logo

Privacy & Policy

Privacy & Policy

PRIVACY POLICY

EVENT: NEVERSEA FESTIVAL

ORGANISER: NEVERSEA S.R.L

LOCATION: Constanta city, Constanta county, Romania
 

1. Introduction

1.1 Privacy of personal data represents one of the main concerns for the organising company. As such, we aspire to provide the highest standards of privacy and transparency for the personal data we’re processing in our current activity.

1.2 Since in carrying out the activity it is necessary to process a series of personal data with predilection in relation to the specifics of our object of activity, we want to offer assurances that the processing will take place in compliance with the principles underlying the processing of personal data. This privacy policy is intended to help you understand what data we collect, why we collect it and what we do with it.

2. Information on data controllership

2.1 The organising entity of the Neversea Festival is NEVERSEA SRL, a Romanian company, established Cluj-Napoca city, Eremia Grigorescu street, no. 122A, Cluj county, registered with the Trade Register under no. J12/183/2017, VAT number: 36944344 (hereinafter referred to as "Controller" or "us"). NEVERSEA SRL acts as operator of personal data collected through the www.neversea.com website (the "website”), the NEVERSEA App, the online and on-site check-in system, the means of video monitoring and photo and video image capture within the Festival by persons authorised by NEVERSEA. 

2.2 The operator is required to manage the personal data safely and solely for specified purposes.

3. What kind of data is processed, the purpose of processing and the storage period for and the legal basis for processing for each category of data?

3.1.1. For the purpose of creating and accessing an account on the www.neversea.com website, in the Neversea application and/or on external Neversea platforms (Extasy).

  1. What data do we process? The phone number and the set of cryptographic hash values ​​(generated by applying the PBKDF2 encryption algorithm) related to the password set by the user so that he can log into his account.
  2. Storage period: We will store this data for as long as you have an account on the Neversea website/app. We specify that to the extent that there is no request for anonymization of these data on [email protected], they will be anonymized within 5 years at most from the last use of the account.
  3. Legal basis for processing: Art. 6 (1) letter b) - the processing is necessary for the execution of a contract to which the data subject is a party or to take steps at the request of the data subject before concluding a contract.

3.1.2. For the purpose of purchasing an Neversea product or service.

  1. What data do we process? Name, surname, e-mail, phone, country, town, address.
  2. Storage period: Until the end of the general prescription period of 3 years from the completion of the edition in which the ticket was bought or the edition about which the respective problem was reported.
  3. Legal basis for processing: Art. 6 (1) letter b) - the processing is necessary for the execution of a contract to which the data subject is a party or to take steps at the request of the data subject before concluding a contract.

3.1.3. For the purpose of returning purchased products or solving a problem addressed to us.

  1. What data do we process? Name, surname, e-mail, telephone number, IBAN and name of the account holder, as well as other information provided by e-mail or on other platforms to describe the problem.
  2. Storage period: Until the end of the general prescription period of 3 years from the completion of the edition in which the ticket was bought or the edition about which the respective problem was reported.
  3. Legal basis for processing: Art. 6 (1) letter b) - the processing is necessary for the execution of a contract to which the data subject is a party or to take steps at the request of the data subject before concluding a contract.

3.1.4. During the CHECK-IN process:

3.1.4.1 In order to ensure access to the perimeter of the festival and to provide the services to which the participant is entitled based on the ticket, to inform about the aspects related to the organisation and conduct of the event or any other offers and announcements related to the purchased product, to prevent fraud , abusive use and to check the validity of the ticket or subscription.

  1. What data do we process? Name, surname, e-mail, phone number, profile photo (except for minors under 18) and ticket / wristband number for access to the festival.
  2. Storage period: The profile picture will be deleted within 20 days after the end of the Festival. The other data will be anonymized within 3 years from the last edition in which the person concerned participated in the Festival, if this was not previously requested.
  3. Legal basis for processing: Art. 6 (1) letter b) - the processing is necessary for the execution of a contract to which the data subject is a party or to take steps at the request of the data subject before concluding a contract.

3.1.4.2. For internal purposes only, to carry out reports and surveys, organise access areas, create campaigns and dedicated activities, to respond to a request from public authorities, for complaints or complaints.

  1. What data do we process? Sex, country, city, county, date of birth.
  2. Storage period: These data are kept in the Organizer's archive without being associated with a natural person following the irreversible anonymization of personal data.
  3. Legal basis for processing: Art. 6 (a) letter f) the processing is necessary for the purposes of the legitimate interests pursued by the operator or a third party.

3.1.5. For marketing purposes:

3.1.5.1. For commercial purposes promoting Neversea products and services.

  1. What data do we process? Name, surname, email address, phone number.
  2. Storage period: Data will be anonymized upon withdrawal of consent or within 4 years at most if the data subject no longer reacts to any commercial message.
  3. Legal basis for processing: Art. 6 (a) letter f) the processing is necessary for the purposes of the legitimate interests pursued by the operator or a third party.

3.1.5.2. For the purpose of subscribing to the Neversea Newsletter with the consent of the data subject.

  1. What data do we process? Email address.
  2. Storage period: Until unsubscribe or withdrawal of consent.
  3. Legal basis for processing: Art. 6 (1) (a) the data subject has given his consent for the processing of his personal data for one or more specific purposes.

3.1.5.3. In order to carry out surveys to improve the quality of the services we offer, telephone calls may be recorded with the consent of the person concerned.

  1. What data do we process? Voice of the subject.
  2. Storage period: Recorded calls will be deleted within 30 days from the time of recording.
  3. Legal basis for processing: Art. 6 (1) (a) the data subject has given his consent for the processing of his personal data for one or more specific purposes.

3.1.6. In the REGISTER CAMPAIGN:

3.1.6.1. For the purpose of registering in the Register Campaign where the persons concerned register in a community where they receive recurring information about the latest promotions, campaigns, announcements, sales of tickets at a promotional price at the Neversea Festival editions.

  1. What data do we process? Name, surname, email address, phone number.
  2. Storage period: Data will be anonymized upon withdrawal of consent or at most within 4 years from the last edition in which the person registered for the campaign. If the persons concerned bought a Ticket in this campaign, their personal data will be processed from this step forward in order to be able to ensure the purchased services and access to the Festival.
  3. Legal basis for processing: Art. 6 (1) letter b - the processing is necessary for the execution of a contract to which the data subject is a party or to take steps at the request of the data subject before concluding a contract.

3.1.6.2. For internal purposes only for making reports and surveys, organising artistic moments, creating the concept of the annual event, creating campaigns and dedicated activities.

  1. What data do we process? Sex, country, county, date of birth.
  2. Storage period: These data are kept in the Organizer's archive without being associated with a natural person following the irreversible anonymization of personal data.
  3. Legal basis for processing: Art. 6 (a) letter f - the processing is necessary for the purposes of the legitimate interests pursued by the operator or a third party.

3.1.7. In order to ensure the security of goods, premises and people, video monitoring means are used in the perimeter of the festival.

  1. What data do we process? Image of visitors from the event.
  2. Storage period: 20 days. Some data may be retained for a longer period if the retention is necessary for the investigation of fraud, for the defence of the rights in court of any of the Parties or in situations where it is necessary to comply with the requests made by the competent authorities.
  3. Legal basis for processing: Art. 6 (a) letter f - the processing is necessary for the purposes of the legitimate interests pursued by the operator or a third party.

3.1.8. To take photographs and videos during the event, subsequently used for journalistic, informational, commercial, marketing and promotion purposes of the event, Neversea products and services or adjacent products and services, in its own name by Neversea or by any partner or sponsor of the Neversea Festival, as well as for the purpose of making NFT (Non-fungible token) and trading them on the relevant market.

  1. What data do we process? Image of visitors from the event.
  2. Storage period: Until the deletion request from the data subject or no more than 15 years from the time of completion of the edition in which they were made.
  3. Legal basis for processing: Art. 6 (a) letter f - the processing is necessary for the purposes of the legitimate interests pursued by the operator or a third party.

3.1.9. For the purpose of organising promotional campaigns and contests, as well as to ensure the sending of prizes.

  1. What data do we process? Name, surname, e-mail, social media profile (if applicable), information included in comments in campaigns organised by the Organizer or in partnership with other partners.
  2. Storage period: Until the expiry of the general limitation period of 3 years from the end of the campaign or contest.
  3. Legal basis for processing: Art. 6 (a) letter f - the processing is necessary for the purposes of the legitimate interests pursued by the operator or a third party.

3.2 In addition to the aforementioned purposes, we process the personal data collected for the following purposes: 

  1. For the fulfilment of legal obligations, as a result of the services provided (e.g. accounting, fiscal, audit, etc.), these are always compatible with the main purposes, for which the data was collected.
  2. To the extent that the data subject has given their consent for the processing of their personal data for one or more specific purposes.
  3. For any other purpose auxiliary to the above, or for any other purpose for which we have been provided with personal data, in compliance with the relevant legislation.
  4. To protect our legitimate interests, overriding the interests or rights and fundamental freedoms of the data subject, taking into account their reasonable expectations based on the relationship with the operator:
  • To conduct market research and analysis that helps improve and customise our products and services.
  • For direct marketing purposes, to send communications of general interest or messages asking you to rate the quality of our services/products
  • For the management of the company's activity, the creation of internal reports that are used in the organisation of the access and wristband pick-up areas of future editions, to organise dedicated campaigns and activities
  • To prevent or detect misuse of our intellectual property, fraud or other crimes.
  • To ensure security within the event, to resolve complaints related to fraud, criminal or contravention complaints, complaints related to the sale of tickets, cases where the Organizer needs to identify a person with the ticket series, to identify if that person entered the perimeter the festival and at what time, or to defend the company's rights in court.

3.3 In the situations in which we will use your data for purposes other than those mentioned in this Policy, we undertake to obtain your consent, unless we have a legal obligation or have a different legal basis for processing the data.

3.4 The Controller does not create individual profiles for those who participate at the Neversea  Festival.

 

4.  How are we collecting your personal data?

4.1 We collect your personal data either directly from you, for example, when you create an account on our website/app, email us at [email protected], via through which you request an offer/information from us, you give your consent for the communication of commercial messages, when you purchase a product, etc., or indirectly, for example, when you transmit this information on the platforms of other collaborators of our company, in the process of purchasing the ticket /subscription.

4.2 We collect your personal data automatically, when you use our services from the website or the NEVERSEA application, we collect information through cookies and by logging your activity. For more information on the use of cookies, please refer to Art. 6 of this Policy.

4.3. If you choose to provide us with the personal data of other people, such as when you purchase tickets on behalf of others, you assume responsibility regarding the way in which you obtained this data and that you have a legal basis for processing it, we cannot be held responsible for violating the rights of the respective persons.

 

5. How are we storing the personal data? 

5.1 For storing the personal data you're providing as a user of our website / App, a cloud service provided by Amazon Web Services EMEA S.A.R.L. is used.

5.2 Also, the data collected in the context of on-site check-in is stored by our partner, Festipay Zrt., on their servers in the European Union.

 

6. COOKIES

6.1 The website contains cookies (very small files sent to users' computers or other access devices).

6.2 There are two types:

6.2.1 Cookies based on their lifespan:

a) Session cookies

These are stored temporarily in the web browser's cookie folder to keep them until the user leaves the respective site or closes the browser window (for example, when logging in/logging out from an email or social media account).

b) Persistent cookies

These are stored on a computer's hard drive or device (and generally depend on the cookie's default lifespan). Persistent cookies also include those placed by a different website than the one the user is visiting at the moment, known as "third-party cookies," which can be used anonymously to store a user's interests to display the most relevant advertising to users.

6.2.2 Cookies based on their role:

a) Strictly necessary cookies

These types of cookies are required for web pages to function correctly. Strictly necessary cookies allow you to navigate the site and use its features. Without these cookies, certain features, such as automatic redirection to the least congested server or saving your wish list, cannot be provided.

b) Functional cookies

Functional cookies record information about the choices users make and allow website operators to customise the site according to user requirements. For example, cookies can be used to save preferences regarding categories/segments.

c) Performance and analytics cookies

These types of cookies allow website operators to monitor visits and sources of traffic, how users interact with the site or specific sections of the site.

The information provided by analytics cookies helps operators understand how visitors use websites and then use this information to improve how the content provided to users is presented.

d) Advertising cookies

These cookies can provide the ability to track users' online activities and create profiles for users, which can be used later for marketing purposes. For example, cookies can be used to identify products and services approved by a user, and this information is later used to send appropriate advertising messages to that user.

6.3. Accessing the site implies users' consent to the placement of these types of cookies on their device and their access on the next site visit.

6.4. In general, data about internet browsing activity is collected and analysed anonymously. If this analysis reveals a specific interest, a cookie (a small text file used by most websites to store certain information useful for improving the browsing experience) is placed on the user's computer, and this cookie determines the type of advertising the user will receive, known as interest-based advertising.

6.5. You can see all the cookies used by our website in the Cookies Notice at the bottom of the page. You can withdraw your consent to the use of cookies at any time by changing the options in the appropriate cookie settings available. Blocking necessary cookies in your browser may also affect proper functioning. Disabling other types of cookies (other than necessary) may also affect your experience using the site.

6.6. The site may use or implement third-party social modules. In general, your interaction with such a module allows third parties to collect certain information about you, including your IP address, information from the page header, and information from your browser. The site has implemented the following buttons for social networks:

-> Facebook https://www.facebook.com/privacy

-> Instagram https://help.instagram.com/519522125107875

-> WhatsApp https://www.whatsapp.com/security

 

6.7. The site uses Google Analytics, a web analysis service provided by Google Inc., headquartered at 1600 Amphitheater Parkway, Mountain View, CA 94043, United States ("Google"). With your consent, Google will analyze how you use our site on our behalf. For this purpose, we use, among other things, the cookies detailed in the table above. The information Google collects about how you use the site (e.g., the URL you provide, our web pages you visit, your browser type, language settings, operating system, screen resolution) will be sent to a Google server in the United States.

7. To whom we’re disclosing your personal data?

7.1 For fulfilling the processing purposes, NEVERSEA SRL may disclose your personal data to partners, third parties or entities supporting NEVERSEA SRL in the conduct of their business, or to central / local public authorities, in the following cases listed as examples: 

1. To our service providers and contractual partners, for example: providers of marketing (including surveys) and advertising services; our partner in charge of providing access to the Neversea Festival premises; the IT service provider; courier services, payment services, banking services, payment services, ticket sales, etc. These data will be provided to the extent necessary and only under a confidentiality commitment from the contractual partners, guaranteeing that these data are kept safe and that their processing is done in accordance with the legislation in force;

2. To the accountants, auditors, lawyers, insurers or other such external advisers of the Operator. These data will be provided to the extent necessary and only under a confidentiality commitment from the contractual partners, guaranteeing that these data are kept safe and that their processing is done in accordance with the legislation in force;

3. Authorities, institutions and public bodies, if there is a legal request from them or to the extent there is a legal obligation from us;

4. The operator will be able to disclose this data whenever the law requires it, or in the situation where this step is necessary to allow the exercise of the rights provided by the law and/or to be able to take legal action against any illegal activity;

5. Your personal data may be transferred to third countries, based on the contractual relationships we have with our partners (both affiliates and other entities in the European Union) in order to produce statistics and other types of reports. To the extent that data is processed outside the European Union, we will ensure by contractual or other measures that such data enjoys an adequate level of protection there, comparable to that which it would enjoy in the European Union, in accordance with European regulations.

8. How long do we store your personal information?

8.1 As a matter of principle, we will process your personal data only to the extent necessary to achieve the processing purposes mentioned above. For more details about our data retention policy for certain specific processing, please review the information from Art.3.

 

9. Your rights related to personal data processing:

9.1. When the processing is based on consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal. You can therefore change or remove consent at any time, and we will act immediately accordingly, unless there is a legal reason or legitimate interest not to do so.

 

9.2. If we process your data based on our or third parties' legitimate interest, you can object to that processing for reasons related to your particular situation. In some cases, our legitimate interest or that of third parties may outweigh yours and we will not be able to accommodate your request to object to processing.

 

9.3. As a data subject, you benefit from a series of specific rights guaranteed by the General Data Protection Regulation no. 679/2016 (GDPR) and the legislation in force in Romania regarding the protection of personal data:

 

9.3.1. The right to information

The persons concerned whose personal data are processed within our specific activities have the right to receive from us information about the processing operations carried out in our capacity as data operator.

 

9.3.2 Right of access

You have the right to obtain from us a confirmation of whether or not we are processing personal data concerning you.

If we confirm that we have your personal data, you have the right to access it and obtain a series of relevant additional information.

 

9.3.3. The right to rectification

You have the possibility to obtain from the data operator, the rectification of inaccurate data concerning you or the completion of personal data that are incompletely recorded in our internal records.

 

9.3.4. The right to data erasure (“the right to be forgotten”)

You have the right to request that we delete the personal data that we process about you. We must comply with this request if:

a) personal data are no longer necessary to fulfil the purposes for which they were collected;

b) you oppose the processing for reasons related to your particular situation;

c) personal data were processed illegally;

d) personal data must be deleted to comply with a legal obligation that rests with us, except for the case where the data is necessary:

• for exercising the right to free expression and information;

• to comply with a legal obligation we have;

• for archiving purposes in the public interest, scientific or for historical studies or for statistical purposes;

• for ascertaining, exercising or defending a right in court.

 

9.3.5. The right to restriction of processing

You can ask us to restrict the processing of your personal data when:

• contest the accuracy of the personal data that we process, during the period that we check the accuracy of the data;

• data processing is illegal, but instead of requesting the deletion of personal data, you want to restrict their processing;

• the personal data are no longer necessary for us to achieve the purpose for which they were processed, but you request that data from us for ascertaining, exercising or defending a right in court;

• you objected to the processing and request restriction while we check whether it receives our legitimate interest for the processing.

 

9.3.6. The right to data portability

You have the right to obtain your data from us in a structured, commonly used and machine-readable format.

 

9.3.7. The right to opposition

At any time, the data subject has the right to object, for reasons related to the particular situation in which he is, to the processing. The operator no longer processes personal data, unless the operator demonstrates that it has legitimate and compelling reasons that justify the processing and that prevail over the interests, rights and freedoms of the data subject or that the purpose is to ascertain, exercise or defend a right in court.

You can object at any time to the processing of your personal data for direct marketing purposes, whatever your reason.

 

9.3.8. The right not to be the subject of a decision based exclusively on automatic processing, including the creation of profiles

This right is applicable if the automated individual decision-making process produces legal effects that concern or affect you to a significant extent.

 

9.3.9. The right to file a complaint

If you have a complaint about the way we process your personal data, please contact us in order to solve your problem using the following contact details:

● Email: [email protected]

● Address: str. G-ral Eremia Grigorescu, no. 122 A, Cluj-Napoca, Jud. Cluj.

 

You can also contact the National Supervisory Authority for the Processing of Personal Data through their website www.dataprotection.ro.

 

Please keep in mind the following aspects of interest, related to the method of analysis and response to the request for the exercise of rights:

 

We will make every effort to respond to your request within 30 days. This period can be extended due to reasons related to the specific legal right invoked or the complexity of your request with a maximum additional period of two months. In any case, if the legal response deadline will be extended, then we will inform you about the new deadline and the reasons that led to this extension.

 

10. Information security

10.1 We are working hard to protect our website, App and users, as well as all personal data collected in accordance with this Policy, from any unauthorised access or from the modification, unauthorised disclosure or destruction of the information we hold.

10.2. The Controller guarantees that it has implemented technical and organisational measures appropriate to the processing activities they perform, in order to protect personal data against accidental or unlawful destruction, loss, alteration, disclosure or unauthorised access to, transmission, storage or processing in any other illegal ways.

10.3. In this regard:

  1. NEVERSEA certifies that it meets the minimum requirements for the security of personal data, the data being processed in a way that provides protection against unauthorised or illegal processing and against accidental loss, destruction or damage, by taking appropriate technical or organisational measures;
  2. or the data collected through the website and the App, in order to ensure access to the festival, NEVERSEA uses a cloud service provided by Amazon Web Services EMEA SARL. Therefore, the security settings provided by Amazon are used. Access to data is done in a whitelist of security groups, which means that data can only be accessed from certain predefined IP addresses. Access is based on username and password, and within NEVERSEA access to the database is allowed to a limited number of persons.
  3. The used data storage systems have implemented back-up mechanisms to ensure the redundancy of the stored data.
  4. We are regularly reviewing the practices for collecting, storing and processing information, including physical information, as well as security measures, to prevent unauthorised access to the systems.
  5. We are restricting the access of our employees and contractors to your personal information, and the contractual relations with these persons are subject to strict rules regarding contractual confidentiality obligations, including under the sanction of termination of contracts.

11. When does this Privacy Policy apply? 

11.1. Our privacy policy applies to all services offered by our company and excludes services that have separate privacy policies and do not contain the provisions of this privacy policy.

12. Amendments

12.1 We will post any privacy policy changes on our page, which will take effect within one day and, if the changes are material, we will provide more prominent notice (including, for certain services, email notification of policy changes of confidentiality).

12.2. We will also keep previous versions of this Privacy Policy on file for your review at any time.

 

The most recent update of this policy was made on the 23th of July, 2024.

Follow us on Instagram@neverseafestival

Our Friends

UNTOLD Universe

We use cookies or similar technologies for purposes such as displaying personalized content. By clicking Accept, you agree to allow the collection of information. To learn more, including how to disable them, see our Terms and Conditions, Privacy & Policy.