Data privacy policy

 

RHYTHM AS

​

Schousterrassen 6

0573 Oslo, Norway

 

Version 1.0 last revised and edited on 22 February 2022.

​

Introduction

​

RHYTHM AS (“RHYTHM,” “we,” “our,” “us”) strives to provide the best learning environment for your latin dance experience. We want to provide a dance environment that is fun, relaxed, and secure. As a part of this goal, we place great value on your data protection rights and take any measures we can to help protect your data. 

 

This privacy policy describes how we collect, use, process, and handle our your personal information as the “Data Subject” when you interact with us online or offline for the use of any of our website, studios, classes, events (collectively “services”) or during other interactions, such as through telephone, email, social media, or any other mode of communication (collectively “communications”).

 

You can also find information about your rights in this privacy policy. If you as a “Data Subject” have questions about the processing of your data, or you want to enforce your rights under the privacy legislation, please contact RHYTHM using the contact information in this policy.

​

Data subjects

​

“Data Subjects” are any identified or identifiable natural person whose Personal Data is processed. As part of our business, RHYTHM collects personal data to be used in our process to provide dance studio services, specifically related to the following persons:

• Current, former, or prospective customers (also described as “students” or “team members”) of the dance studio

• Current, former, or prospective business contact – meaning suppliers, subcontractors, shareholders, or partners of RHYTHM

 

Data privacy policy surrounding services

 

RHYTHM collects personal data related to the data subjects to fulfill our contractual obligation towards you as our customer and business contacts as well as towards tax and other governmental authorities.

 

The legal basis for the processing of this data is Art. 6 GDPR. At any point, you may revoke your consent to receive emails or phone calls according to Art. 7 Para. 3 GDPR and object to future processing of your data according to Art. 21 GDPR. Furthermore, you can request the data to be deleted according to Art. 17 GDPR.Once consent is withdrawn, any future processing of personal data within the scope of the consent is terminated.

 

Please refer to the “Rights of the data subject” and “Use of your rights as a data subject” for more details.

 

The following encompasses all RHYTHM services:

• www.rhythm.no - main website where you can find all our services and partnerships

 

Method of data collection

​

We collect information from you in 3 different ways: 

• Information you provide to us voluntarily during communication, registration, any purchase process, and usage of our in-class experiences (e.g., which courses you have booked and how often you attend), or when you sign up to our notifications

• Information on website usage based on how you use our websites via cookies

• Photography and videography you provide to us voluntarily or with confirmed consent

 

Content of data collection

​

Communication, registration, any purchase process, and usage of our in-class experiences, or when you sign up to our notifications

 

The following is the content of the data that is collected categorized by the method:

• Direct Email Communication

  • Email

  • Content of the incoming message(s) from data subjects

• Website contact us page

  • Name

  • Email

  • Message

• Registration Google Form (EXAMPLE)

  • Timestamp of registration

  • Email

  • First and last name

  • Telephone number

  • Student status

  • Course selection

  • Class selection

• Check-in Google Form (EXAMPLE)

  • Timestamp of check-in

  • Email

  • Class selection

• Service Notification Emails/Texts

  • Email

  • Telephone number

 

Website usage based on how you use our websites via cookies

 

Given consent from the website visitor, we collect cookies that allow us to track analytics on our website.

 

Photography and videography

 

When you participate at any of our events, you consent to any such filming, photography and/or live streaming. You also give rights to RHYTHM AS in reproducing and publishing your words and/or likeness in any transcript of or publication relating to the event. 

​

Having said that, we understand that there are situations where you wish to participate in our activities but still want to avoid being in any pictures or videos. Our request to you is that you make your wishes known to our staff upon entering, such that we can avoid taking pictures with you as one of the center subjects. However, please know that when it comes to your rights, there is a difference between you being the main subject of the photo or you being depicted incidentally, e.g, in the background of the picture or in a larger crowd (see Art. 14 Para. 5 GDPR). Also, we will do our best to inform anyone entering our premises about best practices around taking pictures and videos, but we cannot be held responsible for third party photo/video processing done by other guests and customers.

​

Your prior consent to photos/videos

 

To the extent that is possible, any service provider needs to ask for your consent to taking your pictures.

​

When it comes to our website, social media, and events, RHYTHM is the Data Controller and this Privacy Notice provides an overview of how photography and filming data is being processed.

​

The steps we take to obtain your consent in regards to photo/videos 

According to Art 13 GDPR we make sure you are being informed about our intentions of taking photos and videos, i.e. in this data privacy policy.

 

Your right to revoke consent

​

It’s very important for you to be aware that at any point you do have the right to revoke your consent. This could be because the photo/video of you were taken when you were not aware of it or it was taken within your “private sphere”, meaning you clearly positioned yourself away from the “action” for some privacy. But you can also revoke your consent if the resulting pictures clearly show you in an unflattering way. 

 

The steps we take to minimize the risk for you regretting your consent: 

 

There are areas and times that are more used for photo/video-shooting so that you have a chance to decide during the event how much exposure you want. For example: 

• better lit areas are designed for good pictures and videos to be taken, whilst darker areas are more meant to provide privacy. 

• Close to the stage or the bar is meant for action and chances are that photos and videos will be taken there are bigger.

• Designated photo booths are clearly indicated for pictures to be taken. However, as the previous points state, photos are taken on many places of the events. 

• We filter and select to publish only pictures that present our guests in the best possible way. Our wish is to provide you and others with beautiful memorabilia that capture the essence of the experience. 

​

Your right to know about the intent of the pictures/videos

 

According to GDPR regulations, you must be informed ahead of time about how your data is intended to be used, how it is stored and for how long it will be stored.

 

How RHYTHM AS uses pictures and videos

 

This dance and our services are very visual in nature. Beyond live experience of the dance, pictures and videos are the next best way to portray the experience people will have when they visit this community. Spreading awareness of the dance and growing the swing dance community is part of our main mission and we believe photos and videos in combination with great descriptions are important tools for this approach. Also, they are valuable memorabilia for our guests and customers. Both from the perspective of recall of what the lessons were in the form of recapitulation videos after each class, but also just the great experience one has at any of our events. 

​

This is how we use pictures and videos from any of our events: 

• We take videos after each class to summarize the content of the class. This way you have a recorded video-diary of the lesson for later recall. Our teachers sometimes ask class participants to join these videos. It is fully up to each person to decide if they want to be part of the video. Most videos are shared only among people who participated in this very class and will be shared via unlisted youtube video links. However, we do reserve the right to use these videos in other ways, e.g., share it as marketing material on our youtube channel or other content sharing platforms as well as re-purposing the content for other commercial usage. 

• We take pictures and videos in our dance classes, practice sessions, social dances, performances and competitions. Our intent is to capture the experience people have when joining any of our activities. We intend to use these pictures and videos in the following ways: 

  • As memorabilia for you

  • To share them on social media both as media albums as well as to highlight marketing messages. 

  • To decorate and enhance the messages of our communication in newsletters, websites and other communication. 

  • We use such pictures on both printed and digital media. E.g, flyers, posters and even business cards. 

  • We use such pictures and videos to promote both a specific and general experience one has at our events. 

 

After photos and videos are taken, we do an initial round of filtration and select or delete pictures with a special consideration to have the best representation of any of our participants. Pictures and videos that we consider suitable will be either uploaded on youtube, Facebook or other social media platforms or stored within our own media database or G Suite Drive. These photos and recordings are intended to be stored for the duration of the business life as they will function as in-house stock photo and video for future communication (e.g. marketing) of the business as well as historic representation of our events and community.  

RHYTHM AS maintains copyright and any other intellectual property in photographs taken. 

 

Please note: We take great care to ensure that we follow all the best practices and regulations expressed above. However, once a picture or video has been processed and incorporated into a work of art or product, e.g, a printed flyer, or a mood video of an event or it is uploaded to any social media platform, retracting that picture or video will be very difficult and sometimes impossible. 

 

This is why we rely on you taking the steps you can to inform us about your wishes and preferences. Upon entering one of our events, you can express your data privacy wishes. If you notice that your picture or video was taken at any time, you are encouraged to approach the photo and video team and express your wishes in regards to your data privacy laws. 

As the law does not offer a very clear regulation when it comes to the rights of events, photographers/videographers and individuals, the communication between the event and the individual guest must be more conscious. If we work on this together, we can make sure everybody has the best experience at these events. 

 

If at any point you wish to withdraw your consent or request that RHYTHM stops using your images/records, please write to KONTAKT@rhythm.no.

 

Purpose of data collection and processing

 

RHYTHM collects personal data related to the data subjects to fulfill our contractual obligation towards you as our customer and business contacts as well as towards tax and other governmental authorities. The following is a detailed description of the purpose of each piece of data we collect and process:

• Direct Email Communication

  • Email: in order to reply back to the data subject

  • Content of the incoming message(s) from data subjects: in order to understand the data subject’s need as it pertains to our business services such that we can provide a helpful response 

• Website contact us page

  • Name: in order to know who is contacting us

  • Email: in order to reply back to the data subject

  • Message: in order to understand the data subject’s need as it pertains to our business services such that we can provide a helpful response 

• Registration Google Form (EXAMPLE)

  • Timestamp of registration: in order to verify when a customer registered

  • Email: in order to verify the identity of the customer checking in and provide service notification emails

  • First and last name: in order to verify the identity of the customer checking in

  • Telephone number: in order to verify the identity of the customer checking in, provide service notification texts, and verify payment made through Vipps

  • Student status: in order to verify if the customer qualifies for a student discount

  • Course selection: in order to know which course the customer has registered for

  • Class selection: in order to know which class(es) the customer has registered for

• Check-in Google Form (EXAMPLE)

  • Timestamp of check-in: in order to verify when a customer is checking in

  • Email: in order to verify the identity of the customer checking in

  • Class selection: in order to verify the class(es) a customer is checking into

• Service Notification Emails/Text

  • Email:

    • Content information

    • Supporting information of the service (e.g., additional information about classes)

    • Information about events/locations, and changes to the event, etc.

    • Information about your account, registration, payment, and participation

    • Reminder, and item lost/found notifications

  • Telephone number:

    • Content information

    • Supporting information of the service (e.g., additional information about classes)

    • Information about events/locations, and changes to the event, etc.

    • Information about your account, registration, payment, and participation

    • Reminder, and item lost/found notifications

 

We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.

 

Deletion of personal data

 

RHYTHM keeps personal data relating to current, former, or prospective clients (also described as “students” or “team members”) and business contacts of RHYTHM. Personal data is deleted at the time when the purpose related to the processing of personal data is completed. This means that the data will be kept in the following periods.

 

• Direct Email Communication

  • Email: Kept until consent is withdrawn

  • Response to incoming messages from data subjects: 1 year after collection or until there no longer exists a business need for retaining the message

• Website contact us page

  • Name: Kept until consent is withdrawn

  • Email: Kept until consent is withdrawn

  • Message: : 1 year after collection or until there no longer exists a business need for retaining the message

• Registration Google Form (EXAMPLE)

  • Email: Kept until consent is withdrawn

  • First and last name: Kept until consent is withdrawn

  • Telephone number: Kept until consent is withdrawn

  • Student status: Kept until consent is withdrawn

• Check-in Google Form (EXAMPLE)

  • Email: Kept until consent is withdrawn

• Service Notification Emails/Text

  • Email: Kept until consent is withdrawn

  • Telephone number: Kept until consent is withdrawn

 

Use of data processors

 

RHYTHM uses suppliers and subcontractors in the processing of personal data. Such “data processors” purely store and manage data according to the instructions of RHYTHM.

 

RHYTHM uses the following data storage and processors in relation to fulfill the above-mentioned purposes of collecting and processing personal data. Please review the respective privacy policies.

• Email

  • Google (Gmail)

• Data Storage

  • Google (Drive)

• Registration

  • Google (Forms)

• Check-in

  • Google (Forms)

• Payment

  • Vipps

  • Zettle

• Website

  • Wix

• Registration & Payment

  • Brus

  • Tikkio

 

3rd country data processors

 

RHYTHM is not using data processors in countries outside the EU. All our processors have a confidentiality data policy.

 

Transfer of personal data

 

RHYTHM does not transfer personal data to third parties in any case without consent from data subjects. In addition, personal data is only disclosed in cases where RHYTHM is required to do so by law, including compliance with the data privacy regulation/directives and country-specific personal data laws.

 

Automatic decisions and profiling

 

RHYTHM does not use the data subject’s personal data for profiling or as a basis for automatic decisions.

 

Security

​

The security of your personal data is important to us. We follow generally accepted standards to protect the personal data submitted to us, in accordance with the risk related to the data and processing hereof. If you have any questions about the security of your personal data, you can contact us via the contact information in this policy.

 

Rights of the data subject

 

Under the Privacy Data Protection Act and EU privacy directive, the data subjects (“You”) have certain rights regarding the personal data collected by RHYTHM in relation to your person. 

 

We strongly encourage you to always pay attention to who the people behind a service and website are before engaging with them. It is mandatory information according to the General Data Protection Regulation (GDPR) laws and you should consider not trusting any website that does not provide transparency. 

 

These rights are:

• Right to access – You have, under certain conditions, the right to access the data as RHYTHM keeps about your person.

• Right to rectification of data – You have the right to correct errors or omissions in the data RHYTHM treats related to your person.

• Right to deletion – You have, under certain conditions, the right to request deletion of data related to your person. Note that this right does not apply to most legal treatments of personal data. If you have consented to the processing of your personal data, you may withdraw your consent to this processing, by which related data are deleted.

• Subject to limited treatment – In some cases you have the right to suspend the processing of your personal data. This will apply if the accuracy of the data is questioned, if you want a copy of unlawfully processed data and thus do not want these deleted, if you need to prolong the storage of data longer than RHYTHM’s purpose allows, or if you dispute the right to process your data and such a dispute is not decided.

• Right to data portability – You have, in some cases, the right to receive the personal data that RHYTHM has collected about your person in a structured, widely used, and machine-readable format, for the use of transferring your personal data to another data controller.

• Right to insight – You may, in some cases, object to the processing of your personal data. If you object to the processing of your data, these will no longer be processed unless there are significant legitimate reasons for this, or the processing is required for the determination or defense of a legal claim. If your data is processed for direct marketing purposes, you may object to this at any time, resulting in a termination of such processing.

 

Use of your rights as the data subject

 

EU General Data Protection Regulation (GDPR 2016/679 of the European Union) and/or local law govern your rights related to data privacy. These rights are not absolute rights, but rights that you can exercise depending on how personal data is processed by RHYTHM.

Should you wish to exercise any of the above rights, please forward your inquiry via RHYTHM’s contact person or DPO, using the contact information in this policy.

 

RHYTHM will assess individual inquiries as soon as possible.

 

If you wish to appeal against the processing of your personal data to an external authority, such complaints must be forwarded to the supervisory authority of your EU home country. In Norway, this will be Datatilsynet.

 

Contact information

 

RHYTHM contact person for personal data is:

Aliochy Aragon, Manager

RHYTHM AS

+47 984 31 131

KONTAKT@rhythm.no

 

RHYTHM Data Protection Officer (DPO): RHYTHM does not have a data protection officer. Please contact the company’s contact person for inquiries related to data privacy.