Privacy Policy (GDPR)

First and foremost, we process the data you choose to provide to us when you contact us. Typically, this may include your first and last name, email address, and phone number, and, depending on the nature of your request, details about the event—such as the type of event, date, location, artistic preferences, or certain organizational constraints—only to the extent necessary to understand your request and respond appropriately.

If, at any point, you wish to receive updates or news from us, we will use your email address and communication preferences solely on the basis of your consent. Consent may be withdrawn at any time, easily, either by sending us a message or by using the unsubscribe option where available, without affecting the lawfulness of communications sent prior to withdrawal.

For your protection, we kindly ask that you do not transmit sensitive data or confidential information that is not necessary for discussions related to an event via the website forms or email.

In addition, as is the case with most websites, certain technical data may be collected automatically when you visit our pages, strictly related to functionality and security. This may include information about the device and browser used, operating system, pages accessed, date and time of access, and similar technical logs. In certain situations, depending on the configuration of the services used, the IP address may also be processed, generally for security purposes and the proper functioning of the website.

The website may also use cookies and similar technologies. Some cookies are strictly necessary for operation, while others may relate to preferences, statistics, or marketing, depending on the options you express through the available consent mechanisms.

We process your personal data primarily in order to manage contact requests and communicate effectively. When you contact us for an offer, availability, event details, or any questions related to the project, we use the information provided to respond, clarify details, and, where applicable, carry out pre-contractual steps or perform a contract.

From a legal perspective, this processing is based, as applicable, on steps taken at your request prior to entering into a contract and/or the performance of a contract (Article 6(1)(b) GDPR), and where necessary for the proper management of correspondence and protection of our activity, on the legitimate interest of the controller (Article 6(1)(f) GDPR).

To ensure that the website operates securely and reliably, we also process certain technical data strictly for administration and security purposes, such as preventing unauthorized access, limiting fraud risks, diagnosing errors, and improving the browsing experience. In these cases, the legal basis is our legitimate interest (Article 6(1)(f) GDPR) in ensuring the functionality and security of the platform.

Where non-essential cookies are used on the website (for example, for advanced analytics or marketing), these will only be used if you give your consent, the legal basis being consent (Article 6(1)(a) GDPR), in accordance with the applicable rules on cookies and similar technologies.

We do not use your data to make decisions based solely on automated processing that produce legal effects or similarly significantly affect you. As a rule, we do not carry out profiling in the sense of automated evaluation with significant impact; any traffic analysis tools used generate only statistical indicators with a strictly technical role, aimed at understanding how the website is used and improving the user experience, within the limits of your expressed preferences.

In certain situations, processing may also be necessary to comply with legal obligations, based on Article 6(1)(c) GDPR. Additionally, when necessary to defend our rights, manage potential disputes, or respond to requests from authorities, processing may be carried out based on legitimate interest (Article 6(1)(f) GDPR) or legal obligation, as applicable.

In our relationships with service providers, we ensure that access to data is minimal and justified, and that the contractual framework includes confidentiality obligations and security measures proportionate to the nature of the services provided.

We do not sell or “rent” your data. Inevitably, for the operation of the website and the conduct of our activity, certain data may be shared strictly as necessary with technical service providers. These providers may act as processors within the meaning of Article 28 GDPR, and their processing is governed by appropriate contractual arrangements, which typically include confidentiality and security clauses.

In justified situations, we may disclose data to professional advisers solely for legitimate purposes, such as compliance with legal obligations or the defense of rights. We may also disclose data to public authorities only where there is a legal obligation or a valid request, and strictly within the limits imposed by applicable law.

As a rule, data is processed within the European Economic Area. If, due to the nature of the technical services used, transfers outside the EEA were to occur, we would rely on appropriate safeguards recognized by law—such as standard contractual clauses and, where necessary, supplementary measures—with the aim of ensuring a level of protection consistent with applicable requirements.

We retain data only for as long as necessary for the purposes described and, in any case, no longer than required by applicable law. Correspondence and contact requests are generally retained for the time necessary to resolve the request, and where a contractual relationship takes shape, also to reasonably document the pre-contractual stage and contract performance.

In certain situations, retention may be extended where there are legal obligations or where it is necessary for the establishment, exercise, or defense of rights.

Technical data and security logs are retained for reasonable periods, primarily for security and diagnostic purposes, after which they are deleted or anonymized, as applicable. Cookie durations depend on their type and on your expressed preferences; you may change your options at any time using the tools provided.

Cookies are small files that the website may store on your device, via your browser, to ensure a stable and consistent browsing experience. Some cookies are strictly necessary for the technical operation of the website, while others may help us understand how the site is used—these latter cookies are activated only if you provide your consent.

You can manage your options at any time through the “Privacy Preference Center” available on the website and/or through your browser settings, noting that disabling essential cookies may affect certain functionalities. For further details, please also consult the Cookie Policy published on the website.

The General Data Protection Regulation grants you a set of rights designed to give you real and effective control over how your data is used. You have the right to know whether and to what extent your personal data is processed and to obtain access to it, as well as the right to request rectification of inaccurate or incomplete data.

In the situations provided by law, you may request the erasure of data or the restriction of processing where the data is no longer necessary for the purposes for which it was collected, where processing no longer has a valid legal basis, or where you consider that its use exceeds the declared purpose, under the conditions of the GDPR.

Where processing is based on consent or on the performance of a contract and is carried out by automated means, you also have the right to receive the data in a structured, commonly used format and to request its transmission to another controller, insofar as this is technically feasible. You have the right to object, on grounds relating to your particular situation, to processing based on our legitimate interest; where marketing communications are concerned, your objection will take effect without undue delay.

Furthermore, where processing is based on consent, you may withdraw it at any time, without affecting the lawfulness of processing carried out prior to withdrawal.

These rights may be exercised by sending a request to contact@soprano-resonance.ro , and we will respond in accordance with the time limits and conditions set out by law, with due regard for the balance between your rights and our legal obligations.

If you believe that your rights have been infringed, you have the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP). The authority’s contact details are as follows: National Supervisory Authority for Personal Data Processing, Address: 28–30 General Gheorghe Magheru Blvd., Sector 1, postal code 010336, Bucharest, Romania, Phone: +40.318.059.211 / +40.318.059.212, Email: anspdcp@dataprotection.ro

To help us quickly identify requests related to personal data, please include in the subject line references such as “GDPR,” “personal data,” or “privacy.” We will generally respond within one month of receiving the request. If the request is complex or involves extensive verification, this period may be extended by up to two additional months, in accordance with the GDPR, in which case we will inform you accordingly. Where requests are manifestly unfounded or excessive, the GDPR allows us, as applicable, either to charge a reasonable fee to cover administrative costs or to refuse the request, providing appropriate justification.

The website may contain links to third-party platforms and may sometimes integrate content from social networks or video platforms. When you choose to access these services, your data may be processed directly by the respective third parties, in accordance with their own policies and terms. We do not control such processing and therefore recommend that you consult the privacy policies of those providers before using their services.

We implement appropriate technical and organizational measures to protect data against unauthorized access, loss, destruction, or alteration. Access to data is limited to those who need it for the purposes described, and in our relationships with service providers involved in operating the services, we seek a contractual and operational framework that includes reasonable confidentiality and security requirements. However, no system can guarantee absolute security. Should a relevant incident occur, we will act in accordance with applicable legal obligations.

The website is not intended for minors, and we do not knowingly collect data from minors. If you are a parent or legal guardian and believe that a minor has provided us with data, please contact us so that we can verify the situation and take the necessary measures, including data deletion, where appropriate, as promptly as possible.

We may update this Policy whenever necessary to reflect legislative, technical, or operational changes. The applicable version is the one published on the website, as indicated by the date in the header, and it takes effect from the time of publication. To stay informed about how we process data, we encourage you to review this page periodically, especially when using the website after an update.

For questions, clarifications, or requests regarding privacy and the exercise of your rights, you may contact us at any time at contact@soprano-resonance.ro .