Data protection

This is the data protection policy of the Consorci de l’Auditori i l’Orquestra. It covers the data of natural persons with whom this entity interacts when exercising its powers and obligations. Processing is carried out in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, or GDPR) and Framework Act 3/2018 of 5 December on personal data protection and safeguarding digital rights.

Who is the data controller?

The data controller is the Consorci de l’Auditori i l’Orquestra (hereinafter, the Consortium), with tax ID no. Q-5856358-F and registered office at Carrer de Lepant, 150, 08013 Barcelona. You can contact the Consortium via email at info@auditori.cat, or via its website www.auditori.cat.

What are the criteria for processing personal data?

When processing data, we fully adhere to the principles of the GDPR.

A) We process data lawfully (only when we have a legal basis authorising us to do so, and we are transparent with the data subject).
B) We use data for the specific, explicit and legitimate purposes that we explain when they are collected. We do not subsequently process them in any way that is incompatible with those purposes.
C) We only process data that are appropriate, relevant and limited to what is necessary in each case and for each purpose.
D) We endeavour to ensure that the data are up to date.
E) We keep the data for as long as necessary, complying with the regulations governing the retention of public information.
F) We apply the appropriate technical or organisational measures to prevent unauthorised or unlawful processing, or any loss, destruction or accidental damage.

Who is the data protection officer?

The data protection officer (DPO) oversees compliance with the Consortium’s data protection policy, ensuring that personal data are processed appropriately and people’s rights are protected. The DPO’s duties include addressing any queries, suggestions, complaints or claims from data subjects.

You can contact the DPO in writing at our postal address, by our phone or by emailing dpd@auditori.cat.

What is the purpose of data processing and who do we disclose data to?

The Consortium processes personal data mainly to provide programming and ticket sales services, send information on our activities and services, and develop business relationships with our suppliers. Below are the main purposes.

Ticket services, including season tickets. We process ticket purchasers’ data in order to manage the sale of tickets (including season tickets) and other Consortium services and products. We collect the data needed to complete the purchase and we use them solely for this purpose, including transactional or operational communications related to the service itself, such as confirmations, notifications, incidents, changes or information required for the provision of said service.

These communications may be sent by email or WhatsApp, depending on the contact details provided. The data subject may object to receiving communications through these channels at any time, unless such communications are strictly necessary for managing the service.

When events are organised jointly by L’Auditori and a promoter (whose details will appear in the event information), the promoter will also process personal data, sharing responsibility with L’Auditori under the same terms, conditions and purposes.

Newsletters. We process the data of newsletter subscribers to keep them informed about our activities and services. The newsletter can be sent by email or WhatsApp, depending on the contact details provided. The data subject may unsubscribe from the newsletter or withdraw their authorisation at any time using the channels set up for this purpose.

When events are organised jointly by L’Auditori and a promoter (whose details will appear in the event information), the promoter will also process personal data, sharing responsibility with L’Auditori under the same terms, conditions and purposes.

Contact. We address queries, complaints or suggestions from people who use the contact forms on our website.

Recruitment. We receive CVs and organise recruitment processes. The data provided by candidates allow us to assess their merits and their suitability for existing or newly created vacancies.

Managing our suppliers’ data. We record and process the data of our suppliers of services and goods. This includes the data of self-employed contractors and the data of representatives of legal entities. We collect the data required to maintain the business relationship, and use them solely for this purpose.

Document registry. We register the data of the senders and recipients of documents entered in the Registry. We use these data to keep a record of incoming and outgoing documents, and to monitor proceedings.

Venue hire. We process the data of natural persons and representatives of organisations interested in hiring the Consortium’s spaces in order to manage information requests, quotes, reservations, contracts, use and monitoring of the service, as well as for the necessary communications related to the service provision and compliance with obligations arising from the established relationship.

Museu de la Música. We process the data of interested parties or users in order to manage the Museu de la Música’s activities and exhibitions, donations to the Museum and the hire of venues, as well as to respond to enquiries and coordinate the provision of services.

Community work. We process data to manage the activities involved in our community work, facilitate access to cultural offerings for vulnerable people and coordinate their participation in concerts, shows, visits, workshops and other cultural activities. This project also includes managing the cultural programmers network affiliated with Apropa Cultura and holding training courses for social, educational and cultural professionals, including accessibility and diversity training.

Educational work. We process the data of schoolchildren, or of their families, guardians or representatives where applicable, to organise, manage and follow up on the Consortium’s teaching and educational work, as well as to register participants and send information on activities. These initiatives include family concerts and school concerts, training for parents and teachers, interactive concerts and activities at the Museu de la Música.

CCTV. At the entrance to our premises, where applicable, we inform visitors of the presence of CCTV cameras with standardised signage. These cameras only record footage at points where this is justified to ensure the security of the premises, property and people.

Website users. The software that powers our website, as well as the site’s browsing system, collects data routinely generated through internet protocols. This category of data includes the IP address or domain name of the computer used by the person connecting to the website. These data are not associated with specific users and are used solely for the purpose of obtaining statistical information on use of the website. Our website uses cookies to facilitate browsing and provide us with information about our users and their interests (more information on our cookie policy: https://www.auditori.cat/en/cookie-policy/

Our data processing operations have different legal bases, depending on the nature of each operation.

Compliance with legal obligations. Data processing in the context of administrative procedures is carried out in accordance with the regulations governing each procedure, and in compliance with legal obligations.

Performance of contractual or pre-contractual obligations for the processing of personal data in relation to bookings, purchases or the use of any Consortium service, activity or product, as well as to manage the processing, provision, monitoring and completion thereof. This basis also includes the activities required to formalise the relationship, manage incidents, coordinate performance, carry out operational or transactional communications linked to the service, and comply with the administrative, financial, technical and organisational obligations arising therefrom.

Consent. When we send information about our initiatives, services or activities, we process the recipients’ contact details with their authorisation or explicit consent. We also obtain browsing data from visitors to our website on the basis of consent; this consent may be revoked at any time by disabling cookies.

Public interest. CCTV footage is processed to ensure and maintain individuals’ safety, as well as to protect property, facilities and spaces under the Consortium’s responsibility.

To whom do we disclose data?

Generally, the data we process are used solely for the above purposes and are not disclosed to third parties unless there is a legal obligation to do so or disclosure is necessary for us to deliver the service or manage the established relationship.

– Data relating to customers and suppliers may be disclosed to the tax authorities and other appropriate public institutions or agencies where necessary to comply with legal, tax, administrative or public management obligations.
– In accordance with the applicable procedures, data from the Registry may be disclosed to other public authorities where necessary for communication, coordination or processing purposes.
– In justified cases, CCTV footage may be disclosed to law enforcement agencies and the appropriate judicial authorities.

When communicating or sending messages via WhatsApp, the necessary data may be disclosed to Meta Platforms Ireland Limited and, where applicable, to other group organisations involved in providing the instant messaging service. This is to enable the operation of the platform and the technical management of the communication channel.

You can find Meta’s privacy policy here: https://www.facebook.com/privacy/policy.

How long do we store data?

The data storage period is determined by various factors, primarily whether or not the data are still required to fulfil the purposes for which they were collected in each case. Secondly, data are stored to address any potential liabilities arising from the Consortium’s data processing activities, and to comply with any requests from other public institutions or judicial authorities.

Accordingly, data must be stored for as long as necessary to preserve their legal or informational value or to demonstrate compliance with legal obligations, but not for longer than is necessary for the purposes of the processing.

In certain cases, such as data contained in accounting and invoicing records, tax regulations require that data be stored until the relevant liabilities are no longer legally applicable.

Data that are processed exclusively on the basis of the consent of the data subject are stored until the data subject withdraws their consent.

Finally, CCTV footage is stored for a maximum of one month unless an incident occurs which justifies storing it for as long as necessary to assist law enforcement or judicial authorities.

The criteria we follow regarding data storage and erasure are determined by the regulations governing public records storage and the rulings of the National Committee for Access, Evaluation and Document Selection (https://cultura.gencat.cat/ca/temes/arxius-i-gestio-documental/cnaatd/).

What rights do individuals have in relation to the data we process?

According to the GDPR, data subjects have the following rights:

To know whether their data are being processed. Firstly, everyone has the right to know if we are processing their data, regardless of whether or not there has been a previous relationship.

To be informed when data are collected. When subjects provide data themselves, they must be given clear information on the purposes for which the data will be used, the identity of the data controller and the main implications of the processing.

To access their data. This is an extremely broad right that includes the right to know exactly what personal data are being processed and for what purpose, whether they are being disclosed to third parties (and if so, to whom), and the right to obtain a copy or to be informed of the intended storage period.

To request rectification of the data. Data subjects have the right to rectify any inaccurate data that we are processing.

To request erasure of the data. In certain circumstances, data subjects have the right to request the erasure of their data. This applies, for example, when the data are no longer necessary for the purposes for which they were collected and which justified their processing.

To request restriction of data processing. In certain circumstances, data subjects have the right to request the restriction of data processing. If this right is exercised, the data will no longer be processed and will only be stored for the purpose of pursuing or defending legal claims, in accordance with the GDPR.

To data portability. In cases covered by current legislation, data subjects have the right to receive their personal data in a structured, commonly used and machine-readable format, and to share these data with another controller.

To object to processing. Data subjects may object to the processing of their data on grounds relating to their particular situation. This objection will result in their data no longer being processed insofar as such processing may harm them, except for legitimate reasons or for the exercise or defence of legal claims.

Not to receive information. We immediately comply with individuals’ requests to stop receiving information about our activities and services, where such communications were based solely on the recipient’s consent.

How can data subjects exercise or defend their rights?

You may exercise the above rights by sending a request to the Consortium at the postal address or the other contact details indicated in the header.

If you do not receive a satisfactory response when exercising these rights, you may lodge a complaint with the Catalan Data Protection Authority using the forms or other channels available on its website (www.apdcat.cat).

In all cases, whether you wish to lodge a complaint, request clarifications or make suggestions, you can contact the DPO by emailing dpd@auditori.cat.

Last updated: May 14, 2026

CARREGANT…
Calendar sessions
Sessions del dia

Formulari enviat correctament!

El formulari s'ha enviat correctament. Ens posarem en contacte per correu electrònic o telèfon.
Acceptar!