GDPR Policy at Shazam

The General Data Protection Regulation (GDPR) is a comprehensive data protection regulation that came into effect on May 25, 2018, within the European Union (EU). It is designed to harmonize data protection laws and enhance data privacy rights for individuals within the EU, as well as for organizations that handle their data.

Data Controller, as the operator of this website, acts as the data controller for the personal data you provide. You can contact us at [email protected] if you have any questions or concerns related to your data privacy.

Principles of GDPR Compliance

Our approach to GDPR compliance is guided by the following principles:

  • Lawfulness, Fairness, and Transparency: We process your data lawfully, fairly, and in a transparent manner.
  • Purpose Limitation: We collect your data for specific, explicit, and legitimate purposes, and we do not process it further in a manner that is incompatible with those purposes.
  • Data Minimization: We ensure that the data we collect is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
  • Accuracy: We take reasonable steps to ensure the accuracy of the data we hold.
  • Storage Limitation: We retain data for no longer than is necessary for the purposes for which it is processed.
  • Integrity and Confidentiality: We maintain the security and confidentiality of your data, employing appropriate measures to protect it.
  • Accountability: We take responsibility for our data processing activities and demonstrate compliance with GDPR principles.

Data Collection

We collect various types of data to provide our services and ensure the best user experience. The types of data we collect include:

  • Personal Information: Data that can be used to identify you, such as your name, email address, phone number, and contact details. We collect this information during the registration process and when you contact us for assistance.
  • Financial Information: Information related to payments and financial transactions, including credit card details, is collected to process your transactions securely and efficiently.
  • Usage Data: We automatically gather information about how you interact with the Website, including your IP address, browser type, device type, and operating system. This data helps us understand how you navigate and engage with our platform.
  • Cookies: To enhance your browsing experience and collect insights into user behavior, we use cookies. These small text files are placed on your device to collect information about your preferences and activities on the Website. You have the option to disable cookies in your browser settings; however, please note that this may impact your overall experience on the Website.

Legal Basis for Data Processing

We process personal data based on various legal bases, including:

  • Contractual Necessity: To fulfill our contractual obligations with you, such as processing transactions and providing customer support.
  • Consent: For processing activities where we rely on your explicit consent, such as sending promotional communications.
  • Legal Obligations: To comply with legal obligations or requirements.
  • Legitimate Interests: For purposes that are in our legitimate interests, such as improving our services and preventing fraud.

Data Subject Rights

As a user, you have several rights under GDPR, including:

  • The Right to Access: You can request access to the personal data we hold about you.
  • The Right to Rectification: You can request that inaccurate or incomplete data be corrected.
  • The Right to Erasure: You can request the deletion of your personal data under certain circumstances.
  • The Right to Data Portability: You can request your data in a structured, machine-readable format.
  • The Right to Object: You can object to processing based on legitimate interests or for direct marketing purposes.
  • The Right to Restriction of Processing: You can request the restriction of processing under certain circumstances.

Data Security

We take data security seriously and employ industry-standard security measures to protect your data from unauthorized access, disclosure, alteration, or destruction. Our security measures are designed to safeguard your data integrity and confidentiality.

Data Breach Notification

In the event of a data breach that may result in a risk to your rights and freedoms, we will notify the appropriate supervisory authority and you, as the data subject, in compliance with GDPR requirements.

Data Protection Impact Assessment (DPIA)

We conduct Data Protection Impact Assessments as needed to assess and mitigate data processing risks.

Privacy by Design and by Default

Privacy is a central element in the design and development of our services. We strive to implement appropriate measures to protect your data from the outset and ensure that only necessary data is processed.

International Data Transfers

We may transfer your data outside the EU, where necessary, in compliance with GDPR requirements.