Privacy Policy

I. The Owner and Service Provider:

SILGOA Spółka z ograniczoną odpowiedzialnością, with its registered office at Mariacka 37, 40-014 Katowice, Poland, registered in the National Court Register maintained by the District Court for Katowice-East, VIII Commercial Division, under
KRS number: 0001070939.
VAT number: 9542863239
REGON: 527016770
Email: silgoa.stream@silgoastream.com
Phone: +48 577 655 015

II. General Information

1. This document outlines the privacy principles applied by the online service SILGOA STREAM (www.silgoastream.com) regarding the collection, processing, and use of personal data by the Data Controller.
2. Personal data collected by the Data Controller is processed in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data, and the free movement of such data, which repeals Directive 95/46/EC (GDPR).
3. In accordance with Article 4(7) of the GDPR, the Data Controller is SILGOA Spółka z ograniczoną odpowiedzialnością, with its registered office at Mariacka 37, 40-014 Katowice, Poland. SILGOA is registered in the National Court Register maintained by the District Court for Katowice-East, VIII Commercial Division, under KRS number 0001070939, VAT number 9542863239, and REGON 527016770.
   Email: silgoa.stream@silgoastream.com
4. The Data Controller is committed to making every effort to protect the privacy and personal information provided by users of the website.

III. Principles of Personal Data Processing

1. Personal data will be processed in accordance with the principles outlined in Article 5 of the GDPR. Specifically, personal data will be:
   1. Processed lawfully, fairly, and in a transparent manner in relation to the data subject (‘lawfulness, fairness, and transparency’).
   2. Collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes (‘purpose limitation’).
   3. Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed (‘data minimization’).
   4. Accurate and, where necessary, kept up to date (‘accuracy’).
   5. Kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed (‘storage limitation’).
   6. Processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical and organizational measures (‘integrity and confidentiality’).

IV. Legal Bases for Processing Personal Data

1. The legal basis for processing personal data is derived from the provisions of the GDPR. When we indicate the legal grounds for processing personal data, it is based on the following:
   1. Article 6(1)(a) of the GDPR – This means that we process personal data based on the consent provided by the data subject.
   2. Article 6(1)(b) of the GDPR – This means that we process personal data because it is necessary for the performance of a contract, or to take steps at the request of the data subject prior to entering into a contract.
   3. Article 6(1)(c) of the GDPR – This means that we process personal data to comply with a legal obligation to which the Data Controller is subject.
   4. Article 6(1)(f) of the GDPR – This means that we process personal data in pursuit of the legitimate interests of the Data Controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

V. Purposes of Personal Data Processing

1. User Account:
   Personal data is processed for the purpose of creating and managing User Accounts. To create an account, the Service Provider requires the following information: name, surname, company details, email address, phone number, company tax identification number, KRS registration number, business address, and the address of residence where the service is actually used.
   After logging into their User Account, users may change their password and update or edit other personal details.
2. Certificates:
   Personal data is processed to issue certificates confirming that the Service Provider holds a license to publicly perform music without incurring OZZ (Collective Rights Management) fees.
3. Customer Service:
   The Website may collect and process (e.g., store, analyze) personal data from Users who contact the customer service department. This data is necessary for communication with the User (e.g., to respond to inquiries) and to fulfill any requests made by the User.

Personal data will be processed based on Article 6(1)(b) of the GDPR, meaning the data is necessary for the performance of a contract to which the data subject is a party or for taking steps at the request of the data subject prior to entering into a contract (e.g., setting up a user account or issuing a certificate).

4. Additional Purposes:
   Personal data may also be processed for the following purposes:
   1. Legal Obligations: When processing is necessary to comply with a legal obligation to which the Data Controller is subject, such as obligations under tax or accounting regulations to settle concluded sales contracts (Article 6(1)(c) of the GDPR).
   2. Legitimate Interests: When processing is necessary for purposes arising from the legitimate interests pursued by the Data Controller or a third party, particularly for establishing, asserting, or defending legal claims, conducting market and statistical analyses (Article 6(1)(f) of the GDPR).
5. Social Media:
   We maintain profiles on social media platforms, including Facebook (Meta), Instagram (Meta), TikTok (ByteDance), and YouTube (Google). Personal data may be processed to manage these profiles, including fan pages, in accordance with the terms and regulations of each platform. The purposes for processing personal data in this context include:
   1. Marketing and Analytical Activities: For marketing purposes and to conduct analytical activities (Article 6(1)(f) of the GDPR).
   2. Statistical and Advertising Purposes: Using tools provided by individual social media platforms to perform statistical analysis and advertising activities. The legal basis for this processing is the Controller’s legitimate interest in its own marketing efforts and managing its public image (Article 6(1)(f) of the GDPR).

VI. Period of Personal Data Processing

1. Personal data will be processed by the Data Controller for the duration necessary to:
   1. Respond to inquiries,
   2. Provide service quotations,
   3. Resolve issues,
   4. Conduct negotiations,
   5. or complete any other actions related to the purpose for which the personal data was entrusted.

2. Additionally, personal data will be processed for the duration of the contract or the provision of the service. Afterward, the data may be retained for the period required by applicable law, such as the retention of sales documents, or for the purpose of pursuing claims.
3. If the personal data has been collected based on the user’s consent for a specific purpose, it will be processed until the user withdraws their consent for that particular purpose.

VII. Recipients of Personal Data 

1. The catalogue of recipients of personal data processed by the Data Controller is determined by legal provisions, the user’s consent, and the scope of services utilized by the user.
2. Recipients of personal data may include entities involved in fulfilling the Data Controller’s orders or providing services on its behalf, such as:
   1. Employees and associates,
   2. Accounting firms,
   3. IT solution providers,
   4. Payment service companies,
   5. Banks,
   6. Marketing service providers,
   7. Telecommunications service providers,
   8. Law firms,
   9. Authorized state authorities.

3. Payment Operator:
   The payment operator is Elavon Financial Services Designated Activity Company (DAC), Branch in Poland, with its registered office at Puławska 17, 02-515 Warsaw. Elavon DAC is registered in the Register of Entrepreneurs of the National Court Register, maintained by the District Court for the Capital City of Warsaw, XIII Commercial Division, under KRS number 287836, REGON number 300649197, NIP 2090000825. The share capital of Elavon Financial Services DAC is €6,400,001. Elavon Financial Services DAC operates under the trade name Elavon Merchant Servicesand is regulated by the Central Bank of Ireland.
4. Transfers Outside the EEA:
   In cases where personal data is transferred to entities located outside the European Economic Area (EEA), the Data Controller ensures compliance with the requirements of Chapter 5 of the GDPR, including the implementation of appropriate safeguards for such transfers. These safeguards may include the use of Standard Contractual Clausesadopted by the European Commission.

VII. Your Rights in the Protection of Personal Data

1. As the provision of your personal data is voluntary, you have the following rights under the GDPR:
   1. Right of access to your personal data (Article 15 of the GDPR).
   2. Right to rectify your personal data (Article 16 of the GDPR).
   3. Right to erasure of your personal data (“right to be forgotten” – Article 17 of the GDPR).
   4. Right to restrict the processing of your personal data (Article 18 of the GDPR).
   5. Right to data portability (Article 20 of the GDPR).
   6. Right to object to the processing of your personal data (Article 21 of the GDPR).

2. If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with the President of the Office for Personal Data Protection. More information can be found on their website: https://uodo.gov.pl/.
3. You may withdraw your consent to the processing of personal data at any time. Withdrawal of consent does not affect the lawfulness of the data processing that took place before the consent was withdrawn.

IX. Personal Data Breach

1. In the event of a personal data breach, the Data Controller will notify the supervisory authority, the President of the Personal Data Protection Office, without undue delay and no later than 72 hours after becoming aware of the breach, unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons.
2. If the notification is submitted to the supervisory authority after the 72-hour deadline, the Data Controller will include an explanation for the delay.
3. If the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Data Controller will also notify the affected data subjects without undue delay.

X. Cookies Policy

1. Cookies are used on the Website.
2. Cookies are small pieces of text information sent by the server and stored on the User’s device when using the www.silgoastream.com website. The use of cookies is essential for the proper functioning of the Website and is aimed at improving the User’s experience with the Online Service.
3. The cookies used by the Data Controller are safe for the User’s device. They do not allow viruses or other harmful software to enter the User’s device. These files help identify the software used by the User and allow the Website to be tailored to the individual needs of each User. Cookies generally contain the name of the domain from which they originate, the time they are stored on the device, and a unique value.
4. The primary purpose of cookies is to facilitate the use of the Website by remembering previously provided information, so the User does not need to re-enter it each time. Cookies also help to tailor content, including advertisements, to the User’s preferences.
5. Cookies collect various types of information, most of which do not constitute personal data. However, some information, depending on its content and how it is used, may be linked to a specific individual and, therefore, considered personal data. In such cases, the provisions of the Privacy Policy apply, particularly regarding the rights of the data subject.
6. Details on the information collected by cookies are made available in the information clause, which is displayed prominently and easily accessible during the User’s first visit to the www.silgoastream.com website.
7. Users have the right to object to the use of cookies by the Data Controller. If consent has been previously given, it can be withdrawn at any time.

Types of Cookies Used

1. Storage Duration:
   1. Session Cookies:
      These cookies are stored on the User’s device only during the current browser session. Once the session ends, the cookies are permanently deleted from the device’s memory. Session cookies do not collect any personal or confidential information from the User’s device. They are essential for certain website applications or functionalities to work properly.
   2. Persistent Cookies:
      These cookies remain on the User’s device even after the browser session ends or the device is turned off. The retention time depends on the settings selected in the User’s web browser. Persistent cookies allow information to be sent to the server each time the website is revisited. Like session cookies, they do not collect personal or confidential information from the User’s device.
2. Purpose of Collection:
   1. Necessary Cookies:
      These cookies are essential for the proper functioning of the website. They are processed based on the legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR).
   2. Statistical Cookies:
      These cookies help us analyze website traffic, learn about User preferences, and understand User behavior. They also enable interaction with external platforms and networks. Statistical cookies are processed based on the User’s voluntary consent (Article 6(1)(a) of the GDPR).
   3. Marketing Cookies:
      These cookies allow us to tailor advertisements and content to the preferences of our Users and conduct personalized marketing campaigns. They are processed based on the User’s voluntary consent (Article 6(1)(a) of the GDPR).

3. Use by Advertising Networks:
   Cookies may also be used by advertising networks, particularly the Google network, to display ads tailored to the way the User navigates the Website. This may include storing information about the User’s browsing path or time spent on particular pages.
   For more details about managing preferences related to the Google advertising network, Users can view and edit cookie-related information using this tool: https://www.google.com/ads/preferences/.
4. Managing Cookies:
   Users can independently manage cookie settings at any time, including defining the conditions for their storage and access on their device. This can be done through web browser settings, which can be configured to block cookies automatically or notify Users each time cookies are placed on the device.
   Detailed instructions on managing cookies can be found in the browser’s help section, accessible by pressing the F1 key in most browsers. Users can also refer to the following links for specific browser instructions:
   1. Firefox
   2. Chrome
   3. Safari
   4. Internet Explorer / Microsoft Edge

Restricting the use of cookies may impact the functionality of some features available on the Website.

5. Third-Party Cookies:
   The Website also collects third-party cookies, which come from external servers. We use the following services:
   1. Google Analytics 4
   2. Google Ads
   3. Meta
   4. SalesManago

XI. Changes to the Privacy Policy

We reserve the right to modify or update this Privacy Policy and Cookies Policy as necessary. Any changes or additions will be communicated to Users by posting the updated information on the main page of the Website.

This version of the Privacy Policy and Cookies Policy is effective as of September 10, 2024.