Privacy Policy for the sonoro mobile app

Introduction

Below, we provide information about the processing of personal data when using our mobile app (hereinafter referred to as "app"). Personal data is any data that can be related to a specific natural person, e.g., their name or IP address.

contact information

The controller pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is sonoro audio GmbH, Hammer Landstraße 45, Neuss, Germany, email: info@sonoro.com. We are legally represented by Marcell Faller.

Our data protection officer can be contacted via heyData GmbH, Schützenstraße 5, 10117 Berlin, Germany, www.heydata.eu, email: datenschutz@heydata.eu.

Scope of data processing, processing purposes, and legal bases

The scope of data processing, processing purposes, and legal bases are explained in detail below. The following generally serve as legal bases for data processing:

6 para. 1 sentence 1 lit. a GDPR) serves as the legal basis for processing operations for which we obtain consent.
6 (1) sentence 1 lit. b DS GVO is the legal basis insofar as the processing of personal data is necessary for the performance of a contract, e.g. when a user purchases a product from us or we perform a service for them. This legal basis also applies to processing that is necessary for pre-contractual measures, such as inquiries about our products or services.
6 para. 1 sentence 1 lit. c GDPR) applies if we fulfill a legal obligation by processing personal data, as may be the case in tax law, for example.
6 para. 1 sentence 1 lit. f GDPR) serves as the legal basis if we can invoke legitimate interests for the processing of personal data, e.g. for cookies that are necessary for the technical operation of our website.

Data processing outside the EEA

Insofar as we transfer data to service providers or other third parties outside the EEA, adequacy decisions by the EU Commission pursuant to Art. 45 (3) GDPR guarantee the security of the data during transfer, insofar as these exist, as is the case, for example, for the United Kingdom, Canada, and Israel.

When data is transferred to service providers in the USA, the legal basis for the data transfer is an adequacy decision of the EU Commission if the service provider has also been certified under the EU US Data Privacy Framework.

In other cases (e.g., if no adequacy decision exists), the legal basis for data transfer is usually standard contractual clauses, unless we indicate otherwise. These are a set of rules adopted by the EU Commission and form part of the contract with the respective third party. According to Art. 46 (2) (b) GDPR, they ensure the security of data transfer. Many of the providers have given contractual guarantees that go beyond the standard contractual clauses and protect the data beyond the standard contractual clauses. These include, for example, guarantees regarding the encryption of data or regarding the third party's obligation to notify data subjects if law enforcement agencies want to access data.

storage period

Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and there are no statutory retention periods that prevent deletion. If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted, i.e., the data will be blocked and not processed for other purposes. This applies, for example, to data that we are required to retain for commercial or tax law reasons.

Rights of those affected

Data subjects have the following rights with regard to their personal data:

Right to information,
Right to rectification or erasure,
Right to restriction of processing,
Right to object to processing,
Right to data portability,
Right to withdraw consent at any time.

Data subjects also have the right to complain to a data protection supervisory authority about the processing of their personal data. Contact details of the data protection supervisory authorities can be found at https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html.

Obligation to provide data

Customers, interested parties, or third parties must only provide us with personal data within the scope of a business relationship or other relationship that is necessary for the establishment, implementation, and termination of the business relationship or other relationship, or that we are legally obliged to collect. Without this data, we will generally have to refuse to conclude a contract or provide a service, or we will no longer be able to perform an existing contract or other relationship.

Mandatory fields are marked as such.

No automatic decision-making in individual cases

We do not use fully automated decision-making in accordance with Article 22 GDPR to establish and conduct a business relationship or other relationship. If we use these procedures in individual cases, we will provide separate information about this, provided that this is required by law.

contact

When you contact us, e.g. by email or telephone, we store the data you provide (e.g. names and email addresses) in order to answer your questions. The legal basis for processing is our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR) in responding to inquiries addressed to us. We delete the data collected in this context after storage is no longer necessary, or restrict processing if there are legal retention obligations.

Data processing in the app

Download the app

Our app is available for download from Apple's App Store and Google's Play Store (hereinafter referred to as "Stores"). When users download the app, the necessary information is transferred to the Stores, in particular the user name, email address, and customer number of the account, the time of download, payment information, and the individual device identification number. We have no influence over this data collection and are not responsible for it. We only process the data to the extent necessary for downloading the mobile app to the user's mobile device.

hosting

We host the app ourselves and process the personal data retrieved via the app, e.g., content, usage, meta/communication data, or contact data. It is in our legitimate interest to provide an app, so the legal basis for data processing is Art. 6 (1) (f) GDPR.

Informational use of the app

When users use our app, we collect the data that is technically necessary for us to offer users the functions of our app and to ensure stability and security. This is our legitimate interest, so the legal basis is Art. 6 (1) (f) GDPR.

The data processed in this regard are:

IP address
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the requirement (specific interface)
Access status/HTTP status code
amount of data transferred
Operating system and its interface
Language and version of the operating system

Data processing for the provision of functions

We process data in the app in order to provide the user with app functions. The legal basis for processing is the user agreement concluded with the user via the app.

The data processed in this regard are

Only the data entered into the app by the user themselves
IP address
Date and time
time zone
access status
operating system
Language and version

The app's features include control of sonoro music systems, easier registration with music services, and simpler management of favorites.

Third-party tools

Stream Unlimited

We use StreamUnlimited for audio transmissions. The provider is StreamUnlimited Engineering GmbH, Gutheil-Schoder-Gasse 10, 1100 Vienna, Austria. The provider processes contact data (e.g., email addresses, telephone numbers), location data, meta/communication data (e.g., device information, IP addresses) in the EU.

The legal basis for processing is Art. 6 (1) (a) GDPR. Processing is based on consent. Data subjects can revoke their consent at any time, for example, by contacting us using the contact details provided in our privacy policy. The revocation does not affect the legality of the processing up to the time of revocation.

The data will be deleted once the purpose for which it was collected no longer applies and there is no obligation to retain it. Further information is available in the provider's privacy policy at https://www.streamunlimited.com/privacy-policy/.

heyData

We have integrated a data protection seal. The provider is heyData GmbH, Schützenstraße 5, 10117 Berlin, Germany. The provider processes meta/communication data (e.g., IP addresses) in the EU.

The legal basis for processing is Art. 6 (1) (f) GDPR. We have a legitimate interest in providing website visitors with confirmation of our data protection compliance. At the same time, the provider has a legitimate interest in ensuring that only customers with existing contracts use its seal, which is why a mere image copy of the certificate is not a viable alternative to confirmation.

The data is masked after collection to ensure that it is no longer personally identifiable. Further information can be found in the provider's privacy policy at https://heydata.eu/datenschutzerklaerung.

Music services and third-party technical providers

We integrate various music services and third-party technical providers to enable streaming and control of music systems. These providers include:

Spotify AB, Regeringsgatan 19, SE 111 53 Stockholm, Sweden
Deezer S.A. 12 rue d’Athènes, 75009 Paris, France
Napster Luxembourg S.à r.l., 60, Route de Luxembourg, L 5408 Bous, Luxembourg
Qobuz - XANDRIE SA, 45 rue de Delizy, 93692 Pantin CEDEX, France
Amazon Europe Core S.à r.l., 5 Rue Plaetis, L 2338 Luxembourg, Luxembourg
TIDAL Music AS, Lakkegata 53, 0187 Oslo, Norway
Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Republic of Ireland
Airable GmbH, Am Treppchen 2, 41334 Nettetal, Germany
Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland
Dirac Live - Dirac Research AB, Dragarbrunnsgatan 73, 753 20 Uppsala, Sweden
Roon Labs LLC - 161 Hickory Kingdom Road, Bedford, NY 10506, USA

The respective third-party provider listed processes usage data (e.g., websites visited, interest in content, access times, listening behavior), location data, and meta/communication data (e.g., device information, IP addresses) in countries outside the European Union.

All user data is stored directly in the music systems and transmitted via these systems. This means that all user data listed is also forwarded to the relevant third-party providers when using the app. By using sonoro music systems, the user agrees to the transfer of the relevant data. sonoro GmbH uses technical and organizational measures to protect data against loss, misuse, or unauthorized access (e.g., SSL encryption, access controls, updates). Regular updates guarantee legally secure use.

Changes to this privacy policy

We reserve the right to change this privacy policy with future effect. An updated version will always be available here.

Questions and comments

If you have any questions or comments regarding this privacy policy, please contact us using the contact details provided above.