logo

Privacy & Policy

Media Gallery

Festival Experiences

About Untold

VIP Experiences

Secret Garden

Exclusive Collection

UNTOLD KIDS

Campaign Regulations

Press

International Agents

FAQ

Terms & Conditions

Privacy & Policy

ANPC

ANPC - SAL

Parent Consent

Accommodation Contract

Privacy & Policy

PRIVACY POLICY

EVENT: UNTOLD FESTIVAL

CO-ORGANIZERS: UNTOLD SRL, UNTOLD PRODUCTION S.R.L

LOCATION: Cluj-Napoca municipality, Cluj-Napoca county. Cluj, Romania

 

1. Introduction

1.1 The confidentiality of personal data is one of the main concerns within the Organizing companies. As such, we want to ensure the highest standards of confidentiality and transparency with regard to the personal data we process in our day-to-day business.

1.2 Since, in the course of our activity, it is necessary to process a series of personal data, especially in relation to the specificity of our object of activity, we want to provide assurances that the processing will take place in compliance with the principles underlying the processing of personal data. This privacy policy is intended to help you understand what data we collect, why we collect it, and what we do with it.

2. Information about Joint Controllers

2.1 The co-organizing companies of the UNTOLD 2025 Edition are Untold Production SRL, based in Cluj-Napoca, Eremia Grigorescu, no. 122A, registered in the Trade Register with no. J12/5129/2021, CUI: 45114420 and UNTOLD SRL, headquartered in Cluj-Napoca, Eremia Grigorescu, no. 122A, Cluj-Napoca county. Cluj, registered with the Trade Register under no. J12/3105/2015, CIF RO35113711 (hereinafter collectively referred to as "the Controllers" or "we"). Untold Production SRL and UNTOLD SRL act as joint controllers, based on a written agreement between them by which they have jointly established the purposes and means of processing the personal data collected through the www.untold.com website (the "Website"), the Untold application, the on-site check-in system, the means of video monitoring and capture of photo and video images within the Festival by authorized persons by Untold. 

2.2 The Controllers are obliged to manage the data securely and only for the specified purposes.

2.3. In the collection of data and information, we act as joint controllers as a result of the fact that both entities operate within the same group of companies.

2.4. The essence of the processing of personal data by the parties is the Joint Controllers Agreement concluded in accordance with Article 26 of the GDPR whereby the parties have established in a transparent manner the responsibilities of each in terms of the fulfilment of the obligations, in particular with regard to the exercise of the rights of the data subjects and the duties of each to provide the information provided for in Articles 13 and 14. 

2.5. The joint controllers process personal data according to the obligations resulting from the Agreement entered into between them, but also from the obligations imposed by the specific legal provisions. The purpose of the data processing by the Associated Controllers is to allow the organization of the UNTOLD event at the highest level, both companies being co-organizers and contributing through their object of activity to its realization. 

2.6. In essence, UNTOLD SRL will continue to manage, as before, the personal data processing activities in connection with the organization and conduct of the festival. UNTOLD PRODUCTION SRL contributes to determining the purposes of some processing, given that part of the processing activities will fall under the commercial contracts concluded by UNTOLD PRODUCTION SRL for the organization of the UNTOLD Festival Edition 2025 (e.g. ticket sales). The type of personal data being processed, the purpose, the retention period and the legal basis for processing remain unchanged. 

2.7. Main duties of the Associated Operators:

  • UNTOLD SRL will mainly have the following role: managing personal data processing activities, owning and managing the existing database, managing the www.untold.com page, the UNTOLD application and online platforms, organizing marketing campaigns, ensuring communication with the consumer.
  • UNTOLD PRODUCTION SRL will mainly have the following role: ticket sales activity, marketing and advertising activities for the promotion of the festival and/or the products and services related to the UNTOLD 2025 Edition festival.

2.8. Each controller shall ensure that information regarding the processing of personal data and is made available to data subjects in accordance with Article 12-14 of the GDPR.

2.9. All principles, policies and practices applicable with respect to UNTOLD SRL apply with respect to UNTOLD PRODUCTION SRL and vice versa.

2.10. We will comply with all legal confidentiality requirements regarding the processing of personal data, including the obligation to carry out risk assessments and enter into data processing agreements with its suppliers who process personal data.

2.11. In accordance with Article 32 of the GDPR, we have taken appropriate technical, physical and organisational security measures to protect personal data against unauthorised or unlawful access, alteration, deletion, damage, loss or inaccessibility.

2.12. We will comply with the Principles of Personal Data Processing as mentioned in Art. 5 of the GDPR, respectively in the context of the processing activities. The Controllers will process the personal data, which are the subject of this contract:

  1. lawfully, fairly and transparently towards the data subject;
  2. for specified, explicit and legitimate purposes and not in a way that is incompatible with the purposes stated at the time of collection of the personal data;
  3. guaranteeing their adequacy, relevance, limiting the processing to what is necessary in relation to the purposes for which they are processed;
  4. ensuring that personal data that is inaccurate is erased or rectified without delay;
  5. storing personal data in a form that allows the identification of data subjects for a period not exceeding the period necessary to fulfil the purposes for which the data are processed;
  6. processing personal data in a manner that ensures adequate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, by taking appropriate technical or organisational measures.

 

3. What data do we process, the purpose of the processing and the retention period on each category of data?

3.1.1. For the purpose of creating and accessing an account on the www.untold.com website, in the Untold app and/or on Untold's external platforms (In-town, Entertix, Extasy).

  1. What data do we process? The phone number and set of cryptographic hash values (generated by applying the PBKDF2 encryption algorithm) for the password set by the user to be able to log in to their account.
  2. Retention period: We will store this data for as long as you have an account on the Untold website/app. We specify that to the extent that there is no request for anonymization of this data on the [email protected], it will be anonymized within 5 years from the last use of the account.
  3. Legal basis for processing: Art. 6 (1) lit. b - the processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject before concluding a contract.

3.1.2. For the purpose of purchasing an Untold product or service. 

  1. What data do we process? Name, surname, e-mail, telephone, country, city, address.
  2. Retention period: Until the general limitation period of 3 years from the end of the edition in which the ticket or edition about which the problem was reported was purchased.
  3. Legal basis for processing: Art. 6 (1) lit. b - the processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject before concluding a contract.

3.1.3. For the purpose of purchasing products or services in installments or for saving the card for the purpose of making future transactions. 

  1. What data do we process? A card identifier in secure format (not the entire number), the card's expiration date, and the cardholder's name. Our payment processing service takes care of encrypting and securing your card data. 
  2. Retention period: For installment purchases, card data cannot be deleted from the system for the duration that there are active payment installments associated with that card. After completing the last installment, the user can request the deletion of the card data. For saving the card for the purpose of future purchases, the data is stored for as long as the user keeps the card saved in his account. The User may request their deletion at any time, unless there are outstanding financial obligations associated with the Card. However, these data will not be kept for a period longer than 3 years, which is the general limitation period applicable to the resolution of applications and possible investigations.
  3. Legal basis for processing: Art. 6 (1) lit. b - the processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject before concluding a contract.

 

3.1.4. For the purpose of returning the purchased products or solving a problem addressed to us.

  1. What data do we process? First name, last name, email, phone number, IBAN, and account holder's name, as well as other information provided via email or on other platforms to describe the issue.
  2. Retention period: The data will be stored for the time necessary to solve the requests and any investigations. However, this data will not be kept for a period longer than 3 years, which is the general limitation period applicable in such cases.
  3. Legal basis for processing: Art. 6 (1) lit. b - the processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject before concluding a contract.

 

3.1.5. In the CHECK-IN process:

3.1.5.1 In order to ensure access to the festival perimeter and to provide the services to which the participant is entitled based on the ticket, to inform about the aspects related to the organization and conduct of the event or any other offers and announcements in relation to the purchased product, to prevent fraud, abusive use and to verify the validity of the ticket or subscription.

  1. What data do we process? Name, surname, e-mail, phone number, profile picture (except for minors under 18 years of age) and ticket number / access bracelet within the festival.
  2. Retention Period: Your profile picture will be deleted within 20 days of the end of the Festival. The other data will be anonymized within 3 years from the last edition in which the data subject participated in the Festival, if this has not been previously requested.
  3. Legal basis for processing: Art. 6 (1) lit. b - the processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject before concluding a contract.

3.1.5.2. For exclusively internal purposes for the preparation of reports and surveys, the organization of access areas, the creation of campaigns and dedicated activities, in order to respond to a request from public authorities, for complaints or complaints.

  1. What data do we process? Gender, country, city, county, date of birth.
  2. Retention period: These data are kept in the Organizer's archive without being associated with a natural person following the irreversible anonymization of personal data.
  3. Legal basis for processing: Art. 6 (a) lit. f the processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party.

3.1.6. For marketing purposes:

3.1.6.1. For the commercial purpose of promoting Untold products and services.

  1. What data do we process? First name, last name, email address, phone number.
  2. Retention period: The data will be anonymized upon withdrawal of consent or at most within 4 years if the data subject no longer reacts to any commercial message.
  3. Legal basis for processing: Art. 6 (a) lit. f the processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party.

3.1.6.2. For the purpose of subscribing to the Untold Newsletter with the consent of the data subject.

  1. What data do we process? Email address.
  2. Retention Period: Until unsubscribe or withdrawal of consent.
  3. Legal basis for processing: Art. 6 (1) (a) the data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes.

3.1.6.3. For the purpose of conducting surveys to improve the quality of the services we offer, telephone calls may be recorded with the consent of the data subject.

  1. What data do we process? The voice of the data subject.
  2. Retention duration: Recorded calls will be deleted within 30 days from the time of recording.
  3. Legal basis for processing: Art. 6 (1) (a) the data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes.

3.1.7. In the REGISTER CAMPAIGN:

3.1.7.1. For the purpose of enrolling in the Register Campaign where the data subjects register in a community where they receive recurring information about the latest promotions, campaigns, announcements, sales of tickets at promotional price to the editions of the Untold Festival. 

  1. What data do we process? First name, last name, email address, phone number.
  2. Retention period: The data will be anonymized upon withdrawal of consent or at most within 4 years from the last edition in which the person registered for the campaign. If the data subjects have purchased a Ticket in this campaign, their personal data will be processed from this step forward in order to be able to ensure the purchased services and access to the Festival.
  3. Legal basis for processing: Art. 6 (1) lit. b - the processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject before concluding a contract.

3.1.7.2. For exclusively internal purposes for reporting and surveying, organizing artistic moments, creating the concept of an annual event, creating dedicated campaigns and activities.

  1. What data do we process? Gender, country, county, date of birth.
  2. Retention period: These data are kept in the Organizer's archive without being associated with a natural person following the irreversible anonymization of personal data.
  3. Legal basis for processing: Art. 6 (a) lit. f the processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party.

3.1.8. In order to ensure the security of goods, spaces and people, video monitoring means are used in the festival perimeter.

  1. What data do we process? The image of the visitors to the event.
  2. Retention period: 20 days. Some data may be retained for a longer period, if the retention is necessary for the investigation of fraud, for the defense of the legal rights of any of the Parties or in situations where it is necessary to comply with requests made by the competent authorities. 
  3. Legal basis for processing: Art. 6 (a) lit. f the processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party.

3.1.9. For taking photos and videos during the event, subsequently used for journalistic, information, commercial, marketing and promotional purposes of the event, Untold products and services or adjacent products and services, in its own name by Untold or by any partner or sponsor of the Untold Festival, as well as for the purpose of making NFTs (Non-fungible tokens) and selling them on the relevant market.

  1. What data do we process? The image of the visitors to the event.
  2. Retention period: Until the moment of the deletion request by the data subject or no more than 15 years from the moment of completion of the edition in which they were made.
  3. Legal basis for processing: Art. 6 (a) lit. f the processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party.

3.1.10. For the purpose of organizing promotional campaigns and contests, as well as to ensure the sending of prizes.

  1. What data do we process? Name, surname, email, social media profile (if applicable), information included in comments within campaigns organized by the Organizer or in partnership with other partners.
  2. Retention period: For those who have not won any prizes, the information will be deleted within 60 days of the end of the Campaign. For people who win a prize, the data will be kept until the general limitation period of 3 years from the end of the campaign or contest, in order to defend legal rights and fulfill tax obligations.
  3. Legal basis for processing: Art. 6 (a) lit. c – the processing is necessary for the fulfilment of a legal obligation incumbent on the controller.

3.2 In addition to the aforementioned purposes, the Controller processes the personal data collected with the following purpose in mind:

  1. For the fulfillment of the legal obligations incumbent on us, as a result of the services provided (e.g. accounting, tax, audit obligations, etc.) they are always compatible with the main purposes for which the data were collected.
  2. To the extent that the data subject has given his/her consent to the processing of his/her personal data for one or more specific purposes.
  3. For any other purpose ancillary to the above, or for any other purpose for which the personal data was provided to us, in compliance with the relevant legislation.

d.  To protect ourselves legitimate interests,  overriding the interests or fundamental rights and freedoms of the data subject, taking into account their reasonable expectations based on the relationship with the controller:

  • To conduct market research and analysis that helps improve and personalize our products and services.
  • For direct marketing purposes, to send general interest communications or messages asking you to evaluate the quality of our services/products
  • For the management of the company's activity, the preparation of internal reports that are used in the organization of access and bracelet pick-up areas of future editions, to organize dedicated campaigns and activities
  • To prevent or detect misuse of our intellectual property, fraud, or other crimes.
  • To ensure security during the event, to settle complaints related to fraud, criminal or contravention complaints, complaints related to ticket sales, cases in which the Organizer needs to identify a person with the ticket number, to identify if that person entered the festival perimeter and at what time, or to defend the company's rights in court.

3.3 Where we use your personal data, we will use your personal data. for purposes other than those set out in this Policy, we are obliged to obtain your consent, unless we are legally obliged to do so or have another legal basis for processing the data.

3.4 The Operators do not create individual profiles of the participants of the Untold Festival.

4. How we collect your data personal?

4.1 We collect your personal data, either directly from you, for example, when you create an account on our website/app, send us an email  to [email protected], requesting an offer/information, giving your consent to the communication of commercial messages, when purchasing a product, etc., or indirectly,  For example, when you transmit this information on the platforms of other collaborators of our company, in the process of purchasing the ticket/subscription.

4.2 We collect your personal data and automatically, when you use our services on the Untold website or app, we collect information through cookies and by logging your activity. For more information on the use of cookies, please refer to Art. 6 of this Policy.

4.3. If you choose to provide us with other people's personal data, such as when you purchase tickets on behalf of others, you are responsible for how you obtained this data and that you have a legal basis for processing it, and we cannot be held liable for the infringement of those people's rights.

5. How do we store personal data?

5.1 A cloud service provided by Amazon Web Services EMEA S.A.R.L. is used to store the personal data you provide to us as a user of our website/app.

5.2 At the same time, the data collected in the context of on-site check-in is stored by our partner Festipay Zrt. on its servers in the European Union.

6. USE OF COOKIES

6.1 The Website contains cookies (very small files sent to the computers of users of the Website or other access devices).

6.2 There are two types:

6.2.1. Cookies according to their lifespan:

a) Session cookies

They are temporarily stored in the cookie folder of the web browser so that they retain them until the user leaves the respective website or closes the browser window (for example, when logging in/out of an email account or social media).

b) Persistent cookies

These are stored on the hard drive of a computer or device (and generally depend on the default cookie lifespan). Persistent cookies also include those placed by a website other than the one the user is currently visiting – known as "third-party cookies" – which may be used anonymously to store a user's interests so that the most relevant advertising can be displayed to users.

6.2.2. Cookies according to their role

a) Strictly necessary cookies

These types of cookies are necessary for web pages to function properly. Strictly necessary cookies allow you to navigate the website and benefit from its functions. Without these cookies, we will not be able to provide certain functionalities, such as automatically redirecting to the server with the least congestion or remembering your list. of desires.

b) Functional cookies

Functional cookies record information about the choices users make and allow website operators to customize the site according to the user's requirements. For example, cookies can be used to save category/segment preferences.

c) Performance and analytics cookies

These types of cookies allow website operators to monitor visits and traffic sources, how users interact with the site or certain sections of the site.

The information provided by analytics cookies helps operators understand how visitors use websites and then use this information to improve the way content provided to users is presented.

d) Advertising cookies

These cookies may provide the ability to monitor users' online activities and create profiles of them, which can later be used for marketing purposes. For example, cookies may be used to identify products and services approved by a user, and this information is subsequently used to send appropriate advertising messages to that user.

6.3 Accessing the website implies the consent of the users to the placement of these types of cookies on their device and to access them on the next visit to the website.

6.4. In general, data on internet browsing activity is collected and analyzed anonymously. If this analysis reveals a specific interest, a cookie (small text file used by most sites to store certain useful information to improve the browsing experience) - is placed on the user's computer and this cookie determines what type of advertising the user will receive, which is called interest-based advertising.

6.5. You can see all the cookies used by our website in the Cookie Notice at the bottom of the page. You can withdraw your consent to the use of cookies at any time by changing the options in the appropriate available cookie settings. Blocking Necessary Cookies in Your Browser It may also not work properly. Disabling other types of cookies (other than those that are necessary) may also affect the operation or experience of your website. in your use of the site.

6.6. The Site may use or implement third-party social media plugins. In general, your interaction With such a module, it allows the third party to collect certain information about you, including your IP address, page header information, and browser information. The site has implemented the following social media buttons:

-> Facebook https://www.facebook.com/privacy

-> Instagram https://help.instagram.com/519522125107875

-> WhatsApp https://www.whatsapp.com/security

6.7. The Website uses Google Analytics, a web analysis service provided by Google Inc., with its registered office at 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google"). Based on your consent, Google will analyze how you use our website on our behalf. For this purpose, we use, among other things, the cookies detailed in the table above. The information that Google collects about how you use the site (e.g., the URL you provide, our web pages you visit, your browser type, language settings, operating system, screen resolution) will be sent to a Google server in the States.

7. To whom do we disclose personal data?

7.1 In order to fulfil the processing purposes, the Controllers disclose your personal data to partners, to third parties or entities that support the Controllers in carrying out their activity, or to central/local public authorities, in the following cases listed by way of example:

1. To our service providers and contractual partners, for example: providers of marketing services (including surveys) and advertising; our partner in charge of ensuring access to the Untold Festival premises; the IT service provider; courier services, payment services, banking services, payment services, ticket sales, etc. This data will be provided to the extent necessary and only on the basis of a confidentiality commitment from the contractual partners, guaranteeing that this data is kept secure and that its processing is carried out in accordance with the legislation in force;

2. To the accountants, auditors, lawyers, insurers or other such external advisors of the Operator. This data will be provided to the extent necessary and only on the basis of a confidentiality commitment from the contractual partners, guaranteeing that this data is kept secure and that its processing is carried out in accordance with the legislation in force;

3. Public authorities, institutions and bodies, if there is a legal request on their part or to the extent that there is a legal obligation on our part;

4. The Controller will be able to disclose this data whenever the law requires it, or in the situation where this step is necessary to allow the exercise of the rights provided by law and/or to be able to take legal action against any illegal activity;

5. Your personal data may be transferred to third countries, based on the contractual relationships we have with our partners (both affiliates and other entities in the European Union) for the purpose of compiling statistics and other types of reports. To the extent that the data is processed outside the European Union, we will ensure through contractual or other measures that this data enjoys an adequate level of protection there, comparable to that which it would enjoy in the European Union, in accordance with European regulations. 

8. How long do we keep personal data?

8.1 As a principle, we will only process your personal data to the extent necessary for the fulfilment of the processing purposes mentioned above. For more details about our Data Retention Policy for certain specific processing, please review the information in Art.3.

9. Your rights in relation to the processing of personal data:

9.1. Where the processing is based on consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal. Thus, you can change or remove consent at any time, and we will act immediately accordingly, unless there is a legal reason or legitimate interest not to do so.

9.2. If we process your data on the basis of our legitimate interest or those of third parties, you may object to that processing on grounds relating to your particular situation. In some cases, our legitimate interest or that of third parties may be overridden by you, and we will not be able to accommodate your request to object to the processing.

 

9.3. As  a data subject, you benefit from a series of specific rights guaranteed by the General Data Protection Regulation no. 679/2016 (GDPR) and the legislation in force in Romania  on the protection of personal data:

 

9.3.1. Right to information

Data subjects whose personal data are processed in the course of our specific activities have the right to receive information from us about the processing operations carried out in our capacity as a data controller. 

9.3.2. Right of access

You have the right to obtain confirmation from us as to whether or not we are processing personal data concerning you.

If we confirm that we hold your personal data, you have the right to access it and obtain a range of additional relevant information.

9.3.3. Right to rectification

You have the possibility to obtain from the data controller, the rectification of inaccurate data concerning you or the completion of personal data that are incompletely recorded in our internal records.

 

9.3.4. Right to erasure of data ("right to be forgotten")

You have the right to request the erasure of the personal data we process about you. We must comply with this request if:

a) the personal data are no longer necessary for the fulfillment of the purposes for which they were collected;

b) you object to the processing for reasons related to your particular situation;

c) the personal data have been processed unlawfully;

d) the personal data must be erased for compliance with a legal obligation incumbent on us, unless the data is necessary:

  • for the exercise of the right to free expression and information;
  • to comply with a legal obligation we have;
  • for archiving purposes in the public interest, scientific or for historical studies or statistical purposes;
  • for ascertaining, exercising or defending a right in court.

9.3.5. Right to restriction of processing

You can ask us to restrict the processing of your personal data when:

  • contest the accuracy of the personal data we process, while we verify the accuracy of the data;
  • the processing of data is unlawful, but instead of requesting the deletion of personal data, you want to restrict their processing;
  • the personal data are no longer necessary for us to achieve the purpose for which they were processed, but you request those data from us for the establishment, exercise or defense of a right in court;
  • you have objected to the processing and request restriction while we verify whether our legitimate interest in the processing prevails.

 

9.3.6. Right to data portability

You have the right to obtain your data from us in a structured, commonly used and machine-readable format.

 

9.3.7. Right to object

At any time, the data subject has the right to object, on grounds relating to his or her particular situation, to the processing. The controller shall no longer process personal data unless the controller demonstrates that it has compelling legitimate grounds justifying the processing and which override the interests, rights and freedoms of the data subject or that the purpose is to establish, exercise or defend a claim in court.

You may object at any time to the processing of your personal data for direct marketing purposes, for any reason.

 

9.3.8. The right not to be subject to a decision based solely on automated processing, including profiling

This right is applicable if the automated individual decision-making process produces legal effects that concern you or affect you to a significant extent.

 

9.3.9. Right to lodge a complaint

If you have a dissatisfaction with the way we process your personal data, please contact us so that we can solve your problem using the following contact details:

  • E-mail: [email protected]
  • Address: str. G-ral Eremia Grigorescu, nr. 122 A, Cluj-Napoca, Cluj County.

 

You can also contact the National Supervisory Authority for Personal Data Processing through their website www.dataprotection.ro.

 

Please note the following aspects of interest, related to the method of analysis and response to the request for exercising rights:

 

We will make every effort to respond to your request within 30 days. This period may be extended due to reasons related to the specific legal right invoked or the complexity of your request by a maximum additional period of two months. In any case, if the legal deadline for response is extended, then we will inform you about the new deadline and the reasons that led to this extension.

 

10. Information Security

10.1 We work hard to protect the Website, App and our users, as well as any personal data collected under this Policy, from unauthorized access to or alteration, unauthorized disclosure or destruction of the information we hold.

10.2. The Joint Controllers guarantee that they have implemented technical and organizational measures appropriate to the processing activities they carry out, for the protection of personal data, against accidental or unlawful destruction, loss, alteration, disclosure or unauthorized access to them, transmission, storage or processing in any other unlawful ways.

10.3. In this regard:

  1. The Controllers certify that they meet the minimum requirements for the security of personal data, the data being processed in a way that ensures protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by taking appropriate technical or organizational measures;
  2. For the data collected through the website and the application, in order to ensure access to the festival, the Operators use a cloud service  offered by Amazon Web Services EMEA SARL. Thus, the security settings offered by Amazon are used. Access to the data is done in a white-list of security groups, which means that the data can only be accessed from certain pre-defined IP addresses. Access is based on username and password, and at the level of the co-organizing companies, access to the database is allowed to a limited number of people.
  3. The data storage systems used have implemented back-up mechanisms to ensure the redundancy of the stored data.
  4. We regularly review information collection, storage, and processing practices, including physical information, as well as security measures, to prevent unauthorized access to systems.
  5. We restrict our employees and contractors' access to your information. and contractual relations with these persons are subject to strict rules regarding contractual confidentiality obligations, including under penalty of termination of contracts.

 

11. When does this Privacy Policy apply?

11.1 Our Privacy Policy applies to all services offered by our company and excludes services that have separate privacy policies and do not contain the provisions of this Privacy Policy.

12. Changes

12.1 We will post any changes to the privacy policy on our page, which will take effect within one day and, if the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of changes to the privacy policy). 

12.2. We will also keep previous versions of this Privacy Policy on file for your review at any time.

 

This policy was last updated on 14.05.2025.

Follow us on Instagram@untoldfestival

Our Friends

UNTOLD Universe

https://untold-universe-public-resources-prod.s3.eu-west-1.amazonaws.com/214aa718-f80e-4b80-b05a-419938e5f48d.png
Untold Dubai
https://untold-universe-public-resources-prod.s3.eu-west-1.amazonaws.com/65f3deb4-209b-4b9c-b874-a42bc5e0275a.png
Neversea
https://untold-universe-public-resources-prod.s3.eu-west-1.amazonaws.com/a77e2638-ca6b-4624-bb14-4ae6bd95fc4c.png
Massif
Get tickets from 864.20 Lei
We use cookies or similar technologies for purposes such as displaying personalized content. By clicking Accept, you agree to allow the collection of information. To learn more, including how to disable them, see our Terms & Conditions, Privacy & Policy.