POLICY REGARDING THE PROTECTION OF PERSONAL DATA

The protection of your personal data is important to us, therefore, we pay special attention to the protection of the data and privacy of visitors who access the website www.beach-please.ro and of people who purchase our products, in accordance with the Regulation ( EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 regarding the protection of natural persons with regard to the processing of personal data and the free movement of such data (hereinafter referred to as “GDPR”).

Please pay special attention to reading the following Policy (hereinafter referred to as “DPP”, in order to understand how your personal data will be treated.

The DPP explains our practices, regarding the application of GDPR provisions, as well as the rights you benefit from regarding the way your information is used through the www.beach-please.ro platform. This information note (so called DPP/Privacy Policy) will show you how we take care of your data when you visit the site and what your rights are in terms of personal data.

Through the DPP, Beach Please Festival wishes to inform visitors about the nature of the personal data we collect and process, as well as about the purposes of the processing. In addition, website visitors are informed through the DPP and about the rights they benefit from.

 

WHO WE ARE?

Global Records S.R.L. (hereinafter referred to as “Company” and/or “Beach Please Festival”), with headquarters in Schitu, Str. Youth Cathedral, no. 3, approx. 1, Jud. Constanta, C.I.F RO 26382443, Trade Register J13/2630/2013,, legally represented by Juverdeanu Olga – General Manager,

WHAT IS PERSONAL DATA?

Personal data includes any information or information that can identify you directly (for example, your name) or indirectly (for example, through pseudonymous data, such as a unique identification number).

This means that the notion of personal data could include address, name and surname, gender, date and place of birth, data from civil status documents, telephone/fax, address (domicile/residence), e-mail, profession, place of work , professional training, family situation, economic-financial situation, data on owned assets, habits/preferences/behaviour, image, voice, personal preferences and shopping habits, content generated by users, financial information and information on financial situation.

The notion of personal data could also include unique numerical identifiers, such as the IP address of your computer or the MAC address of your mobile device, as well as cookie modules.

We store the following personal data:

  • Login data for the platform;
  • The password is stored in MD5 hash format, which is a unidirectional formula;
  • Personal data, e.g., but not limited to name, surname, email address;
  • Acquired certifications that are stored in .png format — picture

We guarantee that:

We process your personal data exclusively for the delivery, improvement and guarantee of the services we offer;

Your data is stored safely in a secure environment;

Personal data are strictly confidential and will not be transmitted to third parties without prior notice, being used in accordance with the legal provisions to fulfill the purpose for which they were given.

We use the data we collect to:

Providing and administering our services, including to display personalized content and to facilitate communication with other users;

Facilitating the technical functioning of the services, including resolving and solving problems, ensuring services and preventing fraud and abuse;

 

Improving our services and developing new products, services and functions;

Analysis of trends and traffic on websites or promotion of our services on websites and applications;

  • WHAT DOES THE PROCESSING OF PERSONAL DATA MEAN?
  • “Processing” means any operation or set of operations performed on personal data or sets of personal data, with or without the use of automated means, such as collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, transmission, dissemination or making available in any other way, alignment or combination, restriction, erasure or destruction.
  •  
  • THE BASIS AND PURPOSES OF PERSONAL DATA PROCESSING
  • The collection of your personal data is done:
  • In order to conclude and execute the contract based on the provisions of art. 6 para. 1 lit. b) from the GDPR Regulation. In order to be able to offer you the services/products, we need to process your personal data.
  • In order to fulfill some legal obligations based on the provisions of art. 6 para. 1 lit. c) from the GDPR Regulation.. We request a series of personal data, including, in certain situations, the personal numerical code, in order to fulfill the obligations imposed by the tax authorities in relation to invoicing and reporting to the tax authorities.
  • For marketing purposes under the provisions of art. 6 para. 1 lit. a) from the GDPR Regulation, personal data may be processed if the data subject has given his consent for the processing of his personal data for one or more specific purposes. Thus, if you have subscribed to the Newsletter section, you give your consent that your personal data will be used for the purpose of sending you marketing messages, offers, news, future campaigns, invitations to various events. However, you can unsubscribe at any time through the link attached to the communications you receive.
  •  

 

DATA PROCESSING PRINCIPLES

Beach Please Festival undertakes to comply with the personal data protection principles provided by the GDPR Regulation, to ensure that all data are:

Processed correctly, legally and transparently;

Collected for specified, explicit and legitimate purposes;

Adequate, relevant and limited in relation to the purposes for which they are processed;

Kept in a form that does not allow the identification of the concerned persons for longer than is necessary in relation to the purpose of the processing;

Processed in accordance with the rights of the data subject, in a way that ensures adequate processing security, so that the data are complete, confidential and available.

 

WHAT CATEGORIES OF PERSONAL DATA DO WE COLLECT?

We collect the following categories of personal data: name and surname, e-mail address, telephone number, your address, information on age, information on the purchase of products and services, information on your use of the sites and/ or of our applications, the communications you make with us or direct to us through letters, e-mails, chat services, calls and social networks.

 

WHAT DATA DO WE NEVER STORE?

We never store the following categories of personal data:

The payment card data of the Client/Buyer/Beneficiary will not be accessible or stored by Beach Please Festival, but only by the Transaction authorization institution or another entity authorized to provide card identification data storage services , about whose identity the Client/Buyer/Beneficiary will be informed, prior to entering the data.

WHAT DO WE USE YOUR PERSONAL DATA FOR, WHY AND FOR HOW LONG?

Your data can be used for the following purposes:

To provide the products and services you request: we use the information you provide us to perform the services you requested in connection with your participation

In order to contact you in case of changes, we send information about the services you have requested and any changes to these services. This information has no commercial purpose and you cannot unsubscribe from it;

We use payment information for accounting, invoicing and auditing purposes and for the detection and/or prevention of any fraudulent activities;

Security, health, administration, crime prevention: it is possible to transmit your information to authorities or judicial bodies;

For customer service communications: we use the data to manage our relationship with you and to improve our services and products;

We may also process your personal data in one or more of the following cases:

To comply with a legal obligation (for example, accounting requirements);

You have expressed your consent for the use of your personal data (for example, for use for commercial purposes);

Only persons at least 16 years old can express their consent regarding the processing of personal data. For persons under this age, the consent of parents or guardian is required.

We will not keep your data longer than is necessary to fulfill the purpose for which they are processed. To determine the appropriate retention period, we take into account the amount, nature and sensitivity of personal data, the purposes for which we process them and the possibility of fulfilling these purposes by other means.

We must also consider the periods for which it may be necessary to keep personal data to fulfill our legal obligations or to manage complaints, questions and to protect our legal rights in the event of a claim.

When we no longer need your personal data, we will delete or destroy it safely. We will also consider if and how we can minimize over time the amount of personal data we use and if we can ensure the anonymity of personal data, so that they are no longer associated with you or identify you, in which case we can use that information without notifying you later.

 

DATA STORAGE PERIOD:

Global Records S.R.L. can keep the processed data for different periods of time, considered to be reasonable or in some cases, according to the legal storage period, in accordance with the previously indicated purposes. We keep your data only for the period necessary to achieve the purpose for which we hold the data, to satisfy your needs or to fulfill our obligations imposed by law.

We use the following criteria to determine the retention period of personal data:

In the case of the purchase of products and services, we keep your personal data for the duration of our contractual relationship;

If you participate in a promotional offer, we keep your personal data for the duration of the promotional offer;

If you contact us with a question, we keep your personal data for the duration necessary to process the questions, but not more than 5 years from the last correspondence sent;

If you have expressed your consent for marketing, we keep your personal data until you unsubscribe or ask us to delete them or after a period of inactivity (without an active interaction with our brands), defined in accordance with local regulations and guidelines. In this sense, we mention that the data stored in our databases for the purpose of direct marketing communications are deleted from the records of these databases 5 years after the last interaction with you;

If cookies are stored on your computer, we keep them for as long as necessary for them to achieve their purposes (for example, during a session for shopping cart cookies or ID cookies session) and for a defined period in accordance with local regulations and guidelines.

In this sense, we mention that the data processed by the cookie modules used to provide online behavioral advertising, to personalize our services for you and to allow the distribution of our content on social media sites (distribution buttons intended to display the site), will be kept for a maximum period of 5 years from their collection, based on your consent.

 

PROCESSING SECURITY:

Beach Please Festival has adopted technical and organizational data processing measures, updated in accordance with the requirements of the Regulation (GDPR), with the aim of protecting your personal data against any actions of unauthorized access, improper use or transmission, unauthorized modification, destruction or accidental loss. All employees and collaborators of Beach Please Festival, as well as any third parties acting on behalf and on behalf of Beach Please Festival, are obliged to respect the confidentiality of your information and GDPR requirements, in accordance with the provisions of this Policy.

 

SECURITY OF YOUR PERSONAL DATA:

We follow strict security procedures in the storage and disclosure of your personal data and to protect them against accidental loss, destruction or damage. The data you provide us is protected using SSL (Secure Socket Layer) technology. SSL is the industry standard method of encrypting personal information and data so that they can be safely transferred over the Internet.

All registration details are transmitted through an SSL connection using the dedicated network infrastructure (Multiprotocol Label Switching-MPLS) and are stored in accordance with Data Security Standards.

It is possible for us to disclose your information to third parties for the purposes established in this Privacy Policy. We ask all third parties to have adequate technical and operational security measures in place to protect your personal data, in accordance with the legislation on data protection rules.

PROCESSING OF CONTACT OR REGISTRATION FORMS:

Global Records S.R.L. will use the information you provide in the corresponding contact section, existing on the site, exclusively for the purpose of processing your request.

By providing any personal data through the Beach Please Festival website, you understand and agree that your data will be processed in accordance with the DPP provisions of Global Records S.R.L.

Please keep in mind that in order to be able to process your requests submitted in the registration section, it is possible that, in certain circumstances, we have the obligation to transmit your data to the partners with whom Beach Please Festival collaborates and/or to other third-party providers of services of Global Records S.R.L.

Beach Please Festival has adopted appropriate technical and organizational measures to ensure the security of data transfer, as well as the processing in accordance with the requirements of the GDPR Regulation of your data, by the previously mentioned entities.

Beach Please Festival undertakes not to process the personal data provided for a purpose other than that for which they were transmitted, except for situations where there is your express consent to use them for other purposes.

PERSONAL DATA REQUESTS:

We access, store and provide your information to regulatory authorities, law enforcement agents or other entities:

In response to a request of a legal nature, when we consider, in good faith, that the law requires us to do so. It is also possible to respond to requests of a legal nature when we consider, in good faith, that the response required by the laws of the respective jurisdiction affects the users of that jurisdiction and is in accordance with internationally recognized standards.

When we believe, in good faith, that it is necessary to: prevent fraud, unauthorized use of any material belonging to us, violations of our terms or policies, or other harmful or illegal activity, to protect us (including the rights , our goods or materials), you and others, including in the context of investigations or investigations by competent bodies or to prevent imminent death or bodily harm. For example, if relevant, we provide information to and receive information from third parties about the reliability of your account to prevent fraud, abuse and other harmful activities within and outside of our materials.

The information we receive about you may be accessed and stored for a longer period of time when they are the subject of a legal request or legal obligation, a legal proceeding or investigations regarding possible violations of our terms or policies, or in other cases to prevent damages.

DISCLAIMER:

The Beach Please Festival site may contain links to other sites and/or other web pages that are not the property of the Company. Beach Please Festival assumes no responsibility for the content of these sites and therefore cannot be held responsible for the content, advertising, goods, services, software, information or other materials available on or through these sites websites. Beach Please Festival will not be responsible for the loss of personal data, for any negative effects on visitors’ personal data or for other moral and/or patrimonial damages caused by access to the respective sites.

 

YOUR RIGHTS AS DATA PERSON:

According to Regulation (EU) 679/2016 on the protection of personal data, as a data subject you have the following rights:

  • the right to information and access to personal data – you have the right to obtain from us a confirmation that no personal data concerning you is processed for purposes other than those presented above. You also have the right to know what personal data we process, for what purpose and to whom it is intended;
  • the right to rectification of data – whenever you change your personal data (for example you change your e-mail address) you can update the information in our records through a request sent by e-mail or in writing, to our contact details;
  • the right to delete data – If, for various reasons, you want to delete your personal data from our data records, you can make a request in this regard by e-mail or in writing, to our contact addresses, but if the data your personal data are processed to comply with a legal obligation, the request to delete this data can be refused, in which case only those data that we can no longer process without your consent will be deleted;
  • the right to restrict processing – There may be situations in which you can restrict the processing of certain data only for a certain period of time. You can, at any time, send a request in this regard. When you want to cancel the processing restriction, you can do it through one of the methods used for restriction;
  • the right to data portability – the right to data portability implies the obligation of our company to ensure the provision of personal data received from you in an accessible format upon request and the transmission of such data to other operators upon your request;
  • the right to object to data processing – it is possible that at some point you no longer want the processing of certain personal data without deleting them from our data records. You can exercise this right at any time;
  • the right not to be subject to automated processes, including profiling – as the data subject you have the right not to have your personal data processed in the context of automated decision-making, except in limited cases when this is possible, for example when you express your consent in this regard;
  • the right to notify the recipients regarding the rectification, deletion or restriction of personal data – you have the right to request the communication to each recipient to whom the personal data of the persons concerned have been disclosed any rectification or deletion of personal data or restriction of the processing carried out in the extent to which the request is legitimate.

 

DISCLOSURE OF YOUR DATA TO OTHER PERSONS:

It is possible to transfer your personal data to the persons below for the purposes mentioned in the DPP. We can disclose your data to third-party collaborators, respecting the GDPR of course.

Also, if you have a request related to a product and we will have to transmit this data to our partners. We always make reasonable efforts to ensure that these third parties have implemented appropriate protection and security measures. We have contractual clauses with these third parties so that your data is protected.

For example, we may provide your data to other companies, such as IT or telecommunications service providers, accounting and human resources services, integrated solution providers, legal services and other third parties with whom we have a contractual relationship. These third parties are selected with special care so that your data is processed only for the purposes that we indicate.

We may also share your data with other business partners as a result of a joint effort to provide a product or service.

We will also be able to provide your personal information to the prosecutor’s office, the police, the courts and other competent state bodies, based on and within the limits of the legal provisions and as a result of express requests.

We will ensure, within reasonable limits, that your data does not leave the European Economic Area, but to the extent that we transfer data to countries outside the EEA, we will ensure, in all cases, that the transfers are legitimate, based on your consent explicit or other legal basis.

INTERNATIONAL TRANSFERS:

The transfer of personal data to a third country can only take place if the country to which the transfer is intended ensures an adequate level of protection.

The transfer of data to a state whose legislation does not provide a level of protection at least equal to that provided by the General Data Protection Regulation is possible only if there are sufficient guarantees regarding the protection of the fundamental rights of the persons concerned. These guarantees will be established by us through contracts concluded with the suppliers/service providers to which your personal data will be transferred.

Some of our service providers may be located outside the European Economic Area (EEA), so their processing of your personal data will involve a data transfer outside the EEA.

Whenever we transfer your personal data outside the EEA, we will ensure that there is a similar level of protection through one of the following safeguards:

  • we will transfer your personal data to countries where it has been shown to provide an adequate level of security for personal data.
  • when we call on certain service providers, we will be able to use certain models of contracts that offer personal data the same protection as they have in Europe.
  • when we call on providers in the US, we will be able to transfer the data if they offer similar protection conditions for the data shared between the EU and the US.

 

UPDATE OF THE PROTECTION AND PERSONAL DATA PROCESSING POLICY:

Please keep in mind that this Policy may be subject to periodic content changes, by updating the Beach Please Festival website.

We will offer you the opportunity to consult the revised DPP on the Company’s website. We also recommend that you check this page for any updates.

The DPP terms are interpreted in accordance with the applicable legislation.

 

CONTACT:

If you have questions or requests regarding the way we treat and use your personal data or wish to exercise any of your rights, please contact us by email at [email protected]

We also inform you that you have the right to file a complaint at any time with the National Personal Data Protection Supervisory Authority, (B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, postal code 010336 Bucharest, [email protected]) in case you consider that we have violated your right to the protection of personal data.