Privacy Statement
As from April 2023
This policy details our commitment at Soundsuit to protecting the privacy of individuals who:
- visit our websites
- request us to contact them via our online web forms
- register to use the products and services which we market for subscription.
The protection of your privacy and your personal data are important concerns to which we pay special attention. We strictly comply with the data protection laws of Germany, including the German Data Protection Act, the Telemedia Act and the data protection rules of the European Union.
The following declaration provides you with information as to how we ensure the protection of personal data and which kind of data will be collected for what purpose.
We are glad that you are interested in Soundsuit. In order to provide you with our service, we need certain information about you (including personally identifiable information – information that identifies you personally). This Privacy Policy explains what information we collect about you for what purpose and what we use it for. It also explains what rights you have with regard to the data processing operations affecting you.
Spherz GmbH, Kirchenstrasse 72, 81675 Munich, registered at the Bavaria district court of Munich under HRB 209690 (hereinafter referred to as „Spherz“ or ‘”we”) operates on the internet sites https://soundfsuit.fm and https://soundsuit.de as well as via web and mobile applications a platform (hereinafter “product” or “platform”).
Responsible body is the natural or legal person who, alone or together with others, decides on the purposes and means of processing personal data (e.g. names, email addresses, etc.).
General
Personal Data
Personal data shall mean any information concerning the personal or material circumstances of an identified or identifiable natural person (“data subject”). You may visit our website without providing individual details about you.
The use of the Soundsuit app requires registration and the provision of personal data in accordance with the following provisions. You may revoke your consent to the use of personal data for the future at any time by providing respective notice to Spherz.
Revocation of Consent
Many data processing operations are only possible with your express consent. You can revoke an existing consent at any time. An informal message by email to support@soundsuit.fm is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
SSL or TLS Encryption
We use SSL or Internet security for security reasons and to protect the transmission of sensitive content, such as orders or requests you send to us. TLS encryption. An encrypted connection is indicated by the browser’s address bar switching from “http: //” to “https: //” and the lock icon in your browser bar. If SSL or TLS encryption is enabled, the data you submit to us can not be read by third parties.
If the SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Information, Correction, Deletion, Blocking, Data Transferability
You have the right at any time to request information about your personal data processed by us free of charge. In particular, you may request us to provide information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been disclosed, the planned retention period, the right of rectification, deletion, limitation of processing or opposition, passing a right of appeal, the origin of their data, if not collected by us, and the existence of automated decision-making including profiling and, where appropriate, meaningful information about your details.
You have the right to request the immediate correction of incorrect or incomplete personal data of you stored by us.
You have the right to request the deletion of your personal data stored by us, except in cases where the processing of the data is required for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims.
You have the right to demand the restriction of the processing of your personal data, as far as the accuracy of the data is disputed by you, the processing is unlawful, but you reject its deletion and we no longer need the data and you the data for the assertion, exercise or defense of legal claims or if you have objected to the processing in accordance with Art. 21 GDPR.
You have the right to receive your personal information that you have provided to us in a structured, common and machine-readable format or to request that it is sent to another person in charge.
Right to Object
If your personal data is processed based on legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f DSGVO, you have the right to file an objection against the processing of your personal data in accordance with Art. 21 DSGVO, provided that there are reasons for this arising from your particular situation or the objection is directed against direct mail. In the latter case, you have a general right to objection, which is implemented by us without specifying any particular situation.
If you want to exercise your right to object, please send an email to support@soundsuit.fm.
Registration & Login
Registration
You can register on our platform to use our services. We only use the data entered for the purpose of using the respective offer for which you have registered. The mandatory information requested during registration, such as name and email address, must be provided, otherwise the registration can not be completed.
For important changes such as the scope of the offer or in case of technical changes, we use the email address given at registration to inform you in this way.
The processing of the data entered during registration takes place at your request and is required in accordance with Art. 6 para. 1 p. 1 lit. b DSGVO in order to be able to comply with the user contract, including pre-contractual measures.
The data collected during registration will be stored by us as long as you are registered for our services and will subsequently be deleted. Legal retention periods remain unaffected.
Registration and Login with Facebook Connect
Instead of registering directly on our website, you can sign up with Facebook Connect. Provider of this service is the Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, Parent company: Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”).
If you decide to register with Facebook Connect and click on the “Sign Up with Facebook” button, you will automatically be redirected to the Facebook platform. There you can log in with your usage data. This links your Facebook profile to our website or services. This link gives us access to your data stored on Facebook. These are above all:
Inventory data (e.g. names, addresses), contact details (e.g. e-mail, telephone numbers), event data (“event data” are data that can be transmitted by us to Facebook e.g. via Facebook pixels via apps or in other ways and relate to people or their actions; The data includes, for example, information about visits to websites, interactions with content, functions, installations of apps, purchases of products, etc .; the event Data is processed for the purpose of creating target groups for content and advertising information (custom audiences); event data does not contain the actual content (such as written comments), no login information and no contact information (i.e. no names, e-mail addresses). Event data will be deleted by Facebook after a maximum of two years).
This information is used to set up, provision and personalize your account as part of the provision of a contractual service. The legal basis for this is your consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GSPR) and legitimate interest (Art. 6 Par . 1 S. 1 lit. f. GDPR).
Together with Facebook Ireland Ltd., we are jointly responsible for the collection or receipt as part of a transmission (but not further processing) of “event data” that Facebook collects using the Facebook single sign-on registration process that is carried out on our online offer or as part of a transmission for the following purposes: a) Display of content advertising information that corresponds to the presumed interests of the users; b) Delivery of commercial and transaction-related messages (e.g. addressing users via Facebook Messenger); c) Improving the delivery of advertisements and personalizing functions and content (e.g. improving the recognition of which content or advertising information presumably corresponds to the interests of the users). We have concluded a special agreement with Facebook (“Controller Addendum“), which regulates in particular which security measures Facebook must observe and in which Facebook has agreed to fulfill the rights of the data subject (i.e. users can, for example, provide information or deletion requests directly to Facebook). Note: If Facebook provides us with measured values, analytics and reports (which are aggregated, i.e. they do not receive any information about individual users and are anonymous to us), then this processing does not take place within the framework of joint responsibility, but on the basis of an data processing addendum (“data processing terms“), the “data security terms” and with regards to processing in the USA on the basis of standard contractual clauses (“Facebook-EU data transfer addendum“). The rights of users (in particular to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook.
For more information, see the Facebook Terms of Use and the Facebook Privacy Policy. Facebook offers an objection option via this Opt-Out-Link.
Registration and Login with LinkedIn Connect
Instead of a direct registration / login on our website, you can also register via Google. Provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043 USA (“Google”).
If you decide to register / login with Google and click the “Sign in with Google” button, you will automatically be redirected to Google’s platform. There you can log in with your usage data. This will link your Google profile to our website or services. This link gives us access to your data stored on Google. These are above all:
First name | Surname | E-mail address | Username | Google Profile URL | Featured Image
This information is used to set up, provision and personalize your accounts.
For more information, see the Google Terms of Service and the Google Privacy Policy.
Product Interactions
Music and Playlists
The Soundsuit app provides a tailored in-store music experience. In order to provide your business such personalized soundtrack, it is necessary to consider your user experience as business owner/manager.
You herewith agree that Spherz will collect the following personal usage data in order to create a user profile and to offer you a personalized Soundsuit music experience:
– which audio content was listened
– which audio content was skipped
– which audio content was “liked”
– which audio content was “banned”
– duration of play
– when playlist was “mooded up”
– when playlist was “mooded down”
– which playlist content from other platforms was imported
– etc.
Spherz will use such data in order to provide a personalized in-store music experience that corresponds to your preferences to a reasonable extent.
You acknowledge that you may revoke your consent to the use of the aforesaid data for the future by providing notice to the address as mentioned in Section 16. If you revoke such consent, Spherz will be unable to provide the Soundsuit app.
Payment and Communication
Newsletter
You herewith agree that Spherz will send you electronic messages. Such messages will contain information and reports for users of the Soundsuit service. You acknowledge that for this purpose Spherz will use your email address provided by you during the registration process.
Please note that Spherz will use the email address for advertising purposes only as far as it is permitted by law or you agreed to such use separately.
If you provide such consent you agree that Spherz will use your email address in order to provide you with marketing information.You acknowledge that if you do not want to receive such marketing information any longer you may revoke your consent to the receipt of such information at any time for the future by providing notice to the address as mentioned in Section 18 or activate the respective link within a newsletter email.
Localization data
Spherz may provide you through the Soundsuit app with content which is tailored for your location. This relates to musical content like songs in your local language, or artists valued in your local market. Spherz will ask you for a separate consent to use location data which consent can be provided by different means (click through and/or activation of the respective feature on your mobile device like tablet).
If you provide such consent you agree that Spherz will collect data about the location of your device through which the Soundsuit app is used in order to provide you with musical content tailored for the location of the device.
You acknowledge that you may revoke your consent to the use of the aforesaid data for the future by providing notice to the address as mentioned in Section 18. If you revoke such consent, Spherz will be unable to provide the Soundsuit service.
Transfer of Data to Third Party
Spherz will transfer your personal data only to the extent permitted by law and in accordance with the following provisions.
If you subscribe to use the Soundsuit App, you have to provide payment information. As far as you subscribe within the app, that you acquired via an app store (e.g. iTunes App Store or Google Play) your data will be collected and processed in accordance with the terms and conditions of the respective app store. As far as you subscribe with Spherz directly the payment data will be collected and processed by the payment provider on Spherz’s behalf in accordance with the legal requirements.
In the event of a merger, acquisition or sale of all or a portion of the shares in or the assets of Spherz it is likely that the user data will be a part of the assets. If in such case personal data will be collected, used or disclosed Spherz will inform all users about it in advance.
For the rest Spherz will only transfer personal data to third parties as far as Spherz is obliged to do so according to a governmental or juridical order or if the transfer is permitted by applicable law.
Payment Information
When you make payments for our services, no credit or debit card information is stored on our servers. This information is stored by our third party PCI-compliant payment processing companies. We work with the following providers:
- Chargebee Inc., 340 S Lemon Ave #1537, Walnut, CA, 91789 (USA)
- Stripe Inc., 185 Berry Street, Suite 550, San Francisco, CA 94107 (USA)
All credit and debit card transactions occur between the computer from which the transaction originates and our payment processor. When you use one of our trial phases or subscriptions or you purchase something through the service, credit card information and other financial information we need to process the payment is collected and stored with a payment service provider. We also collect certain limited information, such as your zip code, mobile phone number and details of your transaction history. In addition, these payment service providers usually provide us with very limited information about you, such as the unique “token”, which enables you to make further purchases using the data stored by the service providers, as well as your card type, expiration date and last four digits of the number.
We have entered into separate so-called “Data Processing Agreements” with both Chargebee and Stripe, in which we commit Chargebee and Stripe to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.
Chargebee
We use the services of Chargebee Inc., 340 S Lemon Ave #1537, Walnut, CA, 91789, USA (“Chargebee”) to manage subscriptions and invoices. The data processing takes place on the basis of our legitimate interests (Art. 6 (1) lit. f DSGVO) for the technically error-free and optimized provision of our services. For this purpose, Chargebee receives user data such as email, address and transaction details in order to create and deliver the invoices.
For more information on data processing by Chargebee, please see the Chargebee Privacy Policy. We have entered into a so-called “Data Processing Agreement” with Chargebee, in which we commit Chargebee to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.
MailChimp
This website uses the services of MailChimp for sending newsletters (or mandrill for sending information relevant to the user). Provider is the Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308 (USA) (“MailChimp”).
MailChimp is a service with which, among other things, the dispatch of newsletters can be organized and analyzed. If you have entered data for the purpose of newsletter subscription (e.g. email address), these will be stored on the servers of MailChimp in the USA.
With the help of MailChimp we can analyze our newsletter campaigns. When you open an email sent with MailChimp, a file included in the email (called web beacon) connects to MailChimp’s servers in the United States. This way you can determine if a newsletter message has been opened and which links have been clicked on. In addition, technical information is collected (e.g. time of retrieval, IP address, browser type and operating system). This information can be assigned to the respective newsletter recipient. They are used exclusively for the statistical analysis of newsletter campaigns. The results of these analyzes can be used to better tailor future newsletters to the interests of the recipient.
If you do not want to be analyzed by MailChimp, you have to unsubscribe from the newsletter. For this purpose, we provide a link in every newsletter message. Furthermore, you can unsubscribe from the newsletter directly on the website.
The data processing takes place on the basis of your active newsletter registration and our legitimate interests (Art. 6 (1) lit. f DSGVO) of optimization of our newsletter content according to the interests of our recipients. You can contradict this at any time by unsubscribing from the newsletter.
The data deposited with us for the purpose of obtaining the newsletter will be saved by us from the newsletter until you receive it and will be deleted from our servers as well as from the servers of MailChimp after cancellation of the newsletter.
For details, see the Mailchimp Privacy Policy. We have entered into a so-called “Data Processing Agreement” with MailChimp, in which we commit MailChimp to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.
Data Collection and Use
Server Log Files
Our provider of the platform automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are browser type and browser version, operating system used, referrer URL, host name of the accessing computer, time of the server request and the IP address.
The data is for data security and error analysis only. A merge of this data with other data sources will not be done.
The basis for data processing is Art. 6 (1) lit. b DSGVO, which allows the processing of data to fulfill a contract or pre-contractual measures. The server log files are automatically deleted after 2 weeks.
Cookies
We use so-called cookies. Cookies do not harm your access device and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your access device and stored by your browser.
Most of the cookies we use are so-called “session cookies”. They will be deleted automatically at the end of your visit. Other cookies remain stored on your device until you delete them. These cookies allow us to recognize your browser on your next visit.
You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general, and enable the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of our website.
Cookies which are required to carry out the electronic communication process or to provide certain functions which you wish to use (e.g. shopping basket function) are processed on the basis of Art. 6 (1) lit. f DSGVO saved. We as website operators have a legitimate interest in the storage of cookies for the technically error-free and optimized provision of our services. If other cookies (e.g. cookies for the analysis of your surfing behavior) are stored, they will be treated separately in this privacy policy. We collect Cookies in the following categories:
- Necessary technical or functional cookies: Functional cookies help make our website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function without these cookies.
- Analytical cookies: These cookies collect information about how visitors use the website. We might also use analytics cookies to test new ads, pages, or features.
- Marketing cookies: These cookies are placed by third-party advertising platforms to deliver ads and track ad performance, enabling advertising networks to deliver ads that may be relevant to you.
Analysis Tools and Advertising
For marketing optimization purposes, we send, if not disabled by the user in the system settings of its device, the Mobile Advertising ID, the hashed email address given during registration and the parameters specified in the section “Social Plugins” (such as IP address, browser and access device information) to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043 USA (“Google”). The data processing takes place on the basis of our legitimate interests (Art. 6 (1) lit. f DSGVO) of analyzing user behavior and optimization of our website and our advertising. If you do not want us to collect the Mobile Advertising ID and send it to Google, you can find a manual for deactivation under the topic “Mobile Advertising ID”. We have entered into a so-called “Data Processing Agreement” with Google, in which we commit Google to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA. Further details to different Google services are mentioned below.
Google Adwords and Google Conversion-Tracking
This website uses Google AdWords. AdWords is an online advertising program of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043 USA (“Google”). As part of Google AdWords, we use the so-called conversion tracking. When you click on an ad served by Google, a conversion tracking cookie is set. Cookies are small text files that the Internet browser stores on the user’s computer. These cookies loose their validity after 30 days and are not used for the personal identification of the users. If the user visits certain pages of this website and the cookie has not expired yet, Google and we can recognize that the user clicked on the ad and was redirected to this page.
Each Google AdWords customer receives a different cookie. The cookies can not be tracked through the websites of advertisers. The information gathered using the conversion cookie is used to generate conversion statistics for AdWords advertisers who have opted for conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, they do not receive information that personally identifies users. If you do not wish to participate in tracking, you can opt-out of this use by disabling the Google Conversion Tracking cookie from your Internet browser under User Preferences. You will not be included in the conversion tracking statistics.
You can set your browser so that you are informed about the setting of cookies and cookies only on a case by case basis, the acceptance of cookies for certain cases or generally exclude and can activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.
The storage of “conversion cookies” is based on Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.
More information about Google AdWords and Google Conversion Tracking can be found in the Google Privacy Policy. We have entered into a so-called “Data Processing Agreement” with Google, in which we commit Google to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.
Google Analytics
Our sites use functions of the web analytics service Google Analytics for the purpose of needs-based design and continuous optimization. Provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043 USA (“Google”). Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the United States and stored there.
Google Analytics cookies are stored on the basis of Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.
We have entered into a so-called “Data Processing Agreement” with Google, in which we commit Google to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.
Here’re the details in regard to how we’re using Google Analytics:
- IP Anonymization: We have activated the function IP anonymization on this website. As a result, your IP address will be truncated by Google within member states of the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google data.
- Browser Plugin: ou can prevent the storage of cookies by setting your browser software accordingly; however, we point out that in this case you may not be able to use all the features of this website in full. In addition, you may prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading and installing the browser plug-in available under this link.
- Opposition to Data Collection: With the help of this browser add-on for disabling Google Analytics JavaScript, you can prevent Google Analytics from using your data during future visits to this website. For more information about how to handle user data on Google Analytics, see the Google Privacy Policy.
- Commissioned Data Processing: We have entered into a so-called “Data Processing Agreement” with Google, in which we commit Google to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
- Demographic Data: his website uses the “demographics” feature of Google Analytics. As a result, reports can be produced that contain statements on the age, gender and interests of the site visitors. This data comes from interest-based advertising from Google and third-party visitor data. This data can not be assigned to a specific person. You can disable this feature at any time through the Ads settings in your Google account, or generally prohibit Google Analytics from collecting your data as outlined in the “Opposition to Data Collection” section.
Facebook Pixel
Our site uses the visitor action pixel from Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, Parent company: Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”) for conversion measurement. This way, the behavior of the site visitors can be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. As a result, the effectiveness of Facebook advertisements can be evaluated for statistical and market research purposes and future advertising measures optimized. The collected data are anonymous to us as the operator of this website, we can not draw conclusions about the identity of the users. However, the data are stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook data usage directive. As a result, Facebook can enable ads to be displayed on Facebook and outside of Facebook. This use of data can not be influenced by us as the site operator.
Together with Facebook Ireland Ltd., we are jointly responsible for the collection or receipt as part of a transmission (but not further processing) of “event data” that Facebook collects using the Facebook single sign-on registration process that is carried out on our online offer or as part of a transmission for the following purposes: a) Display of content advertising information that corresponds to the presumed interests of the users; b) Delivery of commercial and transaction-related messages (e.g. addressing users via Facebook Messenger); c) Improving the delivery of advertisements and personalizing functions and content (e.g. improving the recognition of which content or advertising information presumably corresponds to the interests of the users). We have concluded a special agreement with Facebook (“Controller Addendum”), which regulates in particular which security measures Facebook must observe and in which Facebook has agreed to fulfill the rights of the data subject (i.e. users can, for example, provide information or deletion requests directly to Facebook). Note: If Facebook provides us with measured values, analytics and reports (which are aggregated, i.e. they do not receive any information about individual users and are anonymous to us), then this processing does not take place within the framework of joint responsibility, but on the basis of an data processing addendum (“data processing terms“), the “data security terms” and with regards to processing in the USA on the basis of standard contractual clauses (“Facebook-EU data transfer addendum“). The rights of users (in particular to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook.
You will find more information on the protection of your privacy in the Facebook Privacy Policy.
You can also disable the remarketing “Custom Audiences” feature in the Ads Settings section at the following link You have to be logged in to Facebook. If you do not have a Facebook account, you can opt out of use-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance.
The storage of “conversion cookies” is based on Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.
Our website contains plugins operated by Twitter Inc., Twitter, Inc. 1355 Market St, Suite 900, San Francisco, CA 94103, USA. By using of the Twitter service and the function “re-tweet” the websites visited by you will be connected with your Twitter-Account and disclosed to other users. In this case data will be transferred to Twitter.
Please refer to Twitter’s privacy policy for more information on: http://twitter.com/privacy. You may change you privacy settings at Twitter within your Twitter-Account at http://twitter.com/account/settings.
YouTube
On our website and based on our legitimate interests under Art. 6 para. 1 sentence 1 lit. f DSGVO to display video content we use components (videos) of the company YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, (“YouTube”), a company of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043 USA (“Google”). Here we use the option provided by YouTube of “extended privacy mode”.
When you visit a page that has an embedded video, it will connect to the YouTube servers and display the content by notifying your browser on the website.
According to information provided by YouTube, in the “extended privacy mode” only your data – in particular, which of our websites you have visited and device-specific information including the IP address – is transmitted to the YouTube server in the US when you watch the video. By clicking on the video you confirm this transmission. If you do not want the transmission, stop playing the video.
If you are logged in to YouTube at the same time, this information will be associated with your Membership account on YouTube. You can prevent this by logging out of your member account before visiting our website.
For more information about data protection related to YouTube, please see the Google Privacy Policy Google. We have entered into a so-called “Data Processing Agreement” with Google, in which we commit Google to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.
We use services of the short message service Pinterest. Pinterest is operated by Pinterest Europe Limited, 2nd Floor, Palmerston House, Fenian Street, Dublin 2, Parent company: Pinterest Inc., 651 Brannan Street, San Francisco, CA 94103 (USA) (“Pinterest”). Pinterest allows us to use target group-based advertising, re-targeting and conversion measurements for online advertising via the so-called visitor interaction pixel. Here, offers for specific target groups are played out based on a selection of general criteria, such as demographic characteristics, regions or interests. Pinterest also allows us to target ads based on your recent page views. For example, you may see ads and notices about our offers and content if you are interested in specific services, information, or offers at the online trade show. Here only general and technical information on accessed pages are evaluated. If you generally do not want to be tracked by Pinterest, you can prevent the storage of cookies at any time by your browser settings, which could limit functionality.
For more information about Pinterest, please refer to the Pinterest Privacy Policy.
The storage of “conversion cookies” is based on Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.
Hotjar
We use Hotjar, a web analytics service of Hotjar Ltd., St. Julian’s Business Center, Elia Zammit Street 3, St Julian’s STJ 1000 (Malta) (“Hotjar”). With Hotjar, interactions of randomly selected, individual visitors to our website are recorded anonymously. Logs of mouse movements and clicks, for example, are created from the recordings with the aim of making Soundsuit even more intuitive and user-friendly. Hotjar also uses “cookies”, text files that are stored on your computer. In order to exclude a personal relationship, IP addresses are stored only anonymously and information is processed only anonymously. It also provides information, including about your operating system | Browser | geographical origin (country), evaluated for statistical purposes. This information is not personal and will not be disclosed to third parties by us or by Hotjar.
If you do not want your data to be tracked by Hotjar, just follow this guide. For more information about Hotjar, see the Hotjar Privacy Policy and Terms of Use.
We have entered into a so-called “Data Processing Agreement” with Hotjar, in which we commit Hotjar to protect the data of our customers and not to disclose them to third parties.
Hosting & Analysis
Google Web Fonts
On this website the service Google Web Fonts is used. The service is provided by Google Ireland Limited Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Google Web Fonts enables us to load and display external fonts, so-called Google Fonts, on our website. Google Web Fonts is locally integrated on our website. This means that the fonts are not loaded from Google servers.
In the context of processing via Google Web Fonts, the following personal data is collected and processed:
IP address
The legal basis for this processing is Art. 6 (1)(f) GDPR — a legitimate interest. Our legitimate interest in the processing is to present the website in an attractive and user-friendly manner. Local hosting ensures that no data is transferred to Google, and no data transfer takes place.
Personal data is stored for as long as it is necessary to fulfill the purpose of processing. The data is deleted as soon as it is no longer required for the purpose.
MongoDB
As a central database, we use Atlas of MongoDB, Inc., 3 Shelbourne Building, Crampton Avenue Ballsbridge, Dublin 4, Ireland (“MongoDB”). The data processing takes place on the basis of our legitimate interests (Art. 6 (1) lit. f DSGVO) for the technically error-free and optimized provision of our services. In addition to the pseudonymized Soundsuit ID, no further personal data of the users is stored in the Atlas database.
For more information about MongoDB’s data processing, see the MongoDB Privacy Policy. We have entered into a so-called “Data Processing Agreement” with MongoDB, in which we commit MongoDB to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data via sub-processors or affiliates to the USA.
Digital Ocean
This hosting service helps us to host our backend applications. The DO (Digital Ocean) Data Center stores user data such as email, address, first name, last name, interaction data. The data processing takes place on the basis of our legitimate interests (Art. 6 (1) lit. f DSGVO) for the technically error-free and optimized provision of our services.
TestFlight
Spherz uses software called TestFlight operated by Burstly, Inc. that provides anonymous data, but no personal data, about user interactions with the Soundsuit App to Burstly, who will use such information to provide Spherz with information and analytics related to such user interactions. Spherz will not associate any data gathered through use of TestFlight with any personally identifiable user information from any source, nor will Spherz provide Burstly with any information that personally identifies the user.
Zendesk
In addition, Zendesk sets cookies. These cookies are cookies that are technically necessary to ensure the technical functionality of the website and to protect the website from bot-driven attacks.
Regarding the contact forms the following data can be collected and processed:
- E-mail addresses
- Names
- Addresses
- IP Adresses
The data processing that takes place via the cookies is based on art. 6 (1)(f) GDPR — a legitimate interest. Our legitimate interest is that we must ensure the functionality and security of our website.
The personal data will be stored for as long as they are required to fulfil the purpose of processing. The data will be deleted as soon as they are no longer required for the purpose.
Data may be transferred to the USA as part of processing by Zendesk. The security of the transmission of data is secured via so-called standard contractual clauses and binding corporate rules. If these standard contractual clauses and binding corporate rules are not sufficient to establish an adequate level of security, Art. 49 (1)(a) GDPR can serve as a legal basis. Please note the reference to the risk of data transfer to an unsafe country under sub-item “7. Forms”.
Google Tag Manager
This website uses the service “Google Tag Manager”. The tag manager is a tool for managing so-called tags that are used during tracking in online marketing. In doing so, the tag manager does not process any personal data, since it merely serves to manage other services – e.g., Google Analytics, etc.
You can find further information on the tag manager at: https://www.google.com/intl/de/tagmanager/use-policy.html
Google Maps
The following data is collected and processed:
- IP addresses
- Location information
- Usage data
- Date and time of visit
- URLs
The data will be stored for as long as it is necessary for the purpose of the procession. The data will be deleted as soon as it is no longer needed for the processing purposes.
As part of the processing, the data may be transferred to the following recipients besides Google Ireland Limited:
- Google LLC.
- Alphabet Inc.
Social Media
Facebook Plugin
On our pages plugins of the social network Facebook, provider Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, Parent company: Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”), are integrated. The Facebook plug-ins can be recognized by the Facebook logo or the “Like-Button” (“Like”) on our site. An overview of the Facebook plugins can be found here.
When you visit our platform, a direct connection between your browser and the Facebook server is established via the plugin. Facebook receives the information that you have visited our site with your IP address. If you click on the Facebook “Like-Button” while you are logged in to your Facebook account, you can link the contents of our pages to your Facebook profile. This allows Facebook to associate your visit to our pages with your user account. We point out that we as the provider of the pages are not aware of the content of the data transmitted and their use by Facebook. If you do not want Facebook to associate visiting our pages with your Facebook user account, please log out of your Facebook user account. More information can be found in the Facebook Privacy Policy.
LinkedIn Plugin
Our site uses functions from the LinkedIn network. The service is provided by LinkedIn Corporation, 1000 West Maude Ave, Sunnyvale, CA 94085, USA, and its subsidiaries LinkedIn Singapore Pte Ltd, 10 Marina Boulevard, Marina Bay Financial Centre Tower 2, Level 30, Singapore 018983 and LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (all together “LinkedIn”). We have entered into a so-called “Data Processing Agreement” with LinkedIn, in which we commit LinkedIn to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA and Singapore.
Each time one of our pages containing LinkedIn features is accessed, your browser establishes a direct connection to the LinkedIn servers. LinkedIn is informed that you have visited our web pages from your IP address. If you use the LinkedIn “Recommend” button and are logged into your LinkedIn account, it is possible for LinkedIn to associate your visit to our website to your user account. More information can be found in the LinkedIn Privacy Policy.
Twitter Plugin
On our pages are functions of the service Twitter included. These features are available through Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 (USA) as well as its subsidiary Twitter International Company, One Cumberland Place, Fenian Street, Dublin, Ireland (together “Twitter”). By using Twitter and the “Re-Tweet” function, the websites you visit are linked to your Twitter account and shared with other users. This data is also transmitted to Twitter. For more information, see the Twitter Privacy Policy. ou can change your privacy settings on Twitter in the Twitter account settings.
We have entered into a so-called “Data Processing Agreement” with Twitter, in which we commit Twitter to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.
California Consumer Privacy Act (“CCPA”)
California Privacy Rights
We take the data protection regulations of the California Consumer Privacy Act (“CCPA”) and the California Civil Code seriously and respect the resulting rights for California residents as stated in the following paragraphs. We will not discriminate against you for exercising your rights under the CCPA. We will not deny you our goods or services, charge you different prices or rates, or provide you a lower quality of goods and services if you exercise your rights under the CCPA.
Shine the Light / Opt-out
California residents have the right to request information about their personal data that we have shared with third parties once a calendar year and to have this data deleted by us. In addition, California residents have the right to opt-out of the disclosure of their personal data to third parties (“opt-out”). To exercise the right to information and / or deletion and/ or opt-out, an informal email to us (support@soundsuit.fm) is sufficient, along with proof of identity and place of residence. We will respond to verified requests within 30 days. California residents also have the right to opt-out of the sale of their personal data. We do not offer this option, because we generally do not sell personal data.
Purposes of data processing of California residents
We collect and process personal data of California residents only for the purposes stated in this data privacy policy, in particular in order to be able to provide our service and our websites in a technically flawless manner, to analyze user behavior to optimize our offer and to optimize our marketing. We do not sell personal data of California residents, we only pass them on to fulfill our business purposes as stated above and in the data privacy policy.
Categories of personal data of California residents
We collect and process personal data from California residents, which are made available to us directly or through interactions with our services and websites, from the following categories: (i) personal data (e.g. name), (ii) identifiers (e.g. name, email address), (iii) Information about activities on the Internet or networks (e.g. parameters specified in the section “Social Plugins”). The categories of third parties to whom we may share California residents’ personal information are: (i) marketing networks, (ii) analytics and hosting providers, (iii) payment service providers and (iv) social networks. We have no knowledge of disclosing personal data of minors under 16 years of age to third parties.
Security & Rights
Security
We are committed to maintaining reasonable and responsible security of your personal data. To avoid any unauthorized access or disclosure, to ensure the correctness and the authorized use of your data we implemented technical and organizational security measures to protect the data we are asking for. Notwithstanding the foregoing no electronic communication is absolutely safe.
We use Secure Sockets Layer (SSL) encryption at any time, i.e. on all pages and within the App.
Your Rights
On request, Spherz will inform you in writing as soon as possible and in accordance with applicable law whether and what personal data relating to you has been stored by us. In addition you are entitled to correction, blocking and deletion of data unless a legal retention period applies. If you request a blocking or deletion of your usage data, Spherz will not be able to provide you with the Soundsuit app.
In addition you may revoke your consent specified in Section 6 to 8, above. Please note that if you revoke this consent you will be unable to use the Soundsuit app.
You may exercise these rights by providing written notice to the below mentioned postal address or by email to: support@soundsuit.fm.
In addition you may change your data within your user account.
If you access the Soundsuit app via an App Store (e.g. iTunes App Store or Google Play), you may stop all collection of information about you and your use of the Soundsuit service by the App by uninstalling the App from your device.
Further Information
If you have any questions about the Declaration of Data Protection please contact us via email at
support@soundsuit.fm or via post-mail to:
Kirchenstrasse 72
81675 Munich
Germany
Frequently asked questions
Haven't found the answer to your question?