1. Privacy Policy
1.1 This Privacy Policy explains how we collect, use, share and store personal data relating to the Services.
1.2 Personal data (“Information”) in this Privacy Policy refers to data that can be used to identify an individual.
1.3 By accessing or using the Services, as a User, you consent to our collection, use, sharing and storing of Information in accordance with this Privacy Policy. In particular, you understand and agree that the Information which we collect from you is necessary for us to provide and operate the Services and to interact and communicate with you. If you do not agree with anything in this Privacy Policy, you should stop using the Services.
1.4 Unless otherwise stated, the capitalised terms in this Privacy Policy are used in the same way as used in our Terms of Use.
1.5 This Privacy Policy applies to all visitors, Users and others who access or use the Services.
1.6 This Privacy Policy contains the following sections:
- Information we collect
- How we use your Information
- Sharing your Information
- How we store your Information
- Children’s privacy
- Other websites and services
- Contacting us about your Information
- Changes to this Privacy Policy
- How we handle Children Information in the United States
2. Information we collect
A. The following is Information which you provide to us directly:
2.1 Registration Information
(a) When you register an Account on the Services, we may collect Information which we ask you to provide, such as your name, username, password, email address, and Social Network ID (if you have signed up using a social network account (e.g. Facebook or Google)). Such Information must be provided in order to register an Account. You should maintain the secrecy of your Account password at all times.
(b) Once your Account has been registered, in order to allow other Users to identify you, find you, and refer to you properly, your name, username and profile picture (if you have signed up using your Social Network ID) will automatically be displayed on your profile page and will be available to other Users through the Services.
(c) If you are using the Services for your school-based activities:
(i) to register an Account as a teacher, we may collect Information which we ask you to provide, such as your name, username and profile picture (if you have signed up using your Social Network ID). Such information will automatically be displayed and will be available only to other Users in your school through the Services. You should maintain the secrecy of your Account password at all times. To enable your students to set up their Accounts, we will additionally collect your school’s name and students’ classes. You may also provide additional optional information like the school’s phone number and address.
(ii) to register an Account as a student, you will need to receive an invitation code from your teacher and we may collect Information which we ask you to provide, such as your name, username and profile picture (if you have signed up using your Social Network ID). Such information will automatically be displayed and will be available only to other Users in your class through the Services. You should maintain the secrecy of your Account password at all times.
2.2 Profile Information
(a) In addition to your name and username, which are automatically displayed on our profile page, you may voluntarily provide Information on your profile page such as your profile picture, location (if not already available via your sign up using your Social Network ID), and actual name.
(b) Any such Information which you add to your profile page on the Services becomes available to other Users of the Services. Please exercise personal discretion in how much Information you choose to share.
(c) If you are using the Services for your school-based activities, there is no separate profile page.
2.3 Content which you upload to the Services, which allows others to identify you (e.g. photos of you, audio recordings or text containing your name, status updates, comments on Content which refer to you).
2.4 Subsequently, as you interact and communicate with us (e.g. you reply to our service updates or support emails to you), you may also reveal to us other Information about yourself (e.g. your name, address, phone number, gender etc.).
B. The following is Information which other Users provide about you:
2.5 Content which others upload to the Services which allows you to be identified (e.g. photos of you, audio recordings or text containing your name, status updates, comments on Content which refer to you).
C. Other Information which we receive when operating the Services:
2.6 Analytics Information
We use Third Party analytics tools to help us measure traffic and usage trends for the Services. These tools collect information sent by your device including the web pages you visit, add-ons, and other information that assists us in improving the Services. We collect and use this analytics information with analytics information from other Users so that it cannot reasonably be used to identify any particular individual User.
2.7 Cookies and similar technologies
(a) The Services may contain “cookies”, clear gifs (also known as “web beacons” or “web bugs”), or similar technology. A cookie is a piece of data that is sent to your Internet browser, which will store the cookie on your computer if your browser is enabled to accept cookies. Web beacons assist in the delivery of cookies and the collection of non-personally identifiable information, such as “click path” and other data as described above.
(b) The Services use cookies, clear gifs, frames, server log analysis and other technologies as they are developed to customise your experience with the Services. Most Internet browsers will allow you to erase cookies from your computer hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. You should refer to your browser instructions or “Help” screen to learn more about how to manage cookies. Please note, however, that if you block cookies, some portions of the Services may not function properly.
2.8 Log file information
(a) Log file information is automatically reported by your browser each time you make a request to access (i.e., visit) a web page or app. It can also be provided when the content of the web page or app is downloaded to your browser or device.
(b) When you use the Services, our servers automatically record certain log file information, including your web request, Internet Protocol address, browser type, referring/exit pages and URLs, number of clicks and how you interact with links on the Services, domain names, landing pages, pages viewed, and other such information. We may also collect similar information from emails sent to our Users which then helps us track which emails are opened and which links are clicked by recipients. The information allows for more accurate reporting and improvement of the Services.
2.9 Device identifiers
(a) When you use a mobile device like a tablet or phone to access the Services, we may access, collect, monitor, store on your device, and/or remotely store one or more “device identifiers.” Device identifiers are small data files or similar data structures stored on or associated with your mobile device, which uniquely identify your mobile device. A device identifier may be data stored in connection with the device hardware, data stored in connection with the device’s operating system or other software, or data sent to the device by us.
(b) A device identifier may deliver information to us or to a Third Party partner about how you browse and use the Services and may help us or others provide reports or personalised content and ads. Some features of the Services may not function properly if use or availability of device identifiers is impaired or disabled.
3. How we use your Information
3.1 How we use your Information will depend on the nature of your interaction with the Services and with us. We need to have valid grounds to process your Information. Most times, we would seek your consent, like when you register for an Account or subscribe to our mailing list. Other times, when you reasonably expect us to use your Information, we will not ask for your consent, but only when it is legally permissible for us to do so (e.g. it is necessary for our performance of a contract, or for us to comply with a legal obligation etc.). Generally, we collect and use Information for the following purposes and our legal basis for so doing is also set out below:
| Purpose | Legal Basis | ||
| (a) | to register your Account and verify your identity; | – | consent and performance of contract |
| (b) | to allow you, and those whom you have given permissions to, to access Content and Information which you have uploaded; | – | consent and performance of contract |
| (c) | to identify you with Content which you have uploaded; | – | consent and performance of contract |
| (d) | to provide you with feature updates, respond to your requests, feedback or queries, and to otherwise communicate with you; | – | performance of contract, legal obligation or legitimate interest |
| (e) | to allow other Users to communicate with you to the extent that you give them permission to (e.g. by activating Chat); | – | consent and performance of contract |
| (f) | to automatically update the BandLab application on your device; | – | performance of contract and legitimate interest |
| (g) | to remember Information so that you do not have to re-enter it each time you use the Services; | – | legitimate interest |
| (h) | to provide you with personalised Content, updates on other Users’ activities and online advertisements on products that you might be interested in to improve your customer experience; | – | legitimate interest |
| (i) | to test, improve and monitor the Services, including diagnosing and fixing technology problems, and including use as part of our API; | – | legitimate interest |
| (j) | to monitor metrics such as site access, downloads, traffic and demographic patterns, and conduct analysis and analytics in order to detect fraud, improve and ensure security of the Services and provide higher quality service; | – | legitimate interest |
| (k) | to prevent or take action against activities that are, or may be in breach of this Privacy Policy or our Terms of Use; and | – | legitimate interest |
| (l) | to comply with applicable rules, laws, regulations, codes of practice or guidelines issued by any legal or regulatory bodies which are binding on us. | – | legitimate interest |
3.2 If you are using the Services for school-based activities, to perform the contract, the Information may also be used for the purposes of classroom and assignment management, e.g., notification of classroom activities, setting and tracking of assignments, facilitating discussions, peer reviews and sharing of musical compositions etc. However, your Information will not be used for advertising or marketing purposes. Teachers are able to interact with all Users within their school while students can only interact with Users who are their teachers and classmates.
3.3 For clarity, you’re granting us permission to collect and use your Information for the above-mentioned purposes (through your use of the Services) not only allows us to provide the Services as they exist today, but also to provide you with new capabilities as we develop the Services in the future.
3.4 Apart from these purposes, we may also notify you of marketing related purposes for which we process your Information and shall seek your consent to such purposes (e.g. when you sign-up to receive our newsletters and other marketing related materials and communications, participate in a survey or market research, enter a competition etc.).
3.5 If you have previously agreed to us using your Information for marketing related purposes, you may change your mind at any time by emailing us at support@bandlab.com. Also, you may click on the “Unsubscribe” link in emails from us to indicate that you’re no longer interested in receiving further marketing material from us.
4. Sharing of your Information
4.1 We will only share your Information and Content in accordance with this Privacy Policy. We will not rent or sell your Information to Third Parties without your consent, except as noted in this Privacy Policy.
4.2 We may share your Information with the following parties:
(a) Related Entities: These are businesses that are legally part of the same group of companies that we are part of, or that become part of that group.
(b) Our service providers: These are our Third Party contractors. We engage them to assist us in providing and managing aspects of the Services, such as developing the Services’ features and functionality, marketing, processing payments, processing data or statistics, hosting Content, providing server space, providing push notifications and emails, reviewing Content for compliance, and legal advice.
(c) Our Third Party advertisers: We may provide Information to Third Party advertisers so that they can notify you of events or products which may be of interest to you. For instance, you may be notified of an upcoming concert or product release. If you are using the Services for school-based activities, you will not be receiving Third Party advertising.
(d) Analytics services: We may use Third Party analytics providers and products to obtain, compile and analyse Information (including but not limited to, information from cookies, log files, device identifiers, location data, and usage data), and may provide such Information to these analytics providers for the purpose of obtaining statistics and other information about how Users are using and interacting with the Services.
(e) We may remove parts of data that can identify you and share anonymised data with other parties. We may also combine your Information with other information in a way that it is no longer associated with you and share that aggregated information.
4.3 We require that all parties to whom we transfer Information implement adequate levels of protection in order to protect such Information. We also require that these parties only process your Information strictly for purposes which we engage them for and consistent with the purposes that we have described in Section 3 (“How we use your Information”) or with other purposes for which consent has been sought and obtained.
4.4 If you delete Information or Content which you have uploaded or posted on the Services, copies may remain viewable in cached and archived pages of the Services, unless you contact us to request for permanent deletion as per Section 8.3 below.
4.5 We may also share your Information with Third Parties in the following circumstances:
(a) Change of control: If the ownership of our business changes or we undertake a reorganisation of our business, we may transfer your Information and Content to the new owners so they can continue to operate the Services. The new owners may subsequently make changes to this Privacy Policy;
(b) If permitted or required by law: We may disclose Information if we believe that such disclosure is required or permitted by law (e.g. by responding to request from government authorities, or disclosure pursuant to court orders or other legal demands); and
(c) To protect interests: We may disclose Information if we determine it is necessary to enforce or protect our rights or the property or personal safety of Users of the Service (e.g. to enforce this Privacy Policy or our Terms of Use, or to prevent or take action against illegal activities, suspected fraud, or potential threats or breaches.
5. How we store your Information
5.1 We, our Related Entities, service providers and other Third Parties with whom we have shared your Information with, may transfer your Information to other countries in which our facilities or businesses are located, to be stored or processed. We will ensure that all entities located outside of Singapore to which we transfer information observe a standard of data protection which is comparable to that required under the Singapore Personal Data Protection Act 2012. This includes the entities’ making of reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risk to your Information, and removing the Information as soon as it is reasonable to assume that its retention is no longer necessary.
5.2 Currently, the countries to which Information is transferred for the purpose of storage on cloud servers are listed here. We may update this list periodically to reflect any new locations where your Information may be stored.
5.3 By registering for an Account and/or using the Services, you acknowledge that the transfer of your Information to countries in which we, our Related Entities, service providers and other Third Parties with whom we have shared your Information with, have facilities and/or businesses are necessary for us to provide the Services to you, and that we have provided you with a reasonable summary of how your Information would be protected if it is so transferred. You consent to the transfer of information to such territories as they exist today and to any other country in which we, our related entities, service providers and other Third Parties with whom we have shared your Information with, maintain facilities and/or businesses, and their processing of Information as described in this Privacy Policy.
6. Children’s privacy
6.1 You may only use the Services if you are either 18 years of age or more, or the applicable age of majority in your jurisdiction, or if you are under 18 years of age or the age of majority in your jurisdiction, you are 13 years of age or more and have your parent(s)’ or legal guardian(s)’ permission to use the Services. The Parental Consent Form to be submitted to us is accessible here.
6.2 We do not knowingly collect Information from children under the age of 13 without parental consent. If you are a child under 13 years of age, you are not permitted to use the Services and should not send any information about yourself to us through the Services.
6.3 In the event that we become aware that we have collected Information from any child, we will delete that Information. If you are a parent or legal guardian and you believe that your child under the age of 13 years has provided us with Information without your consent, please contact us at privacy@bandlab.com and we will take reasonable steps to ensure that such Information is deleted from our systems.
6.4 If you would like to use the Services for school-based activities in the United States, please also read Section 10 (“How we handle Children’s Information in the United States”) for additional information about our practices regarding children’s Information in the United States and:
(a) you are a student resident in the United States and under the age of 13 years, or a parent or legal guardian of the same; or
(b) you are a teacher or administrator of a school or district in the United States.
6.5 If you would like to use the Services for school-based activities and you are under 18 years of age or the age of majority in your jurisdiction, you should obtain your parent(s)’ or legal guardian(s)’ permission to use the Services. The Parental Consent Form to be submitted to us is accessible here.
7. Other websites and services
7.1 If you signed up for an Account using your Social Network ID or use a link to go from the Services to other websites, applications or platforms, this Privacy Policy does not apply to those social networks, websites, applications or platforms. They have their own privacy policies and you should familiarise yourself with them before you permit them to access and process your Content or Information.
7.2 We are not responsible for and do not have control over any other Third Party social networks, websites, applications or platforms which you authorise to access or process your Content or Information. If you are using a Third Party social network, website, application or platform and you allow them to access or process your Content or Information, you do so at your own risk.
8. Contacting us about your Information
8.1 If you have any questions, concerns or feedback regarding this Privacy Policy, you may contact our Data Protection Officer:
- Ivan Chen, privacy@bandlab.com
8.2 If you (i) wish to update or correct your Information, (ii) wish to request for information from us on what Information of yours we have and how we have used and shared your Information during the last one year before the date of your request, (iii) wish to restrict or withdraw your consent to our processing of your Information, or (iv) wish us to delete your Information, please contact our Data Protection Officer in writing via email at privacy@bandlab.com.
8.3 If you are a resident of the European Union using the Services, you have the following rights under the General Data Protection Regulations:
(a) Right to be informed: This right means that when we ask you to provide us with your Information, we will give you details such as what we are using it for, how and with whom it will be shared, and how you may contact us if you have any queries;
(b) Right to access: This right allows you to ask us for details of the Information we hold on you, e.g. what Information is being processed and for what reason, what Information is being transferred and to whom, what rights you have etc;
(c) Right to rectification: This right allows you to ask us to correct anything that you think is wrong with the Information we have about you;
(d) Right to erasure also known as the “right to be forgotten”: This right means you can ask us to delete your Information from our system;
(e) Right to restrict processing: This right allows you to ask us to only process your Information for those certain purposes that you specify;
(f) Right to data portability: This is the right to ask us to send you your Information electronically, you may also ask us to transmit such Information to another party;
(g) Right to object: This is your right to tell us to stop processing your Information;
(h) Right not to be subject to automatic decision-making, including profiling: We sometimes use computers to study and analyse Information. We might to do this so we can understand how you, and other visitors, are using the Services. This allows us to improve the Services for better customer experience e.g. by providing personalised Content and marketing to you. For situations that may significantly impact you, you have the right to ask us not to do this; and
(i) Right to complain, right to judicial remedy: If you feel your rights are breached, these rights allow you to make a complaint to the relevant authorities or to sue us in court.
8.4 European Union residents may exercise their rights above by writing to our Data Protection Officer at privacy@bandlab.com. The parent or legal guardian of a User resident in the European Union under the age of 16 years old or such other applicable age of consent can request this on behalf of their Child.
9. Changes to this Privacy Policy
We may at our sole and absolute discretion, change or update portions of this Privacy Policy at any time and without prior notice to you. We will notify you when changes are made via the email address associated with your Account. We also recommend that you review this Privacy Policy from time to time so you are aware of any changes or updates. We will indicate the effective date of the changes or updates. Your continued use of the Services after any modification to this Privacy Policy constitutes your acceptance of such modification and your consent to our processing of Information in accordance with the modified Privacy Policy. If you do not wish to continue using the Services under the modified Privacy Policy, you should terminate your Account and stop using the Services.
10. How we handle Children’s Information in the United States
A. U.S. Children’s Online Privacy Protection Act
10.1 This Section provides additional information in relation to our practices regarding Information collection, use, sharing, and parental consent from children under the age of 13 years in the United States (“Child” or “Children”).
10.2 We are committed to comply with the U.S. Children’s Online Privacy Protection Act (“COPPA”) and encourage all parents or legal guardians to play an active role in protecting their Children’s privacy in online activities. Parents or legal guardians should discuss this Privacy Policy with their Child so that they may better understand how to use the Services and the Information they may be asked to provide when using the Services.
10.3 In accordance with COPPA, we do not knowingly collect, use or share Information from Children without first obtaining verifiable parental consent or as permitted by law. We hereby provide you with the COPPA Direct Notice and COPPA Consent Form which are accessible here.
10.4 If you believe that a Child has provided us with Information without parental consent, please contact us so that we can take action to delete the Information related to such Child from our active databases.
10.5 If you are a Child, you are not permitted to register for an Account to use the Services and should not send any Information about yourself to us through the Services until and unless your parent or legal guardian has submitted to us a copy of a duly completed and signed COPPA Consent Form.
10.6 If you are Child, you represent and warrant that you’ve received your parent’s or legal guardian’s permission to use the Services and gotten your parent or legal guardian to agree to this Privacy Policy and our Terms of Use on your and their own behalf. Your parent or legal guardian will also need to submit to us or to your school, a copy of a duly completed and signed COPPA Consent Form.
10.7 In certain instances, COPPA permits your school to act in the stead of your parents or legal guardians to provide us with the requisite consent. Schools should always notify its students’ parents or legal guardians when it has provided the requisite consent on their behalf.
10.8 If you are signing up for the Services and creating Accounts on behalf of student(s) who are Children, you represent and warrant that you are either: (i) a teacher or school administrator or otherwise authorized by a school or district to sign up on behalf of students, or (ii) the parent or legal guardian of such student(s).
10.9 If you are a teacher or school administrator acting on behalf of your school and/or district, you represent and warrant that:
(a) for purposes of COPPA compliance, you are authorized to agree to this Privacy Policy and our Terms of Use on behalf of your school and/or district and to bind them to this Privacy Policy and our Terms of Use;
(b) you are solely responsible for complying with COPPA, meaning that you must obtain advance written consent from all parents or legal guardians whose Children will be accessing the Services. When obtaining consent, you must provide parents and legal guardians with this Privacy Policy and our Terms of Use. You must keep all consents on file and provide them to us if we request them; and
(c) you have permission and authorization from your school and/or district to use the Services as part of your curriculum.
10.10 As the parent, legal guardian, teacher or school administrator providing consent to a Child’s use of the Services, you agree to be solely responsible for the Child’s use of the Services and represent and warrant that you are legally permitted to use and access the Services and take full responsibility for the selection and use of and access to the Services. Our Terms of Use are void where prohibited by law, and the right to access the Services is revoked in such jurisdictions.
10.11 We will not require a Child to provide more Information than as is reasonably necessary for the Child to participate or become actively engaged in the Services that we provide. Further, in collecting parental consent, we will also be collecting the parent’s or legal guardian’s contact details for future communication and notification purposes.
10.12 Parents or legal guardians may, at any time, contact us using the contact information provided in Section 8 to review the Information collected from their Child, request that we stop collecting or using their Child’s Information, and/or to modify or delete their Child’s Information. Parents or legal guardians may consent to the collection and use of their Child’s Information, without consenting to the disclosure of that Information to Third Parties except for those engaged by us to assist us in providing and managing the Services. All such requests are subject to our verifying to our satisfaction that the requester is in fact the Child’s parent or legal guardian.
10.13 Alternatively, as permitted under COPPA, parents or legal guardians may also make their requests with their Child’s school and have the school, as the parent or legal guardian’s agent, pass on those requests to us. We may rely on instructions from the school that we reasonably believe are given by a Child’s parent or legal guardian to the school.
10.14 Please note that as certain features of the Services may not function without certain Information, the non-sharing or deletion of Information may result in the termination of the Child’s Account or the Child’s access to certain features within the Services being disabled. We will not have any liability whatsoever for any termination of the Account or related deletion of the Child’s Information. When we delete Information, it will be deleted from our active databases but may remain in our archives.
B. U.S. Family Educational Rights and Privacy Act
10.15 The U.S. Family Educational Rights and Privacy Act, 20 U.S.C. § 1232g and its promulgating regulations, 34 CFR Part 99 (collectively, “FERPA”) applies to schools in the United States that receiving funding from the U.S. Department of Education. As such, we acknowledge that in the course of User’s use of the Services, personally identifiable information (“Student PII”) about students in the United States (“Student”) may be disclosed to us when we provide the Services to educational institutions in the United States (“School”).
10.16 As required of a School that is subject to FERPA, as an administrator or teacher under an educational plan, you agree that you have obtained valid student and parental consent to disclose Student PII to us.
10.17 With respect to any Student PII collected or processed by us on behalf of a School that is subject to FERPA, we will:
(a) use such Student PII in accordance with this Privacy Policy, and only in order to provide the Services;
(b) not disclose such Student PII data to any Third Parties, other than (i) to the School or another entity upon the request of the School, (ii) where required by law (e.g. court order), (iii) to Third Party agents or service providers who perform a service for or on our behalf, provided such third parties are subject to appropriate confidentiality obligations, or (iv) to an acquiring entity in the event of a business acquisition (in accordance with this Privacy Policy); and
(c) maintain reasonable security measures to protect Student PII data.
10.18 Notwithstanding the above, we may use (and disclose) anonymous, de-identified and/or aggregate data derived from the Services, provided such data does not identify any Student. The School is responsible for ensuring that the collection, use, disclosure and processing of Student PII as part of the Services complies with applicable law (including but not limited to FERPA) and any other applicable legal or contractual restrictions, and the School further represents and warrants that it will not direct or engage us to collect, use, disclose or otherwise process Student PII in a manner that would violate applicable law or any other legal or contractual restrictions applicable to the School.