Last updated: March 2023
1.1. UNDERSTANDING OF THIS POLICY
We are committed to protecting your privacy. This Policy explains how we collect and process your personal data when using our website as above described and what entitlements you have in this respect.
This Policy applies regardless of whether you access our website through your personal computer, mobile device, or any other means. For any questions, please contact us via email: email@example.com.
This Policy was prepared in accordance with the European Legislation on Personal Data (General Data Protection Regulation – Regulation 2016/679) (“the GDPR”).
1.2. DATA CONTROLLER
We are responsible for your personal data. Under our capacity as Data Controller, we define all the procedures, means and purposes of processing of personal data in accordance with the requirements of the GDPR.
1.3. JOINT DATA PROTECTION OFFICER AND RELATION WITH THE DATA CONTROLLER
In all cases where we enter into agreements with third party service providers or suppliers, such as those stated in clause 2.2. below, for the purpose of performing our services, all such parties are considered as “joint controllers”. The external service providers or suppliers will not receive or process your personal data unless the applicable law allows for such transfer and processing. In addition, we may delegate to third parties certain tasks on our behalf. In such cases, the third party becomes the “data processor”.
Under all circumstances however, we take all the appropriate measures to lawfully protect and process your personal information, by executing written agreements with explicit assignment of responsibilities when engaging other service providers or suppliers and using all appropriate safeguards to ensure the integrity and safety of your data in accordance with the requirements under GDPR.
In the case where we transfer personal data to countries or international organizations outside the EU/EEA, such transfers are based on the standard contractual clauses about data protection approved by the EU Commission and possibly approved under a national supervisory authority, thus ensuring a sufficient level of protection.
2. CATEGORIES AND USE OF YOUR DATA
2.1. We process your personal data when this is necessary and in accordance with the requirements under GDPR. Depending on the specific circumstances, the personal data we may process include the following categories:
- Information about your visits to and use of our website including your IP address, geographical location, browser type, referral source, length of visit and number of page views.
- Information relating to any transactions carried out between you and us on or in relation to this website.
- Information that you provide to us for the purpose of subscribing to our website services, email notifications and/or newsletters, including address, name, telephone number, email, purchasing history.
- Any other information that you choose to send to us.
2.2. When it is relevant, personal data is collected directly from you or from external sources. We may receive personal data about you if you use other websites we operate or the other services we provide. In this case you will be notified when we collected the data that it may be shared internally and combined with data collected on this site. We are also working closely with third parties (including, for example, business partners and/or associates, including arts organizations, event organizations, theatre and/or venue owners, online ticketing service companies and/or ticket webshops, sub-contractors in technical services and/or payment services and/or delivery services, online streaming and downloading services, advertising networks, analytics providers, search information providers, credit reference agencies and so on) and we may receive information about you from them.
2.3. If we need to collect more personal data than the above specified, we will inform you in advance.
3. COLLECTING PERSONAL DATA WITH COOKIES AND TYPES OF COOKIES THAT WE USE
3.1. By visiting and using our website, cookies are collected and used on the basis of consent. Information in these cookies include browser type, search terms on our website, search terms on other websites, IP address, location at login (hereinafter “Cookie data”).
3.2. Cookie data is used for improvement of the website and the user experience, to deliver our services, to prevent unauthorized logins, fraud, scams and illegal use of our website or services, as well as for customer support.
3.3. We use the following cookies:
- Strictly Necessary: These are required for the operation of our website i.e. they enable you to log into secure areas of our website.
- Analytical/Performance: These allow us to recognize and count the number of visitors and their behaviour and preferences when they use our website. This helps us improve the way our website works, by ensuring that users can easily find what they are looking for.
- Functionality: These are used to recognize you when you return to our website. This enables us to personalize our content for you and remember your preferences (i.e. choice of language, region, etc).
- Targeting: These record your visit to our website, the pages you have visited and the links you followed. This information is used to make our website more relevant to your interests.
3.4. If you wish to limit or decline the cookies placed on your computer when visiting our website you can do so at any time by changing your browser settings. However, you should be aware that if you decline or reject cookies it may impact the functionality of the website or you may not be able to access all or parts of our site. Any browser allows that you delete cookies collectively or individually. How this is done depends on the used browser. Remember to delete the cookies in all browsers if you use several different browsers.
4. EMBEDDED CONTENT FROM OTHER WEBSITES & THIRD-PARTY WEBSITES
5. PURPOSES FOR PROCESSING THE PERSONAL DATA
We only process your personal data for legitimate purposes i.e. when we have a legal basis to do so in accordance with the GDPR. Depending on the circumstances, the personal data is processed for the following purposes:
- To deliver our services to you.
- To administer and improve our services or website.
- To store personal data to comply with applicable legislation requirements.
- To send newsletters by e-mail, for which you have specifically provided consent.
- To improve your browsing experience by analysing and predicting your preferences.
- To give support and service messages, including answering questions and complaints and send updates about our services.
To prevent fraudulent behaviour or misuse of our services and website, including the processing of personal data for the purpose of legal actions.
6. DISCLOSURE OF PERSONAL DATA
We shall not assign, disclose, share, or transfer your personal information to any third person, organization or entity in a manner different from that described in this Policy. However, we reserve the right to disclose your personal information to third parties:
6.1. For compliance with any legal or regulatory obligation or judicial or official request to do so.
6.2. To cooperate with law enforcement agencies and to investigate and prosecute illegal activities, including but not limited to actual or suspected fraudulent or criminal activities.
6.3. We may share your personal data with courts, lawyers, or other parties where it is reasonably necessary for the establishment, exercise or to defend a legal or equitable claim, or in any alternative dispute resolution process.
6.4. We may share your personal data with companies providing services of money laundering checks, credit risk reduction and other fraud and crime prevention services.
6.5. We will not disclose your personal data to third parties outside the European Union, in countries where there is no secure data protection regime. However, if such a transfer of data is required, it will be done in accordance with the necessary safeguards laid down by the GDPR and following previous cooperation with the appropriate national supervisory authority for the protection of personal data.
7. TIME LIMIT OF DATA STORAGE
7.1. Your data will be stored for a certain time, with absolute respect to the purpose for which the data was collected, in accordance with the principles of data minimization and storage limitation.
7.2. Based on those principles, your data will be retained for as long as necessary to fulfill the permitted purposes. Once our business relationship expires or terminates, or should you no longer wish to receive any service from us, we will aim to erase all your personal data in a timely manner, subject to retaining your data to potentially assert or defend against legal claims for as long as the claims in question remain pending.
7.3. It should be noted that we align the retention of your data with possible variations resulting from the exercise of your rights to the protection of your personal data.
7.4. When determining the appropriate retention period, we examine the amount, nature and sensitivity of your personal information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process your data and whether we can achieve those purposes by other means, subject also to the applicable legal requirements.
7.5. We aim to limit the data retention period to a maximum of seven (7) years, unless the purpose for which we retain and process your data necessitates otherwise.
8. RIGHTS OF PROTECTING YOUR PERSONAL DATA
8.1. At any time while we maintain or process your data, you retain the following rights, and you may submit a request, such as:
- Right to information: You have the right to know that personal data are collected and processed.
- Right of access: You have the right to access the personal data we hold for you, and you may request a copy thereof, provided we process them in electronic form.
- Right to rectification: You have the right to correct inaccurate or incomplete data that we hold for you by presenting the necessary documentation for rectification.
- Right of erasure: You may request that the data we hold for you shall be deleted as a whole or partly, and we are obliged to satisfy your request in specific cases when the law allows us.
- Right to restriction of processing: You have the right to obtain from us restriction of processing with respect to certain conditions, such as where the accuracy of the personal data is contested, for a period enabling us to verify the accuracy of the personal data or where the processing is unlawful and there is pending verification as to the legitimate grounds that may override your rights.
- Right to data portability: You have the right to request that the data we hold for you, be transferred to another entity.
- Right to object: You have the right to object to the processing of your personal data, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
- Right to recall consent: You have the right to recall your consent to the processing of your data, without however affecting the legality of our processing prior to such withdrawal.
8.2. When you exercise any of your rights to object to our processing or request the deletion and/or restriction of processing, we will consider your request and ensure that your interests are properly balanced against our legitimate interests and whether it is still necessary to process your data for the permitted purpose for which they were collected.
8.3. We will evaluate your request and respond to you about its progress (approval, partial approval or rejection of a request), as soon as practically possible and in any case within ten (10) days of its submission.
8.4. If your requests are repeated or require disproportionate technical efforts or may affect the privacy of third parties, we may either reject them as unfounded or demand a reasonable administrative fee. In any case, the answers to your requests will be reasoned and communicated to you (either in printed format or electronically).
8.5. Before we can satisfy any of your requests, we may ask you to verify your identity or provide other details to help us identify you and respond to your request.
8.6. You have the right to submit a complaint directly to us via email: firstname.lastname@example.org or to the Personal Data Protection Commissioner Office supervisory authority.
9. UPDATING PERSONAL DATA
9.1. You may check, update, or delete some personal information.
9.2. We will comply with such requests unless we have a legal obligation or a legitimate interest in not deleting the data.
9.3. If any of the personal data you have provided us changes or if you become aware of inaccurate personal data we hold on you, please let us know at your earliest convenience via email: email@example.com.
10. DATA SECURITY
We shall take every necessary and appropriate technical and organizational measure in order not only to protect, keep confidential and secure your personal data, but also to prevent or minimize any risk of harm to them. Those measures are compatible with modern best practices and the requirements of European legislation. The methods of pseudonymization and cryptography are reported as typical examples. We also apply supplement methods to protect personal data, such as the creation of strong security codes, tracking and controlling operations under legal conditions, and strict adherence to a policy of confidentiality. All these actions are intended to prevent data misuse, unauthorized access or disclosure, loss, alteration, or destruction. Personal data may be kept on our personal data technology systems or in paper files.
11. ADVERTISING COMMUNICATIONS
Regarding advertisements or marketing related communications, we will only provide you with such material, where legally required, if you have freely and explicitly provided your consent to receive such material and you will also be provided with the option to withdraw your consent anytime you decide that you do not wish to receive further marketing-related communication from us. Under no circumstances will your personal information be used for taking any automated decisions or profiling, other than as described above.
Where you have expressly given us your consent, we may process your personal information for communicating with you through the means you have approved, to keep you up to date with industry related developments, announcements and other information about our services.
We reserve the right to update or change this Policy from time to time to reflect any changes in the legal requirements or on the way in which we process your personal data. Any updates or changes in this Policy will be communicated to you through our website or by mail or electronic communication, based on the communication means you have approved.
If at any time you believe we are not complying with the provisions established in this Policy, or if you have any other matter related to data protection, or wish to make a complaint, query or comment to us about our handling of your personal information, please contact us via email: firstname.lastname@example.org.
If you are not satisfied with our response, you may file your complaint with the appropriate Office of the Commissioner for Personal Data Protection of the Republic of Cyprus at:
Iasonos 1, 1082 Nicosia, Cyprus
P.O. Box 23378, 1682 Nicosia, Cyprus
Tel: +357 22 818 456
Fax: +357 22 304 565
We will not accept responsibility for any losses arising from any inaccurate, incomplete, deficient or inauthentic personal data that you provide to us.
If you provide personal data to us about someone else, you must ensure that you are entitled to collect, use and disclose that data to us and we shall not be held responsible for not taking any further steps in establishing your entitlement in this respect.