Privacy Policy
Last updated: May 6, 2026
This Privacy Policy describes how personal data is collected and processed through the website thesparrowmusical.com (the "Site"), in accordance with Regulation (EU) 2016/679 ("GDPR") and applicable national legislation.
1. Data Controller
The Data Controller is:
Antonino Pratticò
Country: Italy
Email: info@thesparrowmusical.com
The Site Owner acts as a private individual and as the author of the artistic project The Sparrow – A New Musical.
No Data Protection Officer (DPO) has been designated, as none is required given the nature, scope and scale of the processing carried out through the Site.
2. Categories of Data Collected
2.1 Data you provide voluntarily
Newsletter subscription. When you subscribe to the newsletter, we collect your email address and your consent to receive updates concerning the project.
Contact form and direct emails. When you write to us through the contact form on the Site or directly to info@thesparrowmusical.com, we collect your name (if provided), email address and the content of your message, as well as any further information you choose to share.
2.2 Data collected automatically
When you visit the Site, certain technical data are automatically collected by the hosting and analytics infrastructure, such as:
-
IP address (typically in truncated or anonymised form);
-
browser type and version;
-
device and operating system information;
-
pages visited, time spent and referring URLs;
-
approximate geographic location at country/city level.
The Site also uses cookies and similar technologies — see Section 8 for details.
3. Purposes and Legal Bases of Processing
Personal data are processed for the following purposes and on the following legal bases:
Sending the newsletter and updates about the project. This processing is based on your consent, pursuant to Art. 6(1)(a) GDPR. You are free to withdraw your consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
Replying to your messages and requests. This processing is based on the performance of pre-contractual measures taken at your request and on our legitimate interest in responding to inquiries received through the Site, pursuant to Art. 6(1)(b) and (f) GDPR.
Statistical analysis of Site usage. This processing is based on your consent for non-essential analytics cookies, and on our legitimate interest in monitoring the Site's performance through purely aggregated and anonymised statistics, pursuant to Art. 6(1)(a) and (f) GDPR.
Ensuring Site security and proper functioning. This processing is based on our legitimate interest in protecting the Site against misuse, malfunctions and security incidents, pursuant to Art. 6(1)(f) GDPR.
Compliance with legal obligations. Where required by law, personal data may be processed in order to comply with applicable legal obligations, pursuant to Art. 6(1)(c) GDPR.
Providing data is always voluntary. However, refusing to provide certain data (for example your email address) may make it impossible to subscribe to the newsletter or to receive a reply to your message.
4. Recipients of Data and Third-Party Service Providers
Personal data may be processed by trusted third-party service providers acting as data processors on behalf of the Data Controller. These currently include or may include:
-
Wix.com Ltd. — website hosting, content delivery, contact form management and, where applicable, newsletter management;
-
Email marketing providers — Wix's native email marketing tools or, where used, a third-party platform such as Mailchimp, Brevo or equivalent;
-
Google LLC — where Google Analytics is enabled, for the purpose of statistical analysis of Site usage;
-
YouTube (Google LLC) — when video content from YouTube is embedded on the Site, YouTube may set its own cookies and collect technical data when videos are loaded or played.
Personal data are not sold or rented to third parties for marketing purposes.
Personal data may also be disclosed to public authorities or judicial bodies where required by law.
5. International Data Transfers
Some of the service providers indicated above (in particular Wix and Google) may store or process data on servers located outside the European Economic Area, including in the United States.
Such transfers take place only where appropriate safeguards are in place, including:
-
adequacy decisions adopted by the European Commission, where applicable (e.g. the EU-U.S. Data Privacy Framework, where the recipient is certified);
-
Standard Contractual Clauses (SCCs) approved by the European Commission;
-
additional technical and organisational measures implemented by the recipients.
You may request further information regarding these safeguards or a copy of the relevant documents by writing to info@thesparrowmusical.com.
6. Retention Periods
Personal data are retained only for the time strictly necessary to fulfil the purposes for which they were collected.
Newsletter subscription data are retained until you unsubscribe or otherwise withdraw your consent.
Contact form messages and email correspondence are retained for up to 24 months from the last interaction, after which they are deleted unless retention is required by law.
Analytics data are retained according to the retention settings of the relevant analytics provider (typically up to 14 months for Google Analytics).
Server logs and security data are retained according to the technical retention settings of the hosting provider.
After the relevant retention period, data are deleted or anonymised, unless their further retention is required by law (for example to defend against legal claims).
7. Your Rights
Under the GDPR, you have the right to:
-
access your personal data;
-
rectify inaccurate or incomplete data;
-
erase your data (the "right to be forgotten");
-
restrict processing in certain circumstances;
-
object to processing carried out on the basis of legitimate interest;
-
data portability — receive your data in a structured, commonly used and machine-readable format, where processing is based on consent or contract and carried out by automated means;
-
withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal;
-
lodge a complaint with a supervisory authority.
To exercise these rights, please write to info@thesparrowmusical.com. We will respond within the time limits set by applicable law (normally within one month, extendable in case of complex requests).
You can unsubscribe from the newsletter at any time by clicking the unsubscribe link contained in every newsletter we send.
8. Cookies and Similar Technologies
The Site uses cookies and similar technologies. Cookies are small text files that are stored on your device when you visit a website and that allow the website to recognise your device and remember certain information.
The Site uses the following categories of cookies:
-
Strictly necessary cookies — required for the proper functioning of the Site (for example, session management, security and load balancing). These cookies do not require your consent.
-
Analytics / performance cookies — used to understand how visitors interact with the Site (for example, Wix Analytics and/or Google Analytics). When configured in non-anonymised form, these cookies require your consent.
-
Third-party cookies — set by external services such as YouTube (when embedded videos are loaded) or social media platforms when you interact with their content.
A cookie banner is displayed on your first visit to the Site, allowing you to accept, refuse or customise the use of non-essential cookies. You can change your preferences at any time through the cookie settings link available on the Site or through your browser settings.
Disabling cookies through your browser may affect the proper functioning of certain features of the Site.
9. Children
The Site is not directed at children under the age of 16, and we do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact info@thesparrowmusical.com so that we can promptly delete such data.
10. Security
The Data Controller, together with its service providers, adopts appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. However, no method of transmission over the Internet or method of electronic storage is completely secure, and absolute security cannot be guaranteed.
11. Changes to this Privacy Policy
This Privacy Policy may be updated from time to time to reflect changes in the Site, in applicable laws, or in the services and tools used. The current version is always available on this page, with the date of the latest revision indicated at the top. We recommend reviewing this page periodically.
12. Contact
For any matter relating to data protection or to this Privacy Policy, please contact: