Privacy Policy
This Privacy Policy is divided into three parts:
Part I: Information that SonoSuite collects and manages as Data Controller.
Part II: Information that SonoSuite processes on your behalf as Data Processor.
Part III: General information relevant to both parts.
Part I – Information that SonoSuite treats as Data Controller
Who is the Data Controller?
SONOSUITE, S.L.
Tax ID (CIF): B17943986
Trafalgar 10, pral 1, 08010 Barcelona, Spain
Data Protection Officer: If you have any questions or concerns about our privacy policy, you can contact our Data Protection Officer by sending an email to [email protected]
What type of data does SonoSuite collect?
We collect the following personal data:
- Website visitors.
- Potential clients.
- Users of SonoSuite products and services.
- Individuals who contact SonoSuite via forms or email addresses published on or linked to our websites.
- Candidates for employment positions.
Data may have been obtained in the following ways:
(a) If you have provided such information;
(b) If SonoSuite has collected it automatically; or
(c) If it has been obtained through third parties.
For what purpose and legal basis do we treat your data?
1. Information you provide directly
1.1 Contact Forms enabled on the Web
When you communicate with us through the contact forms available on our website, we collect information such as your name, email address, phone number, the company you belong to, and the content of your message, for the purpose of attending to and managing your request, inquiry, or support request. In the event of submitting your candidacy through the "Work with us" form, we collect data related to your resume/CV.
Additionally, in the event that you have checked the corresponding box enabled for this purpose, we will treat your data to send you commercial communications and newsletters related to our products and services.
Legal basis:
- For inquiries and support: Article 6.1.a) of the GDPR (consent of the data subject explicitly given by voluntarily sending their inquiry).
- For candidacies: (1) spontaneous candidacies "Work with us": Consent of the data subject explicitly given by voluntarily sending their candidacy. (2) candidacies in response to published job offers: Application of pre-contractual measures at the request of the data subject.
- For commercial communications and newsletters: Consent of the data subject, expressly granted by checking the verification box enabled for this purpose.
1.2 Registration, account configuration, and payment processing
When you register for an account to access one or more of our services, we request information such as your name, contact number, email address, company name, tax identification number, and country to complete the account registration process. You will also be asked to use an email address and password to access the created account.
When you begin to actively use your account, we ask you to provide your name, contact information, and credit card information or other payment account information. In all cases, your credit card information is stored and processed by our Payment Gateway Service Provider, not by us. During payment, they inform you about their privacy and security policies; please ensure you read them carefully.
Legal basis:
Processing is necessary for the execution of the service contract.
1.3 Testimonials
When you authorize us to publish testimonials about our products and services on websites, we may include your name and other personal information in the testimonial. You will be given the opportunity to review and approve the testimonial before we publish it. If you wish to update or delete your testimonial, you can contact us at [email protected].
Legal basis:
Explicit consent of the data subject granted prior to the publication of the testimonial, with the opportunity to review and approve its content.
1.4 Customer Service
We may record, analyze, and use your interactions with us, including email, phone, and chat conversations with our sales and customer service professionals, to improve our interactions with you and other clients.
Legal basis:
Legitimate interest of the controller in improving the quality of customer service and commercial interactions.
2. Information we collect automatically
2.1 Browser, device, and server information
When you access our online services, we automatically obtain certain technical data that your browser, mobile device, or the server makes available, such as IP address, browser type and version, language settings, time zone, referral URL, date and time of access, operating system, device model and manufacturer, as well as basic information about the network used.This data is recorded in log files and is used to enable the provision of the service, maintain its security, and better understand how our sites and tools are used.
Legal basis:
Legitimate Interest to ensure network security, prevent fraud (especially relevant in music monetization), diagnose technical errors, and maintain the integrity of our systems.
2.2 First-party cookies, third-party cookies, and similar technologies
Our site and services use session and persistent cookies, both first-party and third-party, as well as similar technologies (for example, pixels, tags, scripts, and local storage) to recognize users, maintain the session, remember their preferences, and improve the browsing experience.
These tools also allow us to analyze the use of our services, obtain statistical and demographic information, measure the effectiveness of our campaigns, and personalize content and communications based on user interaction with our sites. You can consult detailed information about the specific cookies we use and manage your preferences in our Cookie Policy.
Legal basis:
(i) Technical Cookies: Necessary for the platform to function and to identify you as a user. They do not require consent.
(ii) Analytical and Advertising Cookies: Only if you have given your Consent through our cookie configurator will we use these technologies to analyze browsing trends, campaign effectiveness, and create basic user profiles.
2.3 Application logs and mobile analytics information
When you use our applications or mobile functionalities, we collect information regarding your use of the services, such as the screens and functions you access, clicks and scrolls, date, time and duration of sessions, frequency of use, as well as data on errors, performance, used storage capacity, and configuration settings.
Likewise, we may record identifiers and characteristics of the device, as well as approximate information about your location, with the aim of ensuring correct technical functioning, improving our products, adapting functionalities to the needs of professional clients, and maintaining platform security.
Legal basis:
We use this information based on our Legitimate Interest for product optimization and business intelligence (understanding which functions are most valuable to our B2B clients). If this data is used to create heatmaps or session recordings involving exhaustive user profiling, we will request your prior consent.
3. Information we collect from third parties
3.1 Sign-ups using OpenID authentication service providers
You can log in to SonoSuite Services using compatible OpenID authentication service providers such as Soundcloud, Facebook, and Google. These services will authenticate your identity and give you the option to share certain personal information with us, such as your name and email address.
Legal basis:
Article 6.1.a) of the GDPR (consent of the data subject): when the user voluntarily decides to use the login function via external authentication providers, they are granting their explicit and informed consent for said providers to share their basic personal information with SonoSuite.
3.2 Information from social networks and other publicly available sources
When you interact or engage with us on social media sites like Facebook, Twitter, Google+, and Instagram through posts, comments, questions, and other interactions, we may collect such publicly available information, including profile information, to allow us to connect with you, improve our products, or better understand user reactions and issues. We must inform you that once collected, this information may remain with us even if you delete it from social media sites. SonoSuite may also aggregate and update information about you from other publicly available sources.
Legal basis:
Article 6.1.f) of the GDPR (legitimate interest of the controller): the processing of data obtained from publicly accessible sources may be covered by SonoSuite's legitimate interest in analyzing user interaction, improving products, managing relationships, and understanding reactions publicly expressed by users.
Summary of processing purposes:
- Manage your registration, user account, and payment processing.
- Attend to inquiries, support requests, and information requests.
- Process job applications (spontaneous or in response to offers).
- Manage testimonials and publication authorizations.
- Provide customer service and improve our interactions.
- Send commercial communications, newsletters, and service updates.
- Analyze the use of our products and services to improve them continuously.
- Measure the effectiveness of our marketing campaigns and adapt content.
- Optimize the security of our platforms and prevent fraud.
- Conduct surveys, satisfaction studies, and request feedback.
- Update and enrich our client and contact records.
- Comply with legal obligations and attend to requirements from competent authorities.
Your choice in the use of information
- Voluntary exclusion from non-essential electronic communications: You can choose not to receive newsletters and other non-essential messages using the "unsubscribe" function included in all such messages. However, if you are a client, you will continue to receive notices and essential transactional emails.
- Disable cookies: You can disable browser cookies before visiting our websites. However, if you do so, you may not be able to correctly use certain functions of the websites.
- Optional information: You can choose not to provide optional profile information, such as your photo. You can also delete or change your optional profile information. You can always choose not to fill in non-mandatory fields when submitting any form linked to our websites.
Who do we share your information with?
We share personal data only in the cases and under the conditions described in this Privacy Policy, exclusively with recipients who adopt appropriate technical and organizational measures to ensure its confidentiality, integrity, and security, in accordance with applicable data protection regulations.
Legal obligations and law enforcement
We may be required to share, disclose, or assign personal data when:
- The law or an order from a competent authority requires it.
- It is necessary to protect the rights, privacy, security, or property of SonoSuite, its users, or the public.
- It is necessary to prevent, investigate, or take measures regarding illegal activities, fraud, security threats, or risk situations.
Third-party Service Providers (Data Processors)
We may share personal information and aggregated or anonymized information with external specialist service providers with whom we collaborate in the provision of our services. These providers include, without limitation:
- Analytics and optimization providers: web analytics and application performance tools.
- Automated marketing and CRM providers: platforms for communications management and audience segmentation.
- Advertising and marketing partners: for conducting targeted campaigns and online advertising.
- Event providers: technical organizers and webinar platforms.
- Payment providers: transaction processors and payment gateways.
- Infrastructure and hosting providers: cloud services and server management.
- Legal advisors and auditors: when necessary for legal compliance or defense of rights.
These providers are authorized to process personal data only to the extent necessary to provide the contracted services and in accordance with our instructions, under the coverage of Data Processing Agreements (DPA).
Location and international data transfer
Certain categories of personal data are hosted on the servers of Zoho Corporation, a specialist provider of marketing automation and CRM software, with servers located in the United States of America (USA).
The provision of services by Zoho Corporation may imply the international transfer of personal data. Said transfer is regulated through the subscription of Standard Contractual Clauses (SCC) approved by Implementing Decision (EU) 2021/914 of the European Commission.
Thanks to recent changes in United States laws (approved by the European Union), your information now has reinforced security guarantees. These new rules strictly limit access by US authorities to your data and have created an independent tribunal for you to claim if needed.
You can consult Zoho's Privacy Policy here: https://www.zoho.com/privacy.html
What are your data protection rights?
- Right of access: You have the right to access (and obtain a copy) the categories of personal information we hold about you.
- Right to rectification: You have the right to update the information we hold about you or to rectify any inaccuracies.
- Right to erasure: You have the right to request that we delete your personal information in certain circumstances.
- Right to restriction: You may have the right to request the restriction of the use of your information in certain circumstances.
- Right to data portability: You have the right to transfer your information to a third party in a structured format.
- Right to object: You have the right to object to the use of your information in certain circumstances (e.g., direct marketing).
- Right to lodge a complaint: You have the right to lodge a complaint with the Spanish Data Protection Agency (www.agpd.es) if you have any complaint about the way we collect, use, or share your information.
How long do we keep your data?
We retain your personal information for as long as necessary for the purposes set out in this Privacy Policy. Occasionally, we may retain your information for longer periods as permitted or required by law (e.g., tax, accounting, legal defense). When we no longer have a legitimate need to process your information, we will delete or anonymize your information from our active databases.
Part II - Information that SonoSuite processes on your behalf as Data Processor
The information that you or your organization (the “client”) makes available to SonoSuite in the context of providing our services or to request technical assistance will be treated solely for the purpose of executing the contract, providing support, and maintaining the platform, always in accordance with your documented instructions and applicable data protection regulations.
Ownership and control of data
It is expressly recognized that the client is the holder and owner of the service data, as well as the one who determines the purposes and means of processing said data. SonoSuite acquires no rights over the service data and will refrain from using them for its own purposes. SonoSuite guarantees the real and effective exercise by the client of the rights of access, rectification, erasure, portability, objection, and restriction regarding service data.
Processing according to instructions and confidentiality
SonoSuite will treat service data exclusively according to the client's documented instructions. Access to personal data will be limited to authorized personnel involved in the provision of services, subject to reinforced confidentiality contractual obligations. SonoSuite applies appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
Subprocessors and access by third parties
For the provision of services and technical support, SonoSuite may involve external subprocessors (infrastructure providers, support services, etc.), which will be subject to equivalent contractual obligations regarding data protection. The client will be informed of subprocessors generally through an updated list. When any of these subprocessors are located outside the EEA, SonoSuite will guarantee that adequate guarantees for international data transfers exist.
Access by employees and independent contractors
SonoSuite personnel may access service data only when strictly necessary to identify, analyze, and resolve technical incidents; verify the correct functioning of integrations; and provide technical assistance. All personnel receive specific training in data protection and are subject to confidentiality obligations.
Third-party integrations enabled by the client
The client may activate integrations with third-party products or services (e.g., DSPs, analytics). The activation of these integrations implies that certain service data may be communicated to said third parties under the sole responsibility of the client. It is strongly recommended that the client review the privacy policies of each third party.
Retention and deletion of personal data
Personal data treated as service data will be retained for the duration of the contractual relationship. Once the contract is terminated, and at the client's choice, SonoSuite will proceed to return or make available a copy of the service data and subsequently delete the data from the active database and backups, ensuring their secure destruction unless required otherwise by law.
Exercise of rights by data subjects
Data subjects must direct their requests to exercise data protection rights directly to the client (the Data Controller). SonoSuite, as processor, will provide reasonable assistance to the client to facilitate the attention of such requests. In no case will SonoSuite autonomously resolve the requests of data subjects unless authorized.
Management of data security breaches
In the event of a security incident affecting personal data, SonoSuite will notify the client without undue delay. This communication will include information on the nature of the incident, the consequences, and the measures adopted. SonoSuite will actively collaborate with the client to investigate the incident and adopt corrective measures.
Access to the data processing agreement
The client may consult the full text of the data processing agreement, its security annex, and the updated list of authorized subprocessors by requesting it via [email protected].
Part III - General
Information regarding minors
Our products and services are not directed at persons under 14 years of age and we do not knowingly collect their personal data. If we detect that we have received data from a minor under 14 years of age, we will take steps to delete said information.
How secure is your information?
At SonoSuite, we take data security very seriously. We have taken steps to implement appropriate administrative, technical, and physical safeguards to prevent unauthorized access, use, modification, disclosure, or destruction of the information you entrust to us.
Do Not Track (DNT) Requests
Currently, there is no standard regulating what websites can or should do when they receive DNT signals. For now, we do not take any action in response to these signals.
Disclosures due to legal obligation
The law may require us to preserve or disclose your personal information and service data to comply with any applicable law, regulation, legal process, or governmental request. We may also disclose information if necessary to prevent fraud, investigate illegal activity, or protect the safety of our users.
Compliance with this Privacy Policy
We make every effort to ensure that the personal information you provide is used in accordance with this Privacy Policy. If you have any concerns, please write to [email protected].
Notification of changes
We may modify the Privacy Policy at any time, with prior notification via a service announcement or by sending an email. If you are concerned about how your personal information is used, you should periodically consult www.sonosuite.com/privacy-policy
