Data protection

The European GDPR

From May 25, 2018, the European Union forces website owners to respect their new General Data Protection regulation.

This website does not collect personal data for commercial purposes. Thus, for the Theremin Academy organization, it is not obligatory since it depends on the type and amount of data which is collected, whether processing is a main business and if it is done on a large scale. None of these criteria apply to us.

But we are nice and we tell you openly how data from this website is processed. Here is, what the E.U. asks for:

Tell the user: who you are, why you collect the data, for how long and who receives it.

We are a few enthusiasts and teachers who organize events around our favorite music instrument, the Theremin, called Theremin Academies, represented by our academy director, Thierry Frenkel.

Data is physically stored on a server of our web hosting provider Hostinger International Ltd. in Larnaca/Cyprus. Daily backups of website data (files and SQL database) are done there and kept for 7 days.

Server security and speed

To enhance server security and speed of our page, this website uses the CDN services from CloudFlare. For this purpose, your browser connects trough CloudFlare CDN to our server which means that CloudFlare processes all data that is sent from or to this website. The use of CloudFlare is done in the interest of a secure and fast accessibility of our website. This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR. More information on CloudFlare and the GDPR can be found here.

From time to time, this website is targeted by hackers trying to gain access in order to misuse it for delivering unauthorized content, spam, malware, or whatsoever. We do our best to protect this site against all that, but this means that we are sometimes required to track temporarily IP addresses together with the URLs which have been accessed (or tried to access) to identify and block these IPs or their ASNs in our firewall and to reinforce general protection action.

Besides of that, data is collected on this website in two ways. Anonymous data for improving the technical aspects of this website, and personal data from the contact and registration forms.

Anonymous data

… is just your ip address, the time/date of access, and in case of problems, the technical error code. Information related to website errors, i.e. the famous “404 – Page not found” is kept for one week, so that we might fix it and improve the publishing and redirection system. Besides of that, but without any link tou your ip address, “hits” on the different pages, posts and forms are coated day-wise for statistical purposes. These are kept for two years.

Personal data

… is everything you fill deliberately in the contact form or one of the registration forms, together with your ip address and the submission time and date. These informations are used for answering your questions you asked via the contact form or for organizing the Theremin academy for which you have signed up via the corresponding registration form. In the latter case, part of your registration information might be forwarded to the corresponding teacher. We keep the registration records for a few years to be able to invite you occasionally to events similar to those which you have booked in the past.

Get a clear concent, before collecting any data

From May 2018 on, you’ll have to confirm that you have read this page and that you agree with our way of handling your personal data before you can submit a contact form or a registration form.

Let users access their data, and take it with them

You’ll have to ask for via the contact form of this website. Direct access to form submission data can not be granted for security reasons (remember, we aren’t a huge company but a rather private club of enthusiasts). But we’ll do a manual export for you on your request.

Let users delete their data

For security reasons (see above), no direct access can be granted. But you might request a deletion of all your form submissions from this website via the contact form.

Let users know if data breaches occur

Well let you know. Promised. But it’s highly improbable that a data breach will occur. As you can see on the small lock in the address field of your web browser, we have already switched to the secured https protocol several months ago. The underlying CMS (WordPress) and the additional plugins are updated at least weekly to prevent security holes. We have installed additional security modules like preventing brute force attacks and redirections to prevent bots from accessing files which they shouldn’t access. In the many years of existence of this web site, there was just one single hack attempt, but it could be neutralized before it went through, due to our excellent protection and notification system.