Privacy policy

Crates aims to offer a great user experience managing your music collection, but also absolute control of your data. For that purpose, we want to make clear the following points:

 

1) We have no access to your music collection data – We at Crates and any other third party, do not, cannot and will not have access to your music collection data. The music and data you insert in your Crates installation is visible only to you and to those you decide to share them with.

2) We are proponents of Data interoperability – Your data is stored in open format and can be accessed by you easily with a variety of free tools. When possible, crates stores your data in ways that will be read and utilized by other software as well.

3) Transparency – We will always notify you if for any reason, any part of your data is needed to be transmitted (e.g. when filing a troubleshooting case and sending logs)

4) Relevant communications – You’ll only hear from us if we think we have informative, interesting or intriguing content that will help you have a better experience with our services and products.

5) Account data: we will never sell or share it – Unlike many of the online services that “get paid in data”, Crates typically does not have access to your music data and the data we have to store (e.g. your website account info ) will not be shared to third parties in any form, unless it has your explicit consent.

The Privacy Policy applies to your use of the crates.app website, as well as any applications including Crates software applications, and/ or social media channels controlled by Crates, and Crates products and services (collectively, “Services”). Please also see our Terms of Use and Cookie Policy, to understand all the terms and conditions that may apply to your use of any Crates Services, as well as any End User Licence Agreements (“EULA”) that applies to the Crates product you are using.

By using our Services, you are consenting to the use of your information in the manner set out in this Privacy Policy.

Personal data, such as your name, your e-mail address, country and IP address are required in order to register and create an account. Personal information is collected directly from you and other information related to the registration and the activation of our products is collected when you interact with our websites, products and services.

We do our best to protect your personal information using the generally accepted industry standards. We use encryption to protect your personal identifiable information in browser – server communication using TLS (transport layer security).

Your account information is protected by a password (except for when you are using third parties’ logins such as Google or Apple) which is one way hashed, meaning that when you enter your password it is encrypted in such a way that there is no way for someone to get back to the original input.

You may give to us directly personal information for example when you register to use our services, create an account, visit our website, purchase or download for free one of our products or subscribe to our newsletters, report a problem with our site or request content or other information from us.

When you log in through other platforms and services (e.g. facebook or instagram) we also collect your personal data through their database.

We also receive and record information from your browser or your mobile device automatically when you visit the website or use certain features of the Services, such as your IP address or unique device identifier, cookies, and data about which pages you visit and how you interact with those pages in order to allow us to operate and provide the Services. This information is stored in log files and is collected automatically. We also automatically collect device-specific information when you install, access, or use our Services. This information can include information such as the hardware model, operating system information, app version, app usage and debugging information, browser information, IP address, and device identifiers. For more information about these online tools and how we use them, see our Cookie Policy

The data generated by your use of your downloaded Crates Product is stored in your device and is not transmitted to us or any other third party. We are only collecting information regarding the activation and use of the Crates product that you have downloaded on your device. In case of troubleshooting, where we need to access your data, we will notify you promptly.

If you have provided us with personal data, we use it solely for the technical administration of our websites. For example you may receive emails regarding the update of our privacy policy, terms and conditions and other legal notices or you may receive emails regarding your purchase, or other administrative service-related emails, reminders, technical notices, updates, security alerts and information requested by you, notifications which are not optional. If you do not wish to receive such emails you can deactivate or delete your Crates account. We do not sell any of the information we collect.

Your personal information is not disclosed to third parties, unless it is required in execution of a contract or you have expressly consented to its disclosure. If you have not given your consent to this, the data is disclosed to third parties only if this is authorised by applicable legal provisions.

We work with service providers and business partners that support our Services. We may work with these companies to provide services including customer support, processing credit card payments etc. These companies may have access to or process your information for the purpose of providing those services for us. They are not permitted to use your information for their own purposes and they are obligated to maintain data confidentiality as well.

Additionally, in the event of a reorganisation, merger, acquisition or sale we may transfer or share any and all personal information we collect to the relevant third party.

We may share aggregate or other non-personal information that does not directly identify you with third parties in order to improve our Services.

If you follow a link on Crates’ websites or product to another site, the owner of that site will have its own privacy policy relating to your personal information. We suggest you review that site’s privacy policy before you provide personal information.

Yourdata will be deleted as soon as it is no longer necessary for the purpose of its collection. We will keep your personal data for as long as we need it for the purpose it is being processed for, depending on criteria such as the volume of your data, their nature, the purposes of the processing, our ability to achieve the purposes of processing your data using other lawful practices and without actually processing them. We will actively review the personal data we hold and delete it securely, or in some cases anonymise it, when there is no longer a legal, business or consumer need for it to be retained. We delete or block the personal data of the data subject as soon as the purpose of the storage is eliminated. It may also be stored if provided for by the European or national legislator in EU regulations, laws or regulations to which our company is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the standards expires, unless there is a need for further storage of the data for conclusion or fulfilment of a contract.

In case you no longer want us to use your information and provide you with our services as soon as you close your account, we will retain and use your information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your information to comply with applicable tax/revenue laws), resolve disputes, enforce our agreements, and as otherwise described in this policy.

We also retain log files for internal analysis purposes. These log files are generally retained for a brief period of time, except in cases where they are used for site safety and security, to improve site functionality, or we are legally obligated to retain them for longer time periods.

We collect and use your personal information only when having your consent for our business and commercial purposes described above, including providing and improving our services, maintaining the safety and security of our ervices, protecting vital interests of you and other members of the community, processing purchase and sale transactions, and for advertising and marketing services, if you explicitly give your consent

 

Consent – We principally rely on your consent (which can be withdrawn at any time) (i) to send marketing emails, (ii) for third-party data sharing related to advertising, and, to the extent applicable, (iii) for the use of location data for advertising purposes. By accepting the present privacy policy you have given us your consent to process your personal data for the purposes stated in this privacy policy. Before entering our website and using any of our services you are asked to agree with our privacy policy. You may also find additional information about the data we collect from your device automatically on our Cookie Policy where you are also able to modify your cookie preferences.

 

Performance of a contract – We are processing your data in order to make it possible for you to use our services and optimise your experience through our website. For example we process your data when you place an order and we use your data to complete the purchase procedure, to answer to your requests and questions, store the data of your account and make it accessible to you easily etc. We may also disclose your personal data upon your direction and consent to third parties, such as our payment partners to enable the completion of the transaction and provide you with our service. No matter how Crates is protecting your personal data, third parties (e.g. payment partners, makers and their shipping partners etc) have their own privacy policy and are responsible for the personal data they have received and have under their control.

 

Legitimate interest – We are processing your data relying on our legitimate interest to prevent harm to individuals, to safeguard our services from malware attacks and fraudulent actions, to cross check the authenticity of the member accounts, to enforce and defend our legal right, the legal rights of the users of our services or our partners’. Using your information to improve our services by conducting research, or asking you to submit a rating or a report of our product are a few examples of our legitimate interest for the processing of your data making sure that the processing has a minimal effect on your privacy.

 

Legal or judicial reasons – Your personal data may be shared with official public authorities or other governmental agencies for the purposes of a third party’s legitimate interest, to enforce legal rights, to protect our services and third parties from fraudulent actions enforced via our platform such as non authorised use of a bank account. Using your data on that legal base stems also from our obligation to comply with legal obligations and court orders aiming to the protection of the public interest as well as of vital interests of third parties.

You have the choice which information you would like to share with us and to what extent we are allowed to use it. Sharing specific information with us is essential for the fulfilment of our contract and your use of our services. However, this does not always require all the data which you can make available to us.

You can always exercise your rights stated as below and we are here to provide you with all the information you need. You can always contact us with the methods described in our Website for all privacy policy issues. Please note that in order to perform the requested privacy policy related changes, it may take a few days for them to take effect.

Right to information – You have the right to be informed which data we store about you and how we process this data.

Right to rectification – If you notice that stored data is incorrect, you can always ask us to correct it or if you have access to the personal information related to your account you may make the changes you like through your Profile Settings.

Right to restriction of processing – If you do not wish to delete your data, but you want us to stop processing it further, you can ask us to restrict or limit the way we use it. In this case, we will archive your data and only reintegrate it into our operative systems if you so wish. However, during this time you will not be able to use our services, otherwise we will process your data again.

Right to cancellation – You can ask us at any time to delete the data we have stored about you. We will fulfil your request in most cases except for information we are required to retain by law, regulation, or to protect the safety and security. Upon deleting any data stored about you, you will not be able to use our services.

Right to withdraw consent – Our website offers you specific features which enable you to withdraw your consent to our processing of your information any time you desire, such as the Unsubscribe link in our newsletters or your Profile Settings.

Right to access and portability – You can access certain personal data through your Account settings on our website. You can also request copies of your personal data which will be provided to you in a machine-readable format.

Right of complaint – In case you have any complaint regarding the way we handle your personal data you can complain to the supervisory authority stated below at any time:

Hellenic Data Protection Authority 1-3 Kifissias Ave. 115 23, Athens, Greece Tel: +30 210 647 5600 Email: [email protected]

 

We will process your request as soon as reasonably practicable, provided we are not otherwise prevented from doing so on legal grounds. If we are unable to meet your request, we will let you know why. We may decline to process requests that are frivolous/vexatious, jeopardise the privacy of others, are extremely impractical, or for which access is not otherwise required by national and European law.

We may amend or update our Privacy Policy from time to time. If such changes occur, we will let you know by doing one or more of the following: (i) posting the changes on our website, or (ii) sending you an email or message about the changes.