Sound Alerts Privacy Policy

Effective date: October 10th, 2024

Foreword

We are LayerApps GmbH and team (hereinafter collectively referred to as "SoundAlerts", "we" or "us"), operating the Sound Alerts service to provide you a Twitch extension for your Twitch channel to enable your viewers to play sound effects directly to your livestream. At Sound Alerts, we take the protection of your personal data seriously and want to inform you below about how we collect and process your personal data when you are accessing and using our service.

Within the scope of our responsibility under data protection law, we follow the regulation as established by the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter referred to as "GDPR") in order to ensure the protection of personal data of you as the data subject (we also refer to you as data subject hereinafter as "customer", "user", "you" or "data subject") regardless where you are located when using our service.

Where we are using your personal data, we as the so-called data controller define the purposes and means of data processing, which means that we establish the nature, scope, purpose, duration and legal basis of the processing of your personal data in connection with the use of our services.

With this document (hereinafter referred to as “Privacy Policy”), we want to transparently inform you about the manner in which your personal data is processed by us. In general, we only collect minimal data and only in relation to the performance of our services to you as our valued users and to improve it even further.

Should you have any further questions regarding the processing of your personal data, kindly find our contact information below and get in touch with us to find out more – this is one of your rights under GDPR, after all!

Our Privacy Policy follows a modular structure. It consists of a general part for all information related to the GDPR and your rights as a data subject thereunder (A. General) and a specific part which deals with the particularities that arise when using Sound Alerts as a service (B. Use of Sound Alerts).

Let’s begin!

A. General

1. Definitions

Following the example of Art. 4 of the GDPR, this data protection notice is based on the following definitions:

  • “Personal data" (Art. 4 para. 1 GDPR) means any information relating to an identified or identifiable natural person ("data subject"). A person is identifiable if he or she can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an online identifier, location data or by means of information regarding their physical, physiological, genetic, mental, economic, cultural or social identity characteristics. The identifiability can also be given by means of a linkage of such information or other additional knowledge. The origin, form or embodiment of the information is irrelevant, as such photographs, video or audio recordings may also contain personal data.
  • “Processing" (Art. 4 para. 2 GDPR) means any operation which involves the handling of personal data, whether or not by automated (i.e. technology-based) means. This includes, in particular, the collection (i.e. obtaining), recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data, as well as the change of a purpose or intended purpose on which a data processing was originally based.
  • “Controller" (Art. 4 para. 7 GDPR) means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
  • A "Processor" (Art. 4 para. 8 GDPR) is a natural or legal person, authority, institution or other body that processes personal data on behalf of the controller, in particular in accordance with the controller's instructions (e.g. IT service provider, hosting provider). In terms of data protection law, a processor is in particular not a third party as defined below.
  • "Third party" (Art. 4 para. 10 GDPR) means any natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who are authorised to process the personal data under the direct responsibility of the controller or processor; this also includes other group-affiliated legal entities.
  • “Consent" (Art. 4 para. 11 GDPR) of the data subject means any freely given, specific, informed and unambiguous indication of their wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies their agreement to the processing of personal data relating to them.
  • Unless otherwise defined in this Privacy Policy, terminology used below has the same meaning as in our Terms of Service, accessible at https://soundalerts.com/terms .

2. Name and address of the controller

For Sound Alerts, the controller of your personal data within the meaning of Art. 4 para. 7 GDPR is:

LayerApps GmbH
Kölner Straße 339
47807 Krefeld
Germany

You can reach Sound Alerts via mail at the above address but best via email at report@soundalerts.com . Should you have any inquiries specifically in relation to our usage of personal data and/or to this Privacy Policy, kindly get in touch with us directly at the above email address.

3. General legal basis for data processing

Generally speaking, any processing of personal data is prohibited by GDPR unless it falls under one of the following justifications:

  • Art. 6 para. 1 lit. a) GDPR ("Consent"): Where the data subject given consent to the processing of their personal data for one or more specified purposes;
  • Art. 6 para. 1 lit. b) GDPR: If the processing is necessary for the performance of a contract to which the data subject is a party (e.g. when you sign up for Sound Alerts) or to perform pre-contractual measures taken at the request of the data subject prior entering into a contract (e.g. when you are using our website to get to know us and our service);
  • Art. 6 para. 1 lit. c) GDPR: If processing is necessary for compliance with a legal obligation to which the controller is subject (e.g. due to a legal obligation to keep records and/or store data);
  • Art. 6 para. 1 lit. d) GDPR: If the processing is necessary to protect the vital interests of the data subject or another natural person;
  • Art. 6 para. 1 lit. e) GDPR: Where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or
  • Art. 6 para. 1 lit. f) GDPR ("Legitimate Interests"): If the processing is necessary to protect legitimate (in particular legal or economic) interests of the controller or a third party, unless the conflicting interests or rights of the data subject override (in particular if the data subject is a minor).

In addition to these general rules, the storage of information in the end-user's devices or access to information already stored in the devices is only permitted if it is covered by one of the following justifications:

  • Sec. 25 para. 1 TTDSG: If the end user has consented on the basis of clear and comprehensive information. Consent must be given in accordance with Art. 6 para. 1 lit. a) GDPR; unless
  • the sole purpose of such storage or access is to carry out the transmission of a message via a public telecommunications network, Sec. 25 para. 2 no. 1 TTDSG, or
  • if the storage or access is absolutely necessary so that the provider of a telemedia service (e.g. a website or an app) can provide such service as expressly requested by the user, Sec. 25 para. 2 no. 2 TTDSG.
  • In section B of this Privacy Policy below, we name the applicable legal basis for the processing of your personal data by us. A processing operation may be based on several legal bases if multiple justifications are applicable.

4. Data deletion and storage period

For the processing operations carried out by us, we indicate below how long the data will be stored by us and when it will be deleted or restricted. Unless an explicit storage period is specified below, your personal data will be deleted or restricted as soon as the purpose or legal basis for the storage no longer applies.

In principle, your data is only stored on our servers in Germany, subject to any transfer that may take place in accordance with the regulations on cooperation with order processors or on transfer to third countries.

However, storage may take place beyond the specified time in the event of a (threatened) legal dispute with you or other legal proceedings or if storage is necessary under statutory regulations to which we need to adhere to (e.g. § 257 HGB, § 147 AO). If the storage period prescribed by the legal regulations expires, the personal data will be restricted or deleted unless further storage by us is necessary and justified by the law.

5. Data security

We use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties (e.g. TSL encryption for our website), taking into account the state of the art, the implementation costs and the nature, scope, context and purpose of the processing as well as the existing risks of a data breach (including its probability and impact) for you as the data subject.

We continue to evaluate and to improve our security measures to be in line with technological developments.

6. Cooperation with processors

Like every company and service provider, we also use external domestic and foreign service providers to process our business transactions (e.g. for the areas of IT such as hosting, newsletter dispatch, telecommunications, sales and marketing).

These service providers only act on our instructions and are contractually obliged to comply with the data protection regulations in accordance with Art. 28 GDPR when processing your personal data on our behalf.

We transfer and receive personal data to and from our US subsidiary, in particular to process payment transactions. We ensure that such is based on appropriate contractual data processing agreements where the processing of your personal data is legitimate and safeguarded.

7. Conditions for the transfer of personal data to third countries

When using our services, your personal data may be passed on or disclosed to third party companies. These may also be located outside the European Economic Area (EEA), i.e. in so-called Third Countries which are not a member of the European Union.

Such processing takes place exclusively where we need these third-party companies to be able to fulfil our contractual relationship to you as established by our Terms of Service and for the maintenance of your contractual relationship with us (legal basis for this in general is Art. 6 para. 1 lit. b) or lit. f) GDPR in conjunction with Art. 44 et seq. GDPR). Please refer to the information provided in section B of this Privacy Policy to understand where this is applicable.

For some Third Countries, the European Commission has certified that their data protection standards are comparable to the EEA requirements as established by GDRP via so-called adequacy decisions. Please refer to https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en a list of these countries and a copy of the adequacy decisions.

However, in other Third Countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is sufficiently guaranteed via appropriate safeguards as required under GDPR. These safeguards may be binding corporate rules or – as in most cases – contractual agreements between us and the receiving party based upon Standard Contractual Clauses (hereinafter referred to as “SCC”) of the European Commission for the protection of personal data in accordance with Art. 46 para. 2 lit. c) GDPR. Please refer to https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021D0915&locale-en to review these SCC which we conclude with third-party companies who process your personal data outside of the EEA.

8. No automated decision making (including profiling)

We do not intend to use any personal data collected from you for any automated decision-making process (including profiling).

9. Legal obligation to transmit certain data

We may be subject to a specific legal or statutory obligation to provide the lawfully processed personal data to third parties, in particular public bodies as per Art. 6 para. 1 lit. c) GDPR. Where we receive such requests, we will verify if we are subject to such an obligation and will do our best efforts to protect your personal data against unlawful requests, including us taking legal action to object unlawful requests.

10. Your rights

Under GDPR, you as a data subject can exercise comprehensive rights regarding your processed personal data at any time by contacting us using the contact details provided at the beginning of this Privacy Policy. As a data subject, you have especially the following rights:

  • In accordance with Art. 15 GDPR, you may request information about your data processed by us. In particular, you can request information about the processing purposes, the category of data, the categories of recipients to whom your data has been or will be disclosed, among other information.
  • In accordance with Art. 16 GDPR, you have the right to demand the correction of incorrect data or the completion of any incomplete data stored by us;
  • In accordance with Art. 17 GDPR, you may request the deletion of your data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;
  • In accordance with Art. 18 GDPR, you may request the restriction of the processing of your data if the accuracy of the data is contest by you or if the processing is unlawful and you request a restriction instead of a deletion;
  • Pursuant to Art. 20 GDPR, you have the right to receive your data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller ("data portability");
  • In accordance with Art. 21 GDPR you have the right to object if the processing is based on Art. 6 para. 1 lit. e) or lit. f) GDPR. This is particularly the case if the processing is not necessary for the performance of a contract with you. You may always object to direct marketing without providing any reason.
  • In all other cases, when exercising such an objection, we kindly ask you to shortly explain the reasons why you would like us to no longer process your data as we have done. In the event of your justified objection, we will review the merits of the individual case and either cease or adapt the data processing or show you our compelling legitimate grounds on the basis of which we think a continuation the processing is lawful;
  • In accordance with Art. 7 para. 3 GDPR, you have the right to revoke your consent at any time. If you revoke your consent, we will discontinue to process your data unless there is a different justification. Where there is no other justification we may no longer continue the data processing based on this consent in future, although your withdrawal of a consent shall not affect the lawfulness based on such consent before.
  • Pursuant to Art. 77 GDPR, you have the right to complain to a data protection supervisory authority about the processing of your personal data by us.
  • For this purpose, you can contact the data protection supervisory authority that is responsible based on your place of residence. In any case, especially if you are not a German resident, you may contact the authority competent for us based on our seat who you can reach as per following contact data:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Postfach 20 04 44, 40102 Düsseldorf or Kavalleriestraße 2-4, 40213 Düsseldorf, Phone: 02 11/384 24-0, email: poststelle@ldi.nrw.de, Web: https://www.ldi.nrw.de. An overview of the supervisory authorities set up in the respective federal state and the respective contact details can be found at https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html.

11. Changes to this Privacy Policy

In the context of the further development of Sound Alerts as a service as well as the data protection law, technological or organisational changes, we will continuously review this Privacy Policy to determine whether it needs to be adapted or supplemented.

You will be informed of any changes by email to the address you have provided to us as well as on our website at https://soundalerts.com/.

This data protection notice is valid as of October 2024.

B. Data Processing when using Sound Alerts

Below we explain what data we collect from you and for what purposes we process it when you use Sound Alerts as a registered user or visit our website to browse around.

1. General purposes, legal basis and duration of data processing

Unless stated separately in the relevant section below, we process your data for the following purposes and on the basis of the legal grounds described below:

Essentially, we process such data that we need to fulfil the contractual relationship concluded between us on the basis of the Terms of Service for Sound Alerts. This means that we are only using such data and to the extend that we need to be able to provide you with access to Sound Alerts and to enable you to use it as intended.

This concerns in particular such data that you provide during registration, as well as further data that you provide to us when using Sound Alerts, e.g. when you upload your sounds to be used as media for your own alerts or to share with the community. We may also use your registered account data to get in touch with you for all things Sound Alerts. The legal basis for this is Art. 6 para. 1 lit. a), lit. b) and lit. f) GDPR.

The processing of data within server logs and other tracking measures for statistical purposes and the improvement of the quality of our website, in particular the stability and security of the connection, as well as the detection and prevention of improper use has its legal basis for in Art. 6 para. 1 lit. a), lit. f) GDPR.

When you contact us over our Discord or our other social media channels or if submit your ideas on how we might improve Sound Alerts to be even better, the legal basis for processing of your personal data in such cases is legal basis for this is Art. 6 para. 1 lit. a), lit. b) and lit. f) GDPR.

If the processing of the data requires the storage of information in the end devices used by you, i.e. in particular the computer used by you when accessing Sound Alerts, Sec. 25 para. 1 and 2 TTDSG is the legal basis for this, especially if we use cookies related to you logging into our Dashboard.

Your data will only be processed for as long as is necessary to achieve the processing purposes stated in each case; the legal basis stated in the context of the processing purposes as named below apply accordingly.

Third parties used by us as data processors may store your data on their systems for as long as it is necessary while providing their services on our behalf in accordance with the respective assignment.

2. Access of Sound Alerts website

If you simply visit our website to browse around, i.e. if you do not register with Sound Alerts to access your Dashboard, we primarily only process data for technical reasons that we need to provide the website to you.

Such data is stored temporarily and anonymously on our web server in a so-called server log file and consists of:

The website from which you came to our website (so-called referrer URL), the name and URL of the requested page, the date and time of the access, the description of the type, language and version of the web browser used, the IP address of the requesting computer, the amount of data transferred, the operating system, the response to the client’s request (access status/http status code) and the GMT time zone difference.

Beyond that, we collect and use your data in our legitimate interest to analyse the usage of our website for statistical purposes, to prevent, detect and take action against misuse, to analyse the performance of our website and to further improve the usability as well as to optimize its content and technical capabilities.

The processing of the data in our logfiles as well as usage data of our website is based on your consent, and is also necessary to provide you access to our website pursuant to Art. 6 para. 1 lit. a), lit. b) GDPR. Such data processing is furthermore based on a mutual legitimate interest as named in the paragraph above according to Art. 6 para. 1 lit. f) GDPR.

3. Registration for Sound Alerts

You can register with Sound Alerts to fully access all features and especially your Dashboard to implement our services for your Twitch channel and to setup Sound Alerts to fit your needs. To make registration as easy as possible we are using the Twitch API to enable you to register for Sound Alerts using your Twitch credentials.

When you aren’t a registered user of Sound Alerts yet and try to login to your dashboard for the first time by clicking on the respective button, you will be redirected to Twitch to enter your login details, to link Sound Alerts to your Twitch account and to authorize a connection between both services.

When registering for Sound Alerts via the Twitch API we do not receive your Twitch credentials, especially not your Twitch password. Instead, we only receive your Twitch account name and the email address associated with your Twitch account as well as your Twitch profile picture and a technical token which we use to link the accounts.

We use this data only for the purpose of providing you with the Sound Alerts services within the scope of the contractual relationship between you and us as concluded with the registration on the basis of our Terms of Service.

We use your e-mail address furthermore to inform you periodically about news related to Sound Alerts such as changed or newly added features or to inform you about changes regarding our Terms of Service or this Privacy Policy.

This processing of your registered account data is based on your consent as well as for the fulfilment of the contractual relationship existing between us pursuant to Art. 6 para. 1 lit. a), lit. b) GDPR. The information about news, product updates and other interesting developments is furthermore based on mutual legitimate interest according to Art. 6 para. 1 lit. f) GDPR.

The data collected during registration will be stored by us for as long as you are registered on our website and will then be deleted. Statutory retention periods remain unaffected. You may always deactivate your account from your dashboard – no questions asked.

4. Using the Sound Alerts Dashboard

In order to be able to send out Alerts, we need real-time information about individual events (e.g. when a user has subscribed to or followed a channel) which is provided by the Twitch API.

We use this data to play out Alerts via our service as configured by the respective streamer and channel owner in regard to the respective event or in connection to a text-to-speech message, e.g. when an user has entered such a message top be read to the stream audience when donating to the streamer.

Our Video Share Alert feature uses the YouTube API Services to enable users to submit clips from their favorite videos to the streamer’s alert queue which will be played in a YouTube embed player upon streamer’s approval. Please refer to section 10 of this document for more information about YouTube API and Google’s Privacy policy.

To provide the streamer an overview of the respective events, we track these via the Activity Feed only accessible to the respective streamer.

The legal basis for these is Art. 6 para. 1 lit. a), lit. b) and lit. f) GDPR.

5. Using the Sound Alerts Twitch Extension

To enable the technical functionality of the Twitch Extension for viewers, we need to make use of Identity Linking also commonly referred to as Identity Link or ID Share.

Users can revoke access to their Twitch ID linking at any point via the revoke button provided in the Twitch Extension. The Twitch ID is used to let us and the channel owners identify who played an alert. We use Google Analytics within the Twitch Extension as described in 12. below.

6. Using the Sound Alerts Tipping Page

Under https://dashboard.soundalerts.com/ we offer you the possibility to register with us as a User. To use the User area, it is necessary to register an account. The registration of your account takes place via a registration form. It is necessary to enter your Twitch User ID, Username, Display name, e-mail address and address so that we can create a user account for you and know which user the account is assigned to. Further information can be given voluntarily.

In addition, cookies may be set when using the login.

The legal basis for these is Art. 6 para. 1 lit. a), lit. b) and lit. f) GDPR.

The personal data collected by us for the use of the Distributor Login will be automatically deleted at the latest after deletion of your account, unless further processing of the data is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims.

7. Use of Cookies, Social Media and Embedded Videos

a) Cookies in general

We use cookies on our websites. Cookies are small text files that are assigned to the browser you are using and stored on your hard drive by means of a characteristic character string, and through which certain information is shared with or stored by the service that sets the cookie. Cookies cannot execute programs or transmit viruses to your computer and therefore cannot cause any damage. They serve to make the internet as a whole more user-friendly and effective experience and as such be more pleasant for you.

Cookies can contain data that make it possible to recognise the device used and as such identify you throughout different websites and services. In some cases, however, cookies only contain information on technical settings, such as your screen resolution, that are not personally identifiable.

There are different types of cookies, such as session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. With regard to their function, a distinction is made between cookies:

Technical cookies: these are mandatory in order to navigate the website, use basic functions and ensure the security of the website; they do not collect information about you for marketing purposes nor do they store which web pages you have visited;

Performance cookies, tracking cookies: these collect information about how you use a website, which pages you visit and, for example, whether errors occur during website use. In general, they do not collect information that could identify you, although the most notable exception here is your IP address. In any case, all information collected via such cookies is for statistical purposes only and is used to improve our website, to find out what interests our users to make Sound Alerts a better service as well as to track and better understand technical issues and errors within Sound Alerts as a service;

Advertising cookies, targeting cookies: These are used to implement advertising on a website based on the individual interest of a user or offers from third parties and to measure the effectiveness of these offers. Since we do not use advertising to generate income, we do not use such cookies here on Sound Alerts. We may explore such services in future and will change our privacy information accordingly in such case.

The legal basis for cookies that are absolutely necessary to provide you with Sound Alert services is Sec. 25 para. 2 no. 2 TTDSG. Any use of cookies that are not technically necessary for this purpose has its legal basis in your consent according to Sec. 25 para. 1 TTDSG in conjunction with Art. 6 para. 1 lit. a) GDPR.

This applies in particular to the use of performance, tracking, advertising and targeting cookies. In addition, we only pass on your personal data processed by cookies to third parties if you have given your express consent to do so in accordance with Art. 6 para. 1 lit. a) GDPR.

b) Social Media and Embedded Videos

We do not use social media plugins on Sound Alerts. If Sound contains symbols of social media networks, we only use these for passive linking to our profiles on the respective network.

Occasionally, we will embed videos within our blog to provide information or just to provide entertainment when we see a video that we like. Where possible, we will use embedding methods that are not using cookies but please be aware that such embedded videos may set cookies and store data on your device from services such as YouTube and Twitch.

8. Newsletter/Amazon Simple Email Service

If you subscribe to our newsletter, we will be using your email address for the purpose of sending the newsletter for periodic information about news related to Sound Alerts such as changed or newly added features or to inform you about changes regarding our Terms of Service or this Privacy Policy. When subscribing to our newsletter, you consent to the processing of your personal data. The legal basis for this is Art. 6 para. 1 lit. a) GDPR as well as Art. 6 para. 1 lit. f) GDPR within the scope of our legitimate interest in keeping you informed about new developments of our platform and services.

We use a double opt-in procedure when you register for our newsletter. This means that after your registration, we will send you an email to the email address you provided in which we ask you to confirm that you wish to receive the newsletter. The purpose of this procedure is to prove your registration and, if necessary, to be able to clarify a possible misuse of your personal data.

You can revoke your consent to receive the newsletter and unsubscribe at any time. The easiest way to revoke your consent is to click on the link provided in each newsletter email or to send us another clear message. When you revoke your consent, you can do so without providing a reason and there will be no costs other than transmission costs according to base rates (“Basistarife”) if applicable with your respective provider or carrier.

Our email newsletters are sent via the "Amazon Simple Email Service" of the technical service provider Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA ("Amazon SES"), to whom we pass on the data you provided when registering for the newsletter. This transfer takes place in accordance with Art. 6 para. 1 lit. f GDPR and serves our legitimate interest in using an effective, secure and user-friendly newsletter system. The data you enter for the purpose of subscribing to the newsletter (e.g. email address) is generally stored on Amazon's servers in the EU. In individual cases, however, data may also be transferred to the USA. Amazon SES uses this information to send the newsletter on our behalf.

Furthermore, Amazon SES may use this data itself in accordance with Art. 6 para. 1 lit. f GDPR on the basis of its own legitimate interest in the needs-based design and optimisation of the service and for market research purposes, for example to determine which countries the recipients come from. However, Amazon SES does not use the data of our newsletter recipients to write to them itself or to pass them on to third parties.

We have concluded an order processing agreement with Amazon SES ("Data Processing Addendum", available at https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf), in which we oblige Amazon SES to protect our customers' data and not to pass it on to third parties.

For the transfer of data from the EU to the USA, Amazon SES refers to so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European level of data protection in the USA.

You can view the data protection provisions of Amazon Web Services, Inc. here: https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice_German_2020-08-15.pdf

9. Transfer of personal data to third parties

The following categories of recipients, which are usually processors (see A. Section 6), may receive access to your personal data:

Channel Managers and Administrators who you have given permission to within your Dashboard as they can manage your alerts and – in case of Administrators – have access to your channel insights. This is based on Art. 6 para. 1 lit. b) and lit. a) GDPR.

Other community members when you upload media containing your personal data, e.g. your voice, to share with the community. This is based on Art. 6 para. 1 lit. b) and lit. a) GDPR. This is based on Art. 6 para. 1 lit. b) and lit. a) GDPR.

The data is transferred to a third party service provider for the operation of our website and the processing of the data stored or transmitted by the systems (e.g. for data center services, hosting of the website, IT security). This is based on Art. 6 para. 1 lit. a), lit. b), lit. f) GDPR in conjunction with Art. 28 GDPR where the receiver is a data processor assigned by us.

State agencies/authorities, insofar as this is necessary for the fulfilment of a legal obligation. This is based on Art. 6 para. 1 lit. c) GDPR.

Persons appointed to carry out our business operations (e.g. support staff, auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures). This is based on Art. 6 para. 1 lit. b) and lit. f) GDPR.

For the guarantees of an adequate level of data protection in the event of a transfer of the data to third countries, see A. Section 7.

In general, we will only pass on your personal data to third parties if you have given your express consent to do so in accordance with Art. 6 Para. 1 Sentence 1 lit. a GDPR.

10. Sound Alerts Discord

You can get in touch with us, the team and our lovely community via our Discord server over at https://discord.soundalerts.com/. To access this channel, you need to have a separate account with Discord and as such you are very likely familiar with the service.

If you chat with us via Discord use this function, the entries and content you voluntarily make there (collectively referred to as "communication data") will be transmitted to Discord as the service provider, stored on their servers and will be accessible to other members of the community who join the server.

We ask that you only share information here that relates to Sound Alerts. If possible, please refrain from communicating sensitive information about yourself, your personal circumstances or other private data, in particular health data, via Discord.

Our Discord server is available to you for the purpose of direct communication between you and us as well as the community in general. We process the communication data contained there only for the purpose of enabling this communication. In addition, we will use communication data there for the purpose of and on the basis of our legitimate interest in preventing misuse of the Discord server function, for moderation and to ensure the security of this chat system.

The legal basis for this is Art. 6 para. 1 lit. a), lit. b) and lit. f) GDPR.

Discord is provided by Discord Inc., 444 De Haro Street #200, San Francisco, CA 94107, USA. Please refer to Discord’s own privacy policy available at https://discord.com/privacy to learn more about how Discord uses your personal data. You may contact Discord directly via privacy@discord.com or their Data Protection Officer via dpo@discord.com.

11. Sentry.io

We use Sentry.io, a service for detecting and managing errors on our website, which is provided by the American company Functional Software Inc, 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA.

In doing so, Functional Software Inc. processes data solely on our behalf and only to the extent necessary to provide the services, in order to improve the technical stability of Sound Alerts by monitoring system stability and identifying code errors. Sentry can be used to collect, log and analyze errors in the code for the purpose of system stability. Sentry serves these purposes alone and does not evaluate data for advertising purposes.

For this purpose, Sentry collects usage data, such as your operating system, the software installed on your device, the IP address, browser type, operating system or the previously visited website ('referring URL'), details of the device or time of error. This data is collected by Sentry pseudonymously and does not allow us to identify you as a user.

This may result in your data being transferred to the USA. However, we have ensured that your data is only transferred to the USA on the basis of a contract in accordance with the standard contractual clauses which aim to provide data protection and accountability standards based on GDPR.

We have concluded a Data Processing Agreement with this provider, according to which this provider only processes your data on our behalf within the scope of the GDPR and according to our instructions, which you can view at https://sentry.io/legal/dpa/#data-processing.

For more information on the use of your data by Sentry, please refer to Sentry's privacy policy at https://sentry.io/privacy/.

The legal basis for this is Art. 6 para. 1 lit. a), lit. b) and lit. f) GDPR in connection with Art. 28, 46 GDPR.

12. Google services

12.1 General Overview, Your Consent

a) Overview

On Sound Alerts, we use Google services that are provided by Google subsidiaries based in Europe. Unless another company is named below, the Google services are provided by Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland.

However, due to Google's international orientation, your data may also be processed in the USA, among other places. We would like to point out that the USA is a so-called Third Country in the sense of GDPR where there is no adequate level of data protection compared to the European Union. This may entail various risks for the legality and security of data processing, such as the fact that US authorities may be able to gain access to personal data stored and processed by US-based companies.

We have concluded different agreements with Google for the respective service, according to which Google undertakes to comply with the European requirements on data protection and data security, which we make available to you transparently below.

If you would like general information about what data Google processes, to what extent and for what purposes, you can find this in Google's privacy policy, which you can access at https://policies.google.com/privacy?hl=de.

b) Your Consent

At Sound Alerts, we use Google services such as Firebase as our backbone architecture for Sound Alerts in general as well as to host the application and to provide our services to you as our users. Furthermore, we are using Google Analytics and Google Tag Manager for statistical purposes to analyze the performance and the quality of Sound Alerts as a web-based service, to further improve the usability as well as to optimize its content and technical capabilities.

Lastly, we are using Google Fonts to improve the quality of our website as all fonts used on Sound Alerts are optimized for the web, especially to reduce loading speed and traffic as well as to ensure that Sound Alerts looks – and reads – the same, regardless which device, which browser or which resolution you are using to access our services.

In general, using Google services is an essential and integral part of Sound Alerts. Therefore, we ask for your consent to using Google services as specified in this section of our Privacy Policy.

By registering with Sound Alerts, you are not only accepting our Terms of Service but also giving us your consent to use Google services for the purposes of providing Sound Alerts services to you.

You may withdraw your consent at any time without providing a reason whereby we will no longer be able to use most of the Google services when providing Sound Alerts. Unfortunately, this means that we will no longer be able to provide you core functionalities of Sound Alerts.

Although we value you very much as our customer and will be sad to see you go, we also deeply respect your data protection interests and therefore will respect your decision to no longer use our services. As with registering as a Sound Alerts user is a free and independent indication of your wishes as a data subject, such is the decision to discontinue the use our service vice versa.

The legal basis for the use of Google services therefore is Art. 6 para. 1 lit. f) GDPR within the framework of the legitimate interest mentioned in each case below, as well as Art. 6 para. 1 lit. a) and b) GDPR for as long as you give us your consent to do so by registering with our service in connection with Art. 28, 46 GDPR.

12.2 Hosting

We host our website via Google Firebase, a web hosting and backend service provided by Google.

During your visit we minimize the personal data collected to the technically necessary minimum as laid out in this document. While we aim to use servers located within the EU whenever possible, we cannot rule out that some usage data may be accessible from the USA.

You can find more information about Google Firebase and data protection at https://policies.google.com/privacy and firebase.google.com .

12.3 Google Fonts

With Google Fonts, we can use fonts flexibly on our website to ensure a high-quality design and presentation and thus also increase user comfort. The fonts used are optimised for the web, which saves data volume and thus represents a great advantage for you as a user, especially when using mobile devices.

When using Google Fonts, a connection is established to Google's servers, whereby the requests for fonts are made separately from other Google services, according to Google. When you visit our website, the fonts are reloaded via a Google server. This external call-up transmits data to Google that is needed to play out and display the fonts. In this way, Google also recognises that you or your IP address has visited our website.

In addition to the IP address, Google may also include other data such as information on language settings, the name and version of the browser used and the screen resolution of the terminal device used.

12.4 Google Analytics

Google Analytics enables us to better understand the behavior of website visitors. In doing so, we receive various usage data, such as page views, duration of visit, operating systems used and origin of the user. This data may be summarized by Google in a profile that is assigned to the respective user or their end device.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website may be transferred to a Google server in the USA for storage.

The use of this analysis tool is based on Art. 6 para. 1 lit. f GDPR based upon our legitimate interest in analyzing user behavior in order to optimize both its website and potential advertising. If a corresponding consent has been requested (e.g. consent to store cookies), the processing is based exclusively on Art. 6 (1) a GDPR; the consent can be revoked at any time.

12.5 Google API

Our Video Share Alerts feature uses the YouTube API Services. The Video Share Alerts feature allows Sound Alerts users to submit a YouTube video to the content creator’s (Streamer’s) alert queue which will be played in a YouTube embed player upon content creator’s approval.

By using Video Share Alerts, you agree to the YouTube's Terms of Service (https://www.youtube.com/t/terms) and Google's Privacy Policy (http://www.google.com/policies/privacy).

11 Stripe

If you choose a payment method offered via the payment service provider "Stripe", the payment processing will be carried out via Stripe, Stripe, Stripe Payments Europe, Limited (SPEL), 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland, to whom we will pass on your information provided during the ordering process together with information about your order (name, address, account number, bank code, credit card number if applicable, invoice amount, currency and transaction number) in accordance with Art. 6 (1) lit. b DSGVO. Your data will only be passed on for the purpose of processing payments with Stripe Payments Europe, Limited (SPEL) and only to the extent necessary for this purpose. You can find more information on the data protection of "Stripe" at the following Internet address: https://stripe.com/de/privacy#translation.

12 PayPal

If you choose a payment method offered via the payment service provider “PayPal”, the payment processing will be carried out via PayPal, PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg to whom we will pass on your information provided during the ordering process together with information about your order (name, address, account number, bank code, credit card number if applicable, invoice amount, currency and transaction number) in accordance with Art. 6 (1) lit. b DSGVO. Your data will only be passed on for the purpose of processing payments with PayPal (Europe) S.à r.l. et Cie, S.C.A and only to the extent necessary for this purpose. You can find more information on the data protection of "PayPal" at the following Internet address: https://www.paypal.com/myaccount/privacy/privacyhub.

13 Featurebase

As part of the provision of our service, we use Featurebase.app, Kaluri tee 4, Viimsi, Harjumaa 74001, Estonia, ("Featurebase"). Featurebase is a platform that allows us to manage and control features for our software applications. The main goal of this platform is to facilitate the development process of our software and improve control over various functions. This is an additional function that we offer as part of our web.edi portal. This additional function can be deactivated at any time. Featurebase uses EU-based servers; no data is transferred to third countries. Further information on Featurebase's privacy policy can be found here https://www.featurebase.app/privacy-policy.

14 TTS.Monster

If you choose to use one of the AI Text-to-Speech voices included within the Sound Alerts Premium offering and tagged with a TTS.Monster logo, you are utilizing enhanced AI Text-to-Speech capabilities by TTS.Monster. We use TTS.Monster to provide Sound Alerts Premium users with a broader catalog of voice types for Text-to-Speech. The generation of messages will be handled by TTS.Monster in 418 BROADWAY, STE N ALBANY, NY, 12207, USA (TTS.Monster Terms of Service). TTS.Monster uses US-based servers. For further assistance regarding TTS.Monster, please contact legal@tts.monster.

Contact Us

If you have any questions about this Privacy Policy, please contact us: