Privacy Policy

Doel: Creating, managing and maintaining user accounts and enabling the Service.

Categories of personal data:

• First and last name
• Email address
• Job title
• Company name and business address
• Account details and login credentials
• Music preferences and settings per location

Grondslag: Performance of the agreement with you or the company you represent.

Bewaartermijn: For the duration of the business relationship and a maximum of two (2) years after termination of the account.

Doel: Compiling contextual music curation, generating analytics and improving music tuning per location.

Categories of personal data:

• Playback data (which music was played when)
• Location data (location type, size, zones)
• Usage patterns (times, frequency, adjustments)
• Device and connection data

Grondslag: Performance of the agreement. For improvement of the Service, we rely on our legitimate interest in continuously improving our service and music curation.

Bewaartermijn: Playback data is retained for the duration of the agreement. After termination, data is deleted or anonymised within thirty (30) days, unless a legal retention obligation applies.

Doel: Processing orders, invoicing, performing credit checks and handling payment-related complaints.

Categories of personal data:

• Payment details (card type, expiry date, last four digits)
• Billing address
• Transaction history
• Chamber of Commerce number and company information

Grondslag: Performance of the agreement.

Bewaartermijn: For the duration of the business relationship and a maximum of two (2) years after the last transaction. Financial data is retained in accordance with the statutory retention obligation under tax legislation (seven years).

Doel: Communication with you for customer service, handling enquiries, complaints and support requests.

Categories of personal data:

• First and last name
• Contact details (email, phone)
• Content of your communications with us
• Account details

Grondslag: Legitimate interest, being the ability to adequately deliver the Service and maintain the client relationship.

Bewaartermijn: A maximum of one (1) year after handling of the request.

Doel: Sending information about our services, new features, offers and business activities.

Categories of personal data:

• Email address
• First and last name
• Company name and sector

Grondslag: Legitimate interest, being the ability to inform existing and potential clients about our services. You may unsubscribe at any time via the unsubscribe link in our messages.

Bewaartermijn: Until you unsubscribe or until the end of the business relationship, plus a maximum of twelve (12) months.

Doel: Collecting statistical data about visits to our website, analysing web traffic and improving the user experience.

We use the following analytics services:

• Google Analytics — for analysing visitor behaviour, traffic sources and conversions. Google Analytics places cookies and processes data such as IP address (anonymised), pages visited, session duration and device data. Google may process this data on servers outside the EEA; see section 5 for the safeguards we apply.
• Vercel Analytics — for collecting anonymous performance data on page load times and web traffic. Vercel Analytics is privacy-friendly and does not use cookies.

Categories of personal data:

• IP address (anonymised with Google Analytics)
• Browser type and version
• Operating system
• Pages visited and click behaviour
• Referring URL
• Time and duration of visit

Grondslag: Consent (for non-strictly necessary cookies, including Google Analytics) or legitimate interest (for strictly necessary cookies and cookieless analysis via Vercel Analytics).

Bewaartermijn: A maximum of six (6) months. In most cases, data is anonymised sooner. With Google Analytics we apply the shortest possible retention setting.

Doel: Complying with legal obligations, including accounting obligations and cooperation with requests from competent authorities.

Grondslag: Compliance with a legal obligation.

Bewaartermijn: In accordance with the applicable statutory retention period. For financial administration, a retention obligation of seven (7) years applies under tax legislation.

Doel: Complying with contractual obligations towards music platforms and content suppliers, including reporting playback data to administer licence rights and calculate fees for rights holders.

Categories of personal data:

• Company name and business address of the client
• Aggregated playback statistics (which tracks, how long, how often)
• Location data (location type, not the exact address)

Grondslag: Legitimate interest, being the fulfilment of contractual reporting obligations towards music platforms and content suppliers.

Bewaartermijn: We process and retain this data for as long as necessary to fulfil our contractual reporting obligations, with a maximum of two (2) years. Music platforms and content suppliers may, as independent data controllers, retain your data for longer.

Sharing of data: We share this data with music platforms and content suppliers with whom we have a contractual relationship. These parties process your data as independent data controllers according to their own privacy policy, or as our processor according to our instructions. In the latter case, we enter into data processing agreements to ensure your data is processed in accordance with this privacy policy.

Kaires Lite vs. Kaires Pro: With Kaires Lite, music is played via the Spotify catalogue. Spotify processes data as an independent data controller in accordance with Spotify's own privacy policy. With Kaires Pro, only royalty-free music is played. Playback data is only shared with the content supplier from whom the music originates, insofar as this is contractually required.

You have the right to request which personal data we process about you and to receive a copy thereof. This request is free of charge, unless it is excessive or repetitive.

You have the right to have inaccurate or incomplete personal data corrected. You can also adjust certain data yourself via your account settings on the platform.

You may request that we delete your personal data in the following circumstances:

• the data is no longer necessary for the purpose for which it was collected;
• you withdraw your consent and there is no other legal basis for the processing;
• you object to the processing and there are no overriding legitimate grounds;
• the data has been unlawfully processed; or
• erasure is required to comply with a legal obligation.

We may refuse your request if retention is necessary for the performance of the agreement, compliance with a legal obligation (such as the fiscal retention obligation), or the establishment, exercise or substantiation of legal claims.

You have the right to restrict the processing of your personal data if:

• you contest the accuracy of the data, for the period we need to verify the accuracy;
• the processing is unlawful and you oppose erasure;
• we no longer need the data, but you need it for a legal claim; or
• you have objected on the basis of section 7.5, pending the assessment.

You have the right to object to the processing of your personal data when it is based on our legitimate interest. We will cease the processing, unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms.

For direct marketing, an absolute right to object applies: if you object, we will stop the processing immediately. Every promotional message includes an unsubscribe link.

You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format, and to transfer this data to another data controller. This right applies where the processing is based on consent or a contract. Where technically feasible, you may request that we transfer the data directly to another party.

Insofar as the processing is based on your consent, you have the right to withdraw it at any time. Withdrawal does not affect the lawfulness of processing prior to the withdrawal.

We appreciate it if you contact us first if you believe we are not processing your personal data correctly. However, you always have the right to lodge a complaint with the supervisory authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (Dutch Data Protection Authority):