ATARASHI 02 AUG 2026 · MESSINA
IT EN
Tickets
Legal

Privacy Policy

How we collect, use and protect your personal data when you visit this site and attend ATARASHI Goes to Sicily.

Last updated: 13/04/2026 · You can also download the PDF version.

By means of this notice, drafted pursuant to Art. 13 of European Regulation No. 679/2016 (“GDPR”), 5RAP SAS informs each user (the “User”) about the processing of personal data collected through the website atarashigoestosicily.com (the “Site”).

1. Data controller and contacts

5RAP SAS, a French société par actions simplifiée, with registered office at 6 Rue Bailleul, 75001 Paris, France — SIREN 913 077 327, SIRET 913 077 327 00017 (RCS Paris) — the “Company”, “Atarashi” or the “Controller”, pursuant to Art. 4(7) GDPR.
Contact address: festival@atarashi.fr.

2. Purposes, legal bases, data and retention

The Controller processes personal data for the purposes set out below, together with the relevant legal basis and retention period.

a. Booking management

Registering interest in the “Atarashi Goes to Sicily” event, managing the booking, the possible purchase of a ticket (e.g. the 2 August event) and carrying out the administrative and organisational activities related to attendance.

  • Data: identification data (first name, surname, nationality); contact details (email, phone); payment information (card number, cardholder, expiry, security code).
  • Legal basis: performance of pre-contractual and contractual measures [Art. 6.1(b) GDPR].
  • Retention: until the end of the event and, thereafter, for the time needed to comply with legal obligations.

b. Information and support requests

Handling and responding to requests for information and technical support, and assisting you before, during and after the provision of our services.

  • Data: contact details (email address).
  • Legal basis: performance of pre-contractual and/or contractual measures [Art. 6.1(b) GDPR].
  • Retention: for the period needed to reply.

c. Marketing communications

Direct marketing, i.e. sending (by email) promotional and/or advertising communications about Atarashi events.

  • Data: contact details (email address).
  • Legal basis: consent [Art. 6.1(a) GDPR].
  • Retention: until consent is withdrawn and in any case no longer than 24 months from the last contact.

d. Soft spam

Sending, by email and/or postal mail, promotional communications relating to products or services similar to those already purchased, pursuant to Art. 130(4) of Italian Legislative Decree 196/2003 (the “Privacy Code”).

  • Data: contact details (email address).
  • Legal basis: legitimate interest [Art. 6.1(f) GDPR] in maintaining the commercial relationship.
  • Retention: for the time strictly necessary to pursue the legitimate interest and until any objection by the data subject.

e. Compliance with legal obligations

Compliance with obligations arising from law, regulations or EU legislation (e.g. tax and accounting obligations) and handling requests from the competent authorities.

  • Data: identification data (first name and surname); contact details (email address).
  • Legal basis: legal obligation [Art. 6.1(c) GDPR].
  • Retention: in accordance with applicable law.

f. Improving the Site

Processing data to enable navigation and consultation of the Site and to improve your browsing experience.

  • Data: Site usage and interaction data.
  • Legal basis: legitimate interest [Art. 6.1(f) GDPR] in enabling the use and improvement of the Site.
  • Retention: not applicable (aggregated or anonymous data).

g. Complaints and protection of rights

Exercising and protecting the Controller's rights out of court and in court.

  • Data: identification data; contact details.
  • Legal basis: legitimate interest [Art. 6.1(f) GDPR] in establishing, exercising or defending a right.
  • Retention: for the period needed to defend or exercise the right.

Providing data for purposes a) and b) is necessary: if refused, we will not be able to proceed with the contractual relationship and the provision of the requested services. Processing under d), f) and g) is based on the Controller's legitimate interest (Art. 6.1(f) GDPR), following a balancing of interests. Any consent given can be withdrawn at any time, with no consequences for existing contractual relationships.

3. Methods of processing

Processing is carried out using automated IT and electronic tools and/or manual means, equipped with security measures suitable to prevent unauthorised access, disclosure, loss, or improper, unlawful or unauthorised use of the data. The event is supported by the Municipality of Messina: please note that the Municipality of Messina is not the data controller, does not process the data collected, has no access to Users' information and is not responsible for any processing activity. The sole data controller is exclusively 5RAP SAS.

4. Access to data

Personal data may be processed by third parties carrying out activities on behalf of the Controller, including:

  • technical service providers (e.g. email marketing platforms, hosting, IT services);
  • website analytics tools (e.g. PostHog, with EU servers) and campaign measurement (Meta Pixel), enabled only after consent;
  • ticketing platforms for managing and selling tickets (e.g. TicketSMS);
  • collaborators and consultants authorised by the Controller.

These parties act as data processors pursuant to Art. 28 GDPR, or as independent data controllers where applicable. In particular, to purchase tickets the User is redirected to the TicketSMS platform, which processes personal data (including payment data) as an independent data controller. Data is also processed by the Controller's internal staff, specifically authorised pursuant to Art. 29 GDPR.

5. Place of processing

Personal data is processed at the Controller's premises and on the servers hosting the Site. Data is stored on servers located within the EU. Where cloud providers established outside the EEA are used, processing is carried out in accordance with applicable law, by means of appropriate safeguards such as adequacy decisions, standard contractual clauses approved by the European Commission or other safeguards provided for by the GDPR.

6. Your rights

The User may exercise the rights under Arts. 15-21 GDPR at any time, without unjustified restrictions, by contacting the Controller at festival@atarashi.fr. Requests are free of charge and handled within 30 days. In particular, the User may:

  • obtain confirmation that processing is taking place (Art. 15);
  • obtain rectification of inaccurate or incomplete data (Art. 16);
  • obtain erasure of data without undue delay (Art. 17);
  • obtain restriction of processing (Art. 18);
  • receive a copy of the data in a machine-readable format and have it transferred to another controller (Art. 20);
  • object at any time to the processing (Art. 21);
  • withdraw consent at any time, for processing based on it.

7. Complaints

The User may always lodge a complaint with the competent supervisory authority (in Italy, the Garante per la protezione dei dati personali), pursuant to Art. 77 GDPR, if they believe their data is being processed in breach of applicable law.

8. Changes

The Controller reserves the right to amend and update this Privacy Policy following any new national or European data-protection provision.

Contact

For any request regarding your personal data, write to festival@atarashi.fr.