COLOSSAL
PRIVACY NOTICE


This version is effective from: 12.08.2024

This Privacy Notice (“Privacy Notice”) sets out how Colossal Sound Limited processes your personal data in connection with our Colossal platform and related business, including the provision of our websites and our web and mobile application(s) (collectively our “Platform(s)”) and the services we offer, including through our Platforms (our “Services”).


We will update this Privacy Notice from time to time to reflect any changes or proposed changes to our use of your personal data, or to comply with changes in applicable law or regulatory requirements. We may notify you by email of any significant changes to this Privacy Notice, but we encourage you to review this Privacy Notice periodically to keep up to date on how we use your personal data.

  1. Purpose of this privacy notice

This Privacy Notice explains our approach to any personal data that we might collect from you or which we have obtained about you from a third party, and the purposes for which we process your personal data and how we share it with others. This Privacy Notice also sets out your rights in respect of our processing of your personal data.


When we talk about “personal data”, we mean any information which relates to an identified or identifiable living individual. Individuals might be identified by reference to a name, address, an identification number, location data, an online identifier (such as an IP address) or to other factors that are specific to them.

This Privacy Notice is intended to assist you in making informed decisions when using our Platform and our Services. Please take a moment to read and understand it. It should be read in conjunction with our Cookie Policy.


This Privacy Notice only applies to the use of your personal data obtained by us, whether from you directly or from a third party. It does not apply to personal data collected by third parties during your communications with those third parties or your use of their products or services (for example, where you follow links to third party websites over which we have no control, or you purchase goods or services from those third parties).

  1. About us

The Platform and our Services are made available by Colossal Sound Limited (known as "Colossal", "we", "us", "our"). Colossal Sound Limited is the data controller responsible for your personal data. Colossal Sound Limited is an English company  (Colossal Sound Ltd 86-90 Paul Street, London, England, United Kingdom, EC2A 4NE).

  1. How to contact us

If you have any questions about this Privacy Notice or want to exercise your rights as a data subject set out in this Privacy Notice, you can contact us using the following methods:


Email: Send us an email at support@colossal.fm

  1. What personal data we collect

The types of personal data we collect depends on who you are and how you use our Platform and Services and includes the following:


Identity Data: First name; last name.


Contact Data: Address; email address; telephone number; social media handle.


Registration Data: First name; last name; date of birth; gender; country; nationality; username; any other personal data that you may provide when you register an account with us.


Financial Data: Bank account details; payment card details.


Transaction Data: Details about payments made; details of items purchased.


Profile Data: Account username; password; profile picture or avatar; purchase/order details; interests and preferences; contact preferences; the content of any messaging you send using any Enquiry Form or Chat function on the Platform.


Behavioural Data: Data relating to your browsing activity or interaction with the Platform, obtained through the use of cookies, pixel tags and other similar technologies; information about when your current or previous sessions started; details about any products you viewed or purchased through the Platform.


Technical Data: IP address; browser type and operating system; geolocation, to ensure we're showing you the correct notices and information; any other unique numbers assigned to a device.


Marketing and Communications Data: Marketing preferences; service communication preferences.

  1. How we collect and receive personal data

We collect and receive personal data using different methods:


Personal data you provide to us: You may give us your personal data directly, for example, when you register or purchase on our Platform, contact us with enquiries, complete forms on our Platform, subscribe to receive our marketing communications or provide feedback to us.


Personal data we collect using cookies and other similar technologies: When you access and use our Platform, we will collect certain Behavioural Data and Technical Data. We collect this personal data by using cookies and other similar technologies (see the "Insight, analysis and retargeting through Cookies" section below).


Personal data received from third parties: We may receive personal data about you from third parties. Such third parties may include analytics providers, data brokers, third party directories and third parties that provide technical services to us so that we can provide our Platform and our Services.

  1. How we use your personal data

We use your personal data for the purposes set out in this section.


USE OF OUR PLATFORM


If you register for an account on our Platform: You may be required to register an account with us in order to gain access to certain features and functionality of our Platform. Account holders will need to complete the registration form, providing all required Identity Data, Contact Data, Registration Data; Financial Data and Profile Data. We will use this data in order to process your registration. Once the account is registered, we will process your Identity Data, Contact Data, Registration Data and Profile Data to identify you when you log in to your account and access secure areas of our Platform. We will also process certain Technical Data and Marketing and Communications Data so that we can administer your account and contact you about your account. We will also collect and process Behavioural Data and Technical Data when you use certain features and functionality on our Platform. This data helps us understand how you use our Platform so that we can improve it.


Our legal basis for processing: It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you, or it is in our legitimate interest to use personal data in such a way to ensure that we provide access to the Platform and our Services in a secure and effective way and so that we can make improvements to our Platform.


If you purchase items via our Platform: We collect and maintain personal data that you submit to us for the purpose of supplying items that you have requested via our Platform. The personal data we process may include your Identity Data, Contact Data, Registration Data, Profile Data, Financial Data and Transaction Data (where applicable). We process this information so that we can fulfil the supply of Services, maintain our user databases and to keep a record of how our Services are being used.


Our legal basis for processing: It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you for the Services, or it is in our legitimate interest or a third party's legitimate interest to use personal data in such a way to ensure that we provide our Services in an effective, safe and efficient way.


If you browse our Platform: When you browse our Platform, we collect and process Behavioural Data and Technical Data to help us understand how you are using and navigating our Platform. We do this so that we can better understand which parts of our Platform are more or less popular and improve the structure and navigation of our Platform.


Our legal basis for processing: It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you for the Services, or it is in our legitimate interest to use personal data in such a way to ensure that we provide access to our Platform in a secure and effective way and so that we can make improvements to our Platform.


If you use the interactive features on our Platform: We will collect and use personal data about you when you use certain features on our Platform. For example, depending on the nature of your enquiry, we may process your Identity Data, Contact Data, Registration Data, Profile Data and certain Behavioural Data and Technical Data when you use the Enquiry Form or Chat function to get in touch with us or other account holders.


Our legal basis for processing: It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you for the Services, or it is in our legitimate interest to use personal data in such a way to ensure that we can respond to your enquiries, provide access to our Platform in a secure and effective way and make improvements to our Platform.


If you contribute to our Platform or post content on our Platform: If you submit any content to us, including via our Platform, we may process any personal data comprised within that content for the purposes of making available particular the Services via our Platform.


Our legal basis for processing: Where we use your content in connection with Services that we provide via our Platform, it is in our legitimate interest to use any personal data that you provide to us to ensure that we provide the relevant Services in an effective way.


If you log in with or otherwise link to social media sites and interact with our social media pages: If you log in with or click on one of the social media links on our Platform or otherwise interact with our social media pages such as on Facebook or Instagram (including interacting with any 'like' or similar embedded features on our Platform or social media accounts), we and the relevant social media platform may receive information relating to such interaction and may share your personal data in connection with this purpose, such as certain Behavioural Data and Technical Data. For more information about how we use this personal data, please see the "Insight, analysis and retargeting through Cookies" section below.

The relevant social media platform may also be a controller in respect of the personal data that is collected via your use of our social media pages and may use that personal data for additional purposes. For details of how the relevant social media platform uses your personal data, please see the privacy policy of the relevant social media platform.


Our legal basis for processing: It is in our legitimate interest to use personal data in the ways described above to ensure that we provide the Platform in an effective way and to promote our Platform via social media.


ENSURING THE PROPER FUNCTIONING OF OUR PLATFORM AND PROVIDING YOU WITH OUR PLATFORM FEATURES AND NOTIFICATIONS


When you use our Platform and associated features and functionality: To ensure that our Platform can operate properly and provide you with the features you want, the provider of your device may collect certain Technical Data. The data is automatically collected and transmitted to us from your device during your use of the Platform ("Usage Data") and includes: (i) device name (e.g. "Apple iPhone" or "Samsung Galaxy" or any other name that you have given your device); (ii) operating system and version; (iii) system language; (iv) general device data, such as voice and regional settings; (v) IP address of the device; (vi) date and time of use; and (vii) application ID to identify your installation of the Platform or related app. When you open the Platform or site for the first time, you may be asked for permission to send you push notifications. If you allow this feature, our Platform will send you push notifications, for example, reminders, alerts, updates and other information. You can configure and turn off push notifications via your device settings at any time.


Our legal basis for processing: It is in our legitimate interest to use the Usage Data and send error messages (if applicable) in such a way in order to secure our Platform and to detect and resolve errors and cyberattacks. We rely on consent where you have enabled features such as push notifications, location, camera, microphone, or photo and video upload functions, as it will be your choice to receive such notification or allow us access to this information.


CUSTOMER SERVICE, ENQUIRIES


If you have a general question or need help with any issue concerning our Services: If you make an enquiry, we will collect and process your Identity Data, Contact Data and, if applicable, certain Profile Data and Transaction Data, as well as any other personal data you volunteer that is relevant to your enquiry. If you have a technical issue concerning our Platform, we may also collect and process Behavioural Data and Technical Data to help us diagnose the technical issues you are experiencing and to help us resolve them in an efficient way. We use this information to manage and respond to your enquiry.


Our legal basis for processing: It is in our legitimate interest to use your personal data in the ways described above to ensure that we are able to help you with your enquiry, provide a good standard of service and improve our customer services.


SURVEYS AND FEEDBACK


If you complete our surveys or provide feedback on your experience of our Platform and/or our Services: From time to time, we will invite you to provide feedback about us, our Platform and our Services in the form of online surveys. We will collect and process your Identity Data, Contact Data and, if applicable, certain Profile Data and Transaction Data, as well as any other personal data you choose to volunteer in your survey response or other feedback. We use this information to help us to monitor and improve our Services, to assist with the selection of future product and service lines and to train our personnel.


Our legal basis for processing: It is in our legitimate interest to use the personal data provided by you so that we can improve our Platform and our Services and provide them in an effective way.


PRIZE DRAWS, PRIZE COMPETITIONS AND OTHER PROMOTIONS


If you participate in one of our promotions: From time to time, we may run prize draws, prize competitions and other promotions on our Platform and/or on our social media accounts. For the purposes of administering such promotions, we may process your Identity Data, Contact Data, Registration Data, Transaction Data, Profile Data, Behavioural Data and/or Technical Data and any other personal data volunteered by you in relation to your promotion entry. Our promotions are subject to separate terms and conditions, which you may be required to accept as a condition of entry.


Our legal basis for processing: It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you (e.g. the promotion terms and conditions) or it is in our legitimate interest to use your personal data to enable us to administer our promotion fairly and effectively and to ensure that we comply with self-regulatory codes governing the operation of promotions.


INSIGHT, ANALYSIS AND RETARGETING THROUGH COOKIES


If we use cookies to help us understand more about you and your use of our Platform and our Services: We and our third-party partners use cookies, web beacons, pixel tags and other similar technologies (which we generically refer to as "Cookies") to collect data from the devices that you use to access our Platform and Services. The data that is collected includes Behavioural Data and Technical Data, and certain Profile Data. Please see our Cookie Policy for further information, including details of our third-party partners.

We and our third-party partners use this data to analyse how you use our Platform and our Services and the effectiveness of our Platform and our Services, including:


  • to analyse how you use, and the effectiveness of, our Platform and our Services

  • to count users who have visited our Platform and collect other types of information, including insights about visitor browsing habits, which helps us to improve our Platform and our Services

  • to measure the effectiveness of our content; to learn what parts of our Platform are most attractive to our users

  • to help us understand the type of marketing content that is most likely to appeal to our visitors and customers; and

  • to help us with the selection of future product and service lines, design and to remember your preferences.


Our legal basis for processing: Where your data is collected through the use of non-essential cookies, we rely on consent to collect your personal data and for the onward processing purpose. Please see our Cookie Policy for further details. In certain circumstances, we may rely on another lawful basis when we use your personal data collected via the use of cookies,. For example, where we use personal data collected through the use of analytics cookies to analyse how you use our Platform, it is in our legitimate interest to use your personal data in such a way to improve our Platform and our Services.


ADVERTISING AND MARKETING ACTIVITIES


If we send you marketing communications by email/SMS: We use your Identity Data, Contact Data and Marketing and Communications Data to send you (or the organisation you represent) marketing communications.

Our marketing communications will include personalised and non-personalised marketing. Personalised marketing has been specifically tailored to you and will include content that we think is most relevant to you, based on what we know about you. Non-personalised marketing is marketing that is not tailored to you.

Where we are sending you personalised marketing, we may also use Profile Data, Transaction Data and Behavioural Data to help us decide what sort of personalised marketing to send you (please see the "Insight, analysis and retargeting through Cookies" section above for more details).


Our legal basis for processing: It is in our legitimate interest to use your personal data for marketing purposes, for example to decide what marketing content we think may appeal to you.

It is in our legitimate interest to use your personal data to send our marketing to you by post.

However, we will only send marketing communications to you by email and/or SMS where you have consented to receive such content by email and/or SMS, or where we have another lawful right to send marketing to you using email and/or SMS. For example, in certain circumstances we may rely on our legitimate interest to send marketing by email and/or SMS to consumers who have purchased previously.


If we carry out any online personalised advertising: We and our third party partners may use your Profile Data, Behavioural Data and Technical Data and other data that is collected through your interactions with third party websites and services to provide you with, and analyse the effectiveness of, personalised ads when you visit other websites and/or use other services (including the social media and other platforms described in the "If we advertise to you on social media and other platforms" section below).

By "personalised ads", we mean advertisements for products and services that you have shown an interest in when you have used our Platform or which you otherwise might be interested in based on your browsing habits, although our third-party partners may use the data that is collected to show personalised ads for products and services offered by third parties.


Our legal basis for processing: Please see the "Insight, analysis and retargeting through Cookies" section above to learn about the legal basis that we rely on to collect data via the use of Cookies.

Where we use your personal data to display online personal advertising to you, we rely on the consent that you have provided in respect of the collection of such data, or it is otherwise in our legitimate interests to promote our Platform and our Services to you.

Our third party partners may rely on a different lawful basis in respect of their use of your personal data. Please read the privacy policy of the relevant third-party provider, as set out in our Cookie Policy.


If we advertise to you on social media and other platforms: We share your email address (usually in an encrypted or 'hashed' form) with third-party providers of social media platforms and other services, such as Facebook, Snapchat, Sky and other similar platforms ("Social Platforms"), so that the third party providers can try to "match" your data with the data of their registered users of their Social Platforms.
Where there is a successful match, we will display our advertising to you when you use the relevant Social Platform (e.g. on your Facebook newsfeed). This is known as "custom audience" advertising, because we "customise" the audience that we want to reach on the relevant service.
Some of the advertising that you see may be personalised to you. The data that we use to personalise our advertising, such as your Profile Data and Behavioural Data, will not be provided to the third-party providers of the Social Platforms. Please see the "Insight, analysis and retargeting through Cookies" section above to learn more about how we personalise advertising to you.
This activity is also subject to the privacy choices you have elected to make on such Social Platforms.

Our legal basis for processing: We will only share your personal data with the third-party providers of the Social Platforms, so that we can advertise our Services to you when you use those Platforms, where you have provided your consent.


If we advertise to other people who share similar interests and characteristics to you: We will provide your personal data to third-party providers of other services as described in the "Advertising to you on social media and other platforms" and the "Insight, analysis and retargeting through the use of Cookies" sections. If you are a user of those third-party services, we may ask the third-party providers of those services to find other registered users of their services who share similar interests and characteristics to you, which will be based on information that the third party holds about you and its other registered users.

This is known as "lookalike" audience advertising because we are trying to show our advertising to people who "look like" you.

Please note that such activity is also subject to the privacy choices you have elected to make on such third-party services.


Our legal basis for processing: It is in our legitimate interests to share your personal data with the third-party providers of other services so that we can advertise our Services to other individuals that use those services and share similar interests and characteristics with you, although where this activity is undertaken through the use of Cookies please see the "Insight, analysis and retargeting through Cookies" section above) to learn about the legal basis that we rely on. You can opt-out of our sharing of your personal information with the third-party providers by exercising your rights as a data subject as set out below.


BUSINESS ADMINISTRATION AND LEGAL COMPLIANCE


If we need to use your personal data to comply with our legal obligations or in connection with the administration of our business: We may use your personal data: (i) to comply with our legal obligations; (ii) to enforce our legal rights; (iii) to protect the rights of third parties; and (iv) in connection with a business transition such as a merger, reorganisation, acquisition by another company, or sale of any of our assets.


Our legal basis for processing: Where we use your personal data in connection with a business transition, to enforce our legal rights or to protect the rights of third parties, it is in our legitimate interest to do so. For all other purposes described in this section, we have a legal obligation to use your personal data to comply with any legal obligations imposed upon us, such as a court order. We will not process any special (or sensitive) categories of personal data or personal data relating to criminal convictions or offences except where we are able to do so under applicable legislation or with your explicit consent.

  1. Sharing personal data

We only share personal data with others when we are legally permitted to do so. When we share personal data with others, we put contractual arrangements and security mechanisms in place to protect the personal data shared and to comply with our data protection, confidentiality and security standards and obligations.


Third-party suppliers who provide applications/ functionality, data processing or IT services: We share personal data with third parties who support us in providing our Platform and help provide, run and manage our internal IT systems. Such third parties may also include, for example, providers of information technology, cloud-based software-as-a-service providers, identity management, website design, hosting and management, data analysis, data back-up, security and storage services. The servers powering and facilitating that cloud infrastructure are located in secure data centres around the world, and personal data may be stored in any one of them. We also share your personal data with third-party service providers to assist us with insight analytics. These providers are described in our Cookie Policy.


Payment providers and banks: We share personal data with third parties who assist us with the processing of payments and refunds.


Advertising partners: We share personal data with third party advertising partners, including those set out in our Cookie Policy when you use our Platform. This data is used to provide you with, and measure the effectiveness of, online personalised advertising and for other advertising related activities.


Third-party email marketing and CRM specialists: We share personal data with specialist suppliers who assist us in managing our marketing database and sending out our post and email marketing communications and account-related communications.


Third-party suppliers who assist us in administering our promotions: We share personal data with specialist suppliers who assist us in administering our prize draws, prize competitions and other promotion.


Auditors, lawyers, accountants and other professional advisers: We share personal data with professional services firms who advise and assist us in relation to the lawful and effective management of our organisation and in relation to any disputes we may become involved in.


Law enforcement or other government and regulatory agencies and bodies: We share personal data with law enforcement or other government and regulatory agencies or other third parties as required by, and in accordance with, applicable law or regulation.

  1. How we obtain your consent

Where our use of your personal data requires consent, you can provide such consent at the time we collect your personal data following the instructions provided, or by informing us using the contact details set out in the "How to Contact Us" section above.

  1. Third-party links

This Privacy Notice only applies to personal data processed by us through your use of our Platform and/or in connection with our business operations. However, from time to time, our Platform may contain links to third-party websites and services. We have no control over these websites and services and this Privacy Notice does not apply to your interaction with the relevant third parties.


When you use a link to go from our Platform to another website (even if you don't leave our Platform) or you request a service from a third party, your browsing and interactions on any other websites, or your dealings with any other third-party service provider, is subject to that website's or third-party service provider's own rules and policies.


We do not monitor, control or endorse the privacy practices of any third parties. We encourage you to become familiar with the privacy practices of every website you visit or third-party service provider that you use in connection with your interaction with us and to contact them if you have any questions about their respective privacy notices and practices.

  1. Transfers outside the UK and the European Economic Area ("EEA")

Where necessary in order to provide our Services, we will transfer personal data to countries outside the UK and the EEA.


Non-EEA countries do not have the same data protection laws as the UK and the EEA. In particular, non-EEA countries may not provide the same degree of protection for your personal data, may not give you the same rights in relation to your personal data and may not have a data protection supervisory authority to help you if you have any concerns about the processing of your personal data. However, when transferring your personal data outside the UK or the EEA, we will comply with our legal and regulatory obligations in relation to your personal data, including having a lawful basis for transferring personal data and putting appropriate safeguards in place to ensure an adequate level of protection for the personal data. We will take reasonable steps to ensure the security of your personal data in accordance with applicable data protection laws.

  1. How long we keep your personal data

In respect of personal data that we process in connection with the supply of our Services, we may retain your personal data for up to six years from the date of supply of the relevant Services and in compliance with our data protection obligations. We may then destroy such files without further notice or liability.


If any personal data is only useful for a short period (e.g. for a specific activity, promotion or marketing campaign), we will not retain it for longer than the period for which it is used by us.


If you have opted out of receiving marketing communications from us, we will need to retain certain personal data on a suppression list indefinitely so that we know not to send you further marketing communications in the future. However, we will not use this personal data to send you further marketing unless you subsequently opt back in to receive such marketing.

  1. Confidentiality and security of your personal data

We are committed to keeping the personal data you provide to us secure and we have implemented information security policies, rules and technical measures to protect the personal data under our control from unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss. In addition, all our employees and data processors (i.e. those who process your personal data on our behalf) are obliged to respect the confidentiality of the personal data of all users of our Platform and those who purchase our Products and Services.

  1. Your rights as a data subject

You have certain rights in relation to the personal data we hold about you. If you would like to exercise any of these rights, please contact us using the details set out in the "How to Contact Us" section above.


Your right of access: If you ask us, we will confirm whether we are processing your personal data and, if so, provide you with a copy of that personal data (along with certain other details). If you require additional copies, we may charge a reasonable fee for producing those additional copies.

Your right to rectification: If the personal data we hold about you is inaccurate or incomplete, you are entitled to have it rectified. If we have shared your personal data with others, we'll let them know about the rectification where possible. If you ask us, where possible and lawful to do so, we will also tell you who we've shared your personal data with so that you can contact them directly.


Your right to erasure: You can ask us to delete or remove your personal data in some circumstances, such as where we no longer need it or where you withdraw your consent (where applicable). If we have shared your personal data with others, we will let them know about the erasure where possible. If you ask us, where it is possible and lawful for us to do so, we will also tell you who we have shared your personal data with so that you can contact them directly.


Your right to restrict processing: You can ask us to "block" or suppress the processing of your personal data in certain circumstances such as where you contest the accuracy of that personal data or you object to us processing it for a particular purpose. This may not mean that we will stop storing your personal data but, where we do keep it, we will tell you if we remove any restriction that we have placed on your personal data to stop us processing it further. If we've shared your personal data with others, we'll let them know about the restriction where it is possible for us to do so. If you ask us, where it is possible and lawful for us to do so, we'll also tell you who we've shared your personal data with so that you can contact them directly.


Your right to data portability: You have the right, in certain circumstances, to obtain personal data you have provided to us (in a structured, commonly used and machine-readable format) and to reuse it elsewhere or to ask us to transfer it to your chosen third party.


Your right to object: You can ask us to stop processing your personal data, and we will do so, if we are: (i) relying on our own or someone else's legitimate interest to process your personal data, except if we can demonstrate compelling legal grounds for the processing; or (ii) processing your personal data for direct marketing purposes.


Your rights in relation to automated decision-making and profiling: You have the right not to be subject to a decision when it is based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for the entering into, or the performance of, a contract between you and us.


Your right to withdraw consent: If we rely on your consent (or explicit consent) as our legal basis for processing your personal data, you have the right to withdraw that consent at any time. You can exercise your right of withdrawal by contacting us using our contact details in the "How to Contact Us" section above or by using any other opt-out mechanism we may provide, such as an unsubscribe link in an email.

Your right to lodge a complaint with the supervisory authority: If you have a concern about any aspect of our privacy practices, including the way we have handled your personal data, please contact us using the contact details provided in the "How to Contact Us" section above. As we are incorporated in the United Kingdom, our regulatory authority is the Information Commissioner's Office ("ICO"). Contact details for the ICO can be found on its website at https://ico.org.uk.