Data protection

Thank you for your interest in our work. Data protection is of great importance to the management of our Orchestra’s Conductor Competition. The Internet pages of the Orchestra’s Conductor Competition can generally be used without providing any personal data. However, if a data subject wishes to make use of our company's special services via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the person concerned. The processing of personal data, for example the name, address, e-mail address or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation and in accordance with the country-specific data protection regulations applicable to Orchestra’s Conductor Competition. By means of this data protection declaration, the competition management would like to inform the public about the type, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed about their rights by means of this data protection declaration. The Geros Association, as office of the Orchestra’s Conductor Competition, as the controller, has implemented technical and organisational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed. For this reason, every person concerned is free to transmit personal data to us in alternative ways, for example by telephone or post:

Cristian Orosanu, president of Geros Association,

Str. Mircea cel Batran 41, Brasov – Romania.

Phone: +40 749 199 771;

Email: president@orchestrasconductor.com

The data processing will be carried out in compliance with the provisions of the GDPR and the Competition Regulations.

The data protection declaration uses the terminology of the European directives and regulations employed when issuing the General Data Protection Regulation (GDPR). Our data protection declaration should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance.

In this data protection declaration we use the following terms:

Personal data is all information that refers to an identified or identifiable natural person (hereinafter "data subject"). A natural person is regarded as identifiable if they can be directly or indirectly identified, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special features that express the physical, physiological, genetic, psychological, economic, cultural or social identity of such natural person.

The data subject is any identified or identifiable natural person whose personal data are processed by the processing controller.

Processing is any process carried out with or without the help of automation or any such series of processes in connection with personal data such as the collection, recording, organization, ordering, storage, adaptation or modification, reading, querying, use, disclosure by transmission, dissemination or any other form of provision, comparison or linking, restriction, deletion or destruction.

Restriction of processing is the marking of saved personal data with the aim to restrict their further processing.

Profiling is any type of automated processing of personal data that consists of using such personal data to evaluate or to predict certain personal aspects relating to a natural person, concerning in particular their work performance, economic situation, health, personal preferences, interests, reliability, behavior, whereabouts or change of domicile.

Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that such additional information is stored separately and is subject to technical and organizational measures that ensure that the personal data cannot be identified or assigned to a specific natural person.

The person responsible for the processing is the natural person or legal entity, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data. If the purposes and means of such processing are specified by Union law or the law of the member states, the person responsible or the specific criteria for his appointment can be provided for in accordance with Union law or the law of the member states.

Processor is a natural person or legal entity, authority, institution or other body that provides the processing of personal data processed on behalf of the controller.

The recipient is a natural person or legal entity, authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities that may receive personal data as part of a specific investigation according to Union law or the law of the member states are not considered recipients.

Third party is a natural person or legal entity, authority, institution or other body apart from the data subject, the controller, the processor and the persons who are authorized to process the personal data under the direct responsibility of the controller or the processor.

Consent is the voluntary, informed and unambiguous expression of will in the form of a declaration or other unequivocal affirmative action with which the data subject indicates that they agree to the processing of their personal data.

Personal data and contact details such as: name and surname, home / residence address; cell phone number; email address.

Payment details such as: billing address; bank account or bank card number / IBAN code; name and surname of the holder of the bank account or bank card

Professional details from the CV.

Opinions and views (may include sensitive data), such as: any opinions and views you provide to us, or any opinions and views you publicly post about us on social media or that you share on social media or other public channels.

Online identification data regarding the I.P. address, the MAC number of the motherboard, processed only when accessing the site. For more details on how data is processed through cookies, please visit this link.

Photo/video images - required in the selection process but also images recorded or transmitted live or recorded, during the competition tests.

Copy of ID card - to be able to identify the person

The purpose of the processing is to organize, produce and promote the Orchestra’s Conductor Competition, by the Geros Association in collaboration with a chosen Philharmonic Orchestra for every edition.

In this regard, we process data on:

• Accessing the website http://www.orchestrasconductor.com/. The collection is carried out according to the Cookies Policy, based on your consent.
• Registration and conduct of competition tests – data processing is performed based on the provisions of art. 6 paragraph 1 lit. b), respectively the processing is necessary for the execution of a contract to which the data subject is a party or to take steps at the request of the data subject before concluding a contract;
• Promoting events – data processing will be done based on the legitimate interest of the organizer but also based on the contractual relationship between the participant and the organizer.
• Fulfilling our legal obligations regarding archiving, accounting, security, record keeping and other obligations imposed on us by law - art. 6 para. 1 letter c) of the GDPR
• Financial and commercial management – for this purpose, data generated as a result of contractual relations with sponsors, commercial contracts, records regarding the awarding of prizes, collection of participation fees, issuance of supporting documents, organization of accounting and reporting required by applicable law are processed. This processing is based on art. 6 para. 1 lit. c) of the GDPR - the processing is carried out as a result of the observance of a legal provision but also on the legitimate interest (art. 6 paragraph 1 letter f) regarding the internal organization of the activity or the settlement of disputes.

Article 6 I lit. a (GDPR) serves as the legal basis for our company for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Article 6 I lit. b (GDPR). The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our products or services. If our company is subject to a legal obligation by which a processing of personal data becomes necessary, such as for the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c (GDPR). In rare cases, the processing of personal data might become necessary to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured on our premises and as a result his or her name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d (GDPR). Ultimately, processing operations could be based on Art. 6 I lit. f (GDPR). Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden. Such processing operations are permitted to us in particular because they were specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47 sentence 2 GDPR).

The Orchestra’s Conductor Competition is a public event that will be promoted and followed primarily through social media channels (Facebook, YouTube, Instagram, etc.) but also through media partners.

For this reason, the data of the participants regarding the name and surname, but also the image and the video recordings will be public. 

In addition, personal data, depending on the purpose of the processing, are disclosed to:

Collaborators - associated operators - in order to carry out a commercial contract in which you are a party or prior to it. For example, a partner like a Philharmonic Orchestra will have access to the data related to the name and surname of the participant, the photo image and the video recordings with which he participated in the contest.

Partner sites - by accessing links to social networks or by participating in various actions and contests held on this type of platform. Our platform may provide links to websites that we do not control. Once you click on a third-party link, you'll be directed to a third-party website. If you visit any of these connected websites, you should review their privacy policies. We are not responsible for the policies and practices of other sites and we do not assume any responsibility for the content, privacy policies and disclosures or practices of third-party websites or services.

Public authorities in any field - in accordance with applicable law. In general, we transmit to the Public Finance Administration data included in the accounting records.

Accountants, auditors, lawyers and other external professional consultants of ours from Romania or from the European Union - they will be obliged by law or by the contract concluded with us to keep the confidentiality of your data.

Natural or legal persons acting as our proxies in various fields (for example, payment services, archiving or destruction of documents, etc.) from anywhere in the world, whom we will oblige to comply with the requirements of the law that protects our rights - they provide certain services for us.

Any relevant person, agency or court in Romania or in another state - to the extent necessary to establish, exercise or defend our right in court.

Our partners with whom we have contractual relations - providers of marketing services, SEO, design, etc.

Third-party links

This Disclaimer does not cover other third-party applications and sites that you may access by accessing links on our site (including when you visit, for example, the pages of our social media communities, such as Facebook, Instagram, YouTube, Spotify etc.). At the same time, we are not responsible for any links of our business partners or advertisers in our podcasts or articles, including those on social media profiles. When you click on those links, third parties may collect or share data about you. We do not control the websites of these third parties, nor are we responsible for their processing, privacy and security policies. When you leave our site, we encourage you to review the Privacy Policy / Information Note and the terms of use on any site and / or application before providing personal data to them.

Except for the images from the competition that will be made public, we do not transfer or intend to transfer your personal data or any part of it to other companies, organizations or individuals in third countries or to international organizations.

If we need to transfer your data to any of the above destinations, we will send you a new information note in advance.

7. Duration for which the personal data will be stored

The criterion for the duration of the storage of personal data is the respective statutory retention period. After the period has expired, the relevant data is routinely deleted, provided that it is no longer required to fulfill or initiate a contract.

We will store your data for a period of 6 months to 11 years (in the case of accounting documents).

The storage period of the identity card image is 90 days from the end of the pre-selections, except for the documents of the winners which are kept for 10 years, part of the accounting documents required by the legislator.

The photo and video images of the participants will be stored for 3 years from the end of the competition, and for the finalists for the entire life of this type of competition and 5 years from the end of it. As the images will be published on sites with unrestricted public access, we cannot guarantee that they will not be duplicated without our permission or distributed on other platforms, including media. At the end of the storage period, we will only be able to delete images and records on our servers or on the servers we have access to.

To find out more details about the storage period, please send us a message with your specific questions at the email address in the header or directly to the Data Protection Officer.

Every data subject has the right granted by the European directives and Regulation to request confirmation from the data controller as to whether personal data concerning them are being processed. If a data subject wishes to exercise this right to confirmation, they can contact an employee of the data controller at any time.

Every data subject affected by the processing of their personal data has the right granted by the European Directive and the legislator to receive free information about the personal data stored about their person and a copy of this information from the data controller at any time. Furthermore, the European directives and regulations grant the data subject access to the following information:

• the purposes of processing
• the recipients or categories of recipients to whom the personal data have been disclosed or are still being disclosed, in particular to recipients in third countries or to international organizations
• the existence of a right to correct or delete the personal data or to restrict the processing by the data controller or a right to object to such processing
• if the personal data are not collected from the data subject: all available information on the origin of the data
• the existence of automated decision-making including profiling in accordance with Article 22 (1) and (4) GDPR and meaningful information about the logic involved and the scope and intended effects of such processing for the data subject

Furthermore, the data subject has a right to information as to whether personal data have been transmitted to a third country or to an international organization. If this is the case, the data subject also has the right to receive information about the appropriate guarantees in connection with the transmission.

If a data subject wishes to make use of this right to information, they can contact an employee of the data controller at any time.

Every person affected by the processing of personal data has the right granted by the European directives and regulations to request the immediate correction of incorrect personal data concerning themselves. Furthermore, the data subject has the right, taking into account the purposes of the processing, to request the completion of incomplete personal data - including by means of a supplementary declaration.

If a data subject wishes to exercise this right to rectification, they can contact an employee of the data controller at any time.

Every person affected by the processing of personal data has the right granted by the European directive and regulation to require the data controller to delete the personal data concerning themselves immediately if one of the following reasons applies and if the processing is not necessary:

• The personal data were collected or otherwise processed for purposes for which they are no longer necessary.
• The data subject revokes their consent on which the processing was based in accordance with Art. 6 Paragraph 1 Letter a (GDPR), or Art. 9 Paragraph 2 Letter a (GDPR), and there is no other legal basis for the processing.
• The data subject objects to the processing in accordance with Art. 21 Paragraph 1 (GDPR), and there are no overriding legitimate reasons for the processing, or the data subject objects in accordance with Art. 21 Paragraph 2 (GDPR) against the processing.
• The personal data was processed unlawfully.
• The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the member states to which the data subject is subject.
• The personal data was collected in relation to information services offered in accordance with Art. 8 Para. 1 (GDPR).

If one of the above-mentioned reasons applies and a data subject wants the deletion of personal data submitted by the management of the Orchestra’s Conductor Competition, they can contact an employee of the data controller at any time. The employee will arrange for the deletion request to be complied with immediately.

If the personal data have been made public by the management of the Orchestra’s Conductor Competition and we, as the data controller, are obliged to delete the personal data in accordance with Art. 17 Paragraph 1 (GDPR), we will take appropriate measures, taking into account the available technology and the implementation costs of a technical nature, in order to inform other data processors who process the published personal data that the data subject has requested the deletion of all links to such personal data or of copies or replications of such personal data from these other data processors, insofar as the processing is not necessary. In individual cases we will arrange the necessary steps to be taken.

Every data subject affected by the processing of personal data has the right granted by the European directive and regulation to require the controller to restrict processing if one of the following conditions is met:

• The correctness of the personal data is contested by the data subject for a period of time that enables the person responsible to check the correctness of the personal data.
• The processing is unlawful, the data subject refuses to delete the personal data and instead requests that the use of the personal data be restricted.
• The person responsible no longer needs the personal data for the purposes of processing, but the person concerned needs them to assert, exercise or defend legal claims.
• The person concerned has lodged an objection to the processing in accordance with Article 21 Paragraph 1 (GDPR) and it has not yet been determined whether the legitimate reasons of the data controller outweigh those of the data subject.

If one of the above conditions is met and a person concerned would like to request the restriction of personal data stored by the management of the Orchestra’s Conductor Competition, they can contact an employee of the data controller at any time. We will then arrange for the processing to be restricted.

Every data subject affected by the processing of personal data has the right granted by the European directive and regulation to receive the personal data concerning them, which have been provided to a data controller by the data subject, in a structured, common and machine-readable format. They also have the right to transfer such data to another data controller without hindrance from the data controller to whom the personal data was delivered, provided that the processing is based on the consent in accordance with Art. 6 Para. 1 Letter a (GDPR) or Art. 9 Para. 2 letter a (GDPR) or on a contract according to Art. 6 para. 1 letter b (GDPR) and the processing is carried out using automated procedures, unless the processing is necessary for the performance of a task that is in the public interest or takes place in the exercise of official authority, which has been assigned to the person responsible.

Furthermore, when exercising their right to data portability in accordance with Art. 20 Paragraph 1 (GDPR), the data subject has the right to have the personal data transmitted directly from one data controller to another, insofar as this is technically feasible and provided that this does not affect the rights and freedoms of other persons.

To assert the right to data portability, the data subject can contact the management of the Orchestra’s Conductor Competition at any time.

Every data subject affected by the processing of personal data has the right granted by the European directive and regulation, for reasons that arise from their particular situation, to lodge an objection at any time to the processing of their personal data, based on Art. 6 Paragraph 1 Letter e or f (GDPR). This also applies to profiling based on this Regulations.

The management of the Orchestra’s Conductor Competition will no longer process the personal data in the event of an objection, unless they can prove compelling legitimate reasons for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.• If we process personal data in order to operate direct mail, the data subject has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling insofar as it is associated with such direct advertising. If the data subject objects to the management of the Orchestra’s Conductor Competition against processing for direct marketing purposes, we will no longer process the personal data for these purposes.

In addition, the data subject has the right to object to the processing of their personal data for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Para. 1 (GDPR) for reasons arising from their particular situation unless such processing is necessary to fulfill a task in the public interest.

To exercise the right to object, the data subject can contact the management of the Orchestra’s Conductor Competition directly. The data subject is also free, in connection with the use of information services, regardless of Directive 2002/58 / EC, to exercise their right of objection by means of automated procedures in which technical specifications are used.

At this time we are not using any automated decision-making process.

Every data subject affected by the processing of their personal data has the right granted by the European directive and regulation to withdraw their consent to the processing of their personal data at any time.

If the data subject wishes to assert their right to withdraw their consent, they can contact an employee of the data controller at any time.

The data controller collects and processes the personal data of applicants for the purpose of handling the application process. The processing can also be done electronically. This is particularly the case if an applicant sends the relevant application documents electronically, for example by email or via a web form on the website, to the person responsible for processing. If the controller concludes an employment contract with an applicant or extends an invitation to the competition, the data provided will be stored for the purpose of conducting the competition in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant or if the applicant is not invited to the competition, the application documents will be automatically deleted two months after the announcement of the rejection decision, provided that no other legitimate interests of the controller conflict with such deletion. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (GETA).

In order to ensure the security of personal data, in particular regarding the processing, storage, unauthorized access and unauthorized modification, disclosure or destruction, we have implemented the following technical and organizational measures:

Dedicated policies. We adopt and review our customers' and others' data processing practices and policies, including electronic and security measures, to protect our unauthorized access systems and other potential security threats. We are constantly reviewing how we apply our personal data protection policies and how we comply with data protection law.

Data minimization. We have made sure that your personal data that we process is limited to what is necessary, appropriate and relevant for the purposes stated in this note.

Restrict access to data. We strictly restrict access to personal data that we process to employees, collaborators and others who need to access it in order to process it for us. All these companies and individuals are subject to strict obligations of confidentiality and we will not hesitate to hold them accountable and stop working with them if they do not take the protection of your data and the privacy of others very seriously.

Ensuring the accuracy of your data. We may from time to time ask you to confirm the accuracy and / or timeliness of personal data about your data that we process.

Staff training. We constantly train and test our employees and collaborators on the legislation and best practices in the field of personal data processing.

Data anonymization. Where possible and appropriate to our business, we anonymize / pseudo-anonymize the personal data we process so that we can no longer identify the persons to whom it relates.

Control of our service providers. We introduce in the contracts with those who process for us (authorized persons) or together with us (other operators - associated operators) clauses for ensuring the protection of the data we process; this protection goes at least to the minimum required by law.

While we take all reasonable steps to ensure the security of your data, we cannot guarantee the absence of any breach of security or the impossibility to penetrate security systems. In the unfortunate and unlikely event that such a breach occurs, we will follow the legal procedures to limit the effects and inform the data subjects.

We explain to you that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual regulations (e.g. information on the contractual partner). In order to conclude a contract, it may sometimes be necessary for a data subject to provide us with personal data that we subsequently have to process. For example, the data subject is obliged to provide us with personal data when our company concludes a contract with them. Failure to provide personal data would mean that the contract could not be concluded with the person concerned. Before the data subject provides personal data, the person concerned must contact one of our employees. Our employee informs the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of a contract, whether there is an obligation to provide the personal data and what consequences the failure to provide the personal data would have.

The person responsible within the meaning of the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union and other provisions of a data protection nature is Mr. Emil Mailat: dpo@golegal.ro

You can also contact your local data protection authority if you have questions or complaints