Audacity Forum - Privacy policy

Privacy Notice

Effective as of August 31, 2022.

As a responsible organisation, we have taken two important steps—we made sure that we have, at the discretion of our users, the information necessary to allow us to improve the Audacity Forum, and that by doing so we are compliant with national and international regulations, namely GDPR and CCPA. Most importantly, we have been, and will continue to be, transparent with our users and our developer community about the data we collect, when we collect it and why. We will also publish any intended changes before they are implemented in the newer versions of the Audacity Forum.

Content:

  • Introduction
  • Principles of processing
  • Data we collect from you
  • How we use your Personal Data
  • Data storage, retention and deletion
  • Your privacy rights
  • Linking to other websites
  • Updates to this Notice
  • How to contact us
  • Additional Information for California Consumers
  • Data Protection Officer (DPO)

Introduction

  1. This Privacy Notice (“Notice”) explains in detail what information we collect and use when you use the Audacity Forum (available at https://forum.audacityteam.org) and the open source forum software, phpBB (available at www.phpbb.com, hereinafter “phpBB software”).
  2. For the purposes of this Notice, MuseCY SM Ltd., a Cyprus company with registered office at Spyrou Kyprianou, 84, 4004, Limassol, Cyprus (hereinafter “we”, “us”, “our”, “Audacity Forum”) acts as the data controller for the personal information that is collected through the use of the Audacity Forum and the phpBB software.
  3. This Notice also sets out the rights that you have in relation to the information that we process about you and how you can exercise them.
  4. The Audacity Forum treats compliance with its privacy obligations seriously. This is why we have developed this Notice, which describes the standards that the Audacity Forum applies to protect your information.
  5. As a data controller, the Audacity Forum is responsible for ensuring that the processing of personal information takes place in compliance with applicable data protection law, and specifically with the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (”CCPA”).
  6. Please take the time to read this Notice carefully. If you have any questions or comments, please contact us via [email protected].

Principles of processing

  1. We will process Personal Data in accordance with this Notice, as follows:
    1. Fairness: We will process Personal Data fairly. This means that we are transparent about how we process Personal Data and that we will process it in accordance with applicable law.
    2. Lawfulness: We will process Personal Data only on lawful grounds.
    3. Purpose limitation: We will process Personal Data for specified and legitimate purposes (as described above), and do not process it in a manner that is incompatible with those purposes, unless permitted by applicable data protection laws.
    4. Data minimization: We will process Personal Data that is adequate, relevant and limited to what is necessary to achieve the purposes for which the data are processed.
    5. Data accuracy: We take appropriate measures to ensure that the Personal Data we hold about you is accurate.
    6. Data security: We use appropriate technical and organizational measures to protect the Personal Data that we collect and process about you. Specific measures we use include to-date secure network architectures that contain firewalls and intrusion detection devices and backups.

Personal Data we collect from you

  1. We use the information listed in the table under “How we use your Personal Data” to help us improve our Audacity Forum, for maintenance and security purposes, and to run any updates that enable the Audacity Forum to function better.
  2. Please refer to our Audacity Forum Cookie Policy to get more information about cookies usage.
  3. Your account will at a bare minimum contain a uniquely identifiable name (hereinafter “your user name”), a personal password used for logging into your account (hereinafter “your password”) and a personal, valid email address (hereinafter “your email”). Your information for your account at “Audacity Forum” is protected by data-protection laws applicable in the country that hosts us. Any information beyond your user name, your password, and your email address required by “Audacity Forum” during the registration process is either mandatory or optional, at the discretion of “Audacity Forum”. In all cases, you have the option of what information in your account is publicly displayed on the Audacity forum. Furthermore, within your account, you have the option to opt-in or opt-out of automatically generated emails from the phpBB software.
  4. Your password is ciphered (a one-way hash) so that it is secure. However, it is recommended that you do not reuse the same password across a number of different websites. Your password is the means of accessing your account at “Audacity Forum”, so please guard it carefully and under no circumstance will anyone affiliated with “Audacity Forum”, phpBB or another 3rd party, legitimately ask you for your password. Should you forget your password for your account, you can use the “I forgot my password” feature provided by the phpBB software. This process will ask you to submit your user name and your email, then the phpBB software will generate a new password to reclaim your account.

How we use your Personal Data

We will not collect and use your Personal Data without letting you know. Below we describe the purposes for which we process your Personal Data and our legal bases for doing so:


Data collected Purpose of processing Legal basis Explanation
  • Email,
  • Username,
  • Client ID,
  • Technical information
 To provide our services Contract As part of the service we register you on the forum through a user account and give you access to the communication platform to enable you to share content.
  • Email,
  • Username,
  • Request text
 To provide you with technical support Contract We will respond to your comments, questions and requests
  • User ID,
  • Session ID,
  • Session key,
  • Bot detection data
To provide our services Contract Please see our Cookie Policy
  • IP address
 To protect our Audacity Forum against unauthorized access Legitimate interest We use reCAPTCHA service to protect forum from fraud and abuse
  • Email,
  • Username,
  • Request text
 To supervise compliance with laws and regulations Legal obligation In order for you to exercise your GDPR rights, you may choose to send us an email with a request related to your account. In order to carry out the request, we will momentarily store your email, username and request text until the nature of the request has been carried out.

Children’s privacy

The Audacity Forum is not intended for individuals below the age of 13 (or under 16 in certain jurisdictions in the European Union). If you are under this age threshold, please do not use the Audacity Forum. You may only use Audacity Forum if you are over the age at which you can provide consent to data processing under the laws of your country or if verifiable parental consent for your use of Audacity Forum has been provided to us. If you are a parent or legal guardian of a child under the age threshold mentioned above who uses our services, please contact us at [email protected] if you have any questions or comments. On your request, we will delete your child’s personal information if we are able to identify your child.

Data storage, retention and deletion

Except as set forth below, we will retain your Personal Data as long as needed to provide you with the Services or otherwise fulfill the purposes for which it was collected.
If you delete your Audacity Forum profile, we will remove all identifying information. However, comments, questions and answers that do not contain personal information will always be visible to other users.

Third parties processing your Personal Data

Audacity endeavors to apply suitable safeguards to protect the privacy and security of your personal data during the transfer and to use it only consistent with your relationship with us and the practices described in this Privacy Notice. We may disclose your Personal Data to the following categories of recipients:

  • to our group companies for purposes consistent with this Notice. We take precautions to allow access to Personal Data only to those staff members who have a legitimate business need for access and with a contractual prohibition of using the Personal Data for any other purpose.
  • to our third party vendors, services providers and partners who provide data processing services to us, or who otherwise process Personal Data for purposes that are described in this Notice or notified to you when we collect your Personal Data. The services these vendors provide to us are email, hosting and supporting services.
All your personal data is stored on our servers in the European Economic Area (EEA). However, we use third party service providers and business partners who may be operating from outside the EEA and therefore, your data may be transferred to, or accessed from those countries.
  • Our affiliates - sub-processors - MuseScore, WSM Group, which support our business activities.
  • CloudFlare
The service is provided by Cloudflare, Inc. Address: 101 Townsend St. San Francisco, CA 94107. Relevant privacy policy of Cloudflare. Unfortunately, the country of data recipient does not ensure an adequate level of protection of your personal data. Standard Contractual Clauses are used to transfer your data to Cloudflare to ensure that they are properly protected.
  • DigitalOcean
The service is provided by DigitalOcean, LLC. Address: 101 6th Ave, New York, NY 10013, United States. Relevant privacy policy of DigitalOcean. Unfortunately, the country of data recipient does not ensure an adequate level of protection of your personal data. Standard Contractual Clauses are used to transfer your data to DigitalOcean to ensure that they are properly protected.
  • RackEdge
Relevant privacy policy of RackEdge. Unfortunately, the country of data recipient does not ensure an adequate level of protection of your personal data. Standard Contractual Clauses are used to transfer your data to RackEdge to ensure that they are properly protected.

We have put in place appropriate safeguards (which includes the European Commission’s Standard Contractual Clauses) to ensure that whenever your Personal Data is transferred outside the EEA to countries that are not deemed adequate by the European Commission, your Personal Data receives an adequate level of protection in accordance with the GDPR.

Your privacy rights

Under the GDPR, individuals have certain data protection rights, which you can exercise by emailing [email protected]:

  • obtain access to the personal data held about you
    Under Article 15 of the GDPR, individuals have a right of access that gives them the right to obtain a copy of their personal data, as well as other supplementary information. It helps individuals to understand how and why companies are using their data, and check the lawfulness of the processing.
  • ask for incorrect, inaccurate or incomplete personal data to be corrected
    Under Article 16 of the GDPR, individuals have the right to have inaccurate personal data rectified. An individual may also be able to have incomplete personal data completed – although this will depend on the purposes for the processing.
  • request that personal data be erased when they are no longer needed or if processing is unlawful
    Under Article 17 of the GDPR, individuals have the right to have personal data erased. This is also known as the 'right to be forgotten'. The right is not absolute and only applies in certain circumstances.
  • request the restriction of the processing of your personal data in specific cases
    Article 18 of the GDPR gives individuals the right to restrict the processing of their personal data in certain circumstances. This means that an individual can limit the way that an organisation uses their data. This is an alternative to requesting the erasure of their data.
  • receive your personal data in a machine-readable format and send them to another controller ('data portability')
    Under Article 20 of the GDPR, individuals have the right to data portability that gives individuals the right to receive personal data they have provided to a controller in a structured, commonly used and machine readable format. It also gives them the right to request that a controller transmits those data directly to another controller.
  • object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation
    Article 21 of the GDPR gives individuals the right to object to the processing of their personal data at any time. This effectively allows individuals to stop or prevent you from processing their personal data.
  • lodge a complaint with a supervisory authority
    In accordance with Article 77 of the GDPR, you, as a data subject, have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or where an alleged infringement of the GDPR has taken place.
If you have any questions about the protection of your personal data, you can contact us: [email protected].

Linking to other websites

  1. The Audacity Forum may contain hyperlinks to websites owned and operated by third parties. These websites have their own privacy policies and we urge you to review them. They will govern the use of personal information you submit whilst visiting these websites.
  2. We do not accept any responsibility or liability for the privacy practices of such third-party websites and your use of such websites is at your own risk.

Updates to this Notice

  1. We may update this Notice from time to time in response to changing legal, technical, or business developments. When we update our Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Notice changes if and where this is required by applicable data protection laws.
  2. You can see when this Notice was last updated by checking the “last updated” date displayed at the top of this Notice.

How to contact us

If you have any questions or comments, or if you wish to exercise your data protection rights, please contact us via [email protected].

Additional Information for California Consumers

  1. The California Consumer Privacy Act (“CCPA”) provides California residents, referred to in the law as “consumers,” with rights to receive certain disclosures regarding the collection, use, and sharing of personal information, as well as rights to access and control personal information. Certain information that we collect may be exempt from the CCPA because it is considered public information (because it is made available by a government entity) or covered by another federal privacy law, such as the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act, or the Fair Credit Reporting Act.
  2. To the extent that we collect personal information about you that is subject to the CCPA, that information, our practices, and your rights are described below.
  3. Right to information regarding the categories of personal information collected, sold, and disclosed: You have the right to obtain information regarding the categories of personal information we collect. We collect the categories of information described above.
  4. We do not sell personal information.

Back to previous page