Privacy Policy — Saronic Chamber Music Festival

This Privacy Policy explains how we collect, use and protect your personal data when you visit the Saronic Chamber Music Festival website, subscribe to our newsletter, contact us, or book tickets. We are committed to protecting your privacy and to handling your personal data in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and Greek Law 4624/2019.

Who we are

The Saronic Chamber Music Festival is organised by Saronic Music, a Greek non-profit civil law company (αστική μη κερδοσκοπική εταιρεία). Saronic Music is the data controller responsible for your personal data.

Saronic Music
Epar.Od. Ermionis-Galatas, Poros, 180 20, Greece
Email: info@saronicfestival.com

What information we collect

We only collect the information we need to run the festival and respond to you:

Newsletter — when you subscribe, we collect your first name, last name and email address.

Contact form — when you write to us, we collect your name, email address and the content of your message.

Ticket bookings and donations — when you book tickets or make a donation, we collect your name, email address, the tickets or donation you selected, and the resulting order and payment reference. Card payments are processed by our payment provider; we never see or store your full card details.

Technical data — like most websites, our hosting provider automatically processes limited technical data (such as your IP address and browser information) to deliver pages, keep the site secure and prevent abuse.

How we use your information and our legal basis

We use your personal data for the following purposes, each with a legal basis under the GDPR:

To send you our newsletter — on the basis of your consent, which you give when subscribing (double opt-in) and can withdraw at any time.

To process and fulfil your ticket bookings and donations, including emailing your tickets — on the basis of performing our contract with you.

To respond to your enquiries — on the basis of our legitimate interest in answering people who contact us.

To keep the website secure, prevent fraud and abuse, and understand in aggregate how the site is used — on the basis of our legitimate interests.

To meet our accounting and tax obligations for ticket sales — on the basis of compliance with a legal obligation.

Cookies

Our website uses a small number of strictly necessary cookies to keep the site working — for example, to remember your session, secure forms against tampering, and hold your ticket basket. We do not use analytics or advertising cookies that track you across the web.

Who we share your information with

We do not sell your personal data. We share it only with the service providers that help us operate the festival, and only as far as needed:

Mailchimp (Intuit Inc.) — to manage our newsletter and send subscription emails.

myPOS — to process card payments for tickets and donations securely.

Cloudflare, Inc. — to host the website and its database, to route and send email, and to protect the site against attacks.

These providers act as our processors and may only use your data on our instructions. We may also disclose data where we are required to do so by law.

International transfers

Some of our providers (for example, Mailchimp) are based outside the European Economic Area, including in the United States. Where your data is transferred outside the EEA, we rely on appropriate safeguards, such as the Standard Contractual Clauses approved by the European Commission or an adequacy decision.

How long we keep your data

We keep newsletter data until you unsubscribe. We keep booking, donation and payment records for as long as necessary to provide the service and to meet our legal and tax obligations under Greek law. We keep contact messages only for as long as needed to deal with your enquiry.

Your rights

Under the GDPR you have the right to access your personal data, to have it corrected or erased, to restrict or object to its processing, to data portability, and — where processing is based on consent — to withdraw that consent at any time. To exercise any of these rights, contact us at info@saronicfestival.com.

You also have the right to lodge a complaint with the Hellenic Data Protection Authority (Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα), Kifissias 1-3, 115 23 Athens, www.dpa.gr, if you believe we have not handled your data properly.

Security

We take reasonable technical and organisational measures to protect your personal data against loss, misuse and unauthorised access. The website is served over an encrypted (HTTPS) connection.

Children

The website is not directed at children, and we do not knowingly collect personal data from children.

Changes to this policy

We may update this Privacy Policy from time to time. The current version is always available on this page, and the date below shows when it was last updated.

Last updated: June 2026.