Privacy Policy
Version: April 2026 · Pursuant to GDPR Art. 13
1. Data Controller
Tetiana Rymar Johannesstr. 12 44137 Dortmund Deutschland E-Mail: arttime.worldfestival@gmail.com
2. Data We Collect
- First and last name (participant and contact person)
- Email address, phone number
- City and country of residence
- Date of birth (for age verification)
- Uploaded files: photos, audio (backing tracks), video links, documents
- Technical information: IP address, device information (via Supabase Auth)
- Parent/guardian name (for participants under 16)
3. Purpose and Legal Basis
| Purpose | Legal Basis |
|---|---|
| Processing and managing festival applications | Art. 6(1)(b) GDPR |
| Communication with participants (confirmations, results) | Art. 6(1)(b) GDPR |
| Issuing diplomas and certificates | Art. 6(1)(b) GDPR |
| Payment data processing (bank transfer details) | Art. 6(1)(b) GDPR |
| Marketing and promotion (only with explicit consent) | Art. 6(1)(a) GDPR |
4. Data Recipients
- Supabase Inc. — database service (EU servers, Frankfurt)
- Vercel Inc. — hosting (USA, data transfer via SCCs)
- Cloudflare Inc. — file storage R2 (USA, SCCs)
- Festival organizer (receives application data for their event)
5. Retention Period
Application data is stored for 3 years after the festival. Invoices and payment records are retained for 7–10 years under tax law obligations. After this period, the data is automatically deleted.
6. Cookies
We use only technically necessary cookies (authentication session, language preference). These do not require separate consent under the ePrivacy Directive.
7. Your Rights (Art. 15–22 GDPR)
- Right of access to your data (Art. 15)
- Right to rectification of inaccurate data (Art. 16)
- Right to erasure ("right to be forgotten", Art. 17)
- Right to restriction of processing (Art. 18)
- Right to data portability (Art. 20)
- Right to object to processing (Art. 21)
- Right to withdraw consent (Art. 7(3))
To exercise your rights, please contact: arttime.worldfestival@gmail.com
8. Right to Lodge a Complaint
You have the right to lodge a complaint with the competent data protection supervisory authority:
Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI), https://www.bfdi.bund.de
9. Children's Data (Art. 8 GDPR)
The minimum age for consent to data processing in Germany is 16 years. For participants under 16, consent from a parent or legal guardian is required. This is obtained during application submission and recorded in the system.