RAENORY
Privacy notice
How RAENORY processes personal data
1. Controller and applicable rules
The controller is the provider identified in the Legal Information. Contact: contact@raenorymusic.com. Processing is governed by the EU General Data Protection Regulation (GDPR) and the Bulgarian Personal Data Protection Act.
2. Data categories
Depending on how you use the website, we process account and authentication data, verified email address, profile name, request and briefing content, campaign-code use, correspondence, contract and payment-related records, technical security data, and newsletter consent or withdrawal records.
3. Purposes and legal bases
We process account and request data to take steps at your request before entering into a contract and to perform a contract (Article 6(1)(b) GDPR). We process records required by tax, accounting or other law under Article 6(1)(c). Website security, fraud prevention and the defence of legal claims rely on our legitimate interests under Article 6(1)(f). Newsletter messages are sent only after separate confirmation based on consent under Article 6(1)(a).
4. Recipients and service providers
We use Firebase/Google for authentication and database services, Netlify for hosting, server functions and cover storage, Zoho Mail or the configured SMTP provider for email delivery, and Google Fonts for typography. These providers receive only the data required for their respective service.
5. Browser storage and external resources
The website uses technically necessary browser storage for authentication, language selection, security and remembering the notice. We do not currently use advertising or analytics cookies. When pages load, Google Fonts and Firebase resources may receive technical connection data such as IP address, browser information, date and time.
6. International transfers
Some providers may process data outside the European Economic Area. Where required, transfers are based on an adequacy decision, approved standard contractual clauses or another recognised safeguard under Chapter V GDPR.
7. Retention
Account, request and contract data are retained only for as long as needed to provide the service, meet statutory retention duties and establish, exercise or defend legal claims. Newsletter status is retained until withdrawal and, where necessary, afterwards as proof of the consent process. Confirmation tokens expire automatically.
8. Your rights
Subject to the legal conditions, you may request access, correction, deletion, restriction, data portability or object to processing. Consent can be withdrawn at any time without affecting earlier lawful processing. You may also request account deletion by email where no retention duty applies.
9. Complaint
You may lodge a complaint with the Bulgarian Commission for Personal Data Protection, 2 Prof. Tsvetan Lazarov Blvd., 1592 Sofia, Bulgaria, or with another competent supervisory authority in the EU.
10. Security and updates
We use access controls, verified accounts and server-side authorisation to protect data. No internet service can guarantee absolute security. This notice will be updated when the website, providers or legal requirements change.
Last updated: 1 July 2026