Privacy Policy | Andreas Instrument Sounds AB

Revision 1.2, July 24, 2023

1. GENERAL

Andreas Instrument Sounds AB respects your privacy and is committed to protecting your personal data. Andreas Instrument Sounds AB (referred to as “Andreas Instrument Sounds”, “we”, “us” or “our” in this privacy policy) is the controller and responsible for your personal data. This privacy policy will inform you on how we collect and process your personal data when you visit Andreas Instrument Sounds website(s) and when you make a purchase from Andreas Instrument Sounds website(s). The privacy policy also describes the rights you may have in relation to our use of your data, as well as how to exercise those rights. If you have questions or concerns regarding how we fulfil our obligations, you are welcome to contactus using the details in Section 10 below.

Please note that to the extent you carry out activities or access services run by third-party companies, e.g. the billing platform and payment providers we refer to, or content published on other websites, this privacy policy may not apply and these other third-party companies will instead be responsible for the processing of your personal data.

We may update this privacy policy from time to time. At the top of the page, you can see the last date when this was made.

2. THE DATA WE COLLECT ABOUT YOU

Personal data, or personal information, means any information about an individual from which that person can be identified.

We may collect, use, store and transfer the following data about you:

- Contact data (name, username, e-mail address, telephone number andhome address)

- Payment data (e.g. bank account information or payment card details)

- Technical data (internet protocol (IP) address, browser type andversion, time zone setting and location, operating system and platform and other technology on the devices you use to access this website)

- Usage data (information on how you use our service and website)

- Purchase data (information on your purchase history)

The personal data we use is primarily collected directly from you, either via direct interactions, e.g. information collected when you buy our products or communicate with our customer support service, or via automated technologies or interactions, e.g. information collected automatically when you interact with our website. Automatically collected information is collected by using cookies, server logs andother similar technologies.

3. HOW DO WE USE YOUR PERSONAL DATA?

We use your personal data for the following purposes and based on the following legal grounds:

- To process your orders and your payments (e.g. Contact data and Payment data). The legal ground is that it is necessary to process your data in order for us to be able to fulfil our contractual obligations to you under the purchase agreement. If you do not provide your data we cannot process your order and fulfil the purchase.

- To communicate via our customer support service relating to technical support, returns etc. (e.g. Contact data and Purchase data). Depending on the nature of the matter for which you are contacting us, the legal ground may be either that our processing is necessary for us to be able to fulfil our contractual obligations to you under the purchase agreement, or that we have a legitimate interest of being able to communicate and provide support related to our service, website and products.

- For accounting or reporting purposes (e.g. Contact data, Payment data and Purchase data). The legal ground is compliance with our legal obligations in relation to payment of taxes, bookkeeping etc.

- To maintain and improve our service and our website, including to enable website functionality, fix errors and bugs and create statistics to understand our visitors better and to improve functionality and user experience (e.g. Technical data and Usage data). The legal ground is that we have a legitimate interest of being able to maintain and improve our service and website functionality.

4. FOR HOW LONG DO WE KEEP YOUR PERSONAL DATA?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. We review our storage of personal data on a regular basis, in order to delete data when it is no longer necessary to keep for the purposesit was collected.

5. HOW DO WE SHARE YOUR PERSONAL DATA?

We do not sell or rent your personal data to another entity. However, if you use our website or the service on the website your personal data may be shared with the following categories of recipients in orderfor us

to carry out our business activities and fulfil our obligations towards you.

- THIRD-PARTY SERVICE PROVIDERS. We engage third-party service providers who may receive and process your personal data. Such third-party service providers perform functions on our behalf, and are typically necessary to operate our website, to provide our service and to fulfil transactions, such as payment service providers, technical infrastructure service providers and analytics service providers. They may also include external consultancy services such as accounting services and legal services. As necessary, the personal data you provide to us may be processed by these third parties, solely on our behalf and in accordance with our instructions.

- PUBLIC AGENCIES AND AUTHORITIES. We may share information with public agencies and authorities to comply with our legal obligations, or to claim or respond to legal processes (e.g. a court order), or where otherwise necessary for the establishment, exercise or defence of legal claims (e.g. to address fraud).

- SALE OR TRANSFER. We may also share your personal data to third parties in case of a merger, acquisition or sale of all, or parts of, our assets.

Please note that this privacy policy does not apply to any processing made by a third-party service provider for its own purposes. For any such processing, the third-party service provider is the data controller, and the processing is instead covered by the third-party service provider’s own privacy policy. When you access services run by third-party companies, e.g. the billing platform and payment providers we refer to, we encourage you to read the privacy policies of such third-party companies and/or websites.

6. INTERNATIONAL TRANSFERS

Some of our third-party service providers may be based outside the EU/EEA so their processing of your personal data will involve a transfer of data outside the EU/EEA. Where your personal data is transferred to a country that is not deemed to adequately protect personal data under applicable data protection laws, we take appropriate safeguards to ensure that your personal data is protected. Such safeguards may be that the receiving party has joined the Privacy Shield (if the receiving party is a company established in the United States) or that the receiving party has signed so called standard data protection clauses adopted by the EU Commission.

7. DATA SECURITY

To help maintain the security of your personal data we have implemented appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. We keep these measures under close review in order to keep our systems and the personal data we processsafe. We have also implemented procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

8. YOUR LEGAL RIGHTS

Under certain circumstances, you have rights under data protection laws in relation to your personal data, namely the following rights:

- To request access to your personal data

- To request correction of your personal data

- To request erasure of your personal data

- To object to processing of your personal data

- To request restriction of processing of your personal data

- To request transfer of your personal data

- To withdraw your consent (where applicable)

If you wish to exercise any of the rights set out above, please contact us on the E-mail address: "contact" at this domain.

9. RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

Please note that if you consider the processing of your data to be in violation of applicable data protection laws, you have the right to lodge a complaint with a supervisory authority. In Sweden, this is the Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten), but each EU member state has their own supervisory authority that you can reach out to at your convenience.

10. HOW TO CONTACT US

If you have any questions, comments or requests regarding this privacy policy or regarding your personal data, please contact us on the E-mail address: "contact" at this domain.