Last updated 31st August 2022.
Keeping your data safe
- We are committed to keeping your personal data safe and secure and handling it in accordance with our legal obligations. This notice sets out in detail the purposes for which we process your personal data, who we share it with, what rights you have in relation to that data, and everything else we think it's important for you to know.
- Our practices generally do not differ based on your location. However, this notice specifically addresses our practices toward personal data under:
- the Data Protection Act 2018 and the General Data Protection Regulation (EU) 2016/679 (the 'GDPR'); and
- the California Consumer Privacy Act (as amended) (the 'CCPA').
- In general, we use the terminology of the GDPR in this notice (like 'personal data') instead of analogous terminology of the CCPA ('personal information'). See our 'CCPA rights and remedies' below for more detail.
- If you have questions about your rights under other data privacy laws, please contact us using the methods specified below.
Who we are
- We are Sine Wave Entertainment Ltd, a company incorporated in England and Wales with registered number 05894627.
- ICO registration (Information Commissioner's Office) Sine Wave is registered with the ICO under number: ZB119685
- In general, for the purpose of the GDPR, we are the 'controller' of the personal data we process about you. Analogously, for the purpose of the CCPA, we are generally the 'business' of the 'personal information' we process about you.
- However, if we receive your personal data in our role as a service provider from one of our customers, we may serve in a different role under the GDPR and CCPA. If you access our services through a customer's integration of our products, that customer may serve as the 'controller' or 'business' regarding your personal data (under GDPR and CCPA, respectively). We may serve as a 'processor' or 'service provider', respectively, to the applicable customer. In these circumstances:
- Additional privacy notices or policies, provided by our customer to you, may also apply to the personal data you provide through our services
- We will direct any questions or rights requests you may send us as required under our customer agreements.
- In accordance with Article 27 of the General Data Protection Regulations, we have appointed an EU representative who you may address if you are located in the European Union to raise any issues or queries you may have relating to our processing of your personal data. Our EU representative, Janet Kolind, can be contacted directly at 48 Dover Street, London, W1S 4FF or at the following email address: email@example.com
- Our contact details are as follows:
- Address: 48 Dover Street, London, W1S 4FF, United Kingdom
- Email: firstname.lastname@example.org
What is personal data?
- Personal data is any information that tells us something about you. This could include information such as your name, contact details, date of birth, medical information and bank account details.
How do we collect personal data?
We collect personal data from various sources, including:
- Directly from you when you utilise the service, purchase goods or services from us, sign up for an account/contact us with questions or feedback.
- Information is provided by login and social media services, such as third party "Sign in" providers, and "Share to" social network publishers.
- Information provided by identity verification services, if requested by you (this may be required in order to submit supplier invoices if you are using a monetised developer account).
- Through recording, monitoring, and storing telephone, email, and other forms of communications in order to verify or confirm instructions given to us for quality purposes.
What personal data do we collect?
We may collect the following categories of personal data about you:
- Personal contact details such as name, title, address, telephone number, and email address; particularly if you are a paying customer.
- Username(s) and password(s).
- Date of Birth (optional)
- Gender (optional)
- Other information that you provide to us in correspondence you send.
- Transaction history.
- Social media profile information, including your handles
- Application usage information, including times and dates of when you utilised the service and the locations you visited.
- Information stored in your profile, such as information about your interests.
- Location data: and IP addresses used to access the service
- Photographs stored in the content you upload or import.
- Information about your computer or electronic device is used to access the service such as unique device identifiers.
How do we use your personal data?
We use your personal data for the following purposes:
- To run and manage your account.
- To provide our services to you.
- To make decisions about whether we can provide our goods and services to you.
- To provide support to you in using our services and to answer any questions you may have.
- To deal with complaints or other feedback.
- If you consent, to send you communications about products and services we think you will be interested in.
- To analyse and improve our services and our business.
- To run competitions and promotions that you enter.
- To prevent and detect fraud and other criminal activity.
- To tailor the advertising and marketing that we send to you based on your interests.
- To verify copyright or IP related claims.
Our legal basis for using your personal data?
Sine Wave Entertainment Ltd processes your personal data in accordance with Article 9: Lawfulness of processing in the General Data Protection Guidelines (GDPR). Under data protection law, we are only permitted to use your personal data if we have a legal basis for doing so. The information below tells you what that legal basis is in relation to each of the purposes set out above.
- IP Address. We store your IP when you signup, and whenever you sign into the service. This information is retained for identifying malicious account activity, or for tracking duplicate accounts accessing the service. We may also use this information as a component in validating the country for calculating VAT and establishing demographics. Additionally, your IP address may be temporarily recorded within webserver logs for diagnostic and security-related purposes.
- Email. We use email addresses to contact you for important topics (such as changes to the terms of service, password resets, and other messages of a similar nature), if you opt-in to our newsletter, you will also periodically receive marketing materials from us; you may unsubscribe from marketing emails at any time, using the link attached at the bottom of any marketing message. You may update your email at any time from the account management page.
- Username. We store your username as a critical part of accessing the service, you may rename your account at any time for a small fee. Your username will be removed from the service if in the event that you choose to terminate your account.
- Gender and Country (Optional). You may optionally add this information into your profile to exhibit to other users. We may use this information, if supplied, for general demographical analysis for marketing, localisation and general operational purposes.
- Social Media Accounts (Optional). If you login to the service using social login, or via a third-party login service, or use connected features of an account, we may store the account identifier to deliver that feature.
- Billing Name and Address. If you purchase any premium services, we will store your name and billing address indefinitely as part of our accounting records. We utilise several third parties in relation to this service who will also retain copies of this information, including our merchant banking processors (Stripe, PayPal) and our subscription manager (Chargify). We have vetted each of these services as providing strong levels of security in relation to this data.
- Creator Details (Optional). If you register as a creator, we require additional information such as the name and billing address of the copyright owner. This is part of our ongoing content verification procedures. To ensure legal record keeping in the event of infringement, we do maintain this information indefinitely, although it may be updated at any time from the curator website.
- Application Usage. We will record some information about your usage of the application for the purposes of improving the user experience or fixing defects. This information may also be processed in aggregate for statistical purposes.
- Computer Information. If you submit bugs via our bug tracker, you may upload log files, or input system information which may reveal some limited information about your username or computer system. This information is utilised to improve the quality of the service.
- Please note that if we process your personal data on the legal basis of your consent, you are able to withdraw your consent at any time. This will not affect the lawfulness of any processing that was carried out based on your consent prior to it being withdrawn.
What happens if you don't provide the personal data we request
- We need some of your personal data to perform our contract with you or to comply with legal obligations, as set out in section 1 above. Where personal data is required for these purposes, if you do not provide the data requested, we will not be able to perform our contract with you or continue to provide our services to you. We explain when we collect your personal data which data is mandatory, and which is not.
How we share your personal data
Though we do not 'share' your personal data for online behavioural advertising purposes, we may provide your personal data to other organisations in the following ways:
- We may share your personal data with companies within our group as part of our regular reporting activities on company performance, in the context of a business reorganisation or group restructuring exercise or for system maintenance and hosting of data.
We use third-party service providers who process personal data on our behalf to provide services to us. The service providers we use who may have access to your personal data are as follows:
- Hosting providers, cloud storage providers, and backup service providers; Amazon AWS, Backblaze, Wasabi
- Our customer relationship management solution provider; Salesforce
- Analytics providers; Google Analytics and Backtrace
- Marketing providers; We may return single-use identifiers sent to us by our marketing providers (including pay-per-click advertising on networks such as Google and Facebook) to accurately determine how many users arrived from those advertisements. We do not send this information unless you specifically arrived on the website via an advertisement from those partners, and we do not send account details.
- Payment processors; Stripe, Xero, Chargify; we utilise these services to handle billing related tasks. These providers will have access to your name, credit card details and billing address, as required to process payments. We do not store this information on our servers.
- If we sell any part of our business and/or integrate it with another organisation, your details will be disclosed to our advisers and to prospective purchasers or joint venture partners and their advisers. If this occurs, the new owners of the business will only be permitted to use your personal data in the same or similar ways as set out in this notice.
- We will disclose your personal data where we are legally required to do so, for example to tax authorities, or where we need to share your personal data for the purposes of preventing or detecting crime, in connection with legal proceedings, for the purpose of obtaining legal advice or otherwise for the purposes of establishing, exercising or defending legal rights or claims.
- We will share your personal data if it is necessary to protect your vital interests.
Where personal data is stored and transferred
When personal data is transferred to countries outside of the UK and the European Economic Area (EEA), those countries may not offer an equivalent level of protection for personal data to the laws in the UK. Where this is the case, we will ensure that appropriate safeguards are put in place to protect your personal data. We transfer personal data to these jurisdictions:
- United States (Server storage and hosting)
- Australia, China, India (Our satellite offices)
- If you would like to see a copy of the adequacy mechanisms that we use to protect your personal data, please contact us using the details set out above.
How long personal data is kept for
- We will keep your personal data for as long as your account remains open, or you remain a customer unless we need to keep it for a longer period to deal with any claims or complaints or to comply with any legal obligations.
- You have a number of rights under data protection law. These rights and how you can exercise them are set out in this section, and in the 'CCPA rights and remedies' section below.
- We may need to ask you for proof of your identity before we can respond to a request to exercise any of the rights in this section and we may need to ask you for more information, for example, to help us to locate the personal data that your request relates to.
- We will respond to any requests to exercise your rights as soon as we can and in any event within one month of receiving your request and any necessary proof of identity or further information. If your request is particularly difficult or complex, or if you have made a large volume of requests, we may take up to three months to respond. If this is the case, we will let you know as soon as we can and explain why we need to take longer to respond.
- If you want to exercise any of these rights, please contact us at email@example.com.
A right to access your information
- You have a right to ask us to send you a copy of the personal data that we hold about you (subject to some exceptions), this is commonly referred to as a Subject Access Request (SAR).
A right to an electronic copy of your information
- You can also ask us to send you the information that we process for the purposes of fulfilling our contract with you or based on your consent in a common electronic format or to ask us to transfer that data to a third party if you want us to and if it is technically feasible for us to do so.
A right to object to us processing your information
- You have a right to object to us processing any personal data that we process where we are relying on legitimate interests as the legal basis of our processing (as set out in section 8 above).
- If you make a request to exercise your right to object, if we have compelling legitimate grounds to carry on processing your personal data, we will be able to continue to do so. Otherwise, we will cease processing your personal data.
A right to ask us not to market to you
- You can ask us not to send you direct marketing. You can do this by following the "unsubscribe" instructions in any marketing emails or by changing your account settings, or by contacting us using the details above.
A right to have inaccurate data corrected
- You have a right to ask us to correct inaccurate data that we hold about you. If we are satisfied that the new data you have provided is accurate, we will correct your personal data as soon as possible.
A right to have your data erased
- You have a right to ask us to delete your personal data in certain circumstances, for example, if we have processed your data unlawfully or if we no longer need the data for the purposes set out in this notice.
A right to have the processing of your data restricted
- You can ask us to restrict the processing of your personal data in some circumstances, for example, if you think the personal data is inaccurate and we need to verify its accuracy, or if we no longer need the data but you require us to keep it so that you can exercise your own legal rights.
- Restricting your personal data means that we only store your personal data and don't carry out any further processing on it unless you consent, or we need to process the data to exercise a legal claim or to protect a third party or the public.
CCPA rights and remedies
- This section clarifies how the other sections of this notice apply under the CCPA, and addresses supplemental rights and remedies provided under the CCPA and other California privacy laws. Although the CCPA only applies to California residents, we honour requests made under the CCPA by any U.S. user.
The foregoing sections map to the CCPA as follows:
- The personal information we collect is described above under 'How do we collect personal data?' and 'What personal data do we collect?'.
- We collect your personal information for the business purposes described above under "How do we use your information?" and 'Our legal basis for using your personal data'. The legal bases we describe for the GDPR above are "business purposes" under the CCPA, as our use of personal information is reasonably necessary and proportionate to achieve the operational purpose for which the personal information was collected, or another operational purpose that is compatible with the context in which the personal information was collected.
- We disclose your personal information for a business purpose to the categories of third parties listed above in the section titled 'How we share your personal data'. We retain your personal information for the reasons and periods described under 'How long personal data is kept for'.
- Your rights under the CCPA are generally analogous to those that the GDPR provides, which we address above under 'Your rights'. Please contact us if you are uncertain of how 'Your rights' apply under the CCPA.
Additionally, the following rights apply to you under California law:
- You have the right to opt-out of having your personal information sold. We do not sell your personal information.
- California Civil Code Section 1798.83 permits California residents to request information regarding our disclosure of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for direct marketing purposes.
- You may authorize an agent to exercise these rights on your behalf, subject to the requirements provided under the CCPA.
- You have the right not to be discriminated against for exercising your rights under the CCPA. We will not discriminate against you exercising any rights under the CCPA.
- To exercise any rights described in this 'CCPA rights and remedies' section, follow the instructions above under 'Your rights.' We generally verify requests under the CCPA in the same manner we do requests under the GDPR, subject to the specific requirements of the CCPA.
- Please note that we may not be able to disclose certain personal information to you if the disclosure would create a substantial, articulable, and unreasonable risk to the security of the personal information, your account with us or with one of our customers, or the security of our network or systems.
- Finally, although some web browsers offer a "do not track ('DNT') option," no common industry standard for DNT exists. We therefore do not currently commit to responding to browsers' DNT signals.
- You are important to us, and so is protecting your personal data. We have exacting standards when it comes to collecting and using personal data. For this reason, we take any complaints we receive from you about our use of your personal data very seriously and request that you bring any issues to our attention.
- To lodge a complaint, ask a question or express a concern with us, please contact us at firstname.lastname@example.org.
- You also have the right to lodge a complaint with the Information Commissioner's Officer (ICO), which regulates data protection compliance in the UK. You can find out how to do this by visiting the "Make a Complaint" section at ico.org.uk. or call the helpline on 0303 123 1113.
Updates to this notice
- We may make changes to this notice from time to time. We will notify you if significant changes are made.
Last updated 31st August 2022.