This website is operated by:
UNISON RIGHTS OGI, S.L. (“UNISON”) – Data Controller
Address: Calle Reina Cristina 9 Principal, 08003 Barcelona, Spain
VAT: ESB66840612
Email (privacy): LEGAL@ARTISTICFUTURES.EU

This Privacy Policy explains how we process personal data when you:
‍
- browse our website,
- contact us (forms or email),
- subscribe to updates/newsletter (if enabled),
- accept or manage cookies (where applicable).
‍
The AF website supports project communication, dissemination and stakeholder engagement.

Depending on your interaction with the website, we may process:
‍
A. Identification and contact data
Name, surname, email address, organisation/role (if provided), country (optional), message content, and any data you choose to include in your communication.
B. Newsletter/subscription data (if enabled)
Email address (mandatory), and optionally name and organisation.
C. Technical and browsing data (online identifiers)
IP address, device and browser information, pages visited, date/time of access, referring URL, approximate location derived from IP, and similar technical logs.
D. Cookie/analytics data (if enabled)
Identifiers and usage patterns collected via cookies or similar technologies (see Cookie Policy).
‍
We do not intentionally request or require special category data. If you voluntarily include such data in a message, we will process it only to the extent necessary to handle your request and apply additional protections.

- Data you provide directly (forms, email, subscriptions).
- Data collected automatically (logs, cookies, device data).
- In limited cases, data received from a consortium partner only where necessary for AF communications and under the applicable roles/instructions (if implemented).

We process personal data for the following purposes:
‍
(1) Website operation, security and troubleshooting
Purpose: ensure the website works, prevent fraud/abuse, ensure network and information security, debug and maintain performance.
Legal basis: legitimate interests; and where strictly necessary for service provision .
‍
(2) Responding to requests and communications
Purpose: respond to enquiries submitted via contact forms or email; manage relationships with stakeholders.
Legal basis: legitimate interests; or pre-contractual steps/contract performance where applicable.
‍
(3) Newsletter and dissemination communications (if enabled)
Purpose: send project updates and newsletters.
Legal basis: consent. You can withdraw consent at any time (unsubscribe link or by contacting us).
‍
(4) Analytics and improvement (if enabled)
Purpose: measure website usage and improve content and user experience.
Legal basis: consent for non-essential cookies/trackers. Essential cookies are handled under necessity/legitimate interests.
‍
(5) Legal compliance and defence of claims
Purpose: comply with legal obligations, handle disputes, and exercise/defend legal claims.
Legal basis: legal obligation and/or legitimate interests.

- Contact forms / email: if you do not provide the minimum contact details, we may be unable to respond.
- Newsletter: email is required to send updates; subscription is optional.
- Cookies: non-essential cookies are optional and only applied if you consent.

We may share personal data with:
‍
- IT/hosting providers and technical suppliers who operate the website infrastructure (acting as processors where applicable).
- Email/newsletter service providers (if enabled).
- Analytics providers (if enabled and with consent).
- Public authorities/courts where required by law.
‍
We do not sell personal data and do not disclose it to third parties for their own independent marketing purposes.

If any providers process data outside the EEA, transfers will take place only with appropriate safeguards under Chapter V GDPR (e.g., adequacy decisions or Standard Contractual Clauses, plus supplementary measures where required).

We retain data only for as long as necessary for the purposes stated, including:
‍
- Contact requests: typically up to 24 months after the last interaction, unless a longer period is needed for evidencing, audits, or legal claims.
- Newsletter: until you unsubscribe/withdraw consent (and then suppression list records may be kept to ensure you are not re-added).
- Technical logs/security records: typically up to 12 months (or less, depending on configuration).
- Legal obligations/claims: for the time required under applicable limitation periods.

You may exercise the following rights (as applicable):
‍
- Access, rectification, erasure, restriction, objection, and data portability.
- Withdraw consent at any time (this does not affect prior processing).
- Not to be subject to certain automated decisions (see section 11).
- To exercise rights, contact us and include enough information to verify your identity. If you use a representative, we may request evidence of representation.

We do not use your data to make decisions based solely on automated processing that produce legal effects or similarly significant effects.
If analytics are enabled, they are used for statistical measurement and service improvement only.

This website is not directed at children. If you believe a minor has provided personal data, please contact us to request deletion.

We apply appropriate technical and organisational measures to protect personal data, such as TLS/HTTPS encryption, access controls, least privilege, logging/monitoring and backups.

If you consider that your data protection rights have been infringed, you have the right to lodge a complaint with the Spanish supervisory authority:
‍
Agencia Española de Protección de Datos (AEPD)
C/ Jorge Juan, 6, 28001 Madrid, Spain

We may update this Privacy Policy to reflect legal, technical or operational changes. The “Last updated” date will indicate the latest version.