Privacy Policy
Verona International Piano Competition
Last updated: 15/06/2026
Important: This Privacy Policy explains how we collect, use, and protect your personal data when you register for the Verona International Piano Competition. By submitting your registration, you consent to the processing of your personal data as described in this policy.
1. Data Controller
2. Personal Data We Collect
2.1 Participant Data
| Data Category |
Specific Data |
Legal Basis |
| Identity Data |
First name, last name, birth date, age, nationality, dual nationality, fiscal code |
Contract performance, Legal obligation |
| Contact Data |
Email address, phone number, street address, city, ZIP code, state, country |
Contract performance |
| Travel Data |
Visa requirements, passport number, passport expiry date |
Legal obligation, Legitimate interest |
| Companion Data |
Companion name, surname, birth date, visa status, passport details |
Legitimate interest |
| Educational Data |
Academy/institution, teachers, awards and achievements |
Legitimate interest |
| Competition Data |
Musical pieces (composers, track names, durations), video links |
Contract performance |
| Payment Data |
Payment method, payment status |
Contract performance, Legal obligation |
| Documents |
Passport copies, curriculum vitae, photos, certificates |
Contract performance, Legal obligation |
2.2 Parent/Guardian Data (for minors under 18 on October 1, 2026)
For participants who are minors, we also collect:
- Parent/guardian full name, nationality, birth date
- Contact information (email, phone, address)
- Identification documents (fiscal code, passport details)
- Travel information (visa requirements)
Legal Basis: Legal obligation, Protection of vital interests of the child
3. How We Use Your Personal Data
3.1 Primary Purposes
- Competition Management: Processing your application, organizing competition rounds, scheduling performances
- Communication: Sending confirmation emails, updates, and competition-related information
- Legal Compliance: Meeting tax, accounting, and regulatory requirements
- Safety and Security: Verifying identity, managing venue access and security
3.2 Secondary Purposes
- Event Documentation: Creating programs, certificates, and promotional materials
- Future Communications: Informing you about future competitions (with opt-out option)
- Statistical Analysis: Improving our competition processes (anonymized data only)
4. Legal Basis for Processing
We process your personal data based on the following legal grounds:
- Contract Performance (Art. 6(1)(b) GDPR): Processing necessary for competition registration and participation
- Legal Obligation (Art. 6(1)(c) GDPR): Tax reporting, identity verification, child protection requirements
- Legitimate Interest (Art. 6(1)(f) GDPR): Event organization, security, promotional activities
- Consent (Art. 6(1)(a) GDPR): Marketing communications, photography/video for promotional purposes
- Vital Interests (Art. 6(1)(d) GDPR): Emergency situations, child protection
5. Data Sharing and Recipients
5.1 Categories of Recipients
- Competition Staff: Jury members, organizers, technical staff (on need-to-know basis)
- Service Providers: IT hosting, email services, payment processors
- Venue Partners: Concert halls, hotels, catering services
- Legal Authorities: When required by law or legal process
5.2 International Transfers
We may transfer your data to countries outside the EU/EEA only when:
- The European Commission has recognized adequate protection levels, or
- Appropriate safeguards are in place (Standard Contractual Clauses, adequacy decisions)
6. Data Retention
| Data Type |
Retention Period |
Reason |
| Competition Registration Data |
7 years after competition |
Legal/tax obligations |
| Financial Records |
10 years |
Tax and accounting requirements |
| Marketing Consents |
Until withdrawn |
Ongoing consent |
| Video/Audio Recordings |
Indefinitely (with consent) |
Promotional and archival purposes |
| Minor's Parent Data |
Until child reaches majority + 7 years |
Child protection requirements |
7. Your Rights Under GDPR
7.1 Individual Rights
- Right of Access (Art. 15): Request copies of your personal data
- Right to Rectification (Art. 16): Correct inaccurate or incomplete data
- Right to Erasure (Art. 17): Request deletion of your data (subject to legal obligations)
- Right to Restrict Processing (Art. 18): Limit how we use your data
- Right to Data Portability (Art. 20): Receive your data in a structured format
- Right to Object (Art. 21): Object to processing based on legitimate interests
- Rights Related to Automated Processing (Art. 22): Protection against automated decision-making
7.2 Exercising Your Rights
To exercise any of these rights, contact us at: competition@veronafestival.eu
We will respond within 30 days of receiving your request.
7.3 Right to Withdraw Consent
Where processing is based on consent, you can withdraw it at any time. This does not affect the lawfulness of processing before withdrawal.
8. Data Security
8.1 Technical Measures
- SSL/TLS encryption for data transmission
- Secure database storage with access controls
- Regular security updates and patches
- Firewall protection and intrusion detection
8.2 Organizational Measures
- Staff training on data protection
- Access controls based on need-to-know principle
- Regular security audits and assessments
- Incident response procedures
9. Cookies and Website Analytics
Our website uses essential cookies for:
- Session management during registration
- Security and fraud prevention
- Technical functionality
We do not use tracking or marketing cookies without your explicit consent.
10. Special Categories of Data
We may process special categories of personal data in the following circumstances:
- Health Data: Only with explicit consent and only for accessibility accommodations
- Biometric Data: Photos for identification purposes (with consent)
11. Data Breach Notification
In case of a data breach that poses high risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours
- Inform affected individuals without undue delay
- Provide clear information about the breach and mitigation measures
12. Children's Data Protection
12.1 Minors (Under 18)
For participants under 18 years old on October 1, 2026:
- Parent/guardian consent is required for registration
- Parent/guardian identification is mandatory
- Additional safeguards apply to data processing
- Parents can exercise rights on behalf of their children
12.2 Parental Rights
Parents/guardians have the right to:
- Access their child's personal data
- Request correction or deletion of data
- Withdraw consent for their child's participation
- Object to certain types of processing
13. Contact Information
14. Changes to This Privacy Policy
We may update this Privacy Policy to reflect:
- Changes in applicable laws
- Updates to our data processing practices
- New features or services
Significant changes will be communicated via email or prominent website notice at least 30 days before taking effect.
15. Legal Framework
This Privacy Policy is governed by:
- EU General Data Protection Regulation (GDPR) 2016/679
- Italian Data Protection Code (Legislative Decree 196/2003)
- Other applicable Italian and EU privacy laws