Privacy Policy

1. Introduction

At Nebulosa Band (“we”, “us”, or “our”), accessible at nebulosaband.com, we are committed to protecting your personal data and respecting your privacy. This Privacy Policy outlines how we collect, use, store, share, and protect information about visitors and users of our website. Our approach is grounded in the principles of transparency, purpose limitation, data minimization, and integrity, and we comply with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

We recognize your right to privacy and are committed to safeguarding your personal information. By accessing or using nebulosaband.com, you acknowledge that you have read and understood this Privacy Policy.

2. Scope of This Policy and Role of Data Controller

This Privacy Policy applies to all data processed by Nebulosa Band as it relates to visitors, users, and customers interacting with our website, services, and communications via nebulosaband.com.

For purposes of GDPR, Nebulosa Band is the Data Controller responsible for the processing of your personal data. If you have any questions or concerns regarding your data and your rights, you may contact us at [email protected].

3. Categories of Personal Data We Process

We may collect, use, store, and transfer the following categories of personal data:

(a) Usage Data: Includes information about how you interact with our website, such as your IP address, browser type and version, time zone settings, pages visited, session time, and referring URLs.

(b) Account Data: Includes personal identifiers provided during account registration or checkout, such as your name, billing address, email address, and telephone number.

(c) Profile Data: Includes preferences, music interests, past purchases, user behavior on our website, and subscription preferences.

(d) Communication Data: Includes correspondence sent to or received from us via contact forms, email communications, support requests, or live chat.

(e) Technical Data: Includes device identifiers, internet connection metadata, system configuration info, and plugins or browser settings.

(f) Transaction Data: Includes details of purchases made on nebulosaband.com, payment method, billing and delivery information.

(g) Preference Data: Includes consents to receive marketing communications, language preferences, and stated interests in particular products or services.

4. Legal Bases for Processing

We rely on the following lawful bases under the GDPR and other applicable laws to process your personal data:

– Consent: Where you have granted permission, such as subscribing to newsletters or accepting cookies for analytics.
– Contractual Necessity: To fulfill our obligations when you purchase products or request services.
– Legitimate Interests: To analyze traffic, detect fraud, protect security, and ensure website functionality—balanced against your rights and freedoms.
– Legal Obligations: Where processing is necessary for compliance with legal or regulatory requirements.

5. Your Rights

Subject to applicable data protection laws, you have the following rights concerning your personal data:

– Right of Access: Obtain confirmation of whether we are processing your personal data and receive a copy.
– Right to Rectification: Request correction of inaccurate or incomplete data.
– Right to Erasure: Request deletion of your data, subject to lawful retention exceptions.
– Right to Restrict Processing: Request temporary suspension of processing in certain circumstances.
– Right to Data Portability: Request your data in a structured, commonly used format for transfer to another controller.
– Right to Object: Object to processing based on legitimate interests or direct marketing.
– Rights under the CCPA: If you are a California resident, you also have the right to request disclosure of collected categories of personal data, deletion of specific information, and opt out of data sales (Nebulosa Band does not sell personal data).

To exercise any of these rights, please contact us at [email protected].

6. Security Measures

We implement comprehensive security protocols to protect your data, including but not limited to:

– End-to-end encryption of data in transit and at rest.
– Role-based access control and internal access audits.
– Regular data backups with secure storage redundancy.
– Staff training regarding privacy obligations, phishing prevention, and data protection practices.

While we take all reasonable steps to safeguard your information, no system can guarantee absolute security.

7. International Transfers

Your personal data may be transferred and processed outside your country of residence, including in countries that may not have equivalent data protection laws. Where applicable, we implement Standard Contractual Clauses or other legally recognized frameworks to ensure adequate data protection in line with GDPR requirements and regional laws.

8. Data Retention

We retain your personal data only as long as necessary to fulfill the purposes it was collected for, including for legal, accounting, or reporting requirements. Standard retention periods include:

– Usage and Technical Data: up to 12 months for analytics and diagnostics.
– Transaction and Account Data: up to 7 years for regulatory compliance.
– Communication and Profile Data: up to 3 years after last user interaction.
– Marketing and Preference Data: until consent is withdrawn or 2 years from last engagement, whichever is sooner.

9. Cookie Policy

We use cookies and similar technologies on nebulosaband.com to enhance functionality and personalize your experience. The types of cookies we use include:

(a) Essential Cookies: Necessary for site functionality and transactional processing. Cannot be disabled via cookie preferences.

(b) Functional Cookies: Enhance usability, such as remembering login credentials or preferences.

(c) Performance and Analytics Cookies: Collect anonymized data about site usage to improve user experience (e.g., Google Analytics).

(d) Targeting/Marketing Cookies: Help us deliver personalized content and advertisements if you consent.

For a detailed breakdown of specific cookies used, please contact us at [email protected].

10. Cookie Management and Compliance with GDPR & CCPA

We deploy a Cookie Consent Management Platform (CMP) that allows users to:

– Accept or reject specific categories of cookies.
– Adjust preferences at any time through the cookie settings panel.
– Exercise California-specific rights including “Do Not Sell My Personal Information” links, when applicable.

By visiting the site, you are prompted to either accept or customize your cookie settings. By adjusting browser settings or contacting us, you may further manage cookie preferences.

11. Children’s Privacy

nebulsaband.com is not intended for children under the age of 13. We do not knowingly collect personal information from children. If we become aware that personal data has been collected from a child without verified parental consent, we will take steps to delete such data immediately. Parents or guardians with concerns should contact us at [email protected].

12. Policy Updates

We may revise or update this Privacy Policy to reflect changes in law, technological advancements, or revisions to our data practices. When material changes are made, users will be notified via the website or by email (if applicable) and given the opportunity to review the new terms before continuing to interact with our services.

13. Contact

If you have any concerns, requests, or questions related to how we handle your personal information or this Privacy Policy, please reach out to us:

Email: [email protected]

We are committed to handling your data respectfully and in accordance with all applicable privacy legislation.

This Privacy Policy affirms our compliance with the GDPR, CCPA, and other relevant privacy frameworks. If you have any privacy-related concerns, we invite you to contact us at [email protected].