Medusa. Contemporary Playwriting in Europe

Privacy Policy

Last updated: 14/04/2026

This Privacy Policy explains how personal data are collected, used, and protected when visiting the website of MEDUSA – Contemporary Playwriting and Inclusive Identities in Europe, available at www.medusa-project.eu.

1. Data Controller

The Data Controller for the personal data processed through this website is:

En Kai Pan Cooperativa Sociale
Via Aulisio Is 5E | 80143 | Napoli (NA) | Italy
P.Iva 07730141210
Email: info@enkaipan.com

En Kai Pan acts as coordinator of the MEDUSA project and is responsible for the management of this website.

2. Categories of Personal Data Collected

When users browse or interact with this website, the following categories of personal data may be processed:

a. Browsing and technical data
During normal operation, the website may automatically collect certain technical data, including IP address, browser type, device information, operating system, date and time of access, pages visited, and other data transmitted by internet communication protocols.

b. Data voluntarily provided by users
When users fill in a contact form, subscribe to the newsletter, or contact the project by email, the website may collect personal data such as name, surname, email address, organisation, country, and any other information voluntarily included in the message or form.

c. Social media interaction data
The website may contain links to the project’s social media pages on Facebook, Instagram, and TikTok. Clicking on these links redirects users to third-party platforms, which process personal data in accordance with their own privacy policies.

3. Purposes of Processing

Personal data are processed for the following purposes:

  • to ensure the proper functioning, management, and security of the website;
  • to respond to requests, questions, or messages sent through the contact form or by email;
  • to manage newsletter subscriptions and send updates about the MEDUSA project, its activities, events, publications, and related communications;
  • to manage and monitor website performance and improve user experience;
  • to comply with legal obligations or requests from competent public authorities.

4. Legal Basis for Processing

Personal data are processed on the basis of the following legal grounds:

  • the legitimate interest of the Data Controller in ensuring the proper functioning, security, and administration of the website;
  • the performance of pre-contractual measures or the handling of a request made directly by the user;
  • the data subject’s consent, where required, including for newsletter subscription and any non-essential cookies or tracking tools;
  • compliance with legal obligations applicable to the Data Controller.

5. Nature of the Provision of Data

Providing browsing data is necessary for the technical operation of the website.

  • Providing personal data through contact forms or newsletter subscription forms is optional, but failure to provide the requested data may make it impossible for the Data Controller to respond to the user’s request or complete the subscription process.

6. Methods of Processing

Personal data are processed by electronic and organisational means, in accordance with principles of lawfulness, fairness, transparency, data minimisation, and confidentiality.

Appropriate technical and organisational measures are adopted to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure.

Personal data are processed only by authorised persons and, where necessary, by external service providers acting on behalf of the Data Controller under appropriate contractual arrangements.

7. Recipients of Personal Data

Personal data may be shared, where necessary, with:

  • technical service providers responsible for website hosting, maintenance, security, and IT support;
  • service providers used to manage contact forms or newsletter distribution;
  • persons authorised by the Data Controller to process personal data in connection with the website and project communication activities;
  • public authorities or supervisory bodies, where disclosure is required by law.

Personal data will not be disclosed publicly or transferred to unrelated third parties for commercial purposes.

8. Newsletter

If users subscribe to the MEDUSA newsletter, their personal data will be processed exclusively for the purpose of sending updates and communications related to the project.

Subscription to the newsletter is based on the user’s consent. Users may withdraw consent at any time and unsubscribe by clicking the unsubscribe link included in each newsletter communication or by contacting the Data Controller directly.

9. Data Retention

Personal data are retained only for as long as necessary to fulfil the purposes for which they were collected.

Technical and browsing data are retained for the period strictly necessary to ensure the functioning and security of the website, unless a longer retention period is required by law or for the protection of legal rights.

Data submitted through contact forms or email are retained for the time necessary to handle the request and any related follow-up.

Data processed for newsletter subscription are retained until the user withdraws consent or unsubscribes.

10. Transfer of Data Outside the European Economic Area

Personal data are primarily processed within the European Economic Area.

If, for technical or organisational reasons, some data are processed by service providers located outside the European Economic Area, such transfer will take place in accordance with applicable data protection law and subject to appropriate safeguards.

11. Data Subject Rights

Users may exercise the rights provided by applicable data protection law, including the right to:

  • obtain confirmation as to whether or not personal data concerning them are being processed;
  • access their personal data;
  • request rectification of inaccurate or incomplete data;
  • request erasure of personal data, where applicable;
  • request restriction of processing, where applicable;
  • object to processing based on legitimate interest;
  • receive personal data in a structured, commonly used, and machine-readable format, where applicable;
  • withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal;
  • lodge a complaint with the competent supervisory authority.
  • To exercise these rights, users may contact the Data Controller at: [privacy email address]
  • If the Data Controller is established in Italy, users may also lodge a complaint with the Garante per la protezione dei dati personali.

12. Social Media Links

This website may include links to MEDUSA project pages or profiles on Facebook, Instagram, and TikTok.

These third-party platforms operate independently of this website. Any interaction with such services, including visiting their pages, is governed by the privacy policies and terms of use of the respective platform providers. The Data Controller is not responsible for the processing of personal data carried out by such third parties outside this website.

13. Cookies and Similar Technologies

This website may use cookies and similar technologies necessary for its proper functioning and security.

Where analytics, embedded services, or other non-essential technologies are used, these will be activated only where required by law and, where applicable, only after the user has provided consent through the cookie banner.

For more information, users may consult the website’s Cookie Policy, where available.

14. Changes to This Privacy Policy

This Privacy Policy may be updated at any time in order to reflect legal, technical, or organisational changes relating to the website or the MEDUSA project.

Any updated version will be published on this page with the relevant date of revision.