordingly, when the Data Subject purchases a ticket or registers to attend a Bresh event, such processing of Personal Data shall be carried out by the relevant venue, local promoter or ticketing platform, who shall act as independent and autonomous data controllers with respect to Bresh, it being the Data Subject's responsibility to review such third party's own privacy policy prior to disclosing their Personal Data.

1.3. Your Personal Data may be disclosed, to the extent necessary for the purposes described in this Policy, to affiliated companies and/or subsidiaries forming part of the Bresh Group in the various jurisdictions in which it operates (including, without limitation, Argentina, Spain, Mexico and Uruguay), which may act as processors or joint controllers, as applicable.

2. Personal Data We Collect and How

2.1. Through the Site, Bresh collects and processes exclusively the following categories of Personal Data, without requiring the registration of a user account or the creation of a profile:

(a) Identification and contact data: name, email address and the content of the message submitted by the Data Subject, when the Data Subject completes the contact form available on the Site.

(b) Navigation data: IP address, device and browser type, pages visited, and other information collected through the use of cookies and web analytics tools, subject, where required by applicable law, to the Data Subject's prior consent.

2.2. Bresh expressly states that it does not collect payment data, does not create user accounts on the Site, and does not process Personal Data relating to the purchase of tickets, as such activities are carried out entirely by third parties unrelated to Bresh, as described in Clause 1.2.

3. Source of Personal Data

3.1. Bresh collects Personal Data directly from the Data Subject solely in the following circumstances:

(a) When the Data Subject completes the Site's contact form; and/or

(b) When the Data Subject browses the Site, through the use of cookies and similar technologies, subject to the consent referred to in Clause 2.1(b).

3.2. Bresh does not indirectly collect Personal Data through third parties unrelated to the Bresh Group, except with the Data Subject's prior express authorization.

4. Purposes of Processing and Legal Bases

4.1. Bresh shall only process the Data Subject's Personal Data where a valid legal basis exists therefor, in accordance with the Applicable Data Protection Legislation. The purposes for which Bresh processes Personal Data, together with the corresponding legal basis, are set forth below.

4.2. Bresh processes Personal Data submitted through the contact form for the purpose of responding to the inquiries raised therein. The legal basis for such processing is the legitimate interest of the Controller (Art. 6.1.f GDPR) in addressing the requests received through the Site and, in jurisdictions requiring it, the consent of the Data Subject granted upon submission of the form.

4.3. Bresh processes navigation data collected through cookies and web analytics tools for the purpose of analyzing the use of the Site and improving its content and functionality. The legal basis for such processing is the consent of the Data Subject to the installation of non-essential cookies, in accordance with Art. 6.1.a of the GDPR and Art. 22 of the LSSI, where applicable, as further described in the Cookie Policy.

4.4. Bresh processes Personal Data for the purpose of ensuring the technical security of the Site and preventing its misuse. The legal basis for such processing is the legitimate interest of the Controller (Art. 6.1.f GDPR).

4.5. Bresh processes Personal Data to the extent necessary to comply with applicable legal obligations to which it is subject. The legal basis for such processing is compliance with a legal obligation (Art. 6.1.c GDPR).

4.6. In all of the foregoing cases, the entity acting as Controller is Bresh International Operation LLC.

4.7. Bresh shall under no circumstances process the Data Subject's Personal Data on the basis of the performance of a contract, as the Site neither enters into contracts with, nor processes any transaction on behalf of, Data Subjects.

4.8. The specific references to Article 6.1 of the GDPR set forth in Clauses 4.2 through 4.5 above are provided for the purpose of identifying the applicable legal basis with respect to Data Subjects located in the European Union. With respect to Data Subjects located in Argentina, Mexico, Uruguay, or any other jurisdiction whose data protection legislation does not incorporate the specific categories set forth in Article 6.1 of the GDPR, Bresh shall process Personal Data on the basis of the legal ground recognized as equivalent under the data protection legislation applicable to such jurisdiction, it being understood that the underlying purposes and rationale described in Clauses 4.2 through 4.5 remain the same regardless of the Data Subject's jurisdiction of residence.

5. Disclosure of Personal Data to Third Parties

5.1. Bresh may disclose the Data Subject's Personal Data to:

(a) Affiliated companies and/or subsidiaries of the Bresh Group, for purposes of administrative coordination and global communications, as set forth in Clause 1.3;

(b) Providers that render services to Bresh necessary for the operation of the Site, including, without limitation, hosting services and web analytics tools, who shall act subject to the corresponding confidentiality and data processing agreements; and

(c) Public, administrative or judicial authorities, where required by applicable law or for reasons of public order.

5.2. Bresh expressly states that it does not disclose Personal Data to payment processors or ticketing platforms, as the Site does not manage such transactions. Accordingly, where the Data Subject purchases a ticket through a third party, such third party shall act as an independent controller with respect to the Personal Data directly provided to it.

5.3. In the event of a corporate reorganization, merger, spin-off, acquisition, or total or partial sale of Bresh, Bresh may transfer the Data Subject's Personal Data to the resulting entity, on the basis of the Controller's legitimate interest.

6. Security Measures

6.1. Bresh implements reasonable and appropriate technical and organizational measures to safeguard the security of Personal Data, taking into account the risks inherent in the processing activities carried out, including, without limitation, restricted access controls, encryption, and periodic security assessments.

7. International Data Transfers

7.1. As Bresh International Operation LLC is incorporated in the United States of America and operates jointly with affiliated companies located in various jurisdictions (including, without limitation, Argentina, Spain, Mexico and Uruguay), the Data Subject's Personal Data may be subject to international transfer outside the Data Subject's country or region of residence, including outside the European Economic Area in the case of Data Subjects domiciled in Spain.

7.2. In such cases, Bresh shall adopt the safeguards required by applicable law, such as standard contractual clauses or other recognized mechanisms, to ensure that the transferred Personal Data receives an adequate and equivalent level of protection.

8. Retention Period

8.1. Personal Data collected through the contact form shall be retained for the period strictly necessary to address the relevant inquiry and, thereafter, for such additional reasonable period as may be necessary for internal control purposes or compliance with legal obligations, following which it shall be deleted or anonymized.

9. Protection of Minors' Data

9.1. The Site is designed and intended for a general audience, and its content is not specifically directed at minors.

9.2. Should Bresh become aware that a minor has provided Personal Data through the contact form without the due authorization of their parents or legal guardians, please notify us at legalteam@bresh.com so that Bresh may delete such Personal Data as promptly as reasonably possible.

9.3. Events organized under the Bresh brand may be subject to their own age restrictions, which shall be communicated by the organizer or the relevant ticketing platform.

10. Data Subject Rights

10.1. In accordance with the data protection legislation applicable in your jurisdiction of residence, you may have the right to:

(a) withdraw your consent at any time;

(b) access your Personal Data;

(c) request the rectification of any Personal Data that is inaccurate or incomplete;

(d) request the erasure of your Personal Data, in the circumstances provided for under applicable law;

(e) request the restriction of the processing of your Personal Data;

(f) object to processing based on the Controller's legitimate interest; and

(g) request the portability of the Personal Data you have provided.

10.2. The exercise of the foregoing rights shall not entail any cost to the Data Subject, except in cases of manifestly unfounded, excessive or repetitive requests, in which case Bresh may charge a reasonable fee to the extent permitted by applicable law. Bresh shall respond within the time limits required under the law applicable to each case.

10.3. Notwithstanding the foregoing, the Data Subject shall have the right to lodge a complaint with the competent supervisory authority in their jurisdiction of residence (by way of example, the Spanish Data Protection Agency in Spain, the Agency for Access to Public Information in Argentina, the Secretariat of Anti-Corruption and Good Governance (Secretaría Anticorrupción y Buen Gobierno) in Mexico, or the Regulatory and Data Protection Control Unit in Uruguay), it being requested that, prior to lodging any such complaint, the Data Subject contact Bresh to seek an amicable resolution of the matter raised.

11. Contact

11.1. Any communication relating to this Policy, as well as the exercise of the rights set forth in Clauses 10, shall be directed to Bresh by email at legalteam@bresh.com.

12. Validity and Amendment of this Policy

12.1. Bresh reserves the right to amend this Policy at any time, with the date of the last update reflected in the header of this document.

12.2. Should Bresh make any material changes to the manner in which it collects, processes or discloses the Data Subject's Personal Data, Bresh shall endeavor to provide notice prior to such changes taking effect, for example, by posting a prominent notice on the Site.

12.3. The Data Subject is encouraged to periodically review this Policy in order to stay informed of Bresh's practices regarding the protection of Personal Data.