At Distrosonic, we believe that data protection should be transparent, easy to understand and, above all, fair for all parties.

 

For this reason, we would like to inform you in this Privacy Policy which Personal Data we collect from you and use, whether and, if so, to which third parties this data is passed on, how long we store the data and what rights you have should you not agree with our responsible handling.

 

If, after reading this Privacy Policy, you still have questions, please do not hesitate to contact us using the contact details below.

 

Who is responsible for data processing?

The person responsible for data processing is

 

Distrosonic Ltd

128 City Road

London

United Kingdom

EC1V 2NX

 

Web: www.distrosonic.com

E-Mail: hello@distrosonic.com

Facebook, Twitter, Instagram

 

The Supervisory Authority

The competent data protection authority in the UK is:

 

The Information Commissioner`s Office (ICO)

Wycliffe House, Water Ln,

Wilmslow SK9 5AF, UK

www.ico.org.uk

 

What is Personal Data?

Personal Data is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address, or telephone number as well as online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not Personal Data. This includes, for example, the number of users of a website.

 

What is processing?

“Processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and covers virtually any handling of data.

 

How do we use your Personal Data

In principle, we will only use your Personal Data in accordance with applicable data protection laws, in particular the UK`s Data Protection Act (“DPA”), the General Data Protection Regulation (“GDPR”), and only as described in this Privacy Policy.

 

All Personal Data that we obtain from you via the website will only be processed for the purposes described in more detail below. This is done within the framework of the respective legal regulations mentioned or only with your consent. In particular, we only process and collect Personal Data if:

 

  • you have given your consent,
  • the data is necessary for the fulfilment of a contract / pre-contractual measures,
  • the data is necessary for the fulfilment of a legal obligation, or
  • the data is necessary to protect the legitimate interests of our company, provided that your interests are not overridden.

 

We process and store your Personal Data only for the period of time required to achieve the respective processing purpose or for as long as a legal retention period (in particular commercial and tax law) exists. Once the purpose has been achieved or the retention period has expired, the corresponding data is routinely deleted.

 

Processing of Automatically Collected Data

  1. a) Hosting

To provide our website, we use the services of Hostinger who process the below-mentioned data and all data to be processed in connection with the operation of our website on our behalf. The legal basis for the data processing is our legitimate interest in providing our website.

 

  1. b) Collection of access data and log files

We also collect data on every access to our website. The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

 

Log file information is stored for security reasons (e.g., for the clarification of abuse or fraud) for a maximum of 7 days and then deleted. Data whose further storage is necessary for evidentiary purposes is exempt from deletion until the respective incident is finally clarified. The legal basis for the data processing is our legitimate interest in providing an appealing website.

 

  1. c) Use of cookies

We use so-called cookies on our web site. Cookies are small text files that are stored on your respective device (PC, smartphone, tablet, etc.) and saved by your browser. For further information please refer to our Cookie Policy. The legal basis for the use of cookies is your consent as well as our legitimate interest.

 

  1. d) reCAPTCHA

We use Google LLC,`s reCAPTCHA to check whether data input is made by a human being or by an automated program. For this purpose, reCAPTCHA analyses the behaviour of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters the website. The legal basis for the data processing is our legitimate interest.

 

  1. e) Google Analytics

We use Google Analytics, which uses “cookies”, to help the website analyse how users use the site. The information generated by the cookie is usually send to Google. The legal basis for the data processing is your consent. For further information, please refer to our Cookie Policy.

 

  1. f) Google Fonts

We integrate the fonts of the provider Google LLC, whereby the user’s data is used solely for the purpose of displaying the fonts in the user’s browser. The integration is based on our interest in efficient and secure use of fonts and their uniform display and integration. The legal basis for this processing is our legitimate interest.

 

Data processing when you submit it to our website and when you use our services

When you contact us through our website or use our services, some data is collected and processed by us or on our behalf by our selected third-party providers.

 

  1. a) Contacting us

If you contact us, we process the following data from you for the purpose of processing and handling your request: first name, last name, e-mail address, and, if applicable, other information if you have provided it, and your message. The legal basis for the data processing is our obligation to fulfil the contract and/or to fulfil our pre-contractual obligations and/or our legitimate interest in processing your request.

 

  1. b) Data processing in the context of providing our services

The protection of your data is particularly important to us in the performance of our services. We therefore only want to process as much personal data (for example, your name, address, e-mail address or telephone number) as is absolutely necessary. Nevertheless, we rely on the processing of certain personal data, to fulfil our contractual obligations to you or to carry out pre-contractual measures.

 

  1. c) Account Registration

If you register on our website, we will request mandatory and, where applicable, non-mandatory data in accordance with our registration form. The entry of your data is encrypted so that third parties cannot read your data when it is entered. The basis for this storage is our legitimate interest in communicating with registered users and, in the case of contracts, also the storage of contract data.

 

  1. d) Administration, financial accounting, office organisation, contact management

We process data in the context of administrative tasks as well as organisation of our business, and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The processing bases are our legal obligations and our legitimate interest.

 

  1. e) Service Notifications

By using our services, you are giving your consent to receiving notifications and messages per email. Those typically include general, profile and content information in relation to your use of our Services. Our system notifications are sent using Mailchimp (Intuit Inc) and are designed to enhance your experience. You can of course opt out from receiving notifications by following the unsubscribe instructions at the bottom of every notification e-mail sent by us. The legal bases are to provide you with our services and your consent as well as our legitimate interest.

 

  1. f) Payment data

The provision of bank details is subject to our payment processor Stripe. We do not collect or store payment information or bank details ourselves but receive payment confirmation statements. For further information, please refer to Stripe`s Privacy Policy by clicking on the above link. The legal basis for the data processing is the fulfilment of our contractual obligations and the fulfilment of our legal obligations.

 

  1. g) Data management and customer support

For optimal customer support, we use first name, last name, e-mail address, and the data related to your contract with us. Your data may be stored on our platform and or our customer relationship management system (“CRM system”) provided by Freshdesk. This data processing is based on our legitimate interest in providing our customer service.

 

 

Transfer of Personal Data

We will not disclose or otherwise distribute your Personal Data to third parties unless this:

 

  • is necessary for the performance of our services,
  • you have consented to the disclosure,
  • or the disclosure of data is permitted by relevant legal provisions.

 

However, we are entitled to outsource the processing of your Personal Data in whole or in part to external service providers acting as processors within the framework of the DPA and GDPR. External service providers support us, for example, in the technical operation and support of the website (see above), data management, the provision and performance of services, marketing, as well as the implementation and fulfilment of reporting obligations.

 

The service providers commissioned by us however will process your data exclusively in accordance with our instructions and we remain in accordance with the DPA and the GDPR responsible for the protection of your data. Doing so we always make sure that service providers commissioned by us are carefully selected, follow strict contractual regulations, technical and organisational measures, and additional controls by us.

 

We may also disclose Personal Data to third parties if we are legally obliged to do so e.g., by court order or if this is necessary to support criminal or legal investigations or proceedings at home or abroad or to fulfil our legitimate interests.

 

Automated decision-making

Automated decision-making including profiling does not take place at Distrosonic.

 

Direct marketing in the context of a customer relationship

Insofar as you have also given us your separate consent to process your data for marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent to.

 

Advertising and Marketing

Insofar as you have also given us your separate consent to process your data for marketing and advertising purposes, we are entitled to contact you for these purposes via the channels you have given your consent to.

 

You may give us your consent in a number of ways including by selecting a box on a form where we seek your permission to send you marketing information, or sometimes your consent is implied from your interactions or contractual relationship with us. Where your consent is implied, it is on the basis that you would have a reasonable expectation of receiving a marketing communication based on your interactions or contractual relationship with us.

 

Direct Marketing generally takes the form of e-mail but may also include other less traditional or emerging channels. These forms of contact will be managed by us, or by our contracted service providers. Every directly addressed marketing sent or made by us or on our behalf will include a means by which you may unsubscribe or opt out. 

 

Your data subject rights

These rights are standardised in the DPA and the GDPR. These include:

 

  • the right to information,
  • the right to rectification,
  • the right to erasure,
  • the right to restriction of data processing,
  • the right to data portability,
  • the right to object to data processing,
  • the right to revoke any consent you have given, and
  • the right to lodge a complaint with the competent supervisory authority.

 

Please contact us at any time with questions and suggestions regarding data protection and to enforce your rights as a data subject.

 

Data Security

Our data processing is subject to the principle that we only process the Personal Data that is necessary for the use of our services. In doing so, we take great care to ensure that your privacy and the confidentiality of all Personal Data are always guaranteed.

 

All transmitted data is protected by TLS encryption. Transport Layer Security (TLS) is a protocol used to ensure secure data transmission on the Internet. The public-private key procedure is used here. This means that data encrypted with a publicly accessible key can only be decrypted again with a separate private key.

 

We also use technical and organisational security measures (TOMs) throughout the company to protect the data we manage from you against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons.

 

Updating your information

If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so by contacting us.

 

For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer the above requests. Please keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another person.

 

Also, we may not be able to accommodate certain requests to object to the processing of Personal Data, notably where such requests would not allow us to provide our service to you anymore.

 

Withdraw your consent

You may withdraw your consent and request us to stop using and/or disclosing your Personal Data for any or all of the Purposes by submitting your request to us. Should you withdraw your consent to the collection, use or disclosure of your Personal Data, it may impact our ability to proceed with your transactions, agreements, or interactions with us. Please note that your withdrawal of consent will not prevent us from exercising our legal rights (including any remedies) or undertaking any steps as we may be entitled to at law.

 

Social Media

We are present on social media on the basis of our legitimate interest currently Facebook, Twitter and Instagram. If you contact us via those social media platforms, you should note that the chat history can neither be deleted by us nor by you. And that, in accordance with the DPA and the GDPR, the relevant social media platform and we are jointly responsible for the processing of your data and enter into a so-called joint controller agreement. A Joint Controller Agreement itself if very legalistic and lengthy, but in a nutshell, it clarifies how the jointly responsible parties will fulfil the obligations arising from data protection laws that are applicable to them. The legal basis for the use of the relevant social media platform is our legitimate interest, your consent or, in the case of a (pre) contractual relationship with us, the initiation of a contractual service.

 

Personal information and children

We will not knowingly collect, use or disclose personal information from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact.

 

Changes and updates to the privacy policy

We kindly ask you to regularly inform yourself about the content of our privacy policy. We will amend the privacy policy as soon as changes to the information processing activities we carry out make this necessary.

 

Concerns and Contact

If you have any concerns about a possible compromise of your privacy or misuse of your personal information on our part, or any other questions or comments, or wish to exercise your rights under applicable laws, please contact us.

 

This Privacy Policy was last updated on Thursday, 15 December 2022.