Alyra · Data Protection Policy

Article 1 · Definitions

It is admitted that the definitions provided in article 4 of the GDPR are applicable to the present Data Protection Policy, and that the terms used hereafter should be understood in accordance with the definitions specified in article 1 of Alyra Terms and Conditions of Services, as reproduced below:

The Site: the app (or “website”, “site”, “web app”, “progressive web app”, “PWA”) accessible via the following address www.musicwithalyra.com, as a whole, including all potential subdomains.

Alyra: refers to the company Apollo, owner, editor and sole representative of the Site and of the business name “Music With Alyra”, as designated in the Legal Notices.

Users: refers to all types of users of the Site, including all of its functionalities, when it’s not necessary to distinguish them and to identify them according to the present definitions.

The Artist: refers to any User, natural or legal person, with full legal capacity, who uses the Site to search and book musical studio sessions and/or related services (in particular, recording, rehearsal, mixing, mastering, etc.).

The Provider: any User, natural or legal person, with full legal capacity, who uses the Site to offer one or several musical studios for rental, understood to include premises dedicated to professional musical services, as well as associated services (in particular, recording, rehearsal, mixing, mastering, etc.).

The Client: any natural or legal person who completes one our several purchase(s) of live concerts tickets on the Site, whether this person is already a User or not.

The Studio Sheet: refers to the page which gathers all information concerning the Studio(s) that the Providers offer for rental.

The Orders: refers to the agreement and the linking between Users through the Site, leading to the execution of the services explicitly included in it, and in accordance with the present and with the Terms and Conditions of Services.

The Parties: refers to, together, Alyra and the Users who agreed the present and the Terms and Conditions of Services.

The TCS: the whole and indivisible agreement that governs entirely and exclusively the User’s registration and use of the Site, including all functionalities and all Users. This agreement may also be named “Contract” or “Terms and Conditions of Services”, and is accessible by clicking here.

The Data Protection Policy: the present indivisible document, that constitutes the whole entirety of Alyra’s commitments concerning personal data collecting and processing through the Site.

Third party: refers to any person who is not party to the TCS or to the Data Protection Policy.

The Resources: any type of product or service, physical or dematerialised, that can be offered and purchased on the Site, by and between the Users exclusively (in particular for recording, rehearsal, mixing and mastering services, etc.).

The Service(s): refers to the entirety of the services provided directly by Alyra via the Site (subscription, search, select, linking, etc.).

The Information: designates all information published on the Site by Alyra.

The Content: designates all content information and data entered by the Users, that are destined to fill their profile or Studio Sheet on the Site.

Article 2 · Acknowledgement of Accountability

The collection and processing of personal data, executed as part of the use of the Site, necessary to undertake the good execution of the common contractual purposes, and for Alyra to respect its obligations as part of its commercial distance activities, is executed in compliance with the applicable regulation in European Union (GDPR) as well as (French) “Loi Informatique et Libertés modifiée”, under the responsibility of Mr Charles Tarnier, designated in the Legal Notices.

Article 3 · Objects and purposes of data collection

The collection and processing of personal data executed on or via the Site is limited to that which is strictly necessary, and in accordance with the principle of “privacy by default”.

The present Data Protection Policy’s purpose is to inform Users about the data that is collected and processed during their navigation and their use of the Site’s functionalities, to inform them about Alyra’s compliance with its obligations, and to divide rights and obligations of each party as part of such data collecting and processing. Alyra commits to undertake all legal and usage measures in this field.

Data collecting and processing on or via the Site is executed for the following purposes:

allow Alyra to know its audience better in order to optimize and manage its relationship with the Users, via analysis and Site’s audience measurement, as well as the compilation of commercial statistics and eventual advertising statistics;

ensure technical effectiveness and safe use of the Site, which can include in particular the consultation, the subscription and/or registration (personal account, webinars, events, etc.), written communication, the publication of comments and reviews, the execution of orders, contact making, Services right execution, the download and/or upload and archiving of specific contents, management of accounts and personal data, notifications, invitations, solicitations and miscellaneous communications from Alyra;

allow Alyra to send Users newsletters (destined to, in particular, inform them about the use and evolutions of the Site, the launching of future products or Services, specific advice from Alyra, etc.); as well as prospecting and/or specific information, including prospect reminder follow-up messages, management of technical operation for prospecting, selection of Users for customer retention, commercial prospecting, surveying, products tests, discounts and all solicitation operations.

allow Alyra to send Users commercial solicitations, concerning corresponding offers (similar to those offered on the Site), and to enhance the Site as well as its commercial offers; this purpose includes management of Alyra's relationship with the Users and of clients and User’s reviews about products, Services, or contents; it also includes potential participation to special events (such as game contests, random draw, offers, etc.) and to retention programs, exclusive of gambling and game of chance that are subject to approval from (French) “Autorité de Régulation des Jeux en Ligne” (ARJEL);

allow Alyra to ensure the right execution of its obligations towards its clients and Users, via diverse Services and products, which implies by definition to provide voluntarily personal data, which can include: identifying persons using the Site in order to purchase products and/or Services; perform operations related to data management concerning contracts, purchases, deliveries, bills, countability and commercial relationship follow-up; allow the right execution of payments, as well as prevention and fight against fraud and payment methods fraud, and in particular card fraud; manage arrears, losses, and disputes; resolve potential claims, and treat requests concerning rights of access, rectification and opposition;

allow Alyra to ensure efficient management of its relationship with its potential commercial partners, subject to allowing clients and Users to clearly and perfectly identify such potential partners, who shall then commit to respect, under contract, the same level of respect and protection of privacy than Alyra itself. In such specific case, that shall be validated by explicit consent from the Users, Alyra guarantees the respect of the User’s privacy by such potential partner. No communication of such data will even be done to these potential partners without previous and explicit consent from the User.

Article 4 · User’s consent

In accordance with article 6 of the GDPR, Alyra can perfectly collect and process data, in order to execute its obligations as part of the purchase of its products and Services, to protect its legitimate interests, in accordance to the Terms and Conditions of Services.

Alyra shall request your explicit consent unless these two aforesaid cases make it unnecessary, or if the Law provides an obligation to collect your consent.

In case of modification of the present Data Protection Policy, Alyra commits not to reduce sub-stantially the level of privacy without previous information to its Users and clients.

Article 4.1 · Informative banner and consent to use cookies

For purposes of transparency, respect of the rights of individuals on their personal data, and also optimisation of the use of the Site, Alyra has set up a compliance process concerning the automatic use of basic cookies upon entering the Site, so that nor the User neither Alyra needs to take specific action to ensure the compliance of such process. No cookie on the Site allows to collect personal data.

An informative banner, that appears when entering the Site, reminds to Users that their consent to the deposit and the use of cookies and the potential consequent data collection, is assumed by Alyra if the User continues his navigation or clicks on the “OK” button located on such banner (or a button with an equivalent name and meaning, that attests the User’s consent).

Such cookies are necessary for Alyra to optimize the exploitation of the Site, regarding the measuring of its audience, and in accordance with article 3 of the present; such cookies are automatically deleted within a fourteen (14) months period; the content of this collection is specified in article 5.1 of the present Data protection Policy.

Users can also read and know the entire conditions of the data collecting and processing by reading the present Data protection Policy.

Article 4.2 · Explicit consent when using the Site’s functionalities (optin)

User’s consent is systematically and explicitly collected with a physical or digital signature, and/or the filling of a checkbox and/or any other way of collecting the consent, understood as the manifestation of a clear and unambiguous will (optin), in particular in the following cases: contact Alyra by using one or several online contact forms, to subscribe to Services and purchase products, search and book a studio, or use functionalities that imply by definition to collect and use some provided/collected data (answers to surveys, subscription to online or live events – workshops, masterclasses, webinars, courses, etc.).

In all cases, Alyra allows the Users to effectively withdraw their consent (optout) to actual or future data collecting and processing, by any adequate means, such as in particular: “optout” and email unsubscription link, written formal request, etc.

The entire conditions of use of the User’s rights concerning their personal data are specified in article 11 of the present Data Protection Policy.

Article 5 · Content of data collection

Article 5.1 · Data collected with cookies

The collected data that is potentially processed by Alyra through cookies are governed by article 6 of the present Data Protection Policy (Cookies Chart).

Article 5.2 · Data explicitly provided by Users

The exact content of the data collection operated when the Users uses the Site’s functionalities and/or Services, vary according to such specific use, and may gather the following information:

Civil status and contact information for linking:

Valid email address, name et surname, land line and/or mobile telephone number;

Postal address of the studios offered for rental, publicly approximatively available, but completely and exactly available to the Artists after the validation of a linking Booking (it is admitted that these addresses can sometimes correspond to the concerned User’s personal address, who has set one or several home-based studio(s) - “home studio”);

The (exact) location of the studio(s), specified by the Provider himself (hence, the selected time zones are stocked in order to provide precise time and places to ensure precise and effective linking Orders);

More or less complete description of the studios offered for rental (characteristics, available equipment, opening hours, special conditions, etc.);

Prices and currencies applicable to the studio services offered by the Providers;

Professional identification data (registration numbers – siret, etc., company name, VAT numbers, potential authorization, etc.);

Profile image or background image (photography, logo, banner or given image), during registration and account opening process;

Selection of favourite language;

Providing of diverse social network and website addresses and links, if the case may be;

Diverse information concerning personal and/or professional life (life habits and mini biography) displayed in the public profile description;

Message subject and a free text field in case of use of the contact form and/or the online chat;

The potential need of a sound engineer services; such information is stocked by Alyra (in order to allow precise linking with the right Providers and fair pricing).

Potential comments from Users on the Site.

Billing information and commercial relationship:

Billing and delivery/shipping addresses (email and postal);

Bank details in order to execute payments and debits of commissions, via the third party provider Stripe;

Clients management data:

Identification and password (User’s passwords are never stocked in plain text, but as a computer footprint, and are destined to future security verifications concerning future connexions to the Site);

Information provided in surveys;

Information explicitly provided by the Users during live or distant events (online or offline);

Complementary and supporting data and documents when Alyra executes a legitimate security verification that implies provision of such data.

Ticketing service data :

The organisation of live shows requires from Alyra to perform a minimum data collection, destined to ensure the validation of purchases, access to the concert hall and to the Chat, and the smooth functioning of the session. Such data is processed exclusively for this purpose, and are retained for computer security and proof of Alyra’s activities.

Basic purchase information (mail, nom, prénom, adresse de facturation, coordonnées bancaires gérées par Stripe)

IP address, collected in order to allow Alyra to generate an access link which corresponds to the concerned Client’s IP address and to secure the latter’s seat (and prevent unauthorised connexions), deleted within a period of twenty-four (24) hours starting from the end of the show, concerning the management of accesses to the shows. The Clients are aware and admit that the collection of the IP address is also performed in order to secure exchanges on the Chat and for reasons of proof in case of violations by the Clients of the applicable rules during the shows. Within this context, IP address can be validly retained, and potentially transferred to police and justice services as the case may be, in order to find and sue the concerned person(s), and lastly to forbid him/them future access to the Chat and/or to Alyra concerts halls. Alyra attests never using the IP address for any other reasons that those hereby described (no processing, targeting, prospection, transfer, etc.).

Pseudonym created by the User/Client, retained as archive for reasons of proof.

Article 5.3 · Users defaults in providing data

Whether the providing of an information is compulsory or not, varies according to the use of the Site, and is always specified explicitly and clearly online or in the concerned documents

Users commit without reserve to provide exclusively complete, exact and valid information, and waive Alyra from all responsibility for any damage resulting from their own fault in this field.

Likewise, Users admit that their own potential defaults in providing compulsory data allow Alyra to suspend or cease any Service and/or purchase of products, eventually based on such data.

Under its moderation and control capacity over the whole Site’s activities, Alyra reserves the right to perform any useful verification concerning all data provided by the Users, including asking supplementary supporting data and/or documents.

Article 6 · Cookies Chart

The use of cookies or other similar computer tracking technologies are necessary for an effective use of the Site; such cookies are placed on the User’s device and give access to diverse types of information to Alyra.

Cookies utility:

Cookies are useful to Alyra to provide the User a customized experience on the Site, by memorizing some of his personalization choices.

Cookies can be used for statistics purposes, especially to optimize the Services by processing data concerning frequency of access, pages personalization, performed operation and consulted information.

The collected information will never be used for another purpose than following navigation habits, volume, type and configuration of the traffic transiting through the Site, developing its conception and layout, and more generally enhancing the Site’s use.

Acceptation of cookies and quality of navigation:

Users admit that they must consult and check their own internet browser’s privacy settings (which stocks and manage them), if he refuses the use of such cookies.

Alyra wants to inform and specify to Users that no cookie used on the Site can ever represent an IT security risk for them and recommends a personal configuration (from the User) accepting such cookies, which encourages the good consultation and use of the Site. Alyra wishes to point out that the use of cookies makes navigation on the Site more pleasant and personalised.

As a consequence, Users are not entitled to hold Alyra responsible if they refuse cookies in their browser or by any means, and if their use of the Site is then less pleasant, less efficient, or even impossible.

Contents accessible via the use of cookies:

Cookies don’t collect personal information allowing to identify Users, neither on hard drive nor online, and the collected data is anonymous or anonymized.

Cookies give access to Alyra to standard information concerning the User (navigation time, approximative place, etc.). Users understand that their IP address is partly collected by Google Analytics (without the last two signs/characters though), and is at all events illegible by Alyra, because no divulgation is done by Google Analytics for privacy reasons, and cannot be of any other use in itself.

Exact list of cookies used by Alyra:

Imperative cookies for the Site’s functioning in any case:

GDPR_Aware to check that the informative banner has been approved (management of consents on the banner itself, allowing not to display it with every page loading).

Rates in order to know exchange rates, that are updated daily (business days), in order to display prices in the currency selected by the User.

DM to know the dark mode state (on, off, or automatic).

Stripe to allow the right functioning of this service, as the case may be (some Stripe cookies become imperative in case of linking between Users and/or a given payment – other Stripe cookies are imperative in any case when consulting the Studio Sheets).

Prev to know the last page previously consulted by the User, in order to allow the functioning of the back button (if the case may be) and returning on the actual page.

Fltrs to save search filters, chosen by the User on the map.

Imperative cookies for the Site’s functioning in case of subscription:

Auth to know if the User is connected or not and to identify him.

Non imperative cookies for the Site’s functioning:

Google Analytics for standard audience measuring. During navigation on the Site, Alyra collects by default only the data that allows audience analysis and measurement: data concerning IP address (identification of the internet connexion and the terminal), consulted pages, as well as any types of data accessible via a standard use of Google Analytics, regarding possible interactions between Users and the Site:
- Number of pages views;
- Origins of the traffic;
- Dates et hours;
- Places of consultation (geo-tracking is not more precise than the city);
- Duration of visits.
None of such data, processed separately or together, allow any kind of identification of any person, and is consequently considered as anonymous or anonymized data.

Microsoft Clarity for behavior analytics. Alyra captures the Users interactions on the Site, in particular, how the pages have rendered and what interactions the Users had on them such as mouse movements, clicks, scrolls, etc. It helps to enhance the user experience without asking the Users to give Alyra a feedback.

The sensitive data is masked by default by Microsoft Clarity before being sent and Microsoft Clarity allows Alyra to mask additional content if necessary. Alyra reviewed all the pages of the Site to be sure that it is not possible to identify any User with the data collected.

LC to know the language and currency selected by the User (at the bottom right corner). (This cookie is not activated until the User selects a language option different from the default language - English, or a currency option different from the default currency - US dollar).

Article 7 · Interactivity with third party websites and applications

Users can interact with the Site by clicking on third party websites and applications buttons (via social networks buttons, Alyra's diverse websites, as well as those of Alyra’s potential third services providers and/or commercial partners and/or subcontractors).

Users are aware that when they connect their account to such other third service’s account, such as a social network, this service shall lawfully communicate to Alyra their connexion and profile information, as well as any other information which the divulgation has then been authorized.

Users admit that the use of these buttons thus allow such communication of this information to Alyra, as well as to the concerned third websites, in the conditions of the present Data Protection Policy, in particular in its article 9.

However, Users remain fully responsible of their own contractual relationship with the aforesaid websites and networks, who edit their own Privacy Policy (or any equivalent name) in order to govern this data transfer, collection and processing as part of it (profile and privacy settings, etc.).

In no way Alyra shall bear responsibility of any damage resulting from the use of this process towards the Users and Clients as well as such third parties and is accountable exclusively for the data processing under its responsibility.

In particular, as part of the “Mixing” and “Mastering” options within the linking processes between Users, Alyra may use the third platform “WeTransfer”, in order to allow the latter to transfer and/or download and/or upload files or documents (audio, video, texts, images, etc.), for the purpose of using them as part of their linking and potential consecutive shared work. Alyra ensures to Users that this platform is safe in normal conditions of use and excludes his liability for any damage that could result from the use this particular platform. Alyra can at most specify on the Site the period of validity of the download link of the concerned files, that are in no way stocked nor archived by the latter.

Alyra also excludes its responsibility for the use by Users of the files and documents that are thus exchanged in any way by the latter, and for any damage that could result from it (in particular, loss, hijacking, destruction, etc.).

Article 8 · Security of data processing

Article 8.1 · General security obligations

Alyra commits to take all necessary or useful caution measures to preserve the safety of the data collection and processing, with respect for physical and logical safety standards (offices, devices and servers protection, etc.) that are under its authority, concerning navigation, subscription and use of the Site in general, not excluding all security obligation placed under the web host's responsibility (Amazon Web Services).

Security measures are adapted to the effective risk of accidental, unauthorized or illegal access, and to effective risks of personal data divulgation, alteration, loss, or destruction.

Any information accessible on the Internet via an outbound link from the Site, except Alyra’s other websites, is not placed under the responsibility of the latter, who excludes its responsibility concerning such contents and potential IT security holes or risks, as well as any consequence that could result from them (the specific IT security conditions concerning the Site are specified in Alyra's TCS).

Article 8.2 · Security measures

IT Security ensured by Alyra:

ID (unique e-mail) and password (never displayed in plain text)

Implementation of protection for professional devices

Regular backups (done directly by Alyra, daily and under safe conditions, in order to ensure the restoration of the Site in case a problem its security, its integrity, or its existence.)

Encryption of the data transiting between the server and the User/Client

Encryption of the code and the cookies.

Log and events filing

Google reCAPTCHA for all forms implying creation of data

Encryption through the HTTPS protocol on every page of the Site

And many more…

Alyra takes security measures in order to avoid damage on and/or distortion of the processed data, and to prevent access from third parties, in particular by controlling and securing potential access and communication of such data.

Users admit that they are responsible for their own ID and password, which they can create and modify in case of loss or oblivion, via the specified process on the Site. Users exclude seeking responsibility of Alyra in such cases of oblivion, loss, theft, hijacking of this ID and password. Alyra attests that it even has no access to the User’s password in plain text and therefore can not even read them.

IT Security ensured by Amazon Web Services:

Logging, monitoring, threat detection, and analytics

Network and infrastructure security

Data protection and encryption

Compliance with regulations such as PCI, GDPR, CSA and HIPAA

And many more…

The commitments of Amazon Web Services concerning personal data security are accessible by clicking here and those regarding compliance programs by clicking here.

IT Security ensured by Stripe:

The third party service provider who’s in charge of payments on the Site (Stripe) fully takes over banking details encryption for every payment made on the Site.

The commitments of Stripe concerning personal data security are accessible by clicking here.

Article 8.3 · Information obligations in case of security holes

Alyra commits to the fullest transparency of communication concerning it’s Users and Clients personal data security.

May the case arise when Alyra would know about an unauthorized or illegal access to it’s Users personal data, and especially if such access brings or involves consequences on security risk realization or aggravation, Alyra commits to:

Notify the incident to the Users forthwith, especially if such notification is mandatory;

Examine the causes of the incident;

Take any necessary and reasonable measures in order to lessen negative effects and dam-ages that could result from the aforesaid incident.

In no case the fact that Alyra commits to inform promptly its Users in such specific cases should be understood as an admission or acknowledgement of fault or liability concerning the occur-rence of the concerned incident.

Article 9 · Data processing privacy

Article 9.1 · Navigation data

Alyra does not communicate the personal and confidential data collected through the use of the Site, to no third party and in no way or form whatsoever, except to the legitimate persons cited below:

Alyra's potential staff (including trainees or interns);

The potential technical services provider who is in charge of the creation and/or maintenance of the Site, as well as data hosting;

The persons who are potentially in charge of countability, administrative and/or legal aspects of the Alyra company, including as external services providers;

Commercial partners of Alyra, subject to explicit consent (optin) of the User/Client and the respect from Alyra for its legal obligations in this field;

Potential providers, subcontractors and/or subsidiary companies, in order to fully execute the purchases that imply the latter, who can only access the necessary data, and for the right execution of the contract(s) that bound them to Alyra, and subject to respect of their contractual obligations that binds them to Alyra;

Legally authorized third parties (in particular on explicit and motivated request of public, judicial, or regulating authorities, etc.); in particular, customs offices shall be recipients of personal data as part of international deliveries;

Potential assignees in case of Alyra’s participation to a merger or acquisition operation, or any other form of asset sales, subject to commitment to guarantee the same level of personal data protection and privacy to the Users, who shall be informed before such transfer or submission to new privacy rules.

In such cases of communication of personal data to third parties, Alyra ensures that the latter is accountable for applying privacy conditions that are the same or equivalent to its own commitment.

In such cases, Alyra commits to guarantee that the concerned third parties offer sufficient contractual warranties in order to implement appropriate technical and organisational measures, and for the processing to meet GDPR requirements.

Article 9.2 · Data collected for linking between the Users

Users admit that their effective linking via the Site implies for them to provide without fail necessary information and to specify their details among which in particular exact postal address, concerning studios offering rehearsal and/or recording services (postal address is never displayed before effective linking process is validated, and the first degree of geo-tracking is approximative).

Users admit the functioning of this process and the consecutive exchange of data between them and waives Alyra’s liability in case of inadequate or illicit use of such exchanged data.

Furthermore, they waive Alyra of all responsibility for any supplementary data communication between them (all data categories combined), on their initiative and including through the chat (in particular but not limited to, potential necessary information in order to easily find and go to the studios – access codes, floor, practical precision, etc.).

Article 9.3 · Data collected for users and clients testimonials

Alyra commits to collect potential anonymous testimonials from Users and Clients in accordance with the terms of the TCS.

In cases when such testimonials are not anonymous and include the concerned User’s image, an image rights authorization is systematically proposed to the concerned User or Client, in order to guarantee the latter the respect of such right and the option to withdraw his consent if he wishes to delete his testimonial from the Site or discontinue its exploitation by Alyra.

Article 9.4 · International transfer of personal data

In accordance with regulation applicable to data transfers with countries outside the European Union, Alyra commits to transfer, as the case may be, collected personal data only and exclusively to countries acknowledged to offer an equivalent level of protection.

Alyra commits to refrain from transferring personal data outside countries acknowledged by the (french) CNIL for offering a sufficient level of protection, unless Alyra has been duly authorised by the CNIL in order to process such transfer.

The User accepts that the use of the Site in general can involve automatic transfer of several con-nection data (pages views, operating system, language, country, etc.), to third party services pro-viders who are in charge of providing the services that allow Alyra to collect and process its own data (in particular Google Analytics), with no possible intervention of Alyra on such transfer). The User can consulter article 6 of the present for more information.

Article 10 · Data conservation and time limits

Article 10.1 · Renewal of the User’s consent

The collected data are saved validly for the entire duration of the commercial relationship between the Parties, and as long as they are necessary to the purpose for which they have been legitimately collected initially and for which they continue to be processed, and as long as this purpose continues to be legitimate, proportionate, and accepted by the concerned User.

The time limits for conservation, specified in article 10.2 of the present Data Protection Policy, shall start from the end of the commercial relationship between the Parties, or from the last interaction between the Parties, materialised by a clear and unambiguous manifestation from of the User’s/Client’s will to interact with Alyra.

The specified time limits for conservation of the data vary according to the type of data, which can be subject to legal and regulatory different requirements (which can authorise a longer saving or on the contrary require their deletion).

In some cases the User’s/Client’s consent can be renewed when the time limit of conservation is reached. Should this consent not be renewed, the concerned data shall be anonymized and saved for statistics purposes, or for reasons of proof of the commercial activities of Alyra.

As a consequence, the Users admit that the potential deletion of their account, as the case may be, results in immediate purge of all data contained in their profile, except contractual and pur-chase data that are destined to archiving by Alyra.

Article 10.2 · Time limits of conservation applicable to different data

Data is saved for the purpose of enhancing the use of the Site, optimizing commercial relationship, as well as ensuring security of navigation and finally for reasons of proof of the commercial activities of Alyra.

The time limits are:

fourteen (14) months concerning connection data and audience measurement (in particular, the cookies, programmed to be automatically deleted after this limit); the cookie time limit is not re-newed at each visit.

twenty-four (24) hours concerning data that are necessary for the good functioning of live concerts, which are saved within this period then archived for security and proof purpose (IP address and pseudonym chosen for the Chat – see article 5.2);

fifteen (15) months for banking data and bank details, when there are collected and saved by Alyra (in principle, banking details necessary for the validation and processing of the purchases are not saved by Alyra – they are fully managed by the third party service provider for payments - Stripe);

maximum three (3) years for the other types of data; This time limit of three years starts from the last active contact for the Users, and from the end of their subscription, or the full completion of the delivery for product’s purchases.

Alyra commits to renew the Users consent before the time limit is reached, in order to continue to utilise the data that concerns the latter (Optin), or to stop sending newsletters and commercial solicitations in default of such renewed explicit consent (Optout). Alyra commits to stop such sending on simple request from the User, in the conditions of article 11 of the present Data Protection Policy.

More precisely, shall the User fail to identify or to have an active behaviour (for example, by click-ing on a link) within a period of three years, the latter may receive an email inviting him/her to connect to his/her account on the Site forthwith, otherwise his or her data may be completely de-leted from Alyra’s database.

Article 10.3 · Record keeping

All data that have not been validly deleted after the limits have been reached in accordance with article 10.2 of the present, can be recorded as archives on a separate computer device, for reasons of proof and in a strictly limited access, except in case of request for personal data deletion procedure, prone to result in definitive deletion of such data under legal requirement.

In such case, the deletion of data is effective when the time limit for data conservation, or necessary or imposed recording limit, is reached, and/or as soon as valid and formal request from the User is received and treated (see article 11).

In such case, the Users admit that their personal data can be purged from Alyra's IT system with no possibility of recovery.

Article 11 · Rights of persons on their personal data

Article 11.1 · Rights of persons’ content

The Users have right to access, query, rectification, limitation, portability, opposition and/or dele-tion of the data that concern them; they can exercise such rights at any time on the following email address: legal@musicwithalyra.com, or by postal mail (see the contact details in the Legal Notices).

The Users also have the right to oppose, at any time and for reasons that depend from their particular situation, to the processing of personal data on legal legitimate basis by Alyra, as well as a right to oppose commercial prospecting. The consent to process can be withdrawn with no effect on such processing legal validity, based on initial consent.

The Users can also set general and particular guidelines that define the way they wish their above mentioned rights to be applied after their death.

The Users can always lodge a complaint before the CNIL if answers provided by Alyra is deemed unsatisfactory.

Article 11.2 · Exercise of the rights of persons

Alyra commits to make effective all motivated request concerning personal data, by answering within a period of thirty (30) business days, starting from the reception of the request. These re-quests can be made via the following email address: legal@musicwithalyra.com, and are formalised by an answer email notifying its reception and execution.

For security reasons, and in order to avoid fraudulent requests, Alyra can validly require that the request shall be accompanied with identity credentials, which shall be deleted or destroy after the demand is fully processed, and subject to the application of a legal disposition requiring its recording.

The Users admit without reserve that in case they submit a motivated request to delete their per-sonal data, such data can be purged without any possibility of recovery, and that this deletion may prevent the right execution and continuation of their contractual relationship as well as the benefit of the Services, as they may be imperative to use some parts of all of the Site. As a consequence, should these rights be exercised at the same time with a purchase or subscrip-tion of products or Services, such purchase or subscription could not be executed.

Article 12 · Applicable law, disputes and litigation

By express agreement between the Parties, the present Data Protection Policy is exclusively governed by french law, and shall be interpreted in view of french law, including concerning the transposition of European law and regulation in french law (GDPR).

By express agreement between the Parties, where no amicable solution can be found to any potential disagreement concerning the Clients and Users personal data collection and processing, as well as the present Data Protection Policy’s validity, interpretation, execution, aftermaths and consequences, such dispute shall be by principle subject to the jurisdiction of french courts, in accordance with the applicable law to the case at issue.

The User who does not reside in France is informed that he can also bring his case to a court of the Member State of the European Union in which he has his main residence.