Art. 1. General Information

In the course of its activity, VISUAL SOUND BLAST, processes your personal data when you access the website www.visualsoundblast.com (“Website”). Our email address is visual.soundblast@gmail.com

The Company ensures, at all times, compliance with all principles and legislation on the protection of personal data, regarding the processing, collection, processing, storage and transfer of personal data, as regulated by the legislation in force, as well as by the provisions of Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (“GDPR”).

This policy sets out the key principles in relation to data protection and how the Company manages the personal data you submit to us by accessing the Website. The Company will ensure that this policy is kept up to date and will publish the most recent version of this policy on the Website.

DEFINITIONS

The following definitions of terms used in this document are taken from Article 4 of the GDPR:

Personal data: means any information relating to an identified or identifiable natural person (“Data Subject”) who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, or other information.

Art. 2. Categories of personal data

We know the importance of your personal data and we are committed to protecting its confidentiality and security. Therefore, it is important for us to inform you about the processing of your personal data as a user of our Website through this policy.

The categories of personal data processed by the Company vary depending on the interaction and relationships you register on the Website. Thus, your personal data may be provided by you within the various sections of the Website.

Art. 2.1. Categories of data that may be processed:

a) When completing the contact forms available on the Website: name, surname, e-mail address, media files, etc.;

The data provided by you must be true, accurate and up to date, and you must have the right to provide them. The data mentioned in points a) – c) above, are provided by you voluntarily in the course of your interaction with the Company in accordance with the purpose you have given. You are thus responsible for the data you provide on the website, both to us and to any third party that may be harmed by providing the data.

The website may also collect certain information about your browsing and interactions with various sections of the website. We will store or access information and cookie files in your terminal equipment (computer, phone, tablet, etc.) only under the conditions described in the relevant Cookies section. The categories of personal data that are processed concern: time and date of access to the website, as well as the IP address of the terminal from which the website was accessed.

Art. 2.2. The company may process the data mentioned in art. 2.1, above, for the following purposes:

1. For the purpose of managing requests, complaints, suggestions: processing of data for filling in contact forms; processing of these personal data is carried out on the basis of your consent, as well as in the legitimate interest of the Company in order to solve complaints, improve services, manage suggestions and requests submitted to the Company;
2. In the context of processing the data of visitors to the Website, in order to ensure the proper functioning of the Company’s website; the legal basis for the collection is the legitimate interest of the Company to improve the services offered;

Art. 3. Basic principles on the processing of personal data

The processing and management of your personal data is carried out in accordance with the following principles:

• It is open and transparent about what it does with the data and why it uses it;
• Keeps the data secure;
• Ensures that it always has a lawful basis for handling the data;
• Collects and uses the minimum amount of data necessary, thus respecting the principle of minimisation;
• Keeps data up-to-date, accurate and complete;
• Does not retain data longer than necessary, ensuring data retention periods are implemented where there is no legally required period;
• Respects the legal rights of data subjects with regard to their personal data;
• Does not transfer the data abroad without taking the measures foreseen for the transfer of data, and not before informing the data subjects to that effect.

Art. 3.1. Fairness and transparency

Personal data shall be processed lawfully, fairly and transparently in relation to the data subject. This is the basic principle and means that we use personal data only to the extent that the persons entrusting them to the Company have been informed in advance about the manner of use. You can ask the Company, at any time, for information on the following main aspects:

• What kind of data will be collected;
• For what purpose it will be used;
• With whom it will be shared (if applicable);
• Whether it will be transferred to other countries;
• How long it will be kept;
• What rights individuals have with regard to their personal data;
• Indication of the contact channels through which data subjects can exercise these rights.
• Personal data will only be processed for the purpose communicated to the data subject.
• Subsequent changes to the purpose of the processing will be communicated to the data subject prior to the use of his/her personal data.

Art. 3.2. Legality

The Company intends to carry out all processing activities both for a well-determined purpose and in relation to its activity, but also circumscribed by an appropriate legal justification, as well as in order to fulfil the legitimate interests of the Company in the context of carrying out its object of activity, as follows:

• providing answers in case of filling in the contact and accommodation form;
• participation in competitions and campaigns organised online by the Company;

Art. 3.3. Consent of the data subject

Obtaining the consent of the person whose data we are going to collect and process is another legal basis provided for by the GDPR, and the Company will process personal data, only on the basis of your express and unequivocal consent, in all situations where it is necessary.

Art. 3.4. Data minimisation

Personal data will only be used wen absolutely necessary and relevant for a specific process or project task. If the use of personal data cannot be avoided the Company will use only the minimum data necessary to fulfil that purpose.

Art. 3.5. Accuracy of data

Data protection legislation requires that personal data is kept accurate, complete and up to date. The Company will ensure that inaccurate or incomplete data is corrected, supplemented, updated or deleted as appropriate.

Art. 3.6. Data retention and storage period

We will keep your personal data for a period not exceeding the period necessary to fulfil the purposes for which the data are processed, unless otherwise provided for or required by law.

Thus:

• with regard to the contact form, we will keep your personal data for the period necessary to provide answers to your messages and requests and to prove the correspondence with you, but no longer than 1 year after receipt;
• in order to participate in competitions and campaigns organised online by the Company, we will keep your personal data for the period necessary to run these programmes and to prove your participation in these programmes, in accordance with the Regulations communicated for each event;
• in relation to the analysis of website navigation and user interactions with the website, we will keep data on your interactions for up to 3 years.

The Company may delete your personal data when it deems it is no longer necessary for the purposes for which it was collected.

We do not store information or access information stored on your terminal equipment (computer, phone, tablet, etc.) except with your prior consent or when these operations are carried out solely for the purpose of carrying out the transmission of a communication over an electronic communications network, or are strictly necessary in order to provide an information society service expressly requested by you (e.g. for storing information relating to activities carried out by you on the website or in the mobile or tablet application, so that you can easily use the website or mobile or tablet application when accessing it later).

For the use of cookies for which your prior consent is required, the website or will ask for your consent via a banner displayed on the website when you access them. This banner contains a link to this Privacy Policy and gives you the option to accept cookies as well as the option to decline them. If you have given your consent but later change your mind, you can use the settings of your web browser to delete the information stored or to refuse the cookies.

If you want to know what cookies are, see the Privacy Policy on our website.

Art. 3.7 Data security

The Company ensures and implements the technical and organisational security measures required by law and industry standards to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access and against any other form of unlawful processing. We also take steps to ensure that we use your personal data exactly as described in this Policy and to respect the choices you make about how we process your personal data.

Art. 3.8 Disclosure to third parties

Except as set out below, we will not disclose any information about your data without your permission. On the basis of your express and unequivocal consent so given and only within the limits of applicable law or for the purpose of fulfilling a legal obligation and/or protecting a legitimate interest, we may pass on your personal data to:

• Service providers in the following areas: marketing, administrative and transaction processing services;
• Other service providers, all of whom have signed confidentiality agreements;  Organisations or companies that coordinate specific studies and agree to keep the information received confidential;
• State, government agencies, if legislation so stipulates;
• Other authorities and bodies for the purpose of fulfilling our legislative obligations and/or protecting our legitimate interests;
• Other companies with whom we may develop joint programmes to market our products and services;

The transmission of your personal data to the above-mentioned recipients will only be made on the basis of a commitment to confidentiality and to ensuring an adequate level of security on their part, guaranteeing that personal data is kept secure.

Art. 4. Rights of natural persons

According to the legal provisions in force, the data subjects benefit from the following rights:

• The right to be informed about how and why personal data are used;
• The right to request copies of personal data held by an entity (including information contained in e-mails, instant messages, notes, etc.);
• The right to request correction of any inaccuracies in their personal data;
• The right to order the deletion of personal data (including permanent deletion from the Company’s systems and from any systems of an outsourcing provider to which the Company has allowed access);
• The right to request the Company to cease processing personal data;
• The right to object to the use of their personal data for direct marketing purposes;
• The right to have any personal data that has been provided to the Company transferred to another party (e.g. another banking service provider) “in a structured, commonly used and machine-readable format”;
• The right not to be subject to a fully automated decision-making process (i.e. a system-generated decision without human input) where the outcome has a significant legal or similar effect on the individual concerned;
• The right to withdraw consent where consent has been given for the purpose of processing;
• The right to address the National Supervisory Authority for Personal Data Processing, if deemed necessary.

If the Company receives a request from you to exercise any of the above rights, we will respond to the request within 30 days, with the possibility of extending this period, only after informing the person concerned and provided that there is a good reason for not being able to respond within 30 days.

Art. 5. Data breaches

If personal data is lost, damaged, stolen, compromised or following a complaint about the way the Company has handled personal data, the Company shall report the breach to the National Supervisory Authority for Personal Data Processing within 72 hours of the breach being discovered and notify the relevant persons without delay if they are likely to be affected by the incident. In addition, the Company will use reasonable efforts to limit the damage caused by the data breach.

Art. 6. Organisation and responsibilities

The responsibility for ensuring proper processing of personal data lies with any person working for or in a form of collaboration with the Company and who has access to the personal data processed.