Privacy Policy

Thank you for your interest in this site’s privacy policy. This policy contains information about how we process your personal data and about your rights under the General Data Protection Regulation (GDPR), Legea nr. 190/2018, which came into force in 2022.

References below to ‘we’ or ‘us’ refer to the operator of this website, Constanța International Competition, and any agent appointed by us, but do not include the owner and operator of the hardware and associated operating system on which the site is hosted. Our website and this privacy policy are provided under Romanian law.

Scope

The following privacy policy is valid only for this site: https://constantapianocompfest.com

Short summary of the policy

• By default, our web server processes your IP address. Processing your IP address is technically necessary to send our content to your client (i.e. computer, tablet, or phone).
• By default, we do not log your personal data.
• We do not track your browsing behaviour or anything else. We do not try to identify you. We do not collect statistics. We do not set any cookies beyond those which are strictly necessary to make the site function. We do not serve advertisements.
• To find out more about your legal rights under GDPR please visit the web site of the Autorităţii Naţionale de Supraveghere a Prelucrării Datelor cu Caracter Personal. The Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal is Romania’s authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals, stipulated mainly by art. 7 and 8 of the Charter of Fundamental Rights of the European Union, art. 16 of the Treaty on the Functioning of the European Union and of art. 8 of the European Convention for the Protection of Human Rights and Fundamental Freedoms

Contact us

Constanța International Competition is a legal person under private law, without patrimonial purpose. The server on which this site is currently hosted is physically located in Germany. If you have any questions or concerns about this policy, please use the contact page on this site to send a message to us.

Contents

• Definitions
• Embedded content
• Cookies
• Personal data we process
• Personal data third parties process for us
• Your rights
• Latest policy revision

Definitions

The GDPR includes a number of legal definitions. The most important definitions are:

‘Personal data’:

Personal data means information about a particular living individual. This might be anyone, including a customer, client, employee, partner, member, supporter, business contact, public official, or member of the public. It doesn’t need to be ‘private’ information – even information which is public knowledge or is about someone’s professional life can be personal data. It doesn’t cover truly anonymous information – but if you could still identify someone from the information, or by combining it with other information, it will still count as personal data.

‘Processing’:

Almost anything you do with data counts as processing; including collecting, recording, storing, using, analysing, combining, disclosing, or deleting it.

If we talk about ‘personal data’ in the following, we mean anything that can be used to identify you. Examples are your name, e-mail address, and IP address. When we talk about ‘processing personal data’ we mean any type of processing.

It may also be helpful to know something about cookies and local storage:

‘Cookies’:

Cookies are small text files which are sometimes placed on your computer when you visit a website. They are widely used in order to make websites work, or work more efficiently and securely, as well as to provide information to the operators of the site. They can also be used to target you with advertising as you move from site to site.

There are broadly two types of cookie: ‘persistent’ and ‘sessional’.

Sessional cookies are normally deleted automatically by your browser when you close it: they only remain during a single browsing session.

Persistent cookies are not deleted automatically, unless you have adjusted your browser to do so. They remain on your computer until they expire, which could be quite a long time (a year or more). Persistent cookies hold information which is passed back to servers and are widely used to track user behaviour.

Cookies of both kinds can be set by the website you are browsing, in which case they are ‘first party’ cookies; but they can also be set by other domains which are linked to the site you are browsing, for example through advertising or embedded content such as videos or social media feeds. These are ‘third party’ cookies and most modern browsers allow you to choose to block third-party cookies, which are often used for tracking.

Cookies are actually just one example of a much wider and rapidly developing area of the web, web storage (also known as DOM storage, where DOM stands for Document Object Model). Cookies can only hold a tiny amount of information, but other forms of web storage (which can also be sessional or persistent) allow for much more data to be stored on your computer (up to 1000 times more). When data is stored on your computer it is often called ‘local storage’.

You can manage web storage through your browser settings or through ‘extensions’ and ‘add-ons’ which are available to add to many browsers. Like cookies, web storage in general can be a positive thing, giving users real benefits, but there are also genuine concerns about things which are effectively happening behind your back and without any explanation or consent.

Embedded content

A few pages on this site may include embedded content (e.g. videos, images, articles, etc.), but currently only the home page does so. Embedded content from other websites behaves in exactly the same way as if the visitor had visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website. To understand the privacy issues around embedded content, you should also consult the privacy policies of the content providers.

Embedded content may be included on this site from:

• YouTube: see their privacy policy here
• Facebook: see their privacy policy here

Cookies

This site does not set cookies to collect information about how visitors use our site. We do not carry advertising or directly or indirectly gather or share marketing information or any other data about site users. We believe that this policy is an expression of our vision and values as a school community.

The site may set sessional cookies which help our hosting server work efficiently, and help the site operate effectively. These cookies will be deleted from your computer when you close your browser. If you choose to block these cookies, the site may not work properly.

When you first visit this site you are informed about how we use, and mostly don’t use, cookies and are invited to consent to cookies being set only to make the site work properly and efficiently for you: we use a persistent cookie to record the fact that you have read the cookie statement (ironically it’s the only way we can do this at the moment!). If you delete this cookie (called cookieconsent_status) you will see the cookie banner appear every time you visit this site. If you do not delete it, the cookie will expire after 365 days and the banner will then re-appear.

Personal data we process

IP address and user agent

When you visit our website, your IP address and user-agent are automatically processed by our web server. We automatically get this data from your client (e.g. your web browser). Our web server needs your IP address to send our content back to your client. By default, we do not process any other personal data from you.

Email data

If you use any contact or other form on the site to send a message to us, the information you provide is not currently held in a database, but it is stored and retained through our email service in order for us to reply to you. Your data is not otherwise processed, analysed, added to a mailing list, or shared with any third party. If you decide to contact us, you agree that we and our email provider may process your personal data (e.g. name, e-mail address) to answer your request. We do not use your e-mail address for marketing purposes, advertising, or tracking.

Personal data third parties process for us

This site is hosted on servers provided by Contabo GmbH, Aschauer Straße 32a, 81549 München, and for a full understanding of responsibilities under the GDPR you should also consult their privacy policy.

Web servers (and their associated processes such as firewalls) will record information about every particular client-side request to a log file. These log files are analysed to detect attack-like behaviour and to monitor and improve services. Log file entries will include at least the following personal data: your IP address and user-agent (browser), along with the resource requested and the time of the request. Both we and Contabo GmbH have a legitimate interest in retaining this information in order to detect and block attacks on the server and this site, and to improve our services. It is not straightforward to link these minimal details to any individual, and we would only attempt to do so if we believed a crime had been committed. For example, when we say ‘your IP address’, we log an IP address without knowing who is currently using it.

This site is also protected by a web application firewall which is provided for us by Defiant Inc. , 1700 Westlake Ave N Ste 200, Seattle, WA 98109 USA and you should consult their GDPR and privacy policy here. Defiant processes the following categories of information in connection with the firewall: visitor IP address, visitor proxy IP address, URL accessed, complete HTTP header, HTTP request body, and filename if malware detected. Both we and Defiant Inc. have a legitimate interest in retaining this information in order to detect and block attacks on this site. Defiant Inc. does not collect or otherwise process personally identifiable sensitive data as defined under the GDPR.

Constanța International Competition uses an email service provided by Gandi SAS, which operates under the law of France. The company address is 63-65 boulevard Massena Paris (75013) France. You can read about Gandi’s approach to GDPR compliance by following this link.

Your rights

Under the GDPR you have legal rights in respect of your personal data. Your rights include:

• The right to be informed if your personal data is being used
• The right to get copies of your data
• The right to get your data corrected
• The right to get your data deleted
• The right to limit how organisations use your data
• The right to get your personal data from an organisation in a way that is accessible
• The right to object to the use of your data
• The right to raise a concern

To find out more about your legal rights under GDPR please visit the web site of the Autorităţii Naţionale de Supraveghere a Prelucrării Datelor cu Caracter Personal.

Latest policy revision

We most recently updated this policy on 1 September 2023