Effective date: 30 April 2026
Last updated: 30 April 2026
Applies to: infield.live and all subdomains operated by Höme für Festivals GmbH
1. Operator and Legal Entity
infield.live is operated by:
Höme für Festivals GmbH
c/o Bildau & Bussmann GmbH
Gerichtstrasse 23
13347 Berlin
Germany
- General contact: info@hoemepage.com
- Abuse contact: abuse@infield.live
- Data Protection Officer: PROLIANCE GmbH, Leopoldstr. 21, 80802 MĂĽnchen (datenschutzbeauftragter@datenschutzexperte.de)
We are a registered German limited liability company (GmbH) and operate under German and EU law, including the General Data Protection Regulation (GDPR), the German Telemedia Act (TMG), the German Act Against Unfair Competition (UWG), and the German Federal Data Protection Act (BDSG).
2. Purpose and Scope
infield.live is a ticketing platform for music festivals and live events. We sell event tickets to consumers and provide event organizers with tools to manage their events. We are not a marketing service, mailing list provider, or bulk email sender.
This Anti-Spam Policy describes:
- The categories of email we send and the consent basis for each;
- Our zero-tolerance approach to unsolicited bulk email (UBE) and unsolicited commercial email (UCE);
- Measures we take to prevent abuse of our domain, our platform, and our brand;
- How third parties can report abuse and what response they can expect.
This policy is binding on the operator, all employees, contractors, and partners involved in the operation of infield.live.
3. Definition of Spam
For the purpose of this policy, “spam” means any electronic message that is:
- Unsolicited, i.e. sent without the prior, verifiable consent of the recipient where such consent is required by law; and/or
- Bulk, i.e. sent as part of a larger collection of substantively identical messages; and/or
- Deceptive, i.e. containing false header information, misleading subject lines, or impersonating another sender.
We treat any violation of the GDPR (Art. 6, Art. 7), the German UWG (§ 7), or comparable laws governing electronic communication as spam.
4. Categories of Email We Send
infield.live sends only transactional email. We do not send marketing newsletters, promotional broadcasts, or bulk commercial mailings from this domain.
| Category | Trigger | Legal basis |
|---|---|---|
| Account confirmation (double opt-in) | User registers an account | Art. 6(1)(b) GDPR (contract initiation) |
| Password reset | User explicitly requests it | Art. 6(1)(b) GDPR |
| Ticket purchase confirmation | User completes a purchase | Art. 6(1)(b) GDPR (contract performance) |
| Ticket delivery and updates | Issued or updated ticket | Art. 6(1)(b) GDPR |
| Order- and event-related notifications (e.g. event cancellation, refund status) | Status change in user’s order | Art. 6(1)(b) GDPR |
| Customer support replies | User contacts our support | Art. 6(1)(b) and (f) GDPR |
Every transactional email is triggered by a specific, identifiable action of the recipient. We do not send unsolicited messages, do not import or purchase third-party email lists, and do not send messages to recipients who have not interacted with our service.
Promotional and editorial newsletters from the Höme group of companies are sent from a separate sending infrastructure operated via Intuit Mailchimp, on the basis of explicit double opt-in consent (Art. 6(1)(a) GDPR), and are not sent from the infield.live domain.
5. Consent and Verification
5.1 Double opt-in for account registration
All user accounts on infield.live are created using a verified double opt-in process: after submitting their email address, the user must click a confirmation link sent to that address before the account is activated. Unconfirmed registrations are automatically deleted within 24 hours.
5.2 No purchased or scraped lists
We do not buy, rent, scrape, harvest, or otherwise acquire email addresses from third parties. Every recipient of email from infield.live has provided their address directly to us as part of registering or purchasing a ticket.
5.3 No marketing without explicit opt-in
Where promotional content is offered (separate from infield.live transactional mail), it requires a separate, explicit, freely given, informed, and revocable opt-in in line with Art. 7 GDPR.
5.4 Easy revocation
Users may delete their account or revoke any consent at any time, at no cost, via their account settings or by emailing info@hoemepage.com.
6. Email Authentication and Sending Infrastructure
To prevent spoofing and impersonation of our domain, infield.live maintains:
- SPF (Sender Policy Framework) records for all authorized sending sources;
- DKIM (DomainKeys Identified Mail) signing for all outbound mail;
- DMARC (Domain-based Message Authentication, Reporting and Conformance) with aggregate reporting enabled. We currently operate DMARC in monitoring mode (
p=none) so that all legitimate sending sources can be identified and validated, and we are progressively tightening the policy towardsquarantineandrejectas that validation completes; - TLS encryption for outbound SMTP connections wherever supported by the receiving server.
Production systems are hosted on Amazon Web Services (AWS) infrastructure. Application errors and abuse signals are monitored via Sentry. Sending volumes, bounce rates, and complaint rates are monitored continuously; anomalies trigger investigation and, where necessary, automatic suspension of the affected sending source.
7. Anti-Abuse Measures on the Platform
Because SURBL and similar list operators may list a domain not only because of its own outbound mail but also because the domain appears as a link inside spam sent by third parties, we operate a layered set of platform-level controls.
7.1 Account abuse and sign-up bombing
- Double opt-in (see §5.1) prevents attackers from creating accounts under third-party email addresses without the recipient’s involvement.
- Registration endpoints are protected by Google reCAPTCHA and rate-limiting at the application layer.
- Repeated registration attempts from the same IP address or against the same email address are throttled and, on suspicion of abuse, blocked.
- Suspicious patterns (e.g. mass registrations from disposable-email providers) trigger automatic suspension and review.
7.2 User-generated content
infield.live includes user-facing features (event pages, magazine comments, profile fields). All user-submitted content:
- Is subject to our Terms of Service, which expressly prohibit posting spam, advertising, malware links, or content unrelated to events;
- Is monitored for known spam patterns and link-based abuse;
- Can be reported by any visitor via the channels described in §8;
- Is removed promptly when identified as spam, together with disabling of the responsible account.
7.3 Brand impersonation and phishing
We are not responsible for, and do not authorize, any email that is sent from third-party domains and merely impersonates infield.live or Höme. Where we become aware of phishing campaigns abusing our brand, we cooperate with hosting providers, registrars, and law enforcement to have the offending content removed and, where appropriate, file abuse reports against the originating infrastructure.
7.4 Compromised accounts
If an account is suspected of being compromised, we suspend it, invalidate active sessions, require a password reset, and notify the legitimate account holder.
8. Reporting Abuse
Anyone who believes that:
- They have received unsolicited email from or relating to infield.live;
- A link to infield.live has appeared in a spam, phishing, or malware campaign;
- An account on infield.live is being used to publish spam, scams, or unlawful content;
- The infield.live brand or domain is being impersonated;
is invited to contact us at:
To help us investigate, please include:
- Full message headers of the offending email (where available);
- The full URL or content reference being abused;
- The date and time of receipt or observation;
- Any other context that helps reproduce the issue.
Reports may be submitted in English or German. Anonymous reports are accepted and investigated.
9. Response and Remediation
We commit to the following service levels for confirmed abuse reports:
| Step | Target time |
|---|---|
| Acknowledgement of receipt | within 2 business days |
| Initial assessment and triage | within 5 business days |
| Remediation (content removal, account suspension, infrastructure block) | as soon as practicable, typically within 7 business days of confirmation |
| Closing reply to the reporter | upon completion |
Where remediation requires action by a third party (registrar, hosting provider, payment processor), we cooperate with that party and document the action taken.
Repeated or serious abuse leads to permanent account termination, retention of the relevant data for the period required to defend legal claims, and, where appropriate, referral to law enforcement.
10. Cooperation with Blocklist Operators
We cooperate constructively with reputable blocklist and reputation services, including but not limited to SURBL, Spamhaus, URIBL, and SpamCop. Where infield.live is listed, we:
- Investigate the underlying cause without delay;
- Remediate any abuse on our platform that may have contributed to the listing;
- Document the actions taken and submit a delisting request together with this policy and supporting evidence.
This Anti-Spam Policy is published at https://infield.live/spam-policy and is publicly accessible without authentication, so that blocklist operators and recipients can verify our practices at any time.
11. Compliance with Applicable Laws
We comply with, among others:
- Regulation (EU) 2016/679 (GDPR);
- Directive 2002/58/EC as amended (ePrivacy Directive);
- The German Telemedia Act (TMG) and the Telecommunications-Telemedia Data Protection Act (TTDSG);
- The German Act Against Unfair Competition (UWG), in particular § 7 on unsolicited commercial communication;
- The German Federal Data Protection Act (BDSG).
Where the laws of the recipient’s jurisdiction (e.g. CAN-SPAM in the United States, CASL in Canada) impose stricter requirements, we apply the stricter standard.
12. Internal Governance
This policy is owned by the management of Höme für Festivals GmbH. It is reviewed at least annually and whenever a material change to our sending practices, infrastructure, or applicable law occurs. Employees and contractors are required to follow this policy as part of their engagement with the company.
13. Revisions
| Version | Date | Change |
|---|---|---|
| 1.0 | 30 April 2026 | Initial publication |
14. Contact
For all matters relating to this Anti-Spam Policy:
Höme für Festivals GmbH
c/o Bildau & Bussmann GmbH
Gerichtstrasse 23
13347 Berlin
Germany
- Abuse: abuse@infield.live
- General: info@hoemepage.com
- Data protection: datenschutzbeauftragter@datenschutzexperte.de