Introduction

This document states the Nuzic Project privacy policy for services formally operated and provided by the company Maumusic SLU through the www.nuzic.org website, the connected app for mobile devices and the associated services and APIs.

It describes what personal information we may be gathering from you, who can see this information, and what options you have for controlling this. We value your privacy and strive to achieve a balance between the legitimate interests of the Nuzic Project and your interests and rights.

This document is mainly intended for Nuzic Project contributors; if you are using services provided by the Maumusic SLU without contributing, section “Data we receive automatically” will be most relevant for you.

Data controller

The data controller is Maumusic SLU (we/us). You can contact us here:

Address: C/ Bruc 46,1º2ª 08010 Barcelona

Email: [email protected]

Lawfulness of processing (why do we store and process personal data?)

The purpose of the Nuzic Project and Maumusic SLU is to provide a platform and a mobile APP for learning music theory and sharing experiences about music education.

Purposes of personal data processing

• To provide the federated authentication service in order to access the Resources requested by the User. To verify and monitor the proper functioning of the service and ensure its security (legitimate interest – art. GDPR 6.1 f).
• To fulfill any legal obligations or requests from the judicial authorities (GDPR art. 6.1 c).
• In order to guarantee the service requested by the user (GDPR art. 6.1 b). 
• The controller processes your voluntarily disclosed personal data – only for registered users on the basis of your freely expressed consent (GDPR art. 6.1 a) for sending newsletters and updates about the project.

What data do we store and process?

Required account data

When a User wants to actively contributes to Nuzic Project, he/she can create an account, providing the following data (all required):

• Username
• Valid email address
• Name/First Name
• Surname/Last Name
• Birth date

Optional account data

When a User wants to actively contributes to Nuzic Project, he/she can create an account, providing also the following optional data:

• Country/Nationality
• URL of the user’s Website
• URL of user’s public profile on social media
• Information about music skills
• Information about favorite music genre
• Music instrument/instruments played
• Music software mostly used

Contributions to Nuzic Project

When a Registered User actively contributes to Nuzic Project by uploading data via the web or via mobile app, the data collected are the following:

• editing session meta-data. For example comments added by the user, any version and similar information added by the editing application and which editing application
• user id and login name of the author of every change to an object and a timestamp when that change occured.
• the e-mail address associated with your account.
• the name, surname or nickname associated with your account.
• any blocks the user has received and associated messages.
• network access data (example IP addresses) for the systems and services operated by the Maumusic SLU (see “Data we receive automatically”).

Data we receive automatically

When you visit the Nuzic Project website, access any of the Nuzic Project services via a browser or via applications that utilize the provided APIs, records of that use are produced; we collect information about your browser or application and your interaction with our website, including: (a) IP address, (b) browser and device type, (c) operating system, (d) referring web page, (e) the date and time of page visits, and (f) the pages accessed on our websites.

The data collected on the systems will be accessible by the system administrators. No personal information or information that is linked to an individual will be released to third parties, except as required by law.

The above mentioned data is processed on a legitimate interest basis (see GDPR article 6.1f ).

Who has access to the data

We do not share email addresses and other data associated with accounts with any third party and they are only accessible to our operations and working group personnel that have signed confidentiality agreements. User to user messages are visible to the sender and recipient, other access is limited to our operations staff and only if required for operational reasons, to enforce our acceptable use policies, to fulfil any legal obligations and most notably to prevent SPAM.

Similarly, network access data is only used for internal purposes and access is limited to operating personnel for operational and vandalism and SPAM protection purposes.

Where do we store the data

The website, API servers, databases and the servers for auxiliary services are currently located in [please insert the country / countries – better if they are in the EU]

User Rights according to the GDPR

In accordance with Articles 7, 13, 15, 16, 17, 18, 19, 20, 21, 22 of the UE Regulation 679/2016 you can, at any time, exercise the following rights, by contacting the Controller.

• the right to obtain from the Controller confirmation as to whether or not personal data concerning you are being processed;
• the right to obtain the access to your personal data;
• the right to request from the Controller rectification or erasure of your personal data;
• the right to request from the Controller restriction of processing of your personal data;
• the right to object to the processing of your personal data;
• the right to receive the personal data concerning you, which you have provided to Controller, in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided (data portability).

If you want to exercise any of these rights please send an email to [email protected]

Furthermore, if you believe that your rights have not been respected, you can file a complaint with the competent Supervisory Authority.

How can you control the processing of your data and reduce privacy related issues

While not required by law, we provide the following mechanism to reduce the exposure of potentially privacy related information for you.

• You can request your account to be deleted (restrictions see below) and this will be conveyed to registered entities that are using our full data.

Detailed Information

Email Addresses

The registered email address for a Nuzic user account will never intentionally be published on the internet anywhere, shared with third party organizations, or revealed directly to other users. Only system administrators will have direct access to email address data associated with the Nuzic account. It may be used by these people to contact users directly about their edits or other Maumusic SLU related issues.

Surveys

Maumusic SLU may conduct surveys within the users in order to determine the opinions and better to serve the community. Distributing surveys and processing their results may require the use of personal data such as names and email addresses. Personal data gathered or used in connection with surveys will be processed in accordance with applicable data privacy laws and will be retained only as long as reasonably necessary.

Email addresses of the users may be used to invite them to participate in surveys.

If survey data are made publicly available the data will be anonymized. Anonymized survey data, which may be useful to Maumusic SLU in the future for comparison purposes, may be retained indefinitely in accordance with applicable data privacy laws.

Third party provided services and data

Third party services providing content linked to via or third party JavaScript files utilised by Nuzic Project website are not covered by this policy and you will need to refer to the respective service providers for more information. Using these services will typically transmit at least your Internet address and browser information to the operators.

These are specifically: 

• Matomo / or/ any other WordPress plugin we use 
• Paypal and Stripe for payment collection

Duration of Data Storage

All personal data collected to provide the service (name, surname, e-mail address, nickname) will be stored for as long as necessary to provide the service.

The browsing data (for example, IdP service log records etc.) will be deleted after 6 months

Longer retention periods are provided only in the event of a request by the judicial authority in order to ascertain crimes or for accounting or tax obligations to which the controller is subject.

Cross-border transfers of personal data

The owner of the personal data processing, using the Mailchimp automated mailing system (https://mailchimp.com/), transfers personal data outside the European Union. However, it guarantees that these countries guarantee a level of protection equal to that required by European legislation (GDPR and related regulations). For more information, please submit the Mailchimp terms and privacy policy at this URL https://mailchimp.com/it/legal/terms/. 

Cookies

Some Nuzic operated services use cookies to store information on your login and site navigation state. We also use cookies and similar technologies to recognize and improve your use of our websites. You may delete cookies from your computer, and most browsers provide the option to block them. If you block cookies placed by us (first party cookies), you will not be able to access parts of the Nuzic website and services that require a login. However, your access to our websites will not be affected if you disable cookies placed by third parties.

More precisely, the cookies installed by the Nuzic website are the following:

Other Relevant Policies

As well as privacy issues, users and contributors must also be aware of the Nuzic Terms of Service and the Nuzic IP Policy.