The following Privacy Notice was designed for NFT Bucharest and it will be reviewed and updated periodically according to all applicable laws and regulations.
The purpose of this Privacy Notice is to easily inform you about:
- The definitions of the terms provided by the GDPR.
- Who is NFT BUCHAREST
- Where can you find us and how can you contact us
- What Personal Data NFT Bucharest may process about you, how your Personal Data are processed by NFT Bucharest, the purpose, legal basis and period of the processing
- The disclosure of your Personal Data to third parties
- Which are your rights and how can you effectively exercise them
- Children’s Personal Data – we do not process data for children under 16 years old
- What security precautions does NFT Bucharest have in place to protect your Personal Data
- Links to other websites
- Updates to the privacy policy
- Information concerning Data Protection Supervisory Authority
- Definitions according to the GDPR
NSAPDP represents The National Supervisory Authority for Personal Data Processing, the Romanian independent public authority responsible for the compliance with the protection of Personal Data requirements;
Personal Data represents any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Processing represents any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Restriction of processing represents the marking of stored Personal Data with the aim of limiting their processing in the future;
Controller represents the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data; where the purposes and means of such processing are determined by the European Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
Processor represents a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the controller;
Recipient represents a natural or legal person, public authority, agency or another body, to which the Personal Data are disclosed, whether it is a third party or not. However, public authorities which may receive Personal Data in the framework of a particular inquiry in accordance with the European Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
Third party a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process Personal Data;
Data Breach represents a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data. This means that a breach is more than just losing Personal Data.
- Who is NFT Bucharest
NFT BUCHAREST SRL (hereinafter referred to as “we”, “our” or “NFT Bucharest”) is the owner of the “NFT Bucharest” and the administrator of the website: https://nftbucharest.xyz/ (the”Platform”).
According to the GDPR Regulation, considering the Personal Data Processed through our Platform, we are considered data Controller and our visitors and users are considered data subjects (“Data Subject”).
We are fully committed to observe the confidentiality and security of your Personal Data by ensuring that all Personal Data are processed only for specific, explicit and legal purposes, according with the principles and provisions of the GDPR.
- Where can you find us and how you can contact us
With respect to any information regarding your Personal Data that we Processing, feel free to contact us via e-mail [email protected].
What Personal Data NFT Bucharest may Process about you, how your Personal Data are Processed by NFT Bucharest, the purpose, legal basis and the period of the Processing
At NFT Bucharest, we place a high priority on protecting your rights over the Personal Data, thus in addition to complying with all relevant regulations, we have adopted industry-leading best practices for Processing of Personal Data. Our approach involves collecting Personal Data directly from you – which gives you greater control over the information you desire to provide – and any Personal Data that we collect to be processed only for the specific purposes outlined in this policy.
Furthermore, we have implemented rigorous security measures to safeguard your Personal Data and prevent unauthorized access or unintentional disclosure.
Please bear in mind that Personal Data is considered any data that could directly or indirectly identify you, as a person. Although a Personal Data such as your professional skills/information related to your education are not considered, per se, Personal Data because it could not lead directly to your identification, such data, combined with other data (your name, username, e-mail address, the description provided on your profile) could eventually identify you.
To easily identify the Personal Data we Process, we have combined them in several categories according to the purpose of Processing, as follows:
CATEGORY 1 – ACQUIRING EVENT TICKETS
Personal Data – e-mail address, name and surname, address, city and country;
The purpose of Processing – the Personal Data mentioned above are Processed to ensure your access to our unique events;
The legal Basis: Art. 6 para. 1 letter b) of the GDPR Regulation, which allows us to Process Personal Data when necessary, for performance of a contract or for the steps prior to its conclusion;
The collection method – Personal Data are collected directly from you or from our external partners through which the sale of the tickets is conducted;
The retention period: Personal Data are stored for the purpose of proving the fulfilment of our contractual obligations for a period of at most 3 years;
In order to make attending to our events as easy as possible, we have teamed up with an external service provider Oveit that is handling the online sale of the event tickets. Thus, the Personal Data collected directly by Oveit from you as an Operator is therefore shared with us with the purpose of allowing you to participate to our events.
Please read carefully the Privacy Notice of Oveit’s services before deciding to purchase tickets, which you can access at the following link (https://oveit.com/privacy-policy/)
CATEGORY 2 – USING OUR WEBSITE AS A VISITOR
Personal Data – your IP address, type and version of your Internet browser, operating system used, the page accessed, the site accessed before visiting the site (referrer URL), date and time of the visit, Social Media preferences, ads that raised your interest, any other preferences revealed by cookies existing on our Platform;
The purpose of Processing – the Personal Data are Processed with the purpose of offering you the best experience with us and with our Platform.
The legal Basis – art. 6 para. 1 letter a) of the GDPR Regulation, which allows us to process Personal Data based on your consent given to us.
The collection method – directly from you by accessing our Platform;
The retention period – usually, the retention period for these Personal Data depends on each type of cookie deployed on the Platform, as per our Cookie Policy.
CATEGORY 3 – ENROLLMENT IN THE NFT BUCHAREST’S NEWSLETTER
Personal Data – e-mail address;
The purpose of Processing – the Personal Data are Processed for the purpose of allowing you to always be up to date with the NFT Bucharest’s activity and news and to manage your subscription, including to send you personalised information about our products or services.
The legal basis – art. 6 para. 1 letter a) of the GDPR Regulation, which allows us to process Personal Data based on your consent given to us.
The collection method – directly from you, when you check and fill the box “Subscribe to our newsletter” available when you visit our Platform.
The retention period – as a rule we try to keep less data as possible, and in this case, we keeping your Personal Data as long as you are subscribed to the newsletter.
Please note that if you have opted in for our newsletter you can unsubscribe from the newsletter either by pressing the unsubscribe button included in our e-mails or you can contact us at the e-mail address included in this Privacy Policy.
CATEGORY 4 – SOCIAL MEDIA PLATFORMS
Personal Data – related to each user, such as: user’s social media accounts; any other information users decide to provide us with when they contact us on the social media platforms; any other information users decide to provide us with when they contact us by e-mail; comments and/or posts on our profiles;
Given that the internet is not a safe space, please do not send us or limit, as much as possible, the Personal Data communicated through social platforms or e-mail.
The purpose of Processing – the Personal Data mentioned above are Processed for customer support purposes;
The legal Basis: Art. 6 para. 1 letter b) of the GDPR Regulation, which allows us to Process Personal Data when necessary, for performance of a contract or for the steps prior to its conclusion;
The collection method – Personal Data are collected directly from users when they decide to contact us through social media platforms;
The retention period: Personal Data are stored for the purpose of proving the fulfilment of contractual obligations between the parties for a period between 30 days and 1 year, depending on the nature of the request (complaint, request for guarantee, contractual request, general request, etc.);
Generally, Personal Data are kept for a limited period according to the purpose of the Processing and the legal provisions applicable to each category of data.
- The disclosure of your Personal Data to third – parties
Throughout our normal course of business, we will not disclose or transfer, for direct marketing purposes, your Personal Data to third parties, regardless if such parties are located in Romania, in EU or outside EU.
Our employees
NFT Bucharest employees having access to Personal Data have been trained to observe the security and confidentiality of the Personal Data they have access to in performing the business activity. NFT Bucharest employees’ access to Personal Data is limited to the information required in performing their specific tasks.
Suppliers
We perform our daily activities at the highest standards thus sometimes we chose to cooperate with other companies in order to facilitate several technical or administrative processes such as: e-mail hosting services, storing data, sever hosting, legal services etc.
Thus, we may engage in contractual relationships with suppliers that are not established in the European Economic Area (EEA) and such circumstances could entail the disclosure of your Personal Data outside EEA
However, we are fully committed to safeguarding the confidentiality and security of your Personal Data. In cases where we need to disclose your Personal Data to third-party suppliers, we will verify if each supplier complies with the GDPR Regulation and has implemented sufficient measures to protect the Personal Data that they may receive from us.
Legal requirements
Your Personal Data may be communicated to governmental authorities and/or law enforcement agencies if required by the applicable law.
- Which are your rights and how can you effectively exercise them
NFT Bucharest as data controller, ensures technical and organizational measures to be sure that your rights (as a data subject) are observed:
Right of access
You have the right to obtain the confirmation as to whether or not Personal Data concerning you are being processed by us, and, where that is the case, access to your Personal Data and information on how they are processed.
Right to data portability
You have the right to receive some of your Personal Data, which you have provided to us, in a structured, commonly used and machine-readable format and you have also the right to transmit those data to another controller without hindrance from us, where technically feasible.
Right to object
You have the right to object to processing of your Personal Data, when processing is necessary for the performance of a task carried out in the public interest or for the purposes of the legitimate interests pursued by us. You have the right to object at any time if your Personal Data are being processed for direct marketing purposes.
Right to rectification
You have the right to obtain from us without undue delay the rectification of inaccurate Personal Data concerning you. The rectification shall be communicated to each recipient to whom the data was sent unless this proves impossible or involves disproportionate (demonstrable) efforts.
Right to erasure (‘right to be forgotten’)
You have the right to obtain from us the erasure of Personal Data concerning you without undue delay and we have the obligation to erase your Personal Data without undue delay where one of the following grounds applies: your Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraws consent on which the processing is based and there is no other legal ground for the processing; you objects to the processing and there are no overriding legitimate grounds for the processing; your Personal Data have been unlawfully processed; your Personal Data have to be erased for compliance with a legal obligation; your Personal Data have been collected in relation to the offer of information society services.
Right to restriction of processing
You have the right to obtain from us restriction of processing where one of the following applies: you contest the accuracy of your Personal Data, for a period enabling us to verify the accuracy of your Personal Data; the processing is unlawful and you oppose the erasure of your Personal Data and request the restriction of their use instead; we no longer need your Personal Data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; you has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.
Right not to be subject to a decision based solely on automated processing
You have the right not to be subject to a decision solely based on automated processing, including profiling, which produces legal effects concerning the data subject or similarly affects the data subject in a significant manner. Therefore, we hereby state that NFT Bucharest does not use applications, algorithms, artificial intelligence or automatic process to make automatic decisions (without human intervention) that produces legal effects.
The exercising of the above rights may be performed at any time. For using these rights we encourage you to submit your written request (together with your contact details) in electronic format by mail at [email protected].
Children’s Personal Data
NFT Bucharest does not collect any Personal Data from children under the age of 16.
So, if you are under 16 please do not submit to us any Personal Data.
- What security precautions does NFT Bucharest takes to protect your Personal Data
We have assumed the responsibility to implement proper technical and organizational measures regarding the protection of privacy and security of your Personal Data. We have taken all reasonable measures to protect your Personal Data from damage, loss, misuse, unauthorized access, alteration, destruction, or disclosure, as following:
- People who have access to our filing system are only those nominated by NFT Bucharest. To accesses the system, they use individual accounts and passwords which are changed periodically.
- All our employees, collaborators and service providers who are in contact with Personal Data must act in accordance with the principles and policies regarding to the processing of Personal Data. They were informed and they have assumed to respect of the GDPR by signing the Data Processing Agreements or as an effect of the law.
- our employees and collaborators access Personal Data for the performance of their professional duties and only in accordance with the stated purpose of data collection.
- Computers from which the filing system is accessed are password-protected and have antivirus, antispam and firewall security updates.
- Personal Data is printed only by authorized users, if it is necessary to perform our activity or to fulfil our legal obligations.
Please also select carefully what Personal Data do you choose to submit thinking that the internet or e-mails are not impenetrable spaces, and a technical error can cause an unhappy event anytime with respect to your Personal Data.
- Links to other websites
On our website you may find links to other organizations. This Privacy Notice do not cover the Personal Data processed by them.
If you decide to access other organization’s links, we encourage you to carefully read their Privacy Notices which should be found on their websites. In general, the Privacy Notice may be accessed on the bottom section of the website.
As stated above, considering our partnership with Oveit, we have integrated a purchase link directly on the Platform, with Oveit being the Operator in relation to the ticket purchase and payment procedure and with no direct implication from us.
Please read carefully the Privacy Notice of Oveit’s services before deciding to purchase tickets, which you can access at the following link (https://oveit.com/privacy-policy/)
Updates to the Privacy Policy
Believing that we are constantly developing our services, we are confident that our platform may soon have new functions, so our Privacy Notice will be updated accordingly.
In order to keep you informed, we always publish the latest version of the Privacy Notice on our website, without any specific notice in this respect.
We assure you that the way we collect and process your Personal Data is in accordance with the provisions of the GDPR Regulation.
We encourage you to constantly review this Privacy Policy in order to be constantly informed with respect to the categories, purposes and manners NFT Bucharest processes your Personal Data.
If you have any questions about our Privacy Policy, please contact to us at [email protected].
- Information concerning Data Protection Supervisory Authority
If you consider that your rights provided by Regulation no. 679/2016 have been violated, you can address directly to us or to our Data Protection Supervisory Authority: National Authority for the Supervision of the Processing of Personal Data (Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal) ”ANSPDC” by submitting a complaint.
Contact details of the authority:
Link for compliances: https://www.dataprotection.ro/?page=Plangeri_pagina_principala
Contact link: https://www.dataprotection.ro/?page=contact&lang=ro
Website: https://www.dataprotection.ro/
Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, cod postal 010336, Bucuresti, Romania