PRIVACY POLICY

We act in compliance with the rule of law, including provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data and repealing Directive 95/46/EC (hereinafter the "GDPR"). The administrator of your personal data is Bartosz Jurkiewicz with registered office: Sopot 81-877, Smolna 1D, NIP (tax id): 5882346251, REGON: 381396184.

WHO CAN I CONTACT REGARDING DATA PROTECTION?

If you have any questions or concerns, you can contact us electronically at the following email address: contact@sound-house.io.

FOR WHAT PURPOSE DO WE PROCESS YOUR DATA?

We process your personal data:

1. To analyse the activity of sound-house.io users – art. 6.1.f of GDPR;

2. To ensure the proper functioning of the sound-house.io – art. 6.1.f GDPR;

3. To give the users ability of contacting sound-house.io administrators through contact form – art. 6.1.f GDPR;

4. Legaly justified admin interests including user service, determining, pursueing and defending possible claims, preventing forbidden actions, marketing purposes, conducting analyses and statistics on the use of particular functionalities of the sound-house.io app and user satisfaction surveys - art. 6.1.f GDPR.

If you sign up for our newsletter, the administrator processes your personal data in order to send you its own commercial information and content promoting the administrator's products and activities - based on Article 6(1)(a) of Regulation 2016/679 - i.e. your consent given by you when signing up for the newsletter.

Our website uses cookies - small text information stored on your end device (e.g. computer, smartphone, tablet), which can be read by our ICT system (our own cookies) or third-party ICT system (third-party cookies). Some cookies are deleted when the browser session ends, i.e. when the browser is closed. Other cookies are stored on your end device and allow your browser to be recognized the next time you visit the site. When you visit the site for the first time, information about the use of cookies is displayed. In addition, you can always change the cookie settings from your browser or delete cookies altogether. Browsers manage cookie settings in different ways. See your browser's help menu for explanations on how to change your cookie settings. Please note that disabling or restricting cookies may cause difficulties in using our site, as well as many other websites that use cookies.

We use Custom cookies to ensure the proper operation of the site.

Third party cookies are used to enable functions provided by third parties, which involves the use of cookies from third parties. The use of these types of cookies is described below:

1. Heap.io. We use the Heap tool provided by Heap Inc., 225 Bush St. 2nd Floor, San Francisco, CA 94104, USA. We perform these activities based on our legitimate interests. They are used to create statistics and analyze them in order to optimize our websites. For details related to Heap's data processing, you can read Heap's privacy policy available at https://heap.io/privacy

LOGS AND THEIR RECORDING

Use of the site also involves sending queries to the server where the site is stored. Each query to the server is recorded in logs. The logs include, among other things, your IP address, the date and time of the server, information about your web browser and your operating system. Logs are saved and stored on the server. The data recorded in the logs are not associated with specific people using the site and are not used to identify you, they are auxiliary material used to administer the site, and their contents are not disclosed to anyone except those authorized to administer the server.

WHO WILL BE THE RECIPIENT OF MY DATA?

Your personal data will be disclosed to entities cooperating with the administrator. Such entities are called data recipients. Recipients of personal data will be entities entitled to obtain personal data on the basis of separate legal regulations, providers of hosting, analytical, statistical services and advertisers. Some of them are entities to which the controller has entrusted the processing of personal data on a contractual basis. All disclosures of your personal data are made in full compliance with the law, including the provisions of the GDPR. Before disclosing your data to a third party, the administrator always verifies that such action is reasonable and necessary, and that your data is adequately protected. Disclosure of data by the administrator is possible in principle in the following cases:

1. When such an obligation arises from the law - this applies to the disclosure of your data by the controller;

2. When the controller has to disclose data in order to be able to fulfill the contract with the supplier of the newsletter distribution system - such action always takes place on the basis of the concluded contract of entrustment of data processing;

3. When a controller decides to disclose personal data because of its own legitimate interest;

4. When it results from your consent to process your data.

All of the above are practices that are fully compliant with the GDPR.

The entities to which the administrator will disclose your personal data will be:

1. MailerLite, Ground Floor, 71 Lower Baggot Street, Dublin 2, D02 P593, Ireland - for the purpose of sending newsletters.

2. Subcontractors who may be involved in providing services to you and responding to your emails.

We will transfer your personal data to countries other than those in the European Economic Area - so-called third countries. All entities to which we entrust the processing of personal data guarantee the application of appropriate measures for the protection and security of personal data required by law. Due to the use of the Netlify systems, your data may be transferred to the United States of America (USA) in connection with its storage on American servers. In addition, only your email address, name and IP address are referred to in this regard.

DOES MY DATA GO OUTSIDE THE EUROPEAN UNION?

As a general rule, the controller processes your personal data only within the European Union. Be aware, however, that due to the controller's use of tools and technical solutions provided by third parties, your personal data (including statistical and analytical data) collected in connection with your use of the sound-house.io website may be transferred to a so-called third country within the meaning of the GDPR, i.e. the USA. The U.S. is a country that is not part of the European Economic Area and does not have such high data protection requirements as its member countries. To counteract this, we have entered into processing agreements that ensure an adequate level of security for your data. For data transferred outside the European Economic Area, the contract is based on standard contractual clauses approved by the European Commission. As part of the data protection impact assessment, in accordance with the recommendations following the c-311/18 judgment, we have identified the risks and possible impacts associated with the transfer of data. This type of processing is fully legal and compliant with the GDPR. Keep in mind that if you use features that allow you to share content on sound-house.io via social networks such as Facebook, your data may go outside the European Economic Area on your own initiative. With this in mind, we recommend that you read the privacy policies of the respective websites before using such features.

HOW LONG WILL MY DATA BE PROCESSED?

If you are a subscriber to our newsletter, we will process your personal data for the duration of your consent. Once you revoke your consent, your data will be irretrievably deleted and processing will end. If you have used the contact form, or contacted us by e-mail, you naturally provide us with your e-mail address as the sender of the message. In the body of the message you may also include other personal data, the provision of which is voluntary, but necessary to establish contact. In this case, your data is processed for the purpose of contacting you, and the basis for processing is Article 6(1)(a) of the GDPR, i.e. your consent resulting from the initiation of contact. The legal basis after the termination of contact is the legitimate purpose of archiving the correspondence for future demonstration (Article 6(1)(f) GDPR). The content of the correspondence and statistical data may be archived, and we are not able to clearly determine when they will be deleted. You have the right to request the history of correspondence you have had with us (if it was subject to archiving), as well as to request the deletion of such correspondence, unless archiving is justified due to our overriding interest, such as defense against potential claims on your part.

WHAT RIGHTS DO I HAVE IN RELATION TO THE PROCESSING OF MY PERSONAL DATA?

You have the right to request the controller to rectify, erase, restrict or object to  the processing of your personal data. You have these rights only in situations in which making such a request is actually justified. You also have the right to withdraw your consent to the processing of your personal data at any time. Withdrawal of consent will not affect the lawfulness of data processing carried out until the moment of withdrawal.

DO I HAVE TO GIVE OUT MY PERSONAL INFORMATION?

If you are just browsing sound-house.io then you do not have to provide your personal data. If you do not want your personal data to be subjected to analytics and statistics, you can use special browser plug-ins that prevent data collection (e.g. by providing fictitious information about your browser or your behavior). Just remember that without providing your personal data (e-mail address) you will not be able to subscribe to the newsletter and receive the information it contains.

AUTOMATED DATA PROCESSING

Your personal data will be processed by automated means, but will not be subject to profiling.

RIGHT OF COMPLAINT

You have the right to lodge a complaint regarding how your personal data is processed to the supervisory authority, which is the President of the Office for Personal Data Protection with its headquarters in Warsaw (00-193), Stawki 2 Street.