Privacy Statement ABOSS
Of course, ABOSS believes privacy is very important. We set ourselves the goal to protect personal data of our customers at all times from unauthorized use and process this information according to the relevant privacy laws. With this Privacy Statement we would like to inform you how we do that and why we are striving to be compliant with our legal obligations towards processing your personal information on a commissioned basis, according to the General Protection Data Law (“GDPR”), the Cookie Law, the Telecommunication Law and other relevant privacy regulations.
ABOSS will solely use your personal data according to this Privacy Statement. We will not sell or rent your personal data to third parties for commercial reasons. Neither will we use your personal data for automated decision making based on your preferences (such as profiling).
By agreeing with our Terms & Conditions, including the ABOSS Processing Agreement, as our customer you have also agreed with this Privacy Statement and the way we process your personal data in the execution of our agreement.
Background
We want to give you insight on how we process and protect your personal data in the execution or our agreement. With “we” or “ABOSS”, we mean all entities of ABOSS and its affiliate companies.
ABOSS processes personal data solely for you, as our customer, and therefore ABOSS is qualified as the “processor” according to the GDPR. You, as our customer, are qualified as the “data controller” of your personal data (including the data of your relevant data subjects) according to the GDPR and is in many ways end-responsible for what happens with your personal data and the personal data of the relevant data subjects. ABOSS is obligated for example to hand-over all personal data to you the when the contractual processing by us has finished. Further use of your personal data is then at your own discretion.
ABOSS also processes personal data for itself. This is the case when you create a personal account (“ABOSS Account”). Protection of your data remains at the same high level, the only difference is that we are also the data controller. Read more about the purpose and use of personal data in the next sections.
Processing of your personal data (as our customer)
ABOSS processes your personal data only when it’s legitimate, transparent and with a clear purpose such as facilitating the execution of our agreement and the further use of our Service under that agreement. Privacy laws dictate that we need to provide the data subjects with detailed information about the purpose of processing and that personal data must be processed based on a legitimate legal basis. Furthermore, we would like to give you insight on the different categories of personal data that you provide us and how we use each category.
Purpose
ABOSS processes your data for the following purposes:
- Provide you with our contractual Service (using the ABOSS system) and related services such as technical support;
- Facilitating and monitoring the payment, including services related to fraud prevention and detection;
- Storing your personal data via our ABOSS system in our back office;
- Improving our overall service(s) for you.
ABOSS will not use personal data for purposes other than those stated above, unless this is explicitly asked by us and agreed by you.
Legitimate base
Personal data may only be processed when there is a legitimate base to do so. ABOSS processes personal data on the basis of the agreement with you for the contractual use of our Service and related service(s). With you agreeing to our Terms & Conditions relating to our Service, including the ABOSS Processing Agreement, we are lawfully allowed to process your personal data to fulfill our contractual obligations towards you. We need your explicit consent as a base to use your personal data for services that do not relate to aforesaid contractual Service, for example to send you our ABOSS newsletter(s) (if any) or to notify you about other products or services you might be interested in. In such cases we will always ask you for an opt-in before we may process your data for these purposes. A third legal base for processing your personal data is when ABOSS has a legitimate interest in doing so. This is the case when we need to process your personal data to investigate (possible) fraud and/or the misuse of our Service.
Necessary personal data
The following personal data is necessary to fulfill our obligations under the agreement or for protecting our legitimate interests:
Name(s): both name company and personal name, in order to verify your identity as our customer.
Email Address: To communicate with you as our customer, e.g. to inform you on a specific topic pertaining to the execution of our agreement.
Telephone number: To communicate with you as our customer, e.g. to inform you on a specific topic pertaining to the execution of our agreement.
Payment and Tax information: To send you invoices as our customer and to process and monitor the payments of our invoices and to process the relevant taxes.
Postal address (business): To communicate with you as our customer, e.g. to inform you on a specific topic pertaining to the execution of our agreement.
Additional personal data
Upon request, additional personal data may be asked of you pertaining to the execution of our agreement. These requests can either be mandatory or voluntary, and needed for specific purposes in regard to special topics pertaining to the execution of our agreement.
Use of "Cookies"
"Cookies" are small programs that log your entries on our website and are mostly used as a way to improve the overall functionality. In some cases, cookies are also used to connect with third party apps, like Facebook or Twitter.
What do we use cookies for?
Functional cookies: We use cookies for the functioning of our website and / or app. These are for examplenecessary for remembering your log-in data and language choice. By using the website and / or app you give permission for the placing of these cookies.
Non-functional cookies: We also use cookies to analyse and improve the website and / or app. For this we process, for example, your IP address, the visited web or app page, click and surf behaviour, the internet browser you use and the duration of a visit or session. We also use cookies from third parties, such as Google, to carry out measurements. By using the website and / or app you give permission for the placing of these cookies.
Change your cookie settings
You can refuse the placing of cookies on your computer, tablet or mobile phone. Or you can set your browser to send a notification when a cookie is placed. You do this by changing your browser settings. If you refuse the placing of cookies, certain parts of the website and / or app may not function properly.
The following (functional) cookies are used on our ABOSS website:
| First party cookies | Type | Explanation | Duration |
| _ga (Google Analytics) | Analytical cookie | Identify unique website users and how they use the website. | 2 years |
| _gaexp (Google Analytics) | Analytical cookie | Helps us to improve the user experience of the website. | 90 days |
| _gid and _gac_UA- (Google Analytics) | Analytical cookie | Identify unique website users and how they use the website. | 24 hours |
| _hjIncludedInSample (Hotjar) | Analytical cookie | Helps with Hotjar functionalities by identifying visitors during a session. Hotjar collects user patterns and shows where looked and clicked on the website. Data is anonymous. | 30 days |
| Hubspotutk (Hubspot) | Functional cookie | This cookie is connected to the Hubspot-platform and should be used for user authentication. | 10 years |
| Facebook Pixel (Facebook) | Analytical cookie | This cookie is placed by Facebook and helps us to optimize and build audiences for advertising campaigns served on Facebook | 90 days |
| LinkedIn Pixel (LinkedIn) | Analytical cookie | This cookie is placed by LinkedIn and helps us to optimize and build audiences for advertising campaigns served on LinkedIn. | 90 days |
| Intercom-id-xxxxxxxx (Intercom) Intercom-lou-xxxxxxx (Intercom) Intercom-session-xxxxxxxx (Intercom) | Functional cookie | Intercom cookies, store identity and previous chats. | Until 20 years |
| Third party cookies | |||
| __hssc, __hssrc, __hstc, mp_6d7c50ad560e01715a871a117a2fbd90_mixpanel (third party cookies - .hotjar) | Analytical cookie | These cookies are connected to the Hubspot-platform for and should be used for website-analytics. | End of session until 2 years. |
| hubspotutk (third party cookies - .hotjar) | Functional cookie | This cookie is connected to the Hubspot-platform and should be used for user authentication. | 10 years |
Use of personal data
ABOSS uses personal data solely for the legitimate purposes and grounds mentioned under section B. ABOSS will not share your information with third parties other than you, unless these third parties are a necessary part of the chain in order to provide you with our Service under our agreement. ABOSS will only share personal data with the parties mentioned below and only under certain conditions. All third parties that ABOSS shares personal data with are obligated to use and protect your data in the same way as ABOSS does. This is guaranteed either by a contract between ABOSS and the third party or by applicable law.
Third parties
ABOSS may share (part of) your personal data with:
- Payment Service Providers (PSP’s);
- Postal companies for Physical delivery of goods;
- Service providers like travel agents, hotels and insurance agencies;
- Stripe
- Typeform
- Amazon Web Services
Apart from the aforementioned third parties, ABOSS will share personal data in the following situations:
a) when ABOSS has a legitimate interest for sharing personal data,
for example in the case of investigating fraud or other (possible)
illegal activities and/or misuse of our Service(s);
b) at the request of an authorized person or an authorized (public)
authority such as an authorized supervisor or (law) enforcer.
Examples include providing information in response to a summons, a
warrant, court order, including subpoenas of private parties in
civil proceedings.
c) if we have to make this information known to your agent or legal
representative, for example, the holder of a power of attorney or a
designated guardian.
d) to future companies that become part of ABOSS or in the case
where ABOSS merges with another company or becomes another company.
Information security
ABOSS is dedicated to protect all personal data from unauthorized use by third parties. We have implemented the necessary required security standards regarding your personal data according to relevant laws, and where we deem fit more than the required standards.
ABOSS maintains physical, electronic and procedural measures to comply with European and national (privacy) laws at all times. We review our procedures and measures on a periodic basis and implement the necessary changes i.e. updates based on those assessments.
Our security systems are regularly tested and assessed as part of an independent audit. All transactions and e-mails take place within secured TLS-protocols. We advise our customers to always check the certificates are authentic before use to guarantee a safe transfer of data.
Only employees and third parties that necessarily need access for the fulfillment of our Service are granted access to personal data.
ABOSS’s external server room(s) are located within the EU (Germany) and protected by rigorous safety measures, complying with Dutch law and industrial standards.
ABOSS guarantees that, in accordance with the applicable privacy laws and guidelines from the competent authority, a data breach procedure is in place to adequately assess any (possible) data breaches to personal data. In the case of a data breach, ABOSS will inform you, as our customer, and - under certain stipulated conditions set by the GDPR - to competent authority and/or the data subject. This is the case when the breach contains a high risk to you and/or the fundamental rights of your relevant data subject.
Request for information, rectification and deletion of personal data
Please note that data subjects have the right to submit a request for information, rectification or deletion of personal data. The request can be addressed in principal to you as the data controller. However, a data subject could send such a request to ABOSS as well. If that is the case, we will forward such request to you as soon as possible because you have to be deemed as the data controller. Please note that, in any circumstance, the data subject has to prove his or her identity (to you) in a way to be further decided by you, and that such a request will have to be processed by you within thirty (30) days and the data subject will have to be informed by you after the request has been handled.
Questions and contact details
If you have any further questions about this Privacy Statement, please contact us via [email protected].
born in music
built by industry professionals
back-office tools
elevate the way you work
born in music
built by industry professionals
back-office tools
elevate the way you work
About ABOSS
Born from a deep understanding of the industry, our back-office software solution is designed to nurture an unshakeable ecosystem in music. Aboss streamlines your operations, contracting and finances the way they should be.