Confidentiality Policy

PRIVACY POLICY PERSONAL DATA PROCESSING

1. General information

The privacy of your personal data is one of the main concerns of ARTEXIM institution (hereinafter the “Controller”). 

ARTEXIM is a public institution of the Ministry of Culture, organiser of the George Enescu Festival and the George Enescu International Competition (hereinafter referred to as the “Festival” and respectively the “Competition”). ARTEXIM is headquartered in Victoria Business Center, 155 Calea Victoriei, building D1, entrance 8, 2nd floor, Bucharest, Romania, code 010073.

ARTEXIM acts as controller of the personal data collected via the www.festivalenescu.ro  website (the “Site”). The Controller will manage safely and only for the specified purposes the personal data provided by the users of the Site.

This Privacy Policy is intended to inform you of the processing of the personal data you provide as a user of the Site.

2. Categories of personal data processed

The Controller processes your personal data that you provide in the context of using the Site.

In general, the Controller processes the following personal data: identification details (last name, first name), contact details (email address). 

The Controller’s servers will read the data that your equipment typically provides when you access the Site (such as the IP of the equipment you use in order to access the Site, the type of equipment, the browser used, or the time spent in various sections of the Site). 

3. Purposes of and basis for processing

The Controller processes your personal data for the purposes presented below: 

• Providing services the users are entitled to based on their tickets or subscriptions, in which case the basis for processing is the performance of the contract resulting from the purchase of the ticket or subscription. Moreover, the identification details, contact details and subscription or ticket numbers may be processed in order to prevent and investigate fraud, in which case the basis for processing is the Controller’s legitimate interest to avoid
  ticket- or subscription-related fraud in the organised events;
• Ensuring connection to the Site, the basis of the processing being the Controller’s legitimate interest to ensure the availability and safety of the Site;
• Providing information about the organisation of the Festival and the Competition, the basis of the processing being the Controller’s legitimate interest in informing the data subjects about the organisation and the progress of such events;
• Providing information on issues related to the organisation of the Competition or the Festival;
• Assessing the Controller’s products and services, based on the Controller’s legitimate interest in analysing the quality of its products and services, including the information posted on the Site. This processing is done on an aggregated basis and the Controller does not create individual user profiles;
• The Controller may use the contact details (email addresses) of the users for commercial purposes, in order to promote the Controllers’ and its partners’ products and services (e.g. through the Festival/Competition Newsletter/ General / Press), in case you have agreed to receive commercial messages from the Controller, or in case you did not object to receiving such messages when you purchased a ticket or subscription on the Site, as the case may be. You may also receive commercial messages from the Controller in case you have purchased tickets or subscriptions to the Festival or Competition from our authorised partners’ websites, provided that upon purchase, you have consented to receive such messages from the Festival and Competition organiser. Whatever the case, you can unsubscribe from commercial communications concerning the Controller’s or the Controller partners’ services and/or products by clicking “Unsubscribe” in any message sent by email;
• Registering the Competition participants and promoting the Competition and the Festival, the processing basis being the conclusion and performance of agreements with the Competition participants, respectively the Controller’s legitimate interest in promoting the organised events, by making public the participating artists’ data.

4. Duration of data processing

The Controller will process your personal data for a reasonable period of time, necessary to achieve the processing purposes mentioned above. Certain data may be retained longer, if necessary in order to investigate fraud.

If you withdraw your consent to the processing of data for commercial purposes, the Controller will stop processing your personal data for such purpose, but without affecting the processing the Controller carried out on the basis of your consent given previously to such withdrawal. You may withdraw your consent at any time, by sending an email to [email protected].

5. Disclosure of personal data

We store personal data on our servers in Romania, but we can also store it on cloud platforms operated by cloud service providers in the European Union. 

This data may be disclosed to the following categories of persons: Controller’s employees with right of access, the data subject, and other persons empowered to process the data in the name and on behalf of the Contoller.

The Controller may transmit your data to contractual partners for achieving the processing purposes provided above, but only on the basis of a confidendiality agreement on the part of such contractual partners, whereby they undertake that the data is kept secure and the provision of such data is made in accordance with the legislation in force (providers of marketing services, courier services, payment services,banking services, software maintenance or other services, insurers).

The Controller may communicate your personal data to public authorities, in accordance with the law. The data may also be disclosed to lawyers, accountants or any other external advisors contracted by the Controller.

The Controller will have the right to disclose your personal data whenever the law so requires, or whenever such disclosure is necessary in order to allow the exercise of a right provided for by law.

6. Social media – Sharing content via plugins (Facebook, Twitter, Instagram, YouTube, etc.)

The content on the Site can be shared on social networks such as Facebook, Twitter in ways that comply with the data protection rules. For this purpose, the website uses AddThis, a social media plugin. This tool will not make direct contact between the social networks and the users unless the user clicks one of these buttons. 

This tool does not automatically transfer user data to the operators of those platforms. If the user is connected to one of the social networks and uses the social buttons on Facebook, Twitter, etc., an information window will be displayed, where the user can confirm the text before clicking Send.

Our users can share the content of this Site on social media in ways that comply with the data protection rules, without allowing the operators of social networks to create complete browser profiles.

7. Cookies

This website uses cookies (very small-sized files that the Controller transmits to the Site users’ device). There are two main categories of cookies, namely strictly necessary (essential), and optional ones.

When Users visit the Site, they will be asked for consent to the placement of optional cookies on their device and for accessing them during the next visit to the Site.

Information on the deletion and control of cookies is available at www.aboutcookies.org. Deleting cookies or blocking eventual cookies may prevent access to certain areas or features of the Site. 

For more information on how these files are used, please go to the  Cookie Policy.

8. The rights you enjoy

Under the conditions laid down by legislation on personal data processing, in your capacity of data subjects you have the following rights:

• Right to information: you have the right to receive details concerning the processing activities carried out by the Controller, as described in this document;
• Right of access to data: you have the right to obtain the Controller’s confirmation of the personal data processing, as well as details of the processing activities such as how the data is processed, the purpose of the processing, the categories of personal data processed, the recipients or the categories of recipients of the data/third parties who have access to your data, the data retention period, your specific rights, etc. You can also request a free copy of the data we process;
• Right to rectification: you have the right to have the inaccurate or unjustified personal data rectified by the Controller and the incomplete data supplemented, including by providing us with additional relevant data;
• Right to deletion of data: you can ask us to delete your data, in one of the following situations:

• they are no longer necessary in relation to the purposes for which they were collected or processed;
• consent is withdrawn and there is no other legal basis for the processing;
• the data subject objects to the processing and no legitimate reasons are prevailing;
• personal data have been illegally processed;
• personal data must be deleted for compliance with a legal obligation; 
• personal data have been collected in connection with the provision of information society services under the EU or national law applicable to the Controller.

The Controller reserves the right to anonymise the data (depriving them of their personal character) subsequently to the data deletion request, and to thus continue the processing, for statistical purposes.

• Right to restriction: you may request that certain personal data be marked as restricted until  complaints over the accuracy, the updated nature of the data, the legality of data processing are resolved, and also in case although the Controller no longer needs the personal data, you request them for the establishment, exercise or defence of a claim in court; 
• Right to data portability: you have the right (i) to receive the provided personal data in a structured, commonly used and easy to read format, and (ii) that such data be transmitted by the Controller to another data controller, insofar as the conditions laid down by law are met;
• Right to object: you have the right to object at any time to the processing activities, for reasons relating to the particular situation you are in, unless the Controller can prove that it has compelling legitimate reasons that justify the processing and prevail over your interests, rights and freedoms, or the data are necessary for the establishment, exercise or defence of a claim in court;
• Right not to be subject to an individual automated decision: you have the right not to be subject to a decision which is based solely on automated processing, including profiling, likely to produce legal effects concerning the data subject, or similarly affecting the data subject to a significant extent. 

For any further questions on how your personal data are processed and for the exercise of your rights mentioned above, please contact us at the email address: [email protected].

• Right to lodge a complaint: you have the right to lodge complaint over the processing of your data with the National Supervisory Authority for Personal Data Processing (28-30 G-ral Gheorghe Magheru Boulevard, District 1, postal code 010336, Bucharest, Romania,  www.dataprotection.ro,  [email protected]); also, you may exercise with other relevant authorities any processing-related rights.