This privacy policy (hereinafter the “Privacy Policy”) governs how Soul Train (Soul Train Solutions OÜ) (hereinafter „Soul Train”/”us/we/our”) gathers and uses personal data. We take security of personal data processing seriously. Our aim is to protect the privacy of our users’, cooperation partners’ and other data subjects’ (together herein after “you”). Please read this Privacy Policy as it contains important information about the processing of your personal data. This Privacy Policy applies to Soultrain application, all of our services and to our online activities incl., processing in connection to our website and social media. If you have additional questions or require more information about our Privacy Policy, do not hesitate to contact us (see clause 2.2).
Definitions are terms often used in the Privacy Policy. Terms are defined in this Section of
the Privacy Policy or in the text of the Privacy Policy.
1.1 Personal data protection terms have the same meaning as defined here or in the
General Data Protection Regulation (2016/679) (hereinafter the “GDPR”).
1.2 Cookies mean data files stored in the Visitor’s device upon visitation of the Website
according to the selection made. More information about the use of Cookies by us
and on our Website can be found via the Cookie solution on our Website.
1.3 Contract means any contract entered into between us and natural or legal person,
incl. terms of service for Soultrain application and other agreements etc.
1.4 Privacy Policy means this text, which sets out our principles of personal data
processing.
1.5 Service(s) means services offered by us – Soultrain application for connecting
breakers worldwide, and other services/products by us (if any).
1.6 User means natural or legal person or other legal construct using our Services. In
case of a legal person/construct data subject’s rights are applicable to the
representative of the legal person/construct (e.g., employee, management board
member etc.).
1.7 Visitor is a person visiting our Website.
1.8 Website means our website accessible via https://soultrain.app/ and all its
subdomains and where applicable also refers to our social media pages.
Here you will find when the Privacy Policy applies, information about who we are, and how
to contact us.
2.1 About us: We are a private limited company Soultrain Solutions OÜ, registration
code 16773170, address Lai tn 15a, 80010 Pärnu linn, Pärnu maakond, e-mail
[email protected].
2.2 Contacts: You can contact us in matters related to personal data processing by e-
mailing us at [email protected] or writing to us on the address provided in the
previous clause i.e., 2.1 and addressing the letter as personal data inquiry.
2.3 About the Privacy Policy: The Privacy Policy applies to personal data processing
done by us in case of our Services and the Website. We have the right to unilaterally
amend this Privacy Policy. We will notify the data subject of all important material
changes on the Website or otherwise.
2.4 About the Controller-Processor statuses: We are the controller of your personal
data when you are using our Services or visiting our Website. We may use
processors and other controllers when offering our Services. Read more about
disclosures and transfers in Section 7.
2.5 Other links/apps etc: Please note, that the links on our Website and in Soultrain
application may lead to media that is governed by privacy terms of the respective
service providers’, and not by this Privacy Policy. We are not responsible for
anything on those other websites. Processing of your personal data on our social
media channels by providers of those platforms is done according to the privacy
terms of relevant platform. In case of our social media, we will adhere to the relevant
platform’s terms and to this Privacy Policy.
Here you will find the key principles that we are always guided by when processing your
personal data.
3.1 Compliance and aim: Our aim is to process personal data in a responsible manner
where we are able to demonstrate the compliance of personal data processing with
the purposes set and the applicable regulations.
3.2 The principles: All our processes, guidelines and activities related to personal data
processing are based on the following principles: lawfulness, fairness, transparency,
purposefulness, minimisation, accuracy, storage limitation, integrity,
confidentiality, and data protection by default and by design.
Here you can find categories of data subjects and personal data we process
4.1 Categories of Data Subjects: Generally, we may process personal data of the
following data subjects:
(a) our User’s (as natural person);
(b) event organizer’s representatives and employees;
(c) representatives of our cooperation partners;
(d) our employees or contractors;
(e) Website Visitors;
(f) and other data subjects whose data may be made available to us via Soultrain
application or other ways
4.2 Collection of Personal Data: We may collect:
(a) Personal data disclosed to us by the data subject (e.g., data submitted for the
purpose of entering into contract or obtaining information about our Service(s)
or using our Services. Usually – name, contact details, e-mail address, data sent
or made available to us by the data subject; or our contractor’s personal data
provided by the contractor e.g., professional tutorial videos by the contractor);
(b) Personal data resulting from standard communication between us and the data
subject (e.g., correspondence regarding the Service(s));
(c) Personal data resulting from the consumption and use of Service(s). Usually
data on User profile, information about use of Soultrain application, actions on
Soultrain application etc.;
(d) Personal data resulting from visiting and using the Website (device data, IP
address, data gathered by Cookies – see Cookie solution on our Website for
more precise information);
(e) Personal data obtained from third parties (e.g., data from use of third-party
services for provision of our Services);
(f) Personal data provided to us by our User when they use our Service(s), incl.
about other data subjects (e.g., personal data in User content that does not
belong to the same User – other people on videos, information about other
people in comments etc.);
(g) Personal data generated and combined by us (e.g., correspondence within the
context of User relationship, activity analytics).
4.3 Data we process: We mainly process the following personal data:
(a) About Visitors – data gathered from use of Website incl., by Cookies (if enabled);
(b) Contact details - name, phone number and e-mail address. For some features of
our Services we might require a little more, like your dance school or event
address.
(c) Profile information – date of birth, authentication information (code and
method), username, profile picture, crew information, location, ranking, content
(uploads, posts, interactions), information about battles, information about
followers and following, points, education progress.
(d) Payment information – connected to subscription, prize money – things like the
amount, banking information or card, payments made, payment history. If
needed, we may conduct sanction check to ensure if we are allowed to make
any payments to relevant User – in that case sanction check data is also
processed.
(e) Communication and correspondence records - when you engage with our in-app
chat, or contact us in other ways.
(f) Device data - IP address, operation system, logs, location, preferred settings;
(g) Data about the usage of our Services – actions on the Soultrain app such as
voting, posts, chats, content uploads, information about interactions and
movement on Soultrain applications.
(h) User content – different User created and/or uploaded data and media such as
photos, videos, comments, battles, tutorials and other;
(i) video recording (if any) e.g., when data subjects visit our premises (the
surveillance recording);
(j) Other data – e.g., data provided in satisfaction surveys, feedback, evaluations
about Soultrain application, reviews.
Here you will find information about the purposes and grounds for processing of your personal data.
5.1 Consent: Based on consent, we process personal data precisely within the limits, to the extent and for the purposes for which the data subject has given their consent. The data subject’s consent must be freely given, specific, informed, and unambiguous, for example, by ticking the box on the Website or the application. Please note that you have the right to withdraw your consent at any time e.g., by writing to us or in case of not Service related emails, in the unsubscribe link in the email. Withdrawal of consent will not influence the rightfulness of personal data processing done under the consent before the withdrawal of the consent.
5.2 Entry into and performance of a Contract: Upon entering into and performing a
Contract, we may process personal data for the following purposes:
(a) taking steps prior to entering into a Contract, which are necessary for entering
into a Contract or which the data subject requests, e.g., when signing up as a
User (mainly data marked at clause Error: Reference source not found, c, d, e
and f are used);
(b) identifying you to the extent necessary for entering into and performing a
Contract or taking steps to enable usage of our Service (mainly data marked at
clause Error: Reference source not found are used);
(c) performing the obligations assumed (e.g., offering our Services, billing) (e.g.,
data marked at clause Error: Reference source not found, c, d, e, f, g and h are
used);
(d) communicating with you, incl. sending information and reminders about the
performance of the Contract or about the usage of the Service (e.g., data
marked at clause Error: Reference source not found, c, d, e and g are used);
(e) protection of rights and claims (depending on the data all gathered data may be
used);
(f) to detect, prevent and address technical issues (depending on the issue all
gathered data may be processed);
(g) to provide customer support to our Users (mainly data marked at clause Error:
Reference source not found, c, d, e, f and g are used, but depending on the
issue all data may be processed);
(h) to provide and maintain our Service, incl. monitor usage of our Service and
Website (mainly Error: Reference source not found, c, f, g and h is used, but all
data may be processed; in case of our Website 4.3.1(a));
(i) to notify you about changes to our Service or to give you other Contract/Service
related notice (mainly data marked at clause Error: Reference source not found
and c are used).
5.3 Legal obligation: We process personal data to comply with a legal obligation in accordance with and to the extent provided by law. For example, obligation to retain accounting documents from Estonian Accounting Act, obligations in connection to Digital Service Act (if any).
5.4 Legitimate interest: Our legitimate interest means our interest in managing or
directing our activities and enabling us to offer the best possible Services. In case we
are using legitimate interest, we have previously assessed our and your interests.
You have the right to see conducted assessment connected to processing of your
personal data. If you wish to do so contact as at [email protected]. We may process
your personal data (except special categories of personal data) based on legitimate
interest for the following purposes:
(a) development of our Service and Website (mainly anonymous; however,
depending on the development all data may be used);
(b) ensuring a better user experience, to provide higher quality Service(s); we
may monitor the usage of our Service and Website, analyse identifiers and
personal data collected about the use of our Website, Service, our social media
pages and other channels, and we may collect statistics about the Users and
Visitors; mainly usage data, device data, communications and other data may
be processed; and in case of Visitors data gathered via Cookies;
(c) sending offers/information to our clients (i.e., Users) or potential User
if the respective person has previously purchased or shown interest in a similar
Service/product, and if such processing is allowed in respective jurisdiction. In
this case, the person is always guaranteed to have a simple opportunity to
resign from the communication, and we have considered our and data subject’s
interests;
(d) conducting surveys and measuring the effectiveness of marketing activities
performed (mainly contact data and Service usage general data is used);
(e) making recordings and logging; we may record messages and orders given
both on our premises and using means of communication (e-mail, chats) as well
as information and other activities we and you have performed. If necessary, we
use these recordings to prove orders, claims or other activities;
(f) video surveillance recordings for security, protection of people and property
and proof and protection of claims;
(g) technical and cyber security reasons, for example measures for combating
piracy, online identity theft and ensuring the security of the Website and Soul
Train application as well as for making and storing back-up copies and
preventing/repairing technical issues (depending on the issue all data may be
processed);
(h) processing for organisational purposes, incl. between group companies (if
any), foremost for management and processing of personal data for internal
management purposes (but also audits and other potential supervision),
including for processing the personal data of Users or cooperation partner’s
representatives (mainly general Service usage and payment data);
(i) establishing, exercising or defending legal claims, incl. assigning claims
to, for example, collection service providers, or using legal advisors (depending
on the claim/issue all data may be processed);
(j) If you have given us information about not sending you a certain type of
information – retaining the information about such prohibition.
5.5 New purpose: Where personal data is processed for a new purpose other than that
for which the personal data are originally collected or it is not based on the data
subject’s consent, we carefully assess the permissibility of such new processing. We
will, in order to ascertain whether processing for a new purpose is compatible with
the purpose for which the personal data are initially collected, take into account,
inter alia:
(a) any link between the purposes for which the personal data are collected and the
purposes of the intended further processing;
(b) the context in which the personal data are collected, in particular regarding the
relationship between the data subject and us;
(c) the nature of the personal data, in particular whether special categories of
personal data are processed or whether personal data related to criminal
convictions and offences are processed;
(d) the possible consequences of the intended further processing for data subjects;
(e) the existence of appropriate safeguards, which may include encryption or
pseudonymisation.
5.6 Overview of our main personal data processing activities in the scope of this Privacy Policy:
| PURPOSE | LEGAL BASIS | PERSONAL DATA (please see categories in clause 4.3) |
|---|---|---|
| Offering Services – signing up for the Soultrain app | GDPR art 6 (1) b | Contact details, initial profile information, payment information |
| Offering Services – enabling use of Soultrain app | GDPR art 6 (1) b | Contact details, profile information, payment information, communications, device data, usage data, User content |
| Data transfer to the service providers necessary for the performance of the Contract – i.e., for enabling certain features of the Soultrain app | GDPR art 6 (1) b | Mainly usage data, device data, user content, communications |
| Service improvement – usage AI (e.g., content review) | GDPR art 6 (1) f; in case we are obligated to do so – GDPR art 6 (1) c | Mainly user content |
| Service improvement – usage of algorithms and profiling for more relevant and interesting content suggestions | GDPR art 6 (1) f | Mainly usage data, device data, user content, communications |
| Customer support | Contract (GDPR Art. 6 (1) (b)) for support activities related to the Contract; other contacts (GDPR Art. 6 (1) (a)) if the data subject contacts Soul Train | As a general rule, the information that the data subject has transmitted. However, depending on the situation, all personal data may be processed. |
| Marketing and providing better
Services – creation and use of
analytics and statistics Anonymization may also be used |
GDPR art 6 (1)(f) | Data about Visitors, profile data, usage data (generally in anonymized format), User content, device data |
| Newsletters and offers | Consent (GDPR Art. 6 (1) a) or legitimate interest (In Estonia - ESS § 103 prim (3)) (existing User and similar service) | Email, consent information; in case of legitimate interest: name, e-mail, fact of being a User, the fact of consuming a similar Service |
| Service development – to improve
existing and develop new Services,
test technical solutions Anonymization may also be used |
GDPR art 6 (1) f | Generally anonymous, but all data may be processed |
| Enabling Services - IT services for the provision of Services, including server rooms, and other software and hardware | GDPR art 6 (1) b) and, to the extent not covered by the Contract, (if any) legitimate interest (GDPR Art. 6 (1) (f)) | All personal data |
| Necessary processing related to legal obligations | GDPR art 6 (1) c | All personal data may be processed |
| Data processing for the following
purposes: administration,
management, supervision, auditing,
accounting, incl. data transfer for
same purposes between group
companies Anonymization may also be used |
GDPR art 6 (1) f; and in case of obligatory transfer GDPR art 6 (1) c) | Generally non-personalized, but depending on the purpose, personal data may also be processed, e.g. in accounting information |
| To certify and defend claims based on the performance of a Contract or other legal obligation or based on our legitimate interest, e.g. to prepare and respond to legal claims, inquiries, etc. | GDPR art 6 (1) f | All personal data may be processed |
| Fraud detection and prevention | GDPR art 6 (1) f | All personal data may be processed |
| Ensuring cybersecurity and technical standards – activities to ensure the security of the Website and the app, including making and storing backup copies and preventing/eliminating technical problems | GDPR art 6 (1) f; and in case of the Service GDPR art 6 (1) b | All personal data may be processed |
| Security and proof of claims | GDPR art 6 (1) f | Information on video recordings, however, all personal data may be processed depending on the situation |
| Processing in the context of
commercial transactions - merger,
acquisition, purchase, sale of an
association or of shares - processing
of data in the framework of carrying
out a transaction and consulting Anonymization may also be used |
GDPR art 6 (1) f | Generally non-personalized, but accounting information may also be processed and, depending on the transaction, the processing of all personal data may be necessary |
| Other processing under legitimate interest | GDPR art 6 (1) f | See clause 5.4 |
Please note that only necessary data points from each data category marked are processed. This table is for providing easier overview of main processing, please read the text of Privacy Policy for full information about our processing.
6.1 We may use AI solutions, incl. third-party provided services, for content monitoring.
This is to ensure that our Community Guidelines are followed and that Soultrain app
and Website carry our community values. Even though certain personal data
(usually data in User content) may be made available to the AI service provider and
may be a part of automated processing, then no automated decision is made that
has a legal or similar effect on a data subject. If, for example, AI flags a post for
suspected illegal or otherwise restricted content, then a human always checks the
result (making the processing not fully automated), and in addition consequences of
flagged post (even if deleted/not published) are not consequential to a data subject.
6.2 We may use algorithms to make sure User sees most relevant and interesting
content on our app and Website. For this profiling may be used. However, this
profiling does not constitute an automated decision or profiling having a legal or
similar effect on a data subject.
Here you will find information about the transfer and authorised processing of personal data.
7.1 Usage of cooperation partners: We may cooperate with persons to whom we may transmit data, including personal data. We may have different type of controller-processor-sub-processor relationships with those cooperation partners. When transferring personal data to third parties (generally our cooperation partners), we comply with the applicable data protection requirements.
7.2 Requirements for the usage of cooperation partners that are our
processors: Such third parties may include:
7.2.1 advertising and marketing partners (usually Visitor’s data, contact data, limited
profile and usage data);
7.2.2 analytics partners (usually Visitor’s data, contact data, limited profile and usage
data);
7.2.3 advisers e.g., financial adviser, tax, contractors (depending on the case
connected data);
7.2.4 IT partners, i.e., service providers for various technical and content monitoring
services (depending on the service all personal data may be processed).
We may use such processors provided that the respective purpose and
processing are lawful and personal data are processed pursuant to the
instructions of us and on the basis of a valid data processing agreement.
If you wish to get more information about which processors we may give your
personal data, please contact us at [email protected].
7.3 Other transfers: In other cases, we may transmit your personal data to third
parties provided that we have a valid ground to do so e.g., your consent or a legal
obligation or there is an exception in the event that the transfer is necessary to
protect your vital interests.
7.3.1 We may disclose your personal data:
(a) event organizers: who advertise or add events etc. on Soultrain application or
Website (usually profile data, User content, location, device data may be
shared, and we may also receive User data e.g., participation in certain event);
(b) Connected service provides: who are separate controllers – e.g., payment
service providers, attorneys, banks etc.;
(c) For Law Enforcement: Under certain circumstances, we may be required to
disclose your personal data if required to do so by law or in response to valid
requests by public authorities. We always assess the lawfulness of information
requests before disclosing any personal data.
(d) For Business Transactions: If we or our subsidiaries are involved in a merger,
acquisition or asset sale, your personal data may be transferred.
7.4 Transfers outside the EEA: We may use service providers/co-operation partners
from outside the EEA. Such transfers are only commenced if requirements from the
GDPR Chapter V are met e.g., adequacy decision* (see the GDPR art 45) or EU SCC
(see the GDPR art 46). We usually use EU standard contractual clauses** or EU-US
Data Privacy Framework*** for transferring your personal data outside of the EEA.
We will take all the steps reasonably necessary to ensure that your data is treated
securely and in accordance with this privacy policy. If you want more information
about transfers outside the EEA, contact us at [email protected].
* Adopted adequacy decisions can be found here.
** You can find the text of standard contractual clauses here.
*** Participants of the EU-US Data Privacy framework can be found here.
Here you will find a description of how we protect your personal data and for how long we store personal data.
8.1 Storage: We comply with the purpose of processing principle and have set storage periods for personal data, e.g., we use claim limitation periods set in applicable law for potential claims, and storage periods provided for in the law. We store personal data as long as need depending on the purpose of the processing. User data is generally retained, for the duration of the period of validity of the Contract and depending on the reason for ending the Contract or suspending it following deletion periods are generally used: i) 3 months after User cancels subscription; ii) after User is suspended or Contract is ended by Soul Train due to (suspected) infringement by User data is archived in 7 months but may be used for defence and proof of claims up to 10 years. personal data is stored depending on the requirement deriving from applicable law e.g., 7 years accounting data. Personal data for which the storage period has expired are destroyed or made anonymous. If you want more precise information on data retention then write to us at [email protected].
8.2 Security measures: We have established guidelines and rules of procedure on
how to ensure the security of personal data through the use of both organisational
and technical measures. Among other, we do the following to ensure security and
confidentiality:
(a) We have access-level management system in use;
(b) We process the personal data transferred to us only for the purpose and to the
extent necessary for providing the Website and/or Services; and other
purposes laid out in this Privacy Policy;
(c) we use software solutions that help ensure a level of security that meets the
market standard.
8.3 Incident: In the event of any incident involving personal data, we do our best to mitigate the consequences and alleviate the relevant risks in the future. We will follow notice requirements of the GDPR.
Here you can read about your rights in connection to your personal data.
9.1 We would like to make sure you are fully aware of all of your data protection rights.
Every data subject is entitled to the following rights (under certain preconditions):
(a) The right to access – you have the right to access and to request copies of
your personal data.
(b) The right to rectification – you have the right to request that we correct any
information that is inaccurate.
(c) The right to erasure – you have the right to request that we erase your
personal data, under certain conditions (e.g., we are processing your personal
data under your consent).
(d) The right to restrict processing – you have the right to request that we
restrict the processing of your personal data, under certain conditions (e.g., we
are processing your personal data under consent).
(e) The right to object to processing – you have the right to object to our
processing of your personal data, under certain conditions (e.g., we are
processing your personal data under legitimate interest).
(f) The right to data portability – you have the right to request that we transfer
the data that you have provided us to another organization, or directly to you,
under certain conditions.
(g) Rights in connection to consent - if we process your personal data using
consent as legal basis, then you have the right to withdraw your consent at any
time (e.g., by unsubscribing or emailing us). Withdrawing your consent won’t
change the legality of processing done before withdrawal.
(h) Rights in connection to use of legitimate interest - if we process your
personal data under legitimate interest, then you have the right to see the
conducted legitimate interest assessment connected to the processing of your
personal data. For this write us at [email protected].
(i) Rights related to automated processing and profiling - mean that the
data subject, on grounds relating to their particular situation, has the right to
object at any time to the processing of personal data concerning them based on
automated decisions/profiling and to require human intervention. The data
subject may also require an explanation regarding the logic of making an
automated decision. For avoidance of doubt, even though our Service uses AI
and automated processes, we do not use automated processing or profiling that
has a significant effect on the data subject or their rights.
(j) The right to file a complaint and seek judicial remedy – you have the right
to file a complaint with us or supervisory authority or court if you think that your
rights in connection to personal data have been infringed. We kindly ask you
to contact us first for finding a solution. If needed our data protection
supervisory authority is Estonian Data protection Inspectorate (Andmekaitse
Inspekstioon) contacts can be find: https://www.aki.ee/en/contacts. In addition,
as a data subject you have a right to file a complaint in the EU Member State of
your residence or a place of work or of where alleged infringement of the GDPR
took place. If you are a resident of EU, you can find the details of respective data
protection authority from here.
9.2 Responses and additional information: If you make a request connected to personal data processing, we have one month to respond to you (in certain cases we have the right to extend that time period). If you would like to exercise any of these rights or need more information on your rights, please contact us. Please note, that we may need to identify you before granting you any of the rights connected to your personal data.
10.1 We don’t allow our Users to be younger than 13 years or as indicated in relevant EU country here. We follow data protection requirements applicable for processing child’s personal data (if any).
11.1 The latest changes and entry into force of the Privacy Policy:
Publication - 08.07.2024
Entry into force - 08.07.2024
Key changes - 1st version of the Privacy Policy