Sound Associates Privacy Policy
1. Introduction
We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.
2. Who we are
Sound Associates Accessibility Services Ltd. is a company incorporated in England and Wales with company number 14985199, whose registered office is at 6th Floor 9 Appold Street, London, United Kingdom, EC2A 2AP (referred to as “Sound Associates”, “we”, “us” and “our” in this notice).
Sound Associates is a supplier of speciality devices and services including accessibility services for live venues, corporate clients, Houses of Worship, etc.
Scope of this notice
This notice describes our processing of personal data we obtain about:
(a) visitors to our website at www.soundassociatesaccess.co.uk (the “Sound Associates Website”).
(b) staff and representatives of our business customers and potential business customers; and
(c) staff and representatives of our business suppliers and potential business suppliers.
For the purposes of UK data protection law, we are the ‘controller’ of this personal data (meaning that we determine why and how it is processed).
This notice does not describe our processing of personal data relating to people who apply for jobs with us. Neither does this notice describe our processing of personal data relating to our employees.
3. The personal data that we collect and use
In this section we have set out the general categories of personal data that we process and, in the case of personal data that we did not obtain directly from you, information about the source and specific categories of that data.
Business contact data: data relating to our business customers’ and potential customers’ staff and representatives collected in connection with providing services to our customers and potential customers. The business contact data may include your name, business email address, telephone number, postal address, job title, your classification / categorisation within our customer relationship management system and information contained in or relating to communications between us and you, or between us and your employer. The source of the business contact data is you, your colleagues and your employer.
Transaction data: information relating to transactions, including purchases of services, that you enter into with us. The transaction data may include your name, your contact details, your payment card details (or other payment details) and the transaction details. The source of the transaction data is you and/or our payment services provider.
Communication data: information contained in or relating to any communication that you send to us or that we send to you or any communication between you and us in person or via video call. The communication data may include any personal data contained in the content, name, address, company name, contact details and any metadata associated with the communication such as the date and time of sending. If you call us, we may record your telephone call and thus we will process any personal data that you give as part of your telephone call (for example, name and occupation). We will notify you at the start of the call if the call is potentially to be recorded. We obtain this data when you contact us by email, phone, post, social media or website contact forms. The source of the communication data is you and/or your employer, and our website will generate the metadata associated with communications made using the website contact forms.
Audio and voice data: where we use speech-to-text transcription services in connection with delivering our accessibility services, we may process audio records and any personal data contained within them some identifying information spoken during a production. This data is processed by our transcription service provider, Assembly AI, solely on our behalf and in accordance with our instructions. The source of this data is you and/or our clients.
Marketing data: data collected in connection with any marketing subscription or opt-out request. The marketing data may include your name, email address and marketing preferences. The source of this data is you and/or your employer.
Usage data: information about your use of our website and online services, collected automatically by our IT systems. Usage data may include your IP address, browser type and version, operating system, referral source, length of visit, pages viewed, website navigation paths and similar information about how you interact with our website. The source of this data is our IT systems and website analytics tools.
Please do not supply any other person’s personal data to us, unless we prompt you to do so.
Processing we carry out as a data processor: In addition to processing personal data as a controller (as described in this notice), Sound Associates also processes certain personal data as a data processor on behalf of third-party clients. This occurs where our clients — such as app or platform providers — share limited personal or business data with us solely to enable us to deliver technical or operational services on their behalf.
Where we act as a processor, we do so only with our client’s documented instructions and in accordance with a Data Processing Agreement. We do not use such data for our own purposes. Our client, as the data controller, is responsible for providing end users with information about that processing through their own privacy notice.
Information collected from other sources
- Our IT systems for automated monitoring of our websites and other technical systems such as computer networks and connections, communications systems, and access control systems, email and other instant messaging systems
- From a third party with your consent
4. What does Sound Associates use your personal information for
Core processing purposes
Below we describe the purposes we use the personal information for, the types of personal information we use for those purposes and our legal bases for doing so.
| Purpose | Type of personal data used | Legal basis |
|---|---|---|
| Providing our services to our customers and communication | Business contact data Transaction data | Our legitimate interests in providing our services to customers. |
| Asking for feedback in relation to our services. | Business contact data | Our legitimate interests in providing good quality service to our customers and improving our services. |
| Communicating with people for example in response to an enquiry or complaint. | Business contact data Communication data | Our legitimate interests, namely communications with our website visitors, potential customers, customers and customer personnel, and the proper administration of our website and business. |
| Billing and charging customers, preparing invoices, quotes and estimates. | Business contact data Transaction data Communication data | Our legitimate interests in charging customers for our services. |
| Customer relationship management, including dealing with complaints, keeping records of our interactions with customers and keeping in contact with customers. | Business contact data Communication data Transaction data | Our legitimate interests in providing good quality service to our customers, dealing effectively with complaints and maintaining relationships with our customers. |
| Sending marketing communications (see more on this in the “Using personal data for marketing purposes” section below) | Marketing data Business contact data Communication data | Our legitimate interests in promoting services and driving sales |
| Analysing use of our website, e.g. finding out how many people visit various parts of the site, so that we can assess how successful our website is and how it could be improved and developed. | Usage data | Our legitimate interests in promoting our business and services. |
| Keeping our website secure and functional | Usage data | Our legitimate interests in protecting our website and ensuring it works effectively. |
Other processing purposes
In addition to our core processing purposes set out above, we may also process personal data if and to the extent necessary for the following purposes:
Record keeping – We may process your personal data for the purposes of creating and maintaining our databases, back-up copies of our databases and our business records generally. The legal basis for this processing is our legitimate interests, namely ensuring that we have access to all the information we need to properly and efficiently run our business in accordance with this policy.
Security – We may process your personal data for the purposes of security and the prevention of fraud and other criminal activity. The legal basis of this processing is our legitimate interests, namely the protection of our website and business, and the protection of others.
Insurance and risk management – We may process your personal data where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks and/or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.
Legal claims – We may process your personal data where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
Legal compliance and vital interests – We may also process your personal data where such processing is necessary for compliance with a legal obligation to which we are subject or in order to protect your vital interests or the vital interests of another natural person.
5. Using personal data for marketing purposes
We send occasional emails containing information about our business and products to the following categories of people:
• staff and representatives of our business customers or target business customers; and
• people who have subscribed to receive our newsletter or other marketing communications
If you receive such communications from us and do not wish to, you can tell us by using the unsubscribe link in any email we send to you or emailing info@soundassociatesaccess.co.uk.
6. Who we share your personal information with
Service providers
We use a number of service providers in connection with our website, transactions, communications and IT infrastructure, which involves those service providers processing some of the personal data described in this notice to the extent necessary to provide the relevant services. We currently use the following providers:
| Provider | Service provided | Type of personal data used |
|---|---|---|
| Intuit | QuickBooks – Accounting software | Transaction data Business Contact data |
| Assembly AI | Speech-to-text transcription service | Audio & Voice data, Identifiable information |
| Smartsheets | Internal reservation / inventory system | Contact information, Reservation details |
| Dreamhost | WooCommerce – Online reservation system | Contact information, Reservation details (date, time, theatre and production) |
The service providers which are not marked with an asterisk are sub-processors of the personal data which means they will only process any such personal data on our behalf and therefore in accordance with our strict instructions. We have entered into Data Processing Agreements with each of our sub-processors, requiring them to process personal data only on our documented instructions, to implement appropriate technical and organisational security measures, to assist us in responding to data subject rights requests, and to delete or return personal data upon termination of our engagement with them.
The service providers marked with an asterisk (*) are data controllers. Controllers are the main decision-makers – they exercise overall control over the purposes and means of the processing of personal data. Therefore, such service providers will provide you with their own privacy policies explaining why and how personal data is collected and processed by those service providers.
Other parties we may share your personal information with:
- Our parent company: Sound Associates, Inc., for internal administration purposes.
- Insurers and professional advisers: such as lawyers, accountants and business and marketing consultants, but only if and to the extent necessary for them to carry out the work we engage them to assist us with, for example in relation to a legal claim made against us, managing risks or obtaining insurance coverage.
- Organisations or individuals engaged by us in the course of providing our services and running our business: such as individual consultants or their personal service companies who provide software/website programming/development/marketing services or assist us with providing the services to our customers.
- Prospective buyer: if we propose to sell or do sell any of our business or assets, we may make personal data available to a prospective buyer for the purposes of pre-sale due diligence or to a buyer as information assets transferred as part of the sale – for example a prospective buyer may request details of any outstanding legal claim against us, or a buyer may acquire ownership of our business contacts/customer databases.
- Business partners: we may share information with business partners who assist us with providing the services to our customers.
Some of those third-party recipients may be based outside the UK – for further information including on how we safeguard your personal data when this occurs, see ‘Transfer of your information out of the UK’.
There may also be circumstances in which we need to share personal data with other organisations or individuals, such as where disclosure is necessary for the purposes set out in the ‘Other processing purposes’ section above, including complying with legal obligations to disclose information.
In all cases, we will only share personal data with such recipients where and to the extent reasonably necessary for the relevant processing purpose and in accordance with applicable data protection law.
7. Transfer of your information out of the UK
To service providers
Where we use the service providers identified in the section above “Who we share your personal information with”, this may also involve transfers of your personal data outside of the UK.
To parent company
We transfer some personal data to our parent company based in the USA.
Transfers
Where such transfers are to countries within the EEA, these are permitted under UK data protection law as the UK government deems EEA countries to provide an adequate level of protection for personal data.
In relation to any transfers to third parties who are based in countries not deemed to provide an adequate level of protection for personal data, we will ensure that appropriate safeguards are in place to protect your personal data (including the use of standard data protection clauses adopted or approved by the competent data protection authorities).
8. Third-party websites
Our website may feature links to third-party websites or social media channels that are not affiliated with us, and which may link to other websites, online services or mobile applications. We cannot guarantee the safety and privacy of data you provide to any third parties. Any data collected by third parties is not covered by this notice.
We are not responsible for the content or privacy and security practices and policies of any third parties, including other websites, services or applications that may be linked to or from our website. You should review the policies of such third parties and contact them directly if you have any related questions.
9. For how long do we keep your information?
This section sets out our data retention policies and procedures, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
We will retain your personal data as follows:
• Business contact data: We keep this in our CRM databases for 7 years after the relevant customer contract has terminated.
• Transaction data: We delete these 7 years after the relevant customer contract has terminated.
• Communication data: We archive and store emails for 6 years after the date of the correspondence, but if the email relates to a customer contract, we store them for 6 years after termination of the customer contract to which the email relates. Submitted web contact forms are stored for one year.
• Usage data: We delete stored app, software, or website usage logs 3 years after the date of use.
• Marketing data: We will continue to use this data until we receive an opt-out request, after which time we will retain the email address and marketing preference information to ensure that we do not send marketing to the unsubscribed email address.
We may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
10. How do we keep your information safe?
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
11. Personal data of children
Our website and services are targeted at persons over the age of 18.
If we have reason to believe that we hold personal data of a person under that age in our databases, we will delete that personal data.
If you become aware of any data we have collected from children under 18 years of age, please contact us immediately via info@soundassociatesaccess.co.uk.
12. What are your privacy rights?
In this section, we have summarised the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
Right of Access: You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.
Right of Correction or Completion: You have the right to have any inaccurate personal data about you corrected and, taking into account the purposes of the processing, to have any incomplete personal data about you completed. We may need to verify the accuracy of the new data you provide to us.
Right to Erasure: You have the right to the erasure of your personal data without undue delay where the personal data are no longer necessary in relation to the purposes for which we collected or otherwise processed them, you successfully object to our processing, you object to our use of your personal data for direct marketing purposes, we have processed your personal data unlawfully, or an applicable law requires the relevant personal data to be erased. However, there are exclusions to the right to erasure, including where we have overriding legitimate grounds to continue processing the relevant personal data or are required to do so by applicable law or where we need it to establish, exercise or defend a legal claim.
Right to Restrict: You have the right to restrict our processing of your personal data where you contest the accuracy of the personal data, our processing is unlawful, we no longer need the personal data for our purposes but you require it to establish, exercise or defend a legal claim, or you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it to establish, exercise or defend a legal claim, to protect the rights of another natural or legal person or for reasons of important public interest or with your consent.
Right to Object: You have the right to object to our processing of your personal data where we rely on legitimate interests as the legal basis for the processing. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
Right to Object to processing for direct marketing purposes: You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes).
Right to Data portability: where our processing of your personal data is based on performance of a contract or consent and is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others. Please note that most Sound Associates’ processing activities are based on legitimate interests rather than contract or consent. As a result, the right to data portability will have limited practical application in most cases.
Right to Complain to a supervisory authority: If you consider that our processing of your personal data infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection.
Right to Withdraw consent: where any of our processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
How to exercise these rights against us: You can exercise any of your rights in relation to your personal data that require any action by us by emailing your request to info@soundassociatesaccess.co.uk in addition to any other methods specified in this policy. Please be aware that if your request relates to any processing that we carry out as a processor on behalf of your employer, we will inform you of this and advise you to make the request to your employer, because they will be the controller in relation to that processing who is responsible under data protection laws for responding to your request.
Please note that we will require evidence of your identity before we are able to respond to any requests. This is a security measure to ensure that your personal data is not disclosed to a person who does not have the right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
How to complain to a supervisory authority: To make a complaint to a supervisory authority, you may contact the supervisory authority of your choice using contact details made available by that supervisory authority. Relevant contact details for the UK supervisory authority, the ICO, can be found here: https://ico.org.uk/concerns/.
13. Our details
Sound Associates Accessibility Services Ltd. is a company incorporated in England and Wales with company number 14985199, whose registered office is at 6th Floor 9 Appold Street, London, United Kingdom, EC2A 2AP.
For enquiries relating to this notice or our processing of personal data, please email us via info@soundassociatesaccess.co.uk.
14. Changes to this policy
We may update this policy from time to time by publishing a new version on our website and, where any changes materially affect you, we will also make reasonable efforts to notify you.