Welcome to our Privacy Policy Thank you for using our websites and services. Personal integrity is very important to us and we take your privacy seriously. Here you can find out, for example, what personal data we process about you, why and how we do it, where it comes from, who is involved and what our legal basis is for doing this. Here we explain how we process your personal data and what we do to respect your integrity! We recommend that you read this Privacy Policy and use it to make informed decisions. Please read this Privacy Policy carefully – your continued use of our websites and services confirms that you have read and understood this Privacy Policy in its entirety. We hope that by reading this Privacy Policy you are convinced that we are working hard to meet your expectations.

 

You can contact us if you have any questions about this Privacy Policy or general questions regarding your personal data. You can always contact us by sending an e-mail to info@salsabrisa.nl. Salsa Brisa, Tongerseweg 346, 6215 AC Maastricht, Chamber of Commerce 83689842 (“Salsa Brisa”, “we”, “us/our” or “us”), including our affiliated companies, is committed to protecting and respecting of the privacy of all individuals whose personal data we process as part of our provision of the products and services listed below (collectively, “Services” and this also includes products and services provided by our affiliated companies within our “Salsa Brisa” group). A complete overview of the Salsa Brisa activities can be found here: Limburg Salsa Festival, Sardinia Salsa Festival, Euro Salsa Gala, Cuba Beach Party.

 

This Privacy Policy provides you with sufficient information regarding our use of your personal data, including answers to the following questions: What is personal data? Personal data is any information that can directly or indirectly identify a physical, living person. This means that, for example, a name, address, telephone number, but also log and encrypted data and other types of electronic IDs (e.g. an IP address) are personal data insofar as they can be linked to a physical, living person. What is the processing of personal data? The processing of personal data is any action related to personal data, whether done automatically or not. Examples of common deletion operations include collection, registration, organization, structuring, storage, modification, transfer, and deletion. Who should read this Privacy Policy? This Privacy Policy is relevant to anyone who visits our websites, uses our services, products or otherwise interacts with us. Does this Privacy Policy cover all of our processing activities? No, it only concerns the processing of personal data for which we are the data controller – in other words, where we determine the purpose (why the personal data is collected) and the means (which personal data is collected, how long it is kept, etc.) for the processing. What is not covered by this Privacy Policy? It does not cover the processing of personal data that we carry out as a data processor – in other words, if for example we process data on your behalf and we follow your instructions if you use our services and you are the one collecting personal data and determining the purpose for processing such personal data. Website visitors and persons who call or e-mail our customer service Salsa Brisa is the controller of personal data that is processed when someone calls our customer service or uses our website or otherwise contacts us via our support channels. This means that Salsa Brisa is the data controller for personal data processed about website visitors (ie people who just browse our websites). What information about you do we process, for what purposes and what is the legal basis for doing so? Categories of personal data we process Identification information: e.g. identification number, ID, passwords or similar Contact information: e.g. name, address, telephone number, email or similar Financial information: e.g. bank details, card information, financial transactions or similar, credit history (including creditworthiness), information regarding invoices issued by us. How do we not use the information about you? We never use your personal data for any purpose other than what is mentioned in this Privacy Policy, unless we obtain written permission from you or inform you before we start any new processing for new purposes or have a purpose that corresponds to the purpose for which we collected the personal data. collected, all in accordance with applicable laws and regulations. What we do not do with your personal data: We do not pass your personal data on to third parties for their own marketing purposes without assurance that there is a lawful basis for doing so. We do not sell your personal data to third parties. What about automated decision making? At this time, Salsa Brisa does not conduct any processing defined as exclusively automated decision-making, including profiling, under the General Data Protection Regulation (“GDPR”) that has “legal effects” or other similar significant consequences for you. Third Party Services. To provide our services, we disclose personal data about you that is necessary to identify you and to perform an assignment or agreement with companies we work with to perform our services. These services include, but are not limited to, secure identification solutions and credit bureaus in the relevant country and between the parties in a financial system such as a bank. We use the following payment systems: Mollie.nl Sisow.com iZettle.com Our designated banks and relevant card networks may also process your personal data for their own fraud prevention and risk management purposes. Selected service providers, such as certain credit bureaus, may also process your personal data to expand and develop their own services. Data processing third parties. Some third parties to whom we transfer personal data are data processors. A data processor is a party that processes personal data on our behalf and on our behalf. We work with selected suppliers, including for the processing of personal data on our behalf. Examples include suppliers of IT development, maintenance, organization and support, but also suppliers who support us in our marketing. If we pass on your personal data to data processors, we will only do so for purposes that correspond to the purposes for which we collected the data (for example, to perform a contract). We always check all data processors and ensure that they can provide adequate guarantees regarding the security and confidentiality of personal data. We have written agreements with all data processors guaranteeing the security and confidentiality of the personal data they process on our behalf, as well as restrictions on transfers to other countries. Processing Responsible Third Parties. Some third parties to whom we transfer personal data are independent data controllers. This means that we are not the ones who prescribe how the data provided by us is processed. Examples are competent authorities, credit bureaus, acquirers and other financial institutions. If your data is transferred to an independent data controller, its data policy and data processing principles will apply. Competent authorities. We also disclose personal data to competent authorities insofar as we have a legal obligation to do so. Such authorities include tax, police, enforcement and regulatory authorities in the relevant countries. We may also be required to provide information to competent authorities about your use of our services, for example to the tax authorities, where required by law, which may include personal data such as your name, address and information about card transactions processed by us on your behalf through your use of our services. What about transfer to another country? If we transfer your personal data to a third country, i.e. a country outside the European Economic Area (“EEA”), we will comply with all applicable laws relating to such transfer and we will therefore keep your personal data secure and ensure that appropriate safeguards to ensure adequate protection such as entering into an agreement in a form approved by the European Commission. We prefer to use Standard Contractual Clauses as a basis for transfer. You can see a copy of the relevant model EU clauses we use for transfers by going to www.eur-lex.europa.eu and searching 32010D0087. We transfer your information to service providers in the US and we base this transfer on Standard Contractual Clauses and the Privacy Shield. If you want to know more about the Privacy Shield, which is an agreement on the protection of personal data between the EU and the US, you can read it here: https://ec.europa.eu/info/law/law-topic/data- protection/data-transfers-outside-eu/eu-us-privacyshield_en or https://www.privacyshield.gov/welcome We also transfer your data to service providers in Australia and we base this processing on Standard Contractual Clauses. Security and integrity - how do we protect your personal data? We take security seriously. We always process personal data in accordance with applicable laws and regulations and we have implemented appropriate technical and organizational security measures to prevent your personal data from being used for non-legitimate purposes or disclosed to unauthorized third parties and otherwise protected against misuse, loss, alteration or destruction. How long do we store your personal data? We do not process personal data longer than necessary to achieve the purpose of such processing, as set out in this Privacy Policy. We only retain your personal data to ensure we comply with our legal and regulatory requirements. Your personal data will be anonymized or deleted as soon as it is no longer necessary for the purpose for which it was collected. This means, for example, that we only keep your data for as long as it is necessary for the performance of an agreement as prescribed by applicable laws. See below for examples of our retention periods: Accounting Requirements: Seven (7) years. Contract performance data: up to ten (10) years after the end of the customer relationship to defend against potential claims. The above is for informational purposes only and retention periods may vary from country to country. How much say do you have in our processing of your data (in other words what are your rights)? We may be in control of the processing of your personal data when you use our websites or services. But that doesn't mean you have nothing to say about it. You have rights and we think these are important! In general, we believe that you have the right to have your data processed in accordance with your expectations. But you also have rights set out in applicable laws. You can read more about your rights below in the order that we think is most relevant to you. The rights we think are most relevant to you *You have the right to be informed about certain details of the processing of your personal data. We provide this information through this Privacy Policy. *You have the right to receive a copy of the personal data we process about you. You can receive this information by contacting us. *You have the right to correct the personal data we process about you if you see that it is inaccurate. *You have the right to object to our processing of your personal data. Please note that there are exceptions to the rights below, so access may be denied, for example if disclosure is prohibited by law. Your rights in relation to your personal data The right to information You have the right to information about how we process personal data about you. We do this in this Privacy Policy. However, you can always contact us if you have any questions. The right to access You have the right to access the personal data we hold about you. In this regard, you may receive a copy of the personal data we hold about you. We reserve the right to charge a reasonable fee for additional copies based on our administrative costs. To exercise this right, please contact us as described below. Please note that much of the personal data we process about you is available and visible in your Salsa Brisa account at dancestudio-pro.com. This right means that you have the right to: *obtain confirmation of what personal data we process about you *access your personal data and *receive such additional information (which corresponds to the information contained in this Privacy Policy). Please note that we may need to ask you to provide more information about yourself so that we can identify you and handle the request efficiently and securely. This may mean that we may ask you to send a copy of a valid ID and ask you to ensure that this copy of the valid ID is signed by you. The right to rectification We ensure that inaccurate or incomplete personal data is erased or rectified. You have the right to have inaccurate or incomplete personal data we hold about you rectified. The right to erasure of your personal data (“Right to be forgotten”) You have the right to erasure if: *the personal data is no longer necessary for the purposes for which it was collected or processed (and there is no new lawful purpose for it ) * your particular situation entitles you to object to processing based on a legitimate interest (more information below) and there is no legitimate reason for us to continue processing * the legal basis for processing is your consent and you withdraw consent and there is no other legal basis * the processing of the personal data has been unlawful, or * we have a legal obligation to delete the data. The right to restrict the processing of your personal data You have the right to ask us to restrict the processing of your data (in the sense that the personal data may only be held by us and may only be used for limited purposes) if: *the personal data we hold about you is incorrect * the processing is unlawful and you ask us to restrict the use of the personal data instead of erasing it * we no longer need the personal data for the purposes of the processing, but if we still always needed for the establishment, exercise or defense of a legal claim, or *if you have objected to the processing and you claim that the legal basis of the legitimate interest is invalid and you are waiting for the verification of this claim. The right to object to the processing of your personal data Where our legal basis for processing your data is our legitimate interests, you have the right to object to the processing of your data if: you can demonstrate that your interests, rights and freedoms regarding the personal data outweigh our interest in processing your personal data, or we process your personal data for direct marketing purposes, including, but not limited to, profiling. This means that we will stop this processing unless we can demonstrate a compelling legitimate basis for the processing which overrides your interests, rights and freedoms, or the personal data is necessary for the establishment, exercise or defense of legal claims. If you choose to object to our further processing of your personal data as described in this Privacy Policy, please note that we may no longer be able to provide you with the services you have requested and we may therefore terminate the relevant agreements with you; see the relevant terms and conditions for more information. In addition, we may continue to process your personal data for other legitimate purposes, such as to fulfill a contract with you, to protect your interests in connection with legal proceedings and to comply with our legal obligations. If you have received marketing from us, you can object to this marketing at any time by contacting info@salsabrisa.com or opt-out by following the instructions in the marketing materials. The right to data portability You have the right to data portability: *for personal data that you have provided to us, and *if the legal basis for the processing of the personal data is the fulfillment of a contract or consent. What about cookies? Cookies are text files placed on your computer to collect standard Internet log information and website visitor usage and to compile statistical reports on website activity. You can set your browser so that it does not accept cookies. However, in some cases the features of our website may not function as a result. That is why our website uses cookies to distinguish you from other users of our website. This allows us to provide you with a good experience when you browse our website and also allows us to improve our website. For detailed information about the cookies we use and the purposes for which we use them, please see our Cookie Policy. What about other third-party websites and services? Our websites and services may from time to time contain links to third party websites that are not under our control. If you visit such websites or use such services, please note that this Privacy Policy does not cover processing by such third parties and we therefore recommend that you read carefully how these third parties process personal data before using their websites or services. How can we change this Privacy Policy? We are constantly working to improve and develop our services, products and websites, so we may change this Privacy Policy from time to time. We do not affect your rights under this Privacy Policy or under applicable data protection laws in the jurisdictions where we operate. If there are significant changes, we will send you a more prominent notice if we are required to do so under applicable laws. It is recommended that you review this Privacy Policy from time to time to be aware of any changes.