Data Privacy Policy

The present Privacy Policy outlines the Festival’s commitments in terms of data protection; its procedures for collecting and processing the data of clients, internet users and service users; and the rights of these individuals.

1. WHO IS IN CHARGE OF PROCESSING MY PERSONAL DATA?

The data controller in charge of processing personal data for the Festival and of guaranteeeing that data protection legislation is respected—in particular, the French Data Protection Act of 6 January 1978 (“Loi Informatique et Libertés n° 78 du 6 janvier 1978 modifiée”), the French Trust in Digital Economy Act of 21 June 2004 (“Loi pour la Confiance et l'Économie Numérique n° 2004 – 575 du 21 juin 2004”) and the Regulation (EU) 2016/679 of 27 April 2016—is the Association pour le Festival International d’art lyrique et l’Académie Européenne de musique d’Aix-en-Provence, Palais de l’Ancien Archevêché, 13100 Aix-en-Provence, France.

2. THE FESTIVAL’S COMMITMENTS

The Festival agrees to collect your personal data according to the following conditions:

  • Only appropriate and relevant data will be collected, and will be limited to what is strictly necessary for the objectives of the data collection;
  • The Festival shall be transparent in terms of data collection and processing;
  • The Festival has implemented internal procedures both to raise employee awareness regarding data privacy and to provide security for the data it has collected, through the use of adapted technologies;
  • The Festival shall not collect any sensitive personal data; and
  • The Festival shall ensure, through its contracts, that all third-party data processors put in place the necessary technical and organisational security measures for your data (confidentiality, integrity and availability), and, more generally, that these contractors respect all legislation in force concerning data protection.

3. WHO HAS ACCESS TO MY PERSONAL DATA?

Only authorised members of the Festival, and potential third-party data processors (see Data Processing table), have access to your data.

However, in certain cases and when it is strictly necessary or is the result of a legal or regulatory obligation, the Festival may transmit some of your personal data, upon demand by the relevant authorities (in particular, URSSAF, the inspection du travail, statutory auditors, the revenue service, other administrative or judicial authorities as part of a court order, etc.).

4. WHERE IS MY PERSONAL DATA STORED?

Your personal data is stored within the European Union.

Only your browsing data may potentially be stored in the United States, in the context of its use, for measurement purposes, by the Google Analytics tool, which is owned by Google Inc. This data transfer outside of the European Union is governed by the Privacy Shield agreement, with which Google Inc. complies.

5. IN CASE OF RESTRUCTURING, WHAT WILL HAPPEN TO THE PERSONAL DATA COLLECTED?

In the event that the Festival is bought out by or merges with another association or company, or in case the Festival is restructured, your personal data may be transferred.

Your personal data will continue to be used in the same ways enumerated in our Data Privacy Policy.

6. WILL MY DATA BE USED FOR AUTOMATED INDIVIDUAL DECISIONS OR CUSTOMER PROFILING?

No.

7. WHAT ARE MY RIGHTS CONCERNING MY PERSONAL DATA?

As an individual, you have the following rights:

I. Right of access

You may ask us to disclose to you directly all of your personal data. This right of access allows you to verify the accuracy of the information and, as needed, rectify or delete it, in case the information is inaccurate or outdated.

II. Right to request rectification

You may ask us to rectify any inaccurate information concerning you. This right allows you to help us avoid disseminating or processing incorrect information concerning you.

III. Right to request erasure

You may ask us to erase your data for reasons as provided for by law.

IV. Right to object

You may object, with legitimate cause, to the distribution, transmission or retention of your personal data.

You may object, without cause, to receiving commercial communications from Festival entities.

V. Right to request the limitation of the amount of processing

This right allows you to request the temporary suspension of processing of your data for legitimate grounds as provided for by law.

VI. Right to request portability

You have the possibility of receiving a copy of the data that you have provided us, in a structured, commonly used and machine-readable format. You will thus have the possibility to store the data and/or easily transmit it from one information system to another, so that the data may be reused, thereby allowing you to retain control over the data.

VII. Postmortem rights

You have the possibility to define guidelines for all decisions taken regarding your personal data after your dath, in terms of retention, erasure and the communication of the data. You may modify or revoke these instructions concerning your data at any time.


 

ATTENTION: These rights are not absolute; you may exercise them as provided for by law and within the limit of these rights themselves.

In some cases, we may not be able to respond favourably to your request (due to legal obligation, in order to meet our commitments to you, etc.). If such is the case, we will communicate to you the reason or reasons for our refusal.
A copy of a valid form of ID will be required, and will be retained solely for the purposes of proof of the exercise of your rights and/or in compliance with any legal obligations.
For more information about your rights, consult the website of the CNIL, the national data protection authority for France:  https://www.cnil.fr/fr/comprendre-vos-droits (page in French).

What happens if I object to the processing of my personal data?

Some personal data is necessary for the fulfilment of the contract or for compliance with legal requirements. If you object to the processing of data or request that it be erased, we will contact you if your request is incompatible with those purposes.

How can I exercise my rights, and who should I contact?

You can contact the Festival’s data controller in charge of data protection at the following email address: donnees.personnelles@festival-aix.com.
Should you run into any difficulties, you can go directly to the CNIL website: https://www.cnil.fr/fr/plaintes (page in French).