Data Privacy Policy | Festival d’Aix—en—Provence

The present Privacy Policy outlines the Festival’s commitments in terms of data protection; its procedures for collecting and processing the data of clients, internet users and service users; and the rights of these individuals.

WHO IS IN CHARGE OF PROCESSING MY PERSONAL DATA?

The data controller in charge of processing personal data for the Festival and of guaranteeeing that data protection legislation is respected—in particular, the French Data Protection Act of 6 January 1978 (“Loi Informatique et Libertés n° 78 du 6 janvier 1978 modifiée”), the French Trust in Digital Economy Act of 21 June 2004 (“Loi pour la Confiance et l'Économie Numérique n° 2004 – 575 du 21 juin 2004”) and the Regulation (EU) 2016/679 of 27 April 2016—is the Association pour le Festival International d’art lyrique et l’Académie Européenne de musique d’Aix-en-Provence, Palais de l’Ancien Archevêché, 13100 Aix-en-Provence, France.

THE FESTIVAL’S COMMITMENTS

The Festival agrees to collect your personal data according to the following conditions:

Only appropriate and relevant data will be collected, and will be limited to what is strictly necessary for the objectives of the data collection;
The Festival shall be transparent in terms of data collection and processing;
The Festival has implemented internal procedures both to raise employee awareness regarding data privacy and to provide security for the data it has collected, through the use of adapted technologies;
The Festival shall not collect any sensitive personal data; and
The Festival shall ensure, through its contracts, that all third-party data processors put in place the necessary technical and organisational security measures for your data (confidentiality, integrity and availability), and, more generally, that these contractors respect all legislation in force concerning data protection.

DATA PROCESSING

What data?	For what purposes is this data processed?	On what legal basis?	How long will the data be kept?	Is the data treated by a third party?
Data to subscribe to our newsletter: your email address	Data collection, data retention, and the transmission of information and commercial offers for the Festival and its partners. This data may be transmitted to Festival partners.	By subscribing to the newsletter, you consent to allow us to send you the corresponding service(s).	If you have already been a client of the Festival: this data will be kept for ten years from the date of our last contact. If you have never been a client and you choose to unsubscribe from our newsletter distribution list: your personal data will be deleted within one year of the date you unsubscribe.	Our distribution lists are managed by SecuTix. The SecuTix SA corporation declares that it “takes all constructive and appropriate precautions and measures, whether physical, logical, technical, functional, administrative or organisational, to maintain the security and confidentiality of data and to guarantee a level of security commensurate with the risks and in particular, to prevent them from becoming distorted, damaged or accessed by any unauthorised third party.”
Data collected during the purchasing process: contact details (full name, email address, sex, date of birth, postal code, town or city). Purchasing history. This data may be collected when you create an account in order to book your tickets on our online Sales Site (mandatory step to place an order)	Data collection; data retention; updating your data; and creation and management of your client account, allowing us to send you your order(s) and your invoice(s) and to obtain statistical information. Your contact details may be used to send you information and commercial offers concerning the Festival and its partners.	This data will be processed by the Festival in order to honour its contractual obligations.	This data will be kept for the duration of the contractual relationship. Due to accounting and legal requirements, the data will be kept for 10 years from the time it is collected.	The Festival uses SecuTix ticketing software. The SecuTix SA corporation declares that it “takes all constructive and appropriate precautions and measures, whether physical, logical, technical, functional, administrative or organisational, to maintain the security and confidentiality of data and to guarantee a level of security commensurate with the risks and in particular, to prevent them from becoming distorted, damaged or accessed by any unauthorised third party.”

What data?

For what purposes is this data processed?

On what legal basis?

How long will the data be kept?

Is the data treated by a third party?

Data to subscribe to our newsletter: your email address

Data collection, data retention, and the transmission of information and commercial offers for the Festival and its partners.
This data may be transmitted to Festival partners.

By subscribing to the newsletter, you consent to allow us to send you the corresponding service(s).

If you have already been a client of the Festival: this data will be kept for ten years from the date of our last contact.

If you have never been a client and you choose to unsubscribe from our newsletter distribution list: your personal data will be deleted within one year of the date you unsubscribe.

Our distribution lists are managed by SecuTix. The SecuTix SA corporation declares that it “takes all constructive and appropriate precautions and measures, whether physical, logical, technical, functional, administrative or organisational, to maintain the security and confidentiality of data and to guarantee a level of security commensurate with the risks and in particular, to prevent them from becoming distorted, damaged or accessed by any unauthorised third party.”

Data collected during the purchasing process: contact details (full name, email address, sex, date of birth, postal code, town or city).
Purchasing history.
This data may be collected when you create an account in order to book your tickets on our online Sales Site (mandatory step to place an order)

Data collection; data retention; updating your data; and creation and management of your client account, allowing us to send you your order(s) and your invoice(s) and to obtain statistical information.
Your contact details may be used to send you information and commercial offers concerning the Festival and its partners.

This data will be processed by the Festival in order to honour its contractual obligations.

This data will be kept for the duration of the contractual relationship.
Due to accounting and legal requirements, the data will be kept for 10 years from the time it is collected.

The Festival uses SecuTix ticketing software. The SecuTix SA corporation declares that it “takes all constructive and appropriate precautions and measures, whether physical, logical, technical, functional, administrative or organisational, to maintain the security and confidentiality of data and to guarantee a level of security commensurate with the risks and in particular, to prevent them from becoming distorted, damaged or accessed by any unauthorised third party.”

WHO HAS ACCESS TO MY PERSONAL DATA?

Only authorised members of the Festival, and potential third-party data processors (see Data Processing table), have access to your data.

However, in certain cases and when it is strictly necessary or is the result of a legal or regulatory obligation, the Festival may transmit some of your personal data, upon demand by the relevant authorities (in particular, URSSAF, the inspection du travail, statutory auditors, the revenue service, other administrative or judicial authorities as part of a court order, etc.).

WHERE IS MY PERSONAL DATA STORED?

Your personal data is stored within the European Union.

IN CASE OF RESTRUCTURING, WHAT WILL HAPPEN TO THE PERSONAL DATA COLLECTED?

In the event that the Festival is bought out by or merges with another association or company, or in case the Festival is restructured, your personal data may be transferred.

Your personal data will continue to be used in the same ways enumerated in our Data Privacy Policy.

WILL MY DATA BE USED FOR AUTOMATED INDIVIDUAL DECISIONS OR CUSTOMER PROFILING?

No.

WHAT ARE MY RIGHTS CONCERNING MY PERSONAL DATA?

As an individual, you have the following rights:

I. Right of access

You may ask us to disclose to you directly all of your personal data. This right of access allows you to verify the accuracy of the information and, as needed, rectify or delete it, in case the information is inaccurate or outdated.

II. Right to request rectification

You may ask us to rectify any inaccurate information concerning you. This right allows you to help us avoid disseminating or processing incorrect information concerning you.

III. Right to request erasure

You may ask us to erase your data for reasons as provided for by law.

IV. Right to object

You may object, with legitimate cause, to the distribution, transmission or retention of your personal data.

You may object, without cause, to receiving commercial communications from Festival entities.

V. Right to request the limitation of the amount of processing

This right allows you to request the temporary suspension of processing of your data for legitimate grounds as provided for by law.

VI. Right to request portability

You have the possibility of receiving a copy of the data that you have provided us, in a structured, commonly used and machine-readable format. You will thus have the possibility to store the data and/or easily transmit it from one information system to another, so that the data may be reused, thereby allowing you to retain control over the data.

VII. Postmortem rights

You have the possibility to define guidelines for all decisions taken regarding your personal data after your death, in terms of retention, erasure and the communication of the data. You may modify or revoke these instructions concerning your data at any time.

ATTENTION: These rights are not absolute; you may exercise them as provided for by law and within the limit of these rights themselves.

In some cases, we may not be able to respond favourably to your request (due to legal obligation, in order to meet our commitments to you, etc.). If such is the case, we will communicate to you the reason or reasons for our refusal.
A copy of a valid form of ID will be required, and will be retained solely for the purposes of proof of the exercise of your rights and/or in compliance with any legal obligations.
For more information about your rights, consult the website of the CNIL, the national data protection authority for France: https://www.cnil.fr/fr/comprendre-vos-droits (page in French).

WHAT HAPPENS IF I OBJECT TO THE PROCESSING OF MY PERSONAL DATA?

Some personal data is necessary for the fulfilment of the contract or for compliance with legal requirements. If you object to the processing of data or request that it be erased, we will contact you if your request is incompatible with those purposes.

HOW CAN I EXERCISE MY RIGHTS, AND WHO SHOULD I CONTACT?

You can contact the Festival’s data controller in charge of data protection at the following email address: donnees.personnelles@festival-aix.com.
Should you run into any difficulties, you can go directly to the CNIL website: https://www.cnil.fr/fr/plaintes (page in French).