Logo: Ministerstwo Kultury i Dziedzictwa Narodowego, Centrum Rozwoju Przemysłów Kreatywnych, Rozwój Sektorów Kreatywnych
Music Granar

Privacy policy

Privacy Policy of the Website
General Provisions
1. The data protection policy (hereinafter referred to as the "Policy") sets forth the rules regarding the processing and protection of personal data in the Music Granar music library (hereinafter referred to as the Service), in accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – hereinafter referred to as GDPR).
2. This document serves as fulfillment of the obligation specified in Article 24(2) of the GDPR.
3. The Policy applies to all personal data processed within the Service as part of personal data processing operations.
4. The obligation to protect personal data processed within the Service applies to all individuals who have access to such data, regardless of their position or work location, as well as the nature of their employment.
5. Anyone who has access to personal data will be able to process it only based on received authorization.
6. Individuals with access to personal data are required to familiarize themselves with the Policy and other related documents and to follow the regulations contained therein.
7. The Policy is consistent with other internal regulations in the field of information security and IT systems in effect within the Service.

1. Definitions
1.1. Administrator – Janusz Stokłosa - Wydawnictwa Muzyczne i Nutowe Stoklosa Editions, 05-806 Pęcice Małe, ul. Kamień Polny 12, NIP 526 005 49 52
1.2. Personal Data – information about a natural person identified or identifiable by one or more specific factors that define physical, physiological, genetic, mental, economic, cultural, or social identity, including the device's IP, online identifier, and information collected via cookies and other similar technologies.
1.3. Personal Data Breach – a security breach leading to accidental or unlawful destruction, loss, modification, unauthorized disclosure, or access to personal data transmitted, stored, or otherwise processed.
1.4. Data Recipient – an entity to whom personal data is disclosed.
1.5. Authorized Person – a person authorized to process personal data by the Data Administrator or a person authorized by the Administrator, with direct access to data processed within the IT system or in paper documentation.
1.6. Processor – an entity entrusted by the Administrator with data processing activities on its behalf.
1.7. Policy – this Privacy Policy.
1.8. Personal Data Processing – an operation or set of operations performed on personal data or sets of personal data by automated or non-automated means, such as collection, recording, organization, arrangement, storage, adaptation or modification, retrieval, review, use, disclosure through transmission, distribution, or making available, alignment or combination, restriction, deletion, or destruction.
1.9. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
1.10. Service – the online service operated by the Administrator at musicgranar.com.
1.11. User – any natural person visiting the Service or using one or more services or functionalities described in the Policy.

2. Processing of Personal Data in Connection with Using the Service
2.1. In connection with the User’s use of the Service, the Administrator collects data to the extent necessary to provide the individual services offered. Below, specific rules and purposes for processing Personal Data collected during the User’s use of the Service are described.

3. Purposes and Legal Grounds for Processing Personal Data in the Service
A) Using the Service
3.1. The personal data of all persons using the Service are processed by the Administrator:
3.1.1. to provide services electronically in terms of making the content collected in the Service available to Users – the legal basis for processing is the necessity of processing to perform the contract (Article 6(1)(b) of the GDPR);
3.1.2. to establish and assert claims or defend against claims – the legal basis for processing is the Administrator’s legitimate interest (Article 6(1)(f) of the GDPR), consisting of the protection of its rights.
3.1.3. to respond to inquiries, provide requested offers, and conduct correspondence to handle the matter based on the User’s consent and the Administrator's legitimate interest in addressing users’ requests (Article 6(1)(a) and (f) of the GDPR).

B) Contact Form
3.2. The Administrator provides the option to contact via an electronic contact form. Using the form requires providing Personal Data necessary to establish contact with the User and respond to the inquiry. The User may also provide other data to facilitate contact or inquiry handling. Providing data marked as mandatory is required to receive and handle the inquiry, and failure to provide it will prevent handling. Providing other data is optional.
3.3. Personal data is processed to identify the sender and handle their inquiry submitted through the form – the legal basis for processing is the necessity of processing to perform the service agreement (Article 6(1)(b) of the GDPR); regarding optional data, the legal basis for processing is consent (Article 6(1)(a) of the GDPR).

C) Marketing
3.4. The User’s personal data may also be used by the Administrator to send marketing content via various channels, i.e., email or MMS/SMS, only if the User has consented, which they can withdraw at any time.
3.5. Personal data is processed:
3.5.1. to send requested commercial information – the legal basis for processing, including profiling, is the Administrator’s legitimate interest (Article 6(1)(f) of the GDPR) based on expressed consent;
3.5.2. for analytical and statistical purposes – the legal basis for processing is the Administrator’s legitimate interest (Article 6(1)(f) of the GDPR), involving analyzing User activity on the Service to improve functionalities.

4. Cookies

4.1. The Service uses cookies.

4.2. Cookies are data files, specifically text files, stored on the User's device, designed to enable the use of the Service's web pages. Cookies generally contain the name of the originating website, the duration they will be stored on the device, and a unique identifier.

4.3. The Service operator is the entity that places cookies on the User’s device and has access to them.

4.4. Cookies are used for the following purposes:

  • To maintain the Service user’s session (upon logging in), so the user does not need to re-enter their login and password on each Service subpage.
  • To achieve the purposes specified above in the “Key Marketing Techniques” section.

4.5. The Service uses two main types of cookies: "session" cookies and "persistent" cookies. Session cookies are temporary files stored on the User’s device until they log out, leave the website, or close the browser. Persistent cookies are stored on the User’s device for the time specified in the cookie parameters or until the User deletes them.

4.6. Web browser software typically allows cookies to be stored on the User's device by default. Service Users can change these settings. The browser enables cookie deletion and may also support automatic cookie blocking. Detailed information on this topic is available in the browser’s help or documentation.

4.7. Restrictions on the use of cookies may impact certain functionalities available on the Service's webpages.

4.8. Cookies placed on the User's device by the Service may also be used by entities cooperating with the Service operator, particularly companies such as Google (Google Inc., USA), Facebook (Facebook Inc., USA), and Twitter (Twitter Inc., USA).

4.9. If the User does not wish to receive cookies, they may adjust their browser settings. Please note that disabling cookies necessary for authentication, security, and user preferences may hinder or, in extreme cases, prevent access to certain parts of the website.

5. Data Processing Period

5.1. The period of data processing by the Administrator depends on the type of service provided and the purpose of processing. Generally, data is processed for the duration of the service, until consent is withdrawn, or until an effective objection to data processing is raised in cases where the legal basis is the Administrator's legitimate interest.

5.2. The data processing period may be extended if necessary to establish or pursue potential claims or defend against claims, and thereafter only to the extent required by law. After the processing period, data is irreversibly deleted or anonymized.

5.3. Data related to web traffic analysis collected through cookies and similar technologies may be stored until the cookie expires. Some cookies never expire, meaning the data retention period will align with the time needed for the administrator to fulfill purposes associated with data collection, such as ensuring security and analyzing historical traffic data.

6. Right to Withdraw Consent

6.1. You may withdraw consent to process your contact data at any time by contacting the Administrator. Withdrawing consent may hinder or prevent contact with you.

7. Obligation or Voluntary Provision of Data

7.1. Providing your data for the purpose of handling your inquiry is voluntary but essential. Failure to provide such data may hinder or prevent the inquiry process.

7.2. Providing data for statistical analysis of Service users is voluntary. You may use the so-called incognito mode to browse the site without disclosing your visit to the Administrator. Using incognito mode, and therefore not providing data, does not affect your ability to use the Service.

8. Rights under GDPR regarding processed data

8.1. You have the right to:

  • Request access to your data from the Administrator, including receiving a copy (Article 15 GDPR);
  • Request correction or rectification of data from the Administrator (Article 16 GDPR) - with respect to data correction requests, if you notice that the data is incorrect or incomplete;
  • Request deletion of data from the Administrator (Article 17 GDPR);
  • Request restriction of data processing from the Administrator (Article 18 GDPR) - for example, if you notice that the data is incorrect, you may request restriction of data processing for a period that allows us to verify the accuracy of the data;
  • Lodge a complaint regarding the processing of your personal data by the Administrator to the President of the Personal Data Protection Office.

9. Recipients of Personal Data

9.1. In connection with the provision of services, Personal Data will be disclosed to external entities, particularly IT service providers that enable the proper use of the Service.

9.2. With the User's consent, their data may also be shared with other entities for their own purposes, including marketing purposes.

9.3. The Administrator reserves the right to disclose selected User information to relevant authorities or third parties that request such information based on an appropriate legal basis and in accordance with applicable law.

10. Transfer of Personal Data outside the EEA

10.1. The level of protection of Personal Data outside the European Economic Area (EEA) differs from that provided by European law. Therefore, the Administrator transfers Personal Data outside the EEA only when necessary and with an adequate level of protection, primarily through:

  • 10.1.1. Cooperation with entities processing Personal Data in countries for which the European Commission has issued an adequacy decision;
  • 10.1.2. Using standard contractual clauses issued by the European Commission;
  • 10.1.3. Applying binding corporate rules approved by the relevant supervisory authority.

10.2. The Administrator always informs about the intention to transfer Personal Data outside the EEA at the data collection stage.

11. Security of Personal Data

11.1. The Administrator continuously conducts risk analysis to ensure that Personal Data is processed securely—ensuring that access to data is granted only to authorized individuals and only to the extent necessary for their tasks. The Administrator ensures that all operations on Personal Data are recorded and conducted solely by authorized employees and associates.

11.2. The Administrator takes all necessary steps to ensure that its subcontractors and other cooperating entities guarantee the application of appropriate security measures whenever they process Personal Data on behalf of the Administrator.

12. Contact Details

12.1. You can contact the Administrator via email at info@musicgranar.com.

13. Changes to the Privacy Policy

13.1. The Policy is regularly reviewed and updated as necessary.

13.2. The current version of the Policy was adopted and is effective from October 27, 2024.

Music granar, 2024

Privacy policy
Licences
Terms and conditions
Contact us