x
This website is using cookies. More info. That's Fine

privacy-policy

SecretSoundService is firmly committed to respect the privacy of any individual and takes any necessary technical and organizational measures to ensure privacy and protection of all operations that involves, directly or indirectly, processing of personal data, against unauthorized and unlawfulness processing of those.

 

This policy will also take into consideration the new law, 679/2016, also known as General Data Protection Regulation (GDPR), which updates the rules of the Directive 95/46/CE, which is replacing.

 

Audience

SecretSoundService’s Privacy policy applies equally to all SecretSoundService personnel, that have access to any resources, computing and communications that involves processing of personal data and 3rdParties with/from whom SecretSoundService will send and/or receive personal data.

 

Purpose

The Privacy policy is aimed to inform interested parties regarding the collection, use of personal data and rights of the individuals (aka data subject).

 

Principles

Confidentiality of data is considered crucial in our line of business. All our policies and procedures do have a strong focus on ensuring that processing and storage is appropriate and lawfully of all personal data and security of information, which also includes protecting its confidentiality, integrity and availability, as required by the GDPR law, starting 25 May 2018.

 

Processing of personal data will be done ensuring:

  • lawfulness, fairness and transparency
  • having purpose limitations, specific/explicit scope(s)
  • Data minimization, to only gather what is needed to fulfill the stated scope and kept no longer than the intended scope.
  • Taking reasonable steps to ensure Accuracy of personal data
  • Storage limitations, considering the scope, period needed, and retention policies organization has in place. Where is the case, old data will be removed or corrected without unnecessary delays
  • Integrity and confidentiality, as any important information it’s security should be preserved, as part of our ISMS. Only authorized personnel and agreed 3rd parties will have access to process this data
  • Individual rights are preserved:
    • Right to be informed
    • Right to Access
    • Right to Rectification
    • Right to Erasure
    • Right to Restriction of processing
    • Right to Data portability
    • Right to Object

 

Privacy Statement will provide more details on how you can use your rights

 

Collection and processing of personal data

We’re processing personal data of:

  • individuals that are part of a contract or looking to get into a commercial relation with our organization
  • individuals that are part of an organization that is in a commercial relation with our organization or interesting in getting into such relationship
  • individuals that are interested in joining our organization, on any of the open positions
  • individuals that are interested in what we do or services that we’re offering

 

3rd Parties/Other Data Controllers & Processors

SecretSoundService may disclose and share personal data with other 3rd Parties needed to execute our services. In our commercial agreements, SecretSoundService may play the role of either Data Controller or Data Processor, with different 3rd Parties, Customers or Suppliers.  In any case, SecretSoundService will be signing a Data Processing Agreement (DPA) that will ensure that this policy is followed by them and privacy of individuals is protected accordantly

 

Data Controllers – we may receive personal data from clients or other 3rd parties, as part of a commercial contract or legal requirement. In such situations, SecretSoundService will play the role of a Data Processor, as such will comply with Data Controller’s DPA.

Data Processor – we may send personal data that we collect, to clients or other 3rd parties, as part of a commercial contract or legal requirement. In such situations, SecretSoundService will play the role of a Data Controller.

 

Data Transfers

SecretSoundService will take appropriate measures and controls to ensure data is transferred only to accepted countries and using appropriate communication channels that will ensure security of the data in transit.