PRIVACY POLICY
Last Revised: March 13, 2021
INTRODUCTION
Privacy and security of your personal information are very important to us. This Privacy Policy describes how we, Sharaliy Inc., a corporation governed by the laws of the State of Washington, doing business as Beautiful Sounds Music Lessons (“Company,” ”we,” “our,” or “us”), collect, store, use, and disclose personal information (as defined below) of users of the website found at beautifulsoundsmusiclessons.com, any mobile application associated with it (collectively, “Platform”), and the online training course associated with the Platform (“Course”).
We aim to limit our collection of personal information to only such personal information as required for legitimate purposes. We do not sell, rent, trade or otherwise disclose your personal information to third parties, other than as described in this Privacy Policy. We take appropriate security measures to protect your personal information and we respect your right to access your personal information or have it corrected or deleted, at your request. If you have any questions, or want to know exactly what personal information we keep about you, please contact us. All capitalized terms not defined herein are defined in our Terms of Service.
We may amend this Privacy Policy from time to time. We will post any changes to this Privacy Policy here so that you always know what information we gather, how we might use that information, and whether we will disclose that information to anyone. Please refer back to this Privacy Policy on a regular basis. By using the Platform, you acknowledge that you accept the practices and policies outlined in this Privacy Policy and you hereby consent that we will collect, store, use, and disclose your personal information as outlined in this Privacy Policy. If you do not agree with any practices in this Privacy Policy, please stop using the Platform.
PERSONAL INFORMATION COLLECTED THROUGH PLATFORM
“Personal information,” also known as personal data or personally identifiable information, is any information related to an identifiable person. When you register for an Account, purchase the Course, or fill out one of our questionnaires, we may collect the following personal information from you: email, first name, last name, nickname, company name, physical address, email address, phone number, your age or the age of your child (if you are a parent signing up on behalf of your child), and any personal information you choose to provide to us voluntarily.
NON-PERSONAL OR AGGREGATE INFORMATION WE MAY COLLECT
We may collect data which is non-personal, anonymous, or pseudonymous, including, but not limited to, time zone you are in, information on how you first heard about us, browser type, website usage history, number of logins, login times, time/date of login, lessons you are interested in, your current level of proficiency, your preference about the location of the lessons, and whether you are a student or a teacher.
YOUR FINANCIAL INFORMATION & PAYMENT PROCESSING
Stripe is our trusted vendor, which processes payments on our behalf. When you purchase our Course, Stripe will collect and store your financial information and process your payment(s) via Stripe’s payment system. Stripe adheres to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of any payment information. Company will only have access to your name, billing address, and last 4 digits of your debit/credit card.
PURPOSES FOR WHICH WE USE INFORMATION ABOUT YOU
We only use information about you to support your experience throughout the Platform or to communicate with you about our Course. In particular, we collect information about you:
- to recognize you as a registered user;
- to respond to your inquiries or requests;
- to provide customer support;
- to conduct market research;
- to comply with all applicable laws or if we are required by law or by a court order to do so;
- to analyze non-personal or aggregate information for the sake of Platform improvement; and
- to transfer information in connection with the sale or merger or change of control of the Company.
We reserve the right to use and disclose non-personal information and anonymous aggregate statistics for any purpose and to any third party at our sole discretion.
BUSINESS TRANSFERS
We may sell, transfer or otherwise share some or all of our assets, including your personal information, in connection with a merger, acquisition, reorganization, bankruptcy, or sale of assets.
FEEDBACK & REVIEWS
If you submit any feedback (about the Platform or the Course) or (“Feedback”), you hereby assign to the Company all rights in the Feedback and agree that the Company shall have the right to use such Feedback and related information in any manner it deems appropriate. We will treat any Feedback you provide to us as non-confidential and non-proprietary. You agree that you will not submit to us any information or ideas that you consider to be confidential or proprietary.
MINORS (CHILDREN) POLICY
We are committed to protecting children’s personal information and comply with the strictest privacy laws out there. We do not knowingly collect or solicit personal information from anyone under the age of majority. If you are a minor, please do not send any information about yourself to us, including your name, address, telephone number, or email address. In the event that we learn that we have collected personal information from a minor, we will delete that information as quickly as possible. Please contact us if you believe we may have collected information from a minor.
HOW LONG WE KEEP YOUR INFORMATION
We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements) or up until such time when you withdraw your consent for processing it. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
DATA STORAGE
The data centers where we store your information are located in the United States. Please keep in mind that the data protection and privacy laws of the United States may not be as comprehensive as the laws in your country. For example, personal data transferred to the United States may be subject to lawful access requests by federal and state authorities in the United States. By providing your personal information, you consent to any transfer of your data and processing in accordance with this Privacy Policy.
SECURITY
The security of your information is very important to us. We apply all reasonable security measures and comply with the industry standards to protect your personal information (including, preventing the loss, misuse, unauthorized access, disclosure, alteration and destruction of your personal information).
Notably, access to the Platform’s database with your personal information is held behind administrative logins and managed, controlled and limited to authorized website administrators and support technicians only. Data transmitted between browser and application servers is encrypted using an HTTPS/SSL certificate. We do not collect or store your passwords (however, we may help you restore your password when needed). We use XSRF against cross-domain attacks. Data is backed up daily. The Platform’s server software is updated regularly to ensure we are running the latest and safest software (where applicable and depending on compatibility). The server’s firewall is configured to prevent unauthorized access, and activity is automatically monitored to detect and ban malicious activity.
Please be aware, however, that despite our efforts, no security measures are impenetrable. No method of transmission over the Internet, or method of electronic storage, is 100% secure. Thus, while we strive to protect your personal information, we cannot ensure and do not warrant the security of any information you transmit to us.
YOUR RIGHTS UNDER CCPA
The California Consumer Privacy Act (“CCPA”) is a state-wide data privacy law that regulates how businesses all over the world are allowed to handle the personal information of California residents. CCPA provides California residents with five core rights to data privacy and an effective way to control their personal information.
If you are a California resident, you have the following rights with regard to your personal information:
- the right to know what personal information is being collected about you;
- the right to know whether your personal information is sold or disclosed and to whom;
- the right to say no to the sale of personal information (“the right to opt out”); we have created a Do Not Sell My Personal Information webpage that provides you with more details on this matter.
- the right to access your personal information (under CCPA, a business may provide personal information to a consumer at any time, but shall not be required to provide personal information to a consumer more than twice in a 12-month period);
- the right to equal service and price, even if you exercise your privacy rights.
Additionally, a California consumer has the right to request that a business delete any personal information about the consumer which the business has collected from the consumer. However, a business or a service provider shall not be required to comply with a consumer’s request to delete the consumer’s personal information if it is necessary for the business or service provider to maintain the consumer’s personal information in order to:
- complete the transaction for which the personal information was collected, provide a good or service requested by the consumer, or reasonably anticipated within the context of a business’s ongoing business relationship with the consumer, or otherwise perform a contract between the business and the consumer;
- detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;
- debug to identify and repair errors that impair existing intended functionality;
- exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;
- comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code;
- engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the businesses’ deletion of the information is likely to render impossible or seriously impair the achievement of such research, if the consumer has provided informed consent;
- enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer’s relationship with the business;
- comply with a legal obligation;
- otherwise use the consumer’s personal information, internally, in a lawful manner that is compatible with the context in which the consumer provided the information.
Conflict resolution under CCPA: Prior to initiating any action against a business for statutory damages on an individual or class-wide basis, a California consumer shall provide a business 30 days’ written notice identifying the specific provisions of this title the consumer alleges have been or are being violated. In the event a cure is possible, if within the thirty (30) days the business actually cures the noticed violation and provides the consumer an express written statement that the violations have been cured and that no further violations shall occur, no action for individual statutory damages or class-wide statutory damages may be initiated against the business. Contact us should you need to exercise any of your rights under CCPA.
YOUR RIGHTS UNDER GDPR
The European General Data Protection Regulation (“GDPR”) is a regulation in EU law on data protection and privacy for all natural persons accessing the Internet from the European Union and the European Economic Area, whatever their nationality or place of residence is. It also addresses the transfer of personal data outside the EU and EEA areas. Our collection, processing and protecting of personal information of those who access the Platform from a European country, is compliant with GDPR.
If you are accessing and using the Platform from the European Union and the European Economic Area, you have the following rights with regard to your personal information:
- the right to be informed about what kind of information about you is collected, stored, processed and disclosed by us (that is why we have compiled this Privacy Policy for you);
- the right of access (you can request us to provide you verbally or in writing with the type of information we store about you and we have a month to respond to your request);
- the right to rectify (amend/correct) any personal information about you that is inaccurate;
- the right to erasure (some conditions apply, see Data Retention section below);
- the right to restrict processing your personal information, however, if you restrict us from processing a part of your personal information that is essential to our provision of the Platform, you may be asked to terminate your Account and stop using the Platform;
- the right to data portability (the right to data portability allows users of the Platform to obtain and reuse their personal information for their own purposes across different services; you may request us to transmit your personal information directly from our servers to another company’s servers and we will do so if it is technically feasible);
- the right to object (for example, you have an absolute right to stop us from using your personal information for direct marketing – read our opt-out instructions below; you may express your objection verbally or in writing and we have a month to respond to any such objection; we might still continue processing your personal information if we are able to show that we have a compelling reason for doing so);
- the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or that affects you significantly.
We represent and warrant that your personal information is:
- processed lawfully, fairly and transparently;
- collected only for specific legitimate purposes;
- collection of personal data is adequate, relevant and limited to what is necessary;
- accurate and kept up to date (with your help);
- stored only as long as is necessary; and
- is secure and kept in confidence.
Data Retention: Generally, your personal information will be erased when (i) it is no longer needed for its original processing purpose, (ii) you withdraw your consent for us to store by deleting your Account, (iii) there is no preferential justified reason for the processing of your personal information and you object to our processing of your personal information, or (iv) erasure of your personal information is required in order to fulfil a statutory obligation under the EU law or the right of the EU Member States. Therefore, we will make sure your personal information will be erased under all of the above-mentioned circumstances. You may request us to erase your personal information verbally or in writing and we have one (1) month to respond to any such request.
Data Breach Notification: Should there be a personal data breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed, we will notify you and appropriate supervisory authority without undue delay and, where feasible, not later than seventy-two (72) hours after having become aware of it.
YOUR RIGHTS UNDER LGPD
Lei Geral de Proteção de Dados (“LGPD”) is the Brazilian general data protection law, which applies to businesses that process the personal data of users located in Brazil. LGPD establishes rules on collecting, handling, storing and sharing of personal data managed by organizations.
According to the article 18 of LGPD, individuals have the following nine rights over their data processing:
- The right to receive a confirmation about processing of their personal data;
- The right to access their personal data;
- The right to correct incomplete, inaccurate or out-of-date personal data;
- The right to anonymize, block or delete unnecessary or excessive data or data processed in noncompliance with the provisions of LGPD;
- The right of portability of the data to another service or product provider, by means of an express request and subject to commercial and industrial secrecy, pursuant to the regulation of the controlling agency;
- The right to delete their personal data;
- The right to know who their data is being shared with (e.g., third parties, sub-processors, public, and private entities);
- The right to know how to deny consent and what would be the consequences of denying consent to collect personal data; and
- The right to revoke consent.
The Company has appointed a Data Protection Officer (DPO), who will receive requests and complaints, and who will communicate with Platform users and local authorities (as and when required under LGPD). If you are located in Brazil, you may exercise any of the above rights by contacting Company’s DPO, whose contact information you will find at the bottom of this Privacy Policy.
MARKETING EMAILS, OTHER COMMUNICATIONS & OPT-OUT OPTION
With your consent you will receive updates, newsletters, surveys, offers, ads and other promotional materials from us via your email. You may indicate a preference to stop receiving further communications or notifications from us by following the unsubscribe link provided in the email you receive. Despite your indicated preferences, we may send you service related communication, including notices of any updates to Platform’s Terms of Service, Privacy Policy, or other statements.
COOKIES POLICY
This Cookie Policy provides information about our use of cookies in connection with your use of and interaction with our Platform.
A “cookie” is a small piece of data sent along with pages of a website and stored by the user’s web browser on the user’s computer or mobile device. Cookies were designed to be a reliable mechanism for websites to remember certain information (such as items added in a shopping cart) or to record a user’s browsing activity (including clicking particular buttons, logging in, or recording which pages were visited in the past). Cookies are intended to help you access a website faster and more efficiently, because they can store information to help you enter a website without having to log in. In effect, cookies tell the website that your browser has been to the website before. It does not need to know your exact identity. Cookies can also be used to remember arbitrary pieces of information that the user previously entered into form fields such as names, addresses, passwords, and credit card numbers.
Browsers may accept or reject cookies automatically but allow you to change these settings. The help menu on most browsers will tell you how to change your browser’s settings and how to have the browser notify you when you receive a new cookie, and how to disable cookies all together. You can also disable or delete cookies you have previously accepted if you wish to.
Like many other websites, we also use cookies on our Platform. By using the Platform, you agree that we may set cookies listed below. These cookies ensure that certain parts of the Platform work properly and that your user preferences remain known. You do have the right to opt-out and to object against the further use of any cookies. However if you do so, please keep in mind that our Platform may no longer function properly for you.
The following are examples of cookies that may be used on our Platform:
- Strictly necessary cookies. These cookies are essential in order to enable you to move around the Platform and use its features.
- Performance/analytic cookies. These cookies collect data about how visitors use our Platform, including the country from which the visitor is accessing the Platform. They allow us to recognize and count the number of visitors and to see how visitors move around the Platform when they are using it.
- Functionality cookies. These are used to recognize you when you return to our Platform. This enables us to personalize our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
CONTACT US
If you would like to exercise any of the above rights or learn more about this Privacy Policy, please contact us.
Data Protection Officer: Albina Sharaliy