Privacy Policy

I. General provisions

The protection of privacy in relation to the collection, processing and use of your personal data is an important concern to us and therefore we want to ensure the highest standards of confidentiality and transparency in relation to the personal data we process in our current business.  Thus, the processing of personal data is carried out in accordance with the General Regulation on Data Protection no. 679/2016 (GDPR) and the legislation in force in Romania regarding the protection of personal data.

The hereby Privacy policy applies to the users of the website,  managed by MERCATTO DANCE STUDIO S.R.L., a company organized and operating in accordance with the laws of Romania, with headquarters in the Bucharest Municipality, 6th District, Splaiul Independentei street, no. 202 B, room 42, registered with Trade Register under no. J40/2508/2023, sole registration code 47608102, respectively to the processing of the personal data of the previously mentioned users, as the data in question is provided in the process of purchasing tickets, in the use of the website and any of our services, as well as in any of the interactions with us.

The use of this website, of any of our services, including for the process of purchasing tickets or for any type of interaction with us, necessarily and without reservation implies the knowledge and acceptance of this Privacy Policy and the Rules of organization.

In order to express your consent regarding the processing of personal data according to the hereby Privacy Policy, you must validate the related box provided for this purpose within the ticket purchase process.

II. Definitions

Personal data – any information regarding an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more specific elements of his/her physical, physiological, genetic, psychological, economic, cultural or social identity

Data subject – the natural person whose personal data are processed

Data controller –the natural or legal person who decides why (for what purpose) and how (by what means) personal data are processed. In relation to you, we are the data controller and you are the data subject.

Consent – any free, specific, informed and unambiguous manifestation of the users through which it accepts, through a statement or an unequivocal action, for his/her personal data to be processed

Processing – any operation or set of operations performed on personal data or sets of personal data, including but not limited to collection, recording, retention, modification, use, disclosure, access, transfer or destruction

Breach of personal data – means a breach of security that leads to the destruction, loss, alteration, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed

Data Protection Authority – The National Supervisory Authority for the Processing of Personal Data or, as the case may be, the European Data Protection Authority

III. Principles of personal data processing

We undertake to consider the following principles of protection and processing of personal data:

  • The processing of personal data is carried out in a legal, fair and transparent manner, being able to demonstrate the compliance with this responsibility
  • The collection of personal data is carried out for specific, explicit and legitimate purposes, not being subsequently processed in a way incompatible with these purposes
  • Personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
  • Personal data is strictly accurate and updated where necessary
  • Personal data are kept in a form that allows identification only for the period necessary to fulfill the purposes for which the data are processed  
  • The processing is carried out in a way that ensures adequate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by taking appropriate technical or organizational measures       

IV. Types of personal data processed. Purpose of processing. The legal basis of the processing

By using the website or any of our services, by going through the process of purchasing event tickets or in any other interaction with us, we may collect the following types of personal data:   

  • Name
  • Surname
  • E-mail
  • Telephone
  • Country, city, county
  • Nationality
  • Gender
  • Date of birth
  • IP address, browser type, navigation data, URL of the viewed page
  • Information provided by e-mail
  • Economic or financial information (such as credit or debit card number, IBAN)
  • Number of the ticket / access wristband to the events

The personal data listed above are collected and processed for purposes that include:

  • Providing optimal services delivered through the website
  • The ticket purchase process – managing the contracting of the products and/or services offered through the website, as well as the validation, delivery and invoicing of the related orders made
  • Ensuring the access and services to which you are entitled based on the ticket, in order to prevent fraud, abusive use and to verify the validity of the purchased ticket
  • Information concerning the aspects related to the organization and conduct of events or any other offers and announcements in strict connection with the purchased product
  • Returning the purchased products, their value (in case of cancellation of events) or solving a problem addressed to us
  • Marketing and advertising of products and services – also see section VI below

Moreover, photographers and videographers will be present during the events, so we can also process data consisting of your image through photos or videos taken in this regard. They will be processed for journalistic or artistic purposes, commercial, marketing and promotion of our events, services and products, respectively for their publication on our social media pages.

In addition to the aforementioned purposes, we process the personal data collected considering the following aspects:

  • Fulfilling our obligations resulting from the services provided (eg.: accounting, fiscal, audit obligations etc.) these being always compatible with the main purposes for which the data were collected
  • To the extent that the data subject has given his/her consent for the processing of his/her personal data for one or more specific purposes
  • For any other purpose ancillary to the above, or for any other purpose for which personal data was provided to us, in compliance with the relevant legislation

In situations where we will use your data for purposes other than those mentioned in this Privacy Policy, we undertake to obtain your consent, unless we are under a legal obligation or have another legal basis for processing the data.

Any processing of your data for the aforementioned purposes is based on one of the following grounds according to art. 6 GDPR:

  • The data subject has given his/her consent to the processing of his/her personal data for one or more specific purposes (eg.: marketing and advertising, tickets purchase, photo-video images)
  • Execution of a contract to which the data subject is a party (eg.: purchase of goods and / or services – event tickets, return of purchased products or the related value)
  • Fulfillment of certain obligations stipulated by the legal provisions in our charge, the data controller (eg.: accounting and fiscal obligations etc.)
  • The processing is necessary for the legitimate interests pursued by the operator or a third party (eg.: information related to aspects related to the organization and conduct of events, marketing and advertising)

V. Method of collecting personal data

Your personal data is collected either directly, from you, for example when you contact us, send us an e-mail at requesting information, or indirectly, for example, when you transmit information on the platforms of other collaborators of our company, in the process of purchasing the ticket.

Furthermore, the collection of your personal data is also made automatically, through your use of our website, the information being collected through cookies and the logging of related activities. For more information regarding the use of cookies please see section VIII below.

If you provide us with other people’s personal data, such as when you purchase tickets on behalf of other people, you take responsibility for how you obtained this data and that you have a legal basis in order to process them, we not being responsible for the violation of the rights of the persons concerned.

VI. Storage of personal data. Personal data storage period

We assume and take seriously our responsibility to protect the personal data you entrust us. Thus, to avoid loss, improper use or unauthorized access, we use a variety of security technologies and organizational procedures to help protect personal data.

As a principle, your personal data will be kept strictly for the time necessary to achieve the purposes of the processing mentioned above or until you withdraw your consent (where applicable) and to the extent that there is no longer a legal obligation to continue the storage of personal data operation.

With regard to marketing and advertising messages of products and services, if you no longer wish to be contacted in relation to these matters, you can at any time waive your right to receive any commercial communication by sending an email to, through which you express your intention in this regard.

VII. Transfer of personal data

In order to fulfill the processing purposes, respectively for the optimal performance of the services, we may communicate your personal data to partners or third parties or entities that support us in carrying out the activity, such as:

  • service providers, as applicable (eg.: those who provide the online payment system, providers of marketing and advertising services, payment services, banking services, ticket sales etc.)
  • third parties or entities involved in the organization of events (eg.: contractual partners who provide the locations for the events – including for the purpose of promoting the event organization services provided by them through the photo-video materials taken during the events)
  • accountants, auditors, lawyers, insurers or other such external advisers, if applicable
  • authorities, institutions and central / local public bodies, if there is a legal request from them or to the extent there is a legal obligation from us

Your data will not be transferred outside the European Economic Area.

VIII. Cookies

Cookies are small files, generally made up of a string of characters, or parts of a file, which when accessing a website are saved in the browser used by the computer, phone, tablet or any other device through which the respective site is accessed online. At each subsequent access to the site, the browser used sends this file to the server of the respective site, in order to allow the identification of a visitors’ preference who has returned to the site.

This website uses cookies to analyze users’ behavior on the website, to administer the website, to simplify the navigation process and to personalize and improve the experience with us.

We may use cookies for the following purposes:

  • necessary cookies – these cookies enable functionalities without which the use of the website for the intended purpose would be impossible. These cookies do not collect personal information, do not require your permission and cannot be disabled;
  • functionality cookies – these cookies improve the users’ experience, provide functionality that makes using our service more convenient and make more personalized features possible;
  • performance cookies – these cookies are used to track the use and performance of our website and services. Through these cookies, the way the website works and the users’ experience can be continuously improved.

If you do not want to accept cookies, you can remove the cookies stored on your computer through your browser settings. Information on deleting and controlling cookies is available at Deleting cookies or blocking possible cookies could prevent access to certain areas or functionalities on the website.

Please note that, if you do not want cookies, we can no longer guarantee the correct operation of the website. It is possible that some functions of the website will be lost.

IX. Rights of data subjects

As a data subject, you benefit from a series of specific rights guaranteed by the GDPR Regulation and the legislation in force in Romania regarding the protection of personal data, as follows:

  • Right to information – which means that you have the right to receive information from us regarding the processing of your personal data
  • Right of access – which means that you have the right to obtain confirmation that your personal data is being processed by us and, in addition, to access it and obtain a range of relevant additional information, as well as a copy of the said data, under the conditions provided for within art. 15 of GDPR Regulation
  • Right to rectification – which means that you have the right to request the rectification or completion of your personal data, which is inaccurate or incomplete
  • Right to delete (”Right to be forgotten”) – which means that, in certain circumstances, you have the right to have your personal data deleted without undue delay, respectively when: (i) the personal data are no longer necessary to fulfill the purposes for which they were collected; (ii) you object to processing for reasons related to your particular situation; (iii) personal data were processed illegally; (iv) personal data must be deleted in order to comply with a legal obligation incumbent to us, unless the data is necessary: a. for exercising the right to free expression and information, b. to comply with a legal obligation we have, c. for archival purposes in the public interest, for scientific or historical studies or for statistical purposes, d. for establishing, exercising or defending a right in court.
  • Right to restriction of processing – which means you have the right to request the restriction of processing when: (i) you dispute the accuracy of the data, for a period that allows us to verify the accuracy of the data; (ii) the processing is illegal, but you object to the deletion of your personal data, requesting instead the restriction of its use; (iii) we no longer need your personal data for the purpose of processing, but you request it to establish, exercise or defend a right in court; (iv) you have objected to the processing and request restriction while we check whether our legitimate interest for the processing prevails.

In this case, apart from storage, we will only be able to process your personal data in question if: (i) we have your consent.; (ii) are necessary to establish, exercise or defend a right in court or to protect the rights of another natural or legal person, or; (iii) for important reasons which aims the public interest.

  • Right to data portability – which means that you have the right to obtain from us your personal data in a structured, current and machine-readable format, as well as the right to transmit the data in question to another controller
  • Right to object – which means that, at any time, you have the right to object to the processing, for reasons related to the particular situation. In this case, we will no longer process the personal data, unless we demonstrate that we have legitimate and compelling reasons that justify the processing and which prevail over your interests, rights and freedoms, or that the purpose is to establish, exercise or defend a right in court. You can object at any time to the processing of your personal data for direct marketing purposes, whatever your reason.
  • Right not to be subject to a decision based solely on automated processing, including profiling – which means that this right is applicable where the automated individual decision-making process produces legal effects that concern or affect you to a significant extent
  • Right to file a complaint – which means that if you have a complaint about the processing of your personal data, please contact us using the contact details listed in section XII below, so that we can resolve your issue.

According to personal data protection legislation, the response period is of 30 days. If, depending on the complexity of the request, we cannot implement the requested measures in less than one month, this period can be extended by a maximum of 60 days. In this situation, you will receive an information within a maximum of 30 days after sending the request, regarding the reasons for the delay.

You also have, at any time, the right to register a complaint with the National Supervisory Authority for the Processing of Personal Data using the contact details listed in section XIII below.

X. Collection of personal data of minors

The privacy and safety of minors is of important interest to us, reason for which we ask you to consult in this regard including the related sections of the Rules of organization.

This website, as well as our services (including any organized events) are not intended or directed to persons under the age of 18. In this sense, we do not allow the processing of personal data of users who don’t have the age of 18.

Regarding the provision of information company services directly to a child, the processing of a child’s personal data is legal if the child is at least 16 years old. We make all reasonable efforts to verify in such cases that the holder of parental responsibility has given or authorized the consent, taking into account available technologies. Therefore, the processing of minors’ personal data will only be carried out with the explicit consent of parents or other legal representatives. We will delete any information that we discover is collected from a minor, except as expressly provided by the minor under the supervision of a parent/legal representative or even by the parent/legal representative.

XI. Update of the Privacy Policy

We reserve the right to amend the hereby Privacy Policy at any time in accordance with applicable law. Any revisions and, implicitly, the updated version of the Privacy Policy will be found on this webpage, which will come into force from the date of its posting, reason for which we recommend that you review it periodically.

In addition, we will provide a related notice within the website to notify you of the change made and we will indicate at the bottom of the policy the date on which the most recent update was made.

XII. Our Contact Information

Address: Splaiul Independentei street, np. 202 B, room 42, 6th District, Bucuresti Municipality, Romania

Telepfone: +40 761 285 785


XIII. The National Authority for the Supervision of the Processing of Personal Data

Address: G-ral. Gheorghe Magheru Blvd. 28-30, postal code 010336, 1st District, Bucharest, Romania

Telephone: +40.318.059.211; +40.318.059.212