fbpx

PRIVACY POLICY

 

Dear Customer,

We make every effort to ensure the security and confidentiality of your data. We care about your privacy, both when you visit our Website, register an account with us and use our services, as well as when you contact us by phone, email or online chat, subscribe to our newsletter or visit our social media channels. We act in compliance with the rule of law, including provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data and repealing Directive 95/46/EC (hereinafter the „GDPR”).

 

In this document, we would like to provide you with essential information about your personal data processing. For the sake of clarity, we have put them together in the form of questions and answers. All of this is to let you know why, on what basis and for how long we process your data, as well as who can access it and what rights you have.

 

HOW DO WE ACCESS YOUR PERSONAL DATA?

 

Using the website http://www.app.dropmusic.pro (hereinafter: „Website”, „Service”), you may be asked to provide your personal data. The provision of data is voluntary, but in certain situations, it may be necessary. For instance, if you do not provide us with your email address, we will not send you our newsletter, register your account or answer by email your question asked through the contact form.

 

Some data is collected automatically through cookies during your visit to the Website (e.g. IP address, browser type, operating system type, etc.). They are used to administer the Website, provide hosting services and create relevant marketing content. However, you can freely block and restrict the installation of cookies using your browser settings or the other (free) solutions.

 

WHO IS THE CONTROLLER OF YOUR PERSONAL DATA?

 

The administrator of your personal data is Drive Music Wojciech Sławiński with registered office Zakopiańska 1/111, 20-858 Lublin, NIP (tax id): 7123189501, REGON: 060763837.

 

If you have any questions or concerns, you can contact us electronically at the following email address: contact@dropmusic.pro

FOR WHAT PURPOSE, ON WHAT LEGAL BASIS AND FOR HOW LONG DO WE PROCESS YOUR DATA?

 

We process your personal data:

 

  1. to conclude and perform the contract for the provision of services (registration and maintenance of the Customer account, placing orders for free of charge and chargeable services, execution of the contract, enabling the use of the Service’s features and funcionality):
    1. legal basis: the processing is necessary for the performance of the contract or in order to take steps at the request of the data subject before entering into a contract (Article 6(1)(b) of the GDPR),
    2. the data will be processed until the end of performing the service (deletion of the Customer account, termination of the contract for the provision of services);
  2. manage and operate the entire application with Bubble.io, including hosting, database management, and backend services.
  3. to comply with tax obligations (issuing invoices, keeping accounting records):
    1. legal basis: the processing is necessary for compliance with a legal obligation to which we are subject (Article 6(1)(c) of the GDPR),
    2. data will be processed until the expiry of the prescription periods for tax obligations;
  4. to comply with personal data protection legal requirements:
    1. legal basis: legal obligation incumbent upon us (Article 6(1)(c) of the GDPR),
    2. data will be processed until the expiry of the prescription periods for claims due to the breach of data protection legislation;
  5. to determine, pursue and defend possible claims:
    1. legal basis: the processing is necessary for the purposes of our legitimate interests in taking actions aimed at protecting our rights in proceedings before the courts and other state authorities (Article 6(1)(f) of the GDPR),
    2. the data will be processed until the expiry of the prescription periods for claims under applicable law;
  6. to ensure the proper functioning of the Website and to analyse the activity of Website users:
    1. legal basis: the processing is necessary for the purposes of our legitimate interests in conducting analyses and statistics on the use of particular functionalities of the Website (e.g. Google Analytics cookies, Facebook Pixel) (Article 6(1)(f) of the GDPR),
    2. data will be processed until an effective objection is raised or the purpose of the processing is achieved;
  7. to run a fan page on Facebook and to interact with the users of the aforementioned social media:
    1. legal basis: the processing is necessary for the purposes of our legitimate interests in promoting the Website and adapt its functionalities to current needs (Article 6(1)(f) of the GDPR),
    2. the data will be processed until the expiry of the prescription periods for claims under the applicable legislation;
  8. to answer your questions addressed to us by telephone or email, including via the form available on the Website and online chat:
    1. legal basis: the processing is necessary for the purposes of our legitimate interests in communicating with our Customers and answering questions from our potential customers or other persons interested in our products and services (Article 6(1)(f) of the GDPR),
    2. the data will be processed until the expiry of the prescription periods for claims under applicable law;
  9. for marketing purposes (promotion of our goods and services):
    1. legal basis: the processing is necessary for the purposes of our legitimate interests in maintaining business relationships with Customers and surveying their satisfaction, looking after our own interests and image (Article 6(1)(a) of the GDPR), or respectively the processing is based under the voluntary consent of the person who has given it for a specific purpose (Article 6(1)(a) of the GDPR),
    2. the data will be processed until an effective objection is raised or the purpose of the processing is achieved, and in the case where the basis for the processing is the consent of the data subject until the consent is withdrawn (whereby withdrawal of the consent does not affect the lawfulness of data processing prior to its withdrawal);
  10. for integration with Google Calendar API (viewing, editing, sharing, and permanently deleting calendars you have access to in Google Calendar):
    1. legal basis: the processing is necessary for the purposes of our legitimate interests in providing and enhancing our services by integrating with Google Calendar (Article 6(1)(f) of the GDPR),
    2. the data will be processed until the user revokes access to their Google Calendar or the purpose of the processing is achieved.
    3. Service’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
  11. for integration with OpenAI API (chatting with a bot that performs various predefined tasks and prompts, such as writing presspacks, Spotify pitches):
    1. legal basis: the processing is necessary for the purposes of our legitimate interests in providing and enhancing our services by integrating with OpenAI API (Article 6(1)(f) of the GDPR),
    2. the data will be processed until the user revokes access to their data or the purpose of the processing is achieved.
    3. Service use and transfer to any other app of information received from OpenAI APIs will adhere to OpenAI API Services User Data Policy,
    4. we share the following data with AI models, to provide and enhance our services:
      1. user interactions with the bot.
      2. specific prompts and responses for generating content like presspacks and Spotify pitches.

 

AI MODELS AND DATA SHARING

 

Third-party AI Models Utilized: Our application utilizes AI models provided by OpenAI (GPT-4o, GPT-4 Turbo, GPT-4, GPT-3.5 Turbo, DALL·E).

 

Data Shared with AI Models: We may share the following types of data with these AI models:

 

  • User-generated prompts
  • Predefined prompts for generating promotional materials for the artist, including data related to music releases planned within the Service (e.g., dates, titles, specific promotional details)
  • User-generated content (e.g., music, lyrics)
  • Usage data (e.g., interaction logs)
  • Profile information (e.g., user preferences)
 

These data are provided by the user through dialog windows designed in the application. The data entered in these dialog windows are then sent to the AI models via API connections. The AI models process the information and return results, which are displayed in a dialog window visible within the DROPmusic application.

 

Purpose of Data Sharing: The data is shared to enhance user experience, improve our services, and provide personalized content recommendations. Specifically, the AI data helps users perform their tasks related to creating, distributing, and promoting their music more effectively. By leveraging AI models, users can gain valuable insights, generate high-quality promotional materials, and optimize their workflows, ultimately supporting their success in the music industry.

 

Use and Impact of Data: The AI models use this data to analyze patterns, provide insights, and make recommendations. This may impact the type and relevance of content and services provided to users. Users receive content suggestions that are not obligatory to use. These suggestions are merely proposals that the user can fully or partially utilize, modify in any way, or choose not to use at all. This approach ensures that users retain full control over their creative and promotional processes while benefiting from the AI’s assistance.

 

User Control and Opt-OutUsers have the option to control and opt-out of data sharing with AI models through their account settings. Whenever the user presses the „Reset” button on the AI page of the DROPmusic application, all previously entered prompts (both user-generated and predefined) and AI model’s answers are deleted from the DROPmusic database. Additionally, users have the option to delete their account in the profile settings, which will also result in the deletion of all their interactions and data generated through interactions with the AI models.

 

Ethical Use of Data: We ensure responsible and ethical use of data by requiring third-party AI providers to adhere to strict data protection and privacy standards. Our approach to ethical use of data includes the following measures:

 

  1. Use of Verified Models:
    We do not use unverified models that are not widely adopted and may pose security risks. We only use trusted models that are specifically designed and proven for our intended purposes.
  2. Reputable Technology Providers:
    Our technology providers are reputable companies that develop verified models according to established standards and guidelines. The functions used in DROPmusic comply with their policies and best practices.
  3. Data Protection Standards:
    All third-party AI providers we work with are required to follow stringent data protection and privacy standards to ensure that user data is handled responsibly and securely.
  4. Continuous Monitoring:
    We continuously monitor the performance and security of the AI models we use to ensure they meet our ethical and security standards.
  5. User Transparency:
    We maintain transparency with our users about how their data is used, providing clear information and obtaining explicit consent for data sharing with AI models.
 

By adhering to these principles, we aim to build trust with our users and ensure that their data is handled with the utmost care and respect.

 

EXPLICIT USER CONSENT

 

We obtain explicit user consent to share data with third-party tools. During the sign-up process and in the user settings, users are informed about the data sharing practices and can choose to opt out at any time. No user data is used by the DROPmusic application, third-party plugins, or any AI models until the user explicitly consents to the privacy policy during the registration process.

 

User Notification: Users are explicitly informed about the use of AI models and the potential data sharing involved during the registration process and in our Privacy Policy.

 

Obtaining Explicit Consent: We obtain explicit consent from users before sharing their data with any third-party AI models. This consent is obtained through a clear opt-in checkbox selected during the registration process and attached detailed explanation in our Privacy Policy.

REMEMBER!

 

We process your personal data, as long as it is necessary to achieve the aforementioned purposes unless you make a valid and proper request for your personal data to be deleted. In addition, the period of the processing may be subject to the content of the legal provisions applicable to us, e.g. in the case of the storage of financial documents or the time limits for pursuing the claims.

 

User can request to delete their account and all personal data at any time in the user management panel located in user’s profile.

 

WHO MAY BE A RECIPIENT OF YOUR PERSONAL DATA?

 

In certain situations, if this proves necessary for the purposes of data processing, we rely on the support and assistance of external entities. However, each time, prior to the transfer of personal data, we require the recipients to guarantee an adequate level of data protection and confidentiality.

The recipients of your personal data may be:

  1. entities involved in the performance of our contracts, e.g., accounting office, IT services providers, hosting services providers, payment systems providers,
  2. entities whose help and services we use in the scope of our business activity on the basis of separate agreements, e.g. providers of tools to analyse activity on the Website and direct marketing, suppliers of tools for creating landing pages and collecting leads, suppliers of the office systems, suppliers of project management software, suppliers of communication software, 
  3. authorised state authorities under applicable laws,
  4. other entities whose request for data transfer is justified under the applicable laws.
 

DO WE TRANSFER PERSONAL DATA TO THIRD COUNTRIES?

 

In general, we do not transfer personal data to countries outside the European Union and the European Economic Area (EEA). However, if such a need arises in connection with the provision of services, we will assess the circumstances and ensure that an appropriate level of data protection is in place so that the processing is carried out in accordance with applicable legal regulations.

 

Operating the Website, we use services and technologies offered by the entities such as Facebook, Microsoft, Google, which are based in the United States and may partially process personal data using servers located outside the European Economic Area (EEA). In the light of the provisions of the GDPR, these are so-called entities located in third countries, in respect of which an assurance of an adequate level of protection or a note of the existence of appropriate safeguards must be demonstrated. 

 

We ensure that the aforementioned entities apply the compliance mechanisms provided for by the GDPR (e.g. certificates) or standard contractual clauses adopted by the European Commission (Article 46(2)(c) of the GDPR). For more information on the data processing by the aforementioned entities, please visit the websites of the providers of these services.

 

DO WE PROFILE YOUR PERSONAL DATA?

 

As part of the Website and the technologies used, we may profile your data. This involves using your data (i.e. gender, age, interests, approximate location, your behaviour on the Website) to assess your activity and potential interest in the services. 

 

The profiling makes it possible to personalise offer and advertisements addressed to the users; however it does not influence the terms and conditions of concluded contracts for the provision of the services. The information processed is anonymous and is not associated with the user ordering the services. Thus, we do not make any automated decisions that could have legal consequences for individuals or could affect them in a similarly significant manner.

 

WHAT PERSONAL DATA DO WE PROCESS AS A PROCESSOR AND HOW DO WE OBTAIN THEM?

 

Under the terms of service and any other separate agreements, we also act as a processor, processing personal data of our Customers. These data are collected and subsequently recorded in the system directly by the controller of these data, that is Drive Music Wojciech Sławiński.

 

As a processor, we process data only on the documented instructions of the controller of such data (under a data entrustment agreement), committing ourselves to secure the data properly by applying appropriate technical and organisational measures and ensure an adequate level of protection corresponding to the risks involved in the processing of personal data (in accordance with the Article 32 of the GDPR). We also ensure that persons authorized by us to the process have undertaken to keep it confidential. Upon completion of the services relating to the processing of personal data entrusted to us, we will return all such data to the controller of such data (the Customer) and delete existing copies unless applicable law obliges us to store personal data.

 

DO WE USE COOKIES?

 

On the Website we use so-called cookies („cookies”), which are short text information stored on your computer, phone, tablet or other devices, which can be read by our system and also by the systems belonging to other entities whose services we use: Facebook, Google.

 

Thanks to cookies, we collect anonymous data about users’ visits to the Website, which we can use to improve the functionality of the Website, identify errors or for marketing purposes.

 

Usually, web browsers allow the use of the cookies on the end device by default. However, users can block and restrict the installation of cookies at their own discretion, using their browser settings or by using other (free) solutions. During your first visit to the Website, we will display you the information on the use of cookies. If you do not change the settings of your browser, you will agree to their use. You can find more information on how to change your cookie settings on the website of your browser.

 

Please be informed that disabling or restricting the use of cookies may cause difficulties in using the Website, e.g. it may take longer to load the Website or restrict the use of its functionality or Facebook page likes.

 

HOW DO WE PROTECT YOUR DATA?

 

To ensure a high and consistent level of protection, we use IT environment safeguards adequate for the processing, as well as technical and organisational measures, which include, among others:

  • TLS protocol encryption,
  • creating backup copies,
  • equipping data centres with data protection mechanisms,
  • conducting regular security level tests,
  • monitoring the security of personal data,
  • mitigating the risk of potential abuses and reacting promptly in case of their occurrence,
  • implementing data protection policies,
  • ensuring continuous confidentiality, integrity, availability and resistance of the processing systems and services,
  • allowing access to personal data only to authorized persons,
  • creating and regularly modifying passwords to access systems where personal data are processed.
 

WHAT RIGHTS DO DATA SUBJECTS HAVE?

 

Data subjects whose data we process have the rights to:

  • access to their personal data;
  • change their personal data;
  • remove their personal data;
  • restrict the processing of personal data;
  • object to the processing of personal data;
  • transfer the personal data;
  • withdraw consent to the processing of personal data (provided that the processing is based on the consent of a data subject).
 

However, the rights listed above are not absolute, and in certain circumstances, after analysis, we may legitimately refuse to exercise them.

 

Please also be informed that the withdrawal of your consent to data processing will not affect the lawfulness of data processing that took place on the basis of the consent given before its withdrawal.

 

If you request us to exercise any of the above rights, we will respond to your request without delay, but no later than within one month of its receipt. If due to the complexity of the request or the number of requests, we are unable to comply with your request within one month, we will comply with it within a further two months. However, we will inform you of the intended extension of the deadline beforehand.

 

HOW CAN YOU COMPLAIN ABOUT IRREGULARITIES IN THE PROCESSING OF PERSONAL DATA?

 

If you believe that your personal data is processed by us contrary to the applicable law, you can file a complaint with the President of the Office for Personal Data Protection.

 

DOES USING THE WEBSITE INVOLVE SENDING LOGS TO THE SERVER?

 

The use of the Website involves sending queries to the server on which the Website is hosted. Each query sent to the server is recorded in server logs and stored on the server. The logs include, among others, the IP address, date and time of the server, information about the Internet browser and operating system.

 

The data stored in the server logs are not associated with specific users of the Website and are not used by us to identify you.

 

The server logs constitute solely auxiliary material used to administer the Website, and their content is not disclosed to anyone except persons authorized to administer the server.

 

CAN WE AMEND OUR PRIVACY POLICY?

 

Yes. Personal data protection is a process that we adapt to meet current needs and changing technology. Therefore, our Privacy Policy may be supplemented or amended, as we will inform you by a post on the Website, and in the event of material changes, we will send separate notices on the amendment to registered service users by email.