Last updated: 06/23/2025
This privacy policy aims to inform users of the web application about how their personal data is collected, used, stored, and protected, in accordance with the General Data Protection Regulation (GDPR - EU 2016/679).
Opéra National de Lyon
Address: 1 place de la Comédie, 69001 Lyon
To exercise your rights or for any questions regarding the processing of your data in this context, you can contact us at the following email address: dpo@opera-lyon.com or by post at Data Protection – Financial Department, Opéra de Lyon, 1 place de la Comédie 69001 Lyon
No sensitive data is collected without explicit consent.
As part of the artistic application or audition process, we may collect certain information related to candidates' physical appearance, such as height or photos/videos. Their collection is strictly limited to cases where they are necessary to assess suitability in the context of an artistic activity. They are used solely for this purpose, based on your explicit consent, which you can withdraw at any time. This data is accessible only to authorized members of the recruitment team responsible for data processing and is retained only for the duration necessary to process the application.
Providing this personal data is a voluntary action on your part. By providing us with such data, you agree to our processing of it.
If consent is not given, or if it is withdrawn, the data concerned will not be processed and will be immediately deleted, which may, however, prevent the application from being considered if such information is deemed necessary for the artistic process.
12 months after the end of the audition process.
Technical logs are retained for up to 6 months.
Access is limited to the Data Controller of the Opera (Ballet Management, Lyon Opera Studio Management) and technical service providers bound by confidentiality.
Opéra de Lyon ensures the security and confidentiality of personal data through robust technical and organizational measures. The application is hosted on Heroku, with data stored in a PostgreSQL database. Sensitive information (e.g., email, phone number, CV) is encrypted at the application level using Rails’ native encryption, with encryption keys stored securely in environment variables. All traffic is protected via HTTPS, and database connections are encrypted (SSL). Access is managed through role-based controls, and sensitive data is masked in logs. Regular vulnerability scans (e.g., brakeman, bundler-audit) help ensure ongoing protection.
Organizationally, 2FA is enforced for all team members accessing Heroku. Automatic, encrypted backups are performed regularly to ensure data recovery in case of loss. No personal data is shared with third parties without prior consent. These combined measures safeguard data integrity and ensure compliance with best practices in data protection.
Data is not transferred outside the European Union. If such a transfer were to occur, it would be governed by standard contractual clauses or any other safeguard recognized by the applicable legislation.
Your requests will be processed within 72 hours. Please note that automated emails sent from the address no-reply@opera-lyon-auditions.com are not considered. Kindly use only the contact address dpo@opera-lyon.com for any request regarding your rights.
If you believe your rights are not being respected, you have the right to lodge a complaint with the CNIL: www.cnil.fr.
This site uses only strictly necessary technical cookies for its operation. No tracking or analytics cookies are placed without your consent. The only third-party cookies that may be set come from embedded YouTube videos. These external contents may use trackers on their own behalf. You may refuse their activation via the consent banner.
You can accept or refuse these cookies through the banner displayed during your first visit or by changing your preferences at any time.
This policy may be updated and communicated via the platform.