PROTECTION OF DATA AND PRIVACY

Last updated: 23 November 2023

PROTECTION OF DATA AND PRIVACY

At DanceLib SA we pay a lot of attention to the protection of your personal data. We respect your privacy and we protect data carefully and in accordance with applicable laws. We only collect and process your data if we have a legal basis for doing so, and only to the extent strictly necessary to achieve the purpose of the processing of personal data.

Below is our contact information as a controller of personal data, information about what personal data we process, on what legal basis, for what specific purposes, to whom we can transfer it, what cookies we use and for what purposes and what are your rights in connection with processing of your personal data.

Capitalized terms used in this Privacy Policy shall have the same meaning as in the DanceLib Terms of Use, unless indicated otherwise in this Privacy Policy.

1. WHO ARE WE AND HOW YOU CAN CONTACT US?

Information about us as a data controller:

Company name:	DanceLib SA c/o Dance Event Production Sàrl
Short company name:	DanceLib SA
Headquarters:	Thônex
Business address:	Route de Sous-Moulin 39, c/o Dance Event Production Sàrl, 1226 Thônex, Genève, Switzerland
Registration number:	CHE-321.783.533
Tax number:	CHE-321.783.533 TVA
e-mail address:	privacy@dancelib.com

2. WHAT DATA DO WE PROCESS, FOR WHAT PURPOSES, WHY ARE WE ENTITLED TO IT, TO WHOM AND WHERE DO WE TRANSFER IT AND HOW LONG DO WE KEEP IT?

We process your data or data relating to you in different situations for different purposes. To make the processing of your personal data as transparent as possible, we have below separated the different situations in which we process your data. For each situation, we have explained what data we process, for what purposes, why are we entitled to process it, to whom we transfer the data, how long we store it and other information that is important so that you can understand the nature of the processing of your data.

2.1 If you visit our website

Our website, including the personalized functionalities, is accessible via www.dancelib.com and subdomains.

When you visit our website, we process your data for the purpose of ensuring the safe and efficient operation of the website, for the purpose of analysing the behaviour on our website in order to improve website functionality and optimize display of our offers, and for the purpose of displaying personalized functionalities and offers.

1. Functioning and security of the website, performance of service

We acquire and process certain personal data required for the functioning and security of the website and for performance of services accessible through the website. We also process certain data to improve our services. You can find further information below.

The operation of the website is also supported with necessary cookies set by our domain. Cookies are small text files that are stored on your device (computer, mobile phone or tablet) and consequently read from it. These cookies e.g., enable the safe functioning of the website, identification and elimination of errors in the operation of the website, identification when switching between individual websites of our domain and revisits, allow you to save your cookie settings, etc. If you disable cookies on your browser, the website may not work properly.

• Cookies and other technologies:

Cookie	Purpose and functioning	Duration	Which domain sets the cookie?
_cookieconsent	This cookie saves the user’s consent status regarding cookies on the website. It is essential to remember the user’s preference and avoid repeatedly asking for consent.	12 months	www.dancelib.com
Auth0	This cookie is required for login and account functionality – single Sign-on. It is used to implement the Auth0 session layer.	12 months	www.dancelib.com
Auth0_compat	This cookie is required for login and account functionality – single Sign-on. It is a fallback cookie for single sign-on on browsers that don’t support the sameSite=None attribute.	12 months	www.dancelib.com
Did	This cookie is used for attack protection in connection with login and account functionality on the website. It enables device identification for attack protection.	12 months	www.dancelib.com
Did_compat	This cookie is used for attack protection in connection with login and account functionality on the website. It is a fallback cookie for anomaly detection on browsers that do not support the sameSite=None attribute.	12 months	www.dancelib.com

• Information we acquire and process:
  • Usage identifiers: information about how you access our websites, including information about the device and browser you use, your network connection and your IP address. 
  • User identifiers: With regard to login and account functionality on the website, we also acquire and process account details and personal details related to your account, such as username, country, e-mail address, year of birth.
  • Personalization identifiers: To enable delivery of personalized service, we acquire, relate to your account and process information such as what is the default dance you would like to use our service when log in, what are your other dance type preferences, what level of dance skills do you have and whether you are using the services in a position of an instructor.

Please note that your username also functions as a public handle to enable interaction with other users within the current and future functionalities of the website. This means that your username may be visible to other users.

• Basis for data acquisition and processing:
  • Usage identifiers: it is in our legitimate interest that we can provide you with a secure and efficient online service. 
  • User identifiers: With regard to personal data relating to your account, we also process the personal data to perform our contract and deliver our services.
  • Personalization identifiers: we process the data in order to perform the contract and deliver you the inherently personalized service. We also use this data relying on our legitimate interest for statistical purposes to improve our services.
• Retention/processing period: regarding cookies, the data is retained and processed for the duration of each cookie. Regarding personal data relating to your account, we process your data and retain it throughout the duration of the contract and your account, and thereafter until the expiry of the statute of limitation periods for any claims that may arise out of or in connection with your contract with us.
• Data transfer and processing of the data: with regard to data relating to your account, we transfer to and process your data with our processor Auth0, Inc., incorporated in Delaware, USA, address 10800 NE (10800 NE 8th Street, Suite 700, Bellevue, WA 98004, USA (herein: “Auth0”), who acts as our data processor for the purposes of identity management of our customers and enabling the login and account services. For the purposes of providing the services, Auth0 may also transfer data to its sub-processors (a current list of sub-processors is available here). Personal data may be transferred to Auth0 and its sub-processors outside the EEA, Switzerland or the United Kingdom to a country where the appropriate level of protection is not established, whereby in this case, such transfer is made under standard contractual clauses. For transfers to the USA, when permitted under applicable law, personal data transfer may be made in line with the European Commission Adequacy Decision dated 10 July 2023 (available here) that designates the USA as a country that ensures adequate level of protection. You can read more about how Auth0 processes data here, whereas additional information on data transfers can be found here. 
• Use of data for additional purposes:
  • We may use your user and contact information on the basis of contract performance when we contact and inform you for matters in relation to performance of the services through the website (e.g. if we need to communicate you information such as changes of the terms of service, updates etc.) and to communicate with you if you contact us (e.g. if you have an issue with the service, you wish to provide feedback etc.). 
  • Also, we may use the information listed in this section for further purposes (other than explained above) within the scope of our legitimate interest, such as for statistical purposes using anonymized and aggregated data that enable us to constantly improve our services. 

2. Analytics

We use cookies and other web beacons to analyse behaviour on our website. We use cookies and other technologies and process the data based on your consent, which you can actively provide when you visit our website. We use the data that we obtain to create statistics and reviews, especially to track the number of visits to our websites or to our individual content, to measure the effectiveness of ads and in order to improve the user’s experience and make the content of the website even more friendly and interesting and tailored to your needs.

• Cookies and other technologies: 

Cookie	Purpose and functioning	Duration	Which domain sets the cookie?
_ga	It is the main cookie used by Google Analytics. A cookie allows the service to separate one user from another. It is used to calculate data about visitors, sessions, campaigns and to monitor the use of the website for the analytical report of the website. The cookie stores data anonymously and assigns a randomly generated number to identify unique visitors.	13 months and 4 days	www.dancelib.com
_ga_*	A cookie used by Google Analytics to store and count page views.	13 months and 4 days	www.dancelib.com
*_posthog	This cookie calculates visitor, session and campaign data and track site usage for the site’s analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.	1 year	www.dancelib.com

• Information we acquire and process: online identifiers, including cookie identifiers, internet protocol addresses and device identifiers, customer identifiers.
• Purpose of processing: to calculate data about visitors, sessions and campaigns, to monitor the use of the website, to carry out an analytical report of the website, i.e., how visitors use the website, where they come from and how the website works.
• Basis for data acquisition and processing for above-described purposes of analytics: your consent.
• Data transfer and processing of the data:
  • in relation to _ga and _ga_* cookies: Google Ireland Limited, incorporated in Ireland (Google Building Gordon House, Barrow St, Dublin 4, Ireland) acts as our data processor for the purposes of performing analytics, as described above. The company may also transfer data to its sub-processors (a current list of sub-processors is available here). If the data is transferred outside the EEA, Switzerland or the United Kingdom to a country where the appropriate level of protection is not established, the data is provided to Google LLC incorporated in the USA (1600 Amphitheater Parkway, Mountain View, California) under standard contractual clauses. For transfers to the USA, when permitted under applicable law, personal data transfer may be made in line with the European Commission Adequacy Decision dated 10 July 2023 (available here) that designates the USA as a country that ensures adequate level of protection. For the purposes of providing the services, Google LLC may also transfer the data to its sub-processors, and the data may also be transferred to countries that do not have an adequate level of data protection under standard contractual clauses. You can read more about how Google processes data here. The privacy policy is available here. 
  • in relation to _posthog cookie: PostHog Inc, incorporated in the USA (2261 Market Street #4008, San Francisco, CA 94114, USA) acts as our data processor for the purposes of performing analytics, as described above. The company may also transfer data to its sub-processors (a current list of sub-processors is available in this document). If the data is transferred outside the EEA, Switzerland or the United Kingdom to a country where the appropriate level of protection is not established, the data is provided to the processor and/or its sub-processors under standard contractual clauses. For the purposes of providing the services, the processor may also transfer the data to its sub-processors, and the data may also be transferred to countries that do not have an adequate level of data protection under standard contractual clauses. For transfers to the USA, when permitted under applicable law, personal data transfer may be made in line with the European Commission Adequacy Decision dated 10 July 2023 (available here) that designates the USA as a country that ensures adequate level of protection. The privacy policy of the processor is available here. 
• Retention/processing period: the data is retained and processed for the duration of each cookie.

3. Customized offers and marketing

• Cookies and other technologies: we use various Meta tools for the purposes of targeted marketing of our items and analysis and improvement of marketing, which include the use of cookies and other web tracking technologies (web bacons, pixels, etc.), such as e.g., Meta JavaScript pixel.

Cookie	Purpose and functioning	Duration	Which domain sets the cookie?
_fbp	The cookie identifies browsers for the purposes of providing advertising and website analytics services. The cookie helps to measure the success of advertising campaigns with Meta tools.	90 days	www.dancelib.com

• Information we acquire and process: information about your device, purchases made, ads viewed, regardless of whether you have a Facebook account and whether you are logged in to Facebook, information about your actions and purchases in the online shop, etc.
• Purpose of processing: the data is processed for the purposes of analytics and measurement (regarding our advertising campaigns, use of services, etc.), conducting targeted marketing on the social network Facebook, creating audiences with similar interests to advertise items, sending personalized marketing and commercial messages and improving ad serving and customization of functions and content.
• Basis for data processing: your consent.
• To whom we provide data: We provide the data to Meta Platforms Ireland Limited incorporated in Ireland (4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland), which processes the data either as our processor (in terms of providing analytics) or with Meta Platforms Ireland Limited operators as joint processors (in relation to the use of advertising tools).
• Data processor: with regard to analytics and measurement services (regarding our advertising campaigns, use of services, etc.), Meta Platforms Ireland Limited acts as our processor. Data may be transferred outside the UK, EU, EEA and Switzerland to sub-processor Meta Inc. incorporated in the USA. The transfer is based on standard contractual clauses approved by the European Commission. For transfers to the USA, when permitted under applicable law, personal data transfer may be made in line with the European Commission Adequacy Decision dated 10 July 2023 (available here) that designates the USA as a country that ensures adequate level of protection. Meta Inc. may further transfer the data to its sub-processors outside the UK, EU, EEA and Switzerland. 
• Joint controllership: Joint controllership extends to the collection of personal data through Meta Business Tools and their further transfer to Meta Platforms Ireland Limited for the purpose of conducting targeted marketing on the social network Facebook, creating audiences with similar interests to which we will advertise items, for the purpose of sending personalized marketing and commercial communications and for the purpose of improving ad serving and customizing features and content.

In cases where we act as joint controllers with Meta Platforms Ireland Limited, we have entered into a joint controllership agreement, in which we have defined the respective responsibilities for fulfilling the obligations under the General Data Processing Regulation (GDPR) regarding joint processing. Meta Platforms Ireland Limited is responsible for your rights under Articles 15-20 of the GDPR in relation to personal data that Meta Platforms Ireland Limited stores and processes after joint processing.

For more information about how Meta Platforms Ireland Limited processes personal information, including the legal basis on which Meta Platforms Limited relies and how to enforce your rights against Meta Platforms Ireland Limited, you can find in Meta Platforms Ireland Limited’s privacy policy here, and in the cookie policy here.

• Retention/processing period: data based on cookies is stored and processed for the duration of cookies, and other data for a maximum of 90 days.

2. Processing of personal data when subscribing to E-newsletter

You can subscribe to our E-newsletter via form on the website or via consenting to subscription when the option to do so is displayed to you elsewhere on the website or when consenting at the time of purchasing a licence for Premium Plan(s) at our reseller. You can unsubscribe from receiving E-newsletter at any time by clicking on the “unsubscribe” link in any e-mail you receive.

• Purpose of processing: to send E-newsletters with customized offers, additional discounts, promotions and news and for carrying analysis of responses to e-mails (whether the message was open, clicks, etc.) using online tracking technologies for the purposes of managing e-mail campaigns, analysis of their effectiveness and their customization.
• Processed data: email address, information about your device such as IP address, operating system, browser ID and other information about your system and connection, your interactions with campaigns (and/or emails), which may include dates and times for accessing campaigns (and/or emails) and browsing activities (such as which pages you view and which emails you open).
• Technologies: web tracking technologies are used for the purpose of obtaining data regarding your interaction with e-mails, e.g., web bacons technologies.
• Basis for processing data: your consent, which you give when you subscribe to the E-newsletter.
• Data processor: ActiveCampaign, LLC, incorporated in the USA (1 North Dearborn Street, 5th floor, Chicago, IL 60602) processes the data as our processor for the above-mentioned purposes. ActiveCampaign, LLC. may provide the data for processing to its sub-processors (a list of current sub-processors is available here). You can learn more about how ActiveCampaign processes the data in line with a Data Processing Addendum here. The data may be transferred and processed in another country outside the EEA/EU area, such transfer being based on standard contractual clauses adopted by the European Commission. For transfers to the USA, when permitted under applicable law, personal data transfer may be made in line with the European Commission Adequacy Decision dated 10 July 2023 (available here) that designates the USA as a country that ensures adequate level of protection.
• Retention/processing period: until your consent is revoked.

3. Processing of personal data provided to us from our resellers

When you purchase licence for Premium Plan(s) from our reseller, the latter, subject to prior information to you, transmits to us your personal data set out in this section. We process such data to enable you to access and use DanceLib Service and particularly the DanceLib Platform features, to the extent corresponding to your licence in line with the Terms of Use. We may also use such data for other purposes as set forth below.

• Data: your username, personal details such as name, surname, address, e-mail address, and license details.
• Basis for processing data: performance of contract.
• Retention/processing period: until you are entitled to premium functionalities according to the Paid Plan(s) corresponding to your licence, and thereafter until the expiry of the statute of limitation periods for any claims that may arise out of or in connection with your contract with us.

4. Resolving complaints and answering your questions and requests, keeping accounting and business records, performing internal control and improving support services, and protecting legal claims

• Data: contact details (name, surname, telephone, e-mail), order data, content of conversations through various channels (e-mail, Facebook messenger, etc.).
• Basis for processing: the basis for processing complaints and other claims relating to our services is our legitimate interest in dealing with your complaints and other claims in accordance with the law and answering questions and providing proof of their receipt and resolution. We also process data based on a legitimate interest to exercise internal control over the timely and regular fulfilment of your requirements and to improve the order processing system and customer claims and relationships, thereby improving our customer support services.
• Retention/processing period: we store and process the data for the above-mentioned purposes for as long as the statutory and contractual deadlines for asserting claims stipulate. In any case, we process and store the data in order to protect legal claims and maintain our internal records and controls for another year after the expiry of the statute of limitations, should the claim be enforced at the end of the statute of limitations. In the case of legal, administrative or other proceedings, we process your personal data for the period necessary for the duration of such proceedings and for the remaining period of limitation after its completion. Our legitimate interest in this case is to protect legal claims and control the regular performance of our services.

5. Processing of personal data for fulfilment of legal obligations

We can also process your contact and identification data and order data when this is necessary to fulfil legal obligations. In these cases, we may transfer the data to external partners, such as accounting services.

For this purpose, we use personal data for a maximum of 10 years after the last issued document regarding your order.

6. Processing of personal data for purposes other than that for which the personal data were initially obtained

We may use the personal data listed in this privacy policy for additional purpose of improving our services within the scope of our legitimate interest. In this case, we will use anonymized and aggregated data for statistical purposes for service improvement in the way that such aggregated and anonymized statistical data does not anymore represent information under which individuals are identifiable.

3. COOKIE SETTING MANAGEMENT

You can change your cookie settings at any time by clicking on the “Manage cookie settings” icon. You may need to refresh the page for the settings to take effect. Most web browsers also provide some control over most cookies through browser settings. You can find out how to manage cookies in browsers on the browser provider’s website.

4. WHAT RIGHTS DO YOU HAVE IN RELATION TO THE PROCESSING OF YOUR DATA?

You may exercise the following rights with respect to your data:

• right to access to your personal data: we hope that in this document we have provided you with all the necessary information you need regarding the processing of your data. However, if you still have any questions, please contact us and we will be happy to give you all the necessary explanations.
• right to rectification: we strive to keep accurate and complete information at all times. In the event that we unintentionally keep inaccurate or incomplete information, you have the right to request that we correct and/or supplement it.
• right to erasure: in some cases you have the right to request the deletion of your personal data. We will delete your personal information as soon as possible if any of the following reasons are met:

• we no longer need your personal data for the purposes for which we processed them;
• you have withdrawn your consent to the processing of personal data, in relation to the processed data, for which your consent is necessary, and at the same time we have no other basis to further process this data;
• you have exercised your right to object to the processing of personal data that we process on the basis of our legitimate interest, and we recognize that we no longer have legitimate interests that would justify the further processing of this data, or
• you assume that the processing of personal data that we carry out is no longer in accordance with generally binding legal regulations.
• right to restriction of processing: In some cases, in addition to the right to erasure, you may also exercise the right to restrict the processing of personal data. We must limit the processing of personal data:

• if you challenge the accuracy of personal data, until we reach an agreement on which data is correct;
• if we process your personal data without an appropriate legal basis (e.g., above the intended scope), instead of deleting such data, you will give priority to their limitation (e.g., if you assume that you will still want to provide this data to us in the future);
• if we no longer need your personal information for the purposes described above, but you need it to determine, execute or defend your legal claims, or
• if you object to the processing of data.

• right to data portability: you can request from us all your personal data that you have provided to us and that we process on the basis of your consent and on the basis of the implementation of the contract. We will provide you with personal data in a structured, stable and machine-readable form. You have the right to request that personal data be transferred directly from us to another controller when technically feasible.
• right to object to the processing of data: based on the reasons related to your special situation, you have the right to object to the processing of personal data that is based on our legitimate interests. In any case, you always have the right to object to the processing of data for the purposes of direct marketing. We will immediately stop processing your data for marketing activities; in other cases, we will do the same if we do not have legitimate reasons for processing that outweigh your rights or to enforce legal claims.
• right to withdraw consent: you also have the right to withdraw consent for processing in cases where we process data based on your consent.

In any case, you have the right to file a complaint with the Federal Data Protection and Information Commissioner, the Swiss supervisory body responsible for data protection. If you are from the EU, you can also direct your complaint to the information commissioner or other competent authority in your member state. However, we would appreciate it if you could contact us before filing a complaint, as we are confident that together we will be able to address your concerns regarding the processing of your personal information.

5. HOW CAN YOU EXERCISE YOUR RIGHTS WITH US?

If you have a question or you would like to exercise your rights, simply email us at privacy@dancelib.com. We will try to respond to your request as soon as possible, and within one month at the latest.

If you are from EU, you can also send your questions related to personal data processing under the GDPR, to our EU Representative SKOZAR Legal & Venture d.o.o., Kersnikova ulica 6, Ljublljana, Slovenia (EU) via email to office@skozar.com.