GLM Collective S.R.L., trading as Sibemol Studio, is committed to protecting your personal data. This Privacy Policy explains who we are, what data we collect, why we collect it, how we use and protect it, and what rights you have under the General Data Protection Regulation (GDPR) and applicable Romanian law.
1. Data Controller
The data controller responsible for your personal data is:
If you have any questions about how we handle your personal data, please contact us using the details above.
2. Data We Collect
Depending on how you interact with us, we may collect the following categories of personal data:
2.1 Identity & Contact Data
First name, last name, email address, phone number, and postal address — provided when you register, make a booking, or contact us.
2.2 Enrolment Data
Information about the Student’s age, instrument, current skill level, and programme preferences — provided during the registration process to enable us to place Students appropriately.
2.3 Payment Data
Transaction records and billing information. We do not store full payment card details — card processing is handled by our payment provider, who is independently responsible for that data.
2.4 Communications Data
The content of emails, messages, or enquiries you send us, and our responses.
2.5 Technical & Usage Data
IP address, browser type and version, operating system, referring URLs, pages viewed, and time spent on pages — collected automatically when you visit our Website.
2.6 Marketing Preferences
Your preferences regarding receiving marketing communications from us.
2.7 Media
Photographs, audio recordings, or video recordings of Student performances or studio sessions — only where specific consent has been obtained separately.
3. How We Collect Your Data
We collect personal data through the following means:
- Direct interactions— when you fill in a form, make a booking, send us an email or message, or speak with us by phone.
- Automated technologies— cookies, server logs, and similar tracking technologies when you browse the Website. See our Cookie Policy for details.
- Third parties— analytics providers (e.g. Google Analytics), advertising platforms (e.g. Meta), and payment processors who may share limited data with us in the course of providing their services.
- Social media— if you interact with us via Facebook, Instagram, YouTube, or TikTok, those platforms may share certain interaction data with us subject to their own privacy policies.
4. Legal Basis for Processing
We process your personal data only where we have a valid legal basis under Article 6 of the GDPR:
| Purpose | Legal Basis |
|---|---|
| Processing bookings and delivering Services | Performance of a contract (Art. 6(1)(b)) |
| Sending booking confirmations and service communications | Performance of a contract (Art. 6(1)(b)) |
| Invoicing and financial record-keeping | Legal obligation (Art. 6(1)(c)) |
| Responding to enquiries and complaints | Legitimate interests (Art. 6(1)(f)) |
| Website analytics and performance improvement | Legitimate interests (Art. 6(1)(f)) |
| Sending marketing communications | Consent (Art. 6(1)(a)) |
| Publishing photos or videos of Student performances | Consent (Art. 6(1)(a)) |
| Fraud prevention and site security | Legitimate interests (Art. 6(1)(f)) |
Where we rely on legitimate interests, we have assessed that our interests are not overridden by your rights and freedoms. You may request details of this assessment at any time.
5. How We Use Your Data
We use the personal data we collect for the following purposes:
- To register you as a new Client or Student and manage your enrolment.
- To process payments and send receipts or invoices.
- To communicate with you about your bookings, schedule changes, or programme updates.
- To send you marketing or promotional content about our programmes, where you have given consent.
- To analyse website usage and improve the content and functionality of sibemol.ro.
- To comply with our legal and regulatory obligations.
- To protect the security and integrity of our website and premises.
- To publish Student performance media on our website and social media channels, where consent has been given.
We will not use your data for automated decision-making or profiling that produces significant legal or similarly significant effects.
7. International Data Transfers
Some of our service providers — including Google and Meta — may transfer or store your data outside the European Economic Area (EEA). Where this occurs, we ensure that appropriate safeguards are in place, such as the European Commission’s Standard Contractual Clauses (SCCs) or an adequacy decision.
You may request a copy of the relevant safeguards by contacting us at contact@sibemol.ro.
8. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.
| Data Category | Retention Period |
|---|---|
| Client & Student enrolment records | Duration of enrolment + 3 years |
| Financial & invoicing records | 10 years (Romanian Fiscal Code requirement) |
| Marketing consent records | Until consent is withdrawn + 1 year |
| Website analytics data | 26 months (Google Analytics default) |
| Email & enquiry correspondence | 3 years from last contact |
| Performance media (photos/videos) | Until consent is withdrawn |
When data is no longer required, it is securely deleted or anonymised.
9. Children & Minors
Our Services are designed for young people, and we therefore regularly process the personal data of minors. We take this responsibility seriously.
9.1 Parental Consent
Where a Student is under 16 years of age, we require the enrolment to be completed by a parent or legal guardian, who must accept our Terms and Conditions and this Privacy Policy on the Student’s behalf. By doing so, the parent or guardian confirms they have the authority to provide consent for the processing of the minor’s personal data.
9.2 Media Consent for Minors
We will never publish photographs, audio, or video recordings of a minor Student without obtaining explicit, written consent from their parent or legal guardian. Such consent may be withdrawn at any time by contacting us, and we will remove the relevant media promptly upon request.
9.3 Data Minimisation
We collect only the minimum personal data necessary for minors and do not use it for marketing purposes without explicit parental consent.
10. Your Rights
Under the GDPR, you have the following rights in relation to your personal data. These rights also apply to parents or guardians acting on behalf of minor Students.
Request a copy of the personal data we hold about you (a Subject Access Request).
Ask us to correct inaccurate or incomplete personal data we hold about you.
Request deletion of your data where there is no compelling reason for us to continue processing it.
Ask us to suspend processing of your data in certain circumstances — for example, while you contest its accuracy.
Receive your data in a structured, machine-readable format and transfer it to another controller.
Object to processing based on legitimate interests or for direct marketing purposes.
Where processing is based on consent, withdraw it at any time without affecting prior lawful processing.
Lodge a complaint with ANSPDCP, Romania’s supervisory authority, at any time.
To exercise any of these rights, contact us at contact@sibemol.ro. We will respond within 30 days. We may need to verify your identity before processing your request.
11. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or alteration. These measures include secure server infrastructure, encrypted data transmission (HTTPS), access controls, and regular security reviews.
Where we engage third-party processors, we require them by contract to implement equivalent security standards.
No method of transmission over the internet or method of electronic storage is completely secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security. In the event of a data breach that is likely to result in a risk to your rights, we will notify you and the relevant supervisory authority as required by law.
13. Third-Party Links
Our Website may contain links to third-party websites, including our social media profiles on Facebook, Instagram, YouTube, and TikTok. Clicking these links will take you away from sibemol.ro. We are not responsible for the privacy practices or content of those external sites.
We encourage you to read the privacy policy of every website you visit.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the Services we offer, or applicable law. When we do, we will revise the “Last updated” date at the top of this page.
For material changes that significantly affect how we process your data, we will notify you by email (where we hold your address) or via a prominent notice on the Website. We encourage you to review this Policy periodically.
15. Contact & Complaints
For any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us:
Supervisory Authority
If you are not satisfied with our response, or if you believe we are processing your data unlawfully, you have the right to lodge a complaint with Romania’s data protection supervisory authority: