Privacy Policy

Effective as of 1 May 2021

1. Introduction

2. Information we collect

3. How we use the information we collect

4. How we share the information we collect

5. Cookies and other tracking technologies

6. Information collected by third parties

7. Email opt-out

8. Credit card processing

9. Security

10. Children and privacy compliance

11. Business transitions

12. Territorial

13. EU users’ rights under the GDPR

14. Data retention

15. Cooperation with law enforcement; fraud protection

16. Changes to this Privacy Policy

17. Who we are

1. Purpose of this Privacy Policy

Please read the following policy to understand how your personal information will be treated as you make use of our Application or access our Website. When we talk about our Application or our Service, we are referring to the HYMN application (“Application”), a mobile application operated by HYMN B.V. (“HYMN”), in conjunction with the website located at www.HYMN.com (“Website”; the Application and Website are collectively referred to herein as the “Service”), and any services provided by us through such Application and/or Website. When we talk about HYMN, “we”, ‘’our’’ or ‘’us’’ in this policy, we are referring to HYMN B.V., the company that provides the Application and Website. If you have any questions, concerns or complaints related to this Privacy Policy or our processing of your personal information, please click here to go to the Support page.

The Privacy Policy has three main purposes:

1. To explain the way we use information that you share with us in order give you a great experience with our Service;

2. To ensure that you understand what information we collect with your permission, what we do with it and with whom we share it; and

3. To explain your rights under applicable law.

All the information we collect is related to providing our Service. By agreeing to our Privacy Policy, you give us the right to collect your information as detailed in this Privacy Policy and use it for the purposes described in this Privacy Policy. If you don't agree with the terms of this Privacy Policy, then please don't use the Service.

2. Information we collect

The information we collect can be divided into the following broad categories:

  • Technical Data may include internet protocol (IP) address, your login data, device type, device version, browser type and version, browser plug-in types, time zone setting and location, traffic data, search criteria, web logs and other communications data, operating system and platform and other technology on the devices you use to access the Service. We store this information to enhance our services and to provide effective and efficient support.

  • Usage Data includes information about how you use our Service, such as the particular pages you interact with, how often and for how long you use the Service, surveys and the emails you interact with.

  • Financial Data includes payment card details you provide, including expiration date. It also includes details about your payment history and services or products you have purchased from us.

  • Identity Data includes your full name, email address, date of birth, username and password, and your username(s) and your friends’ usernames that we may access through social media accounts, should you give us access to them.

More specifically, we may collect and store the following information relating to you:

2.1 Anonymous data

When you visit our Service, we collect some basic information that does not identify individual users. This includes which pages are visited, which videos are viewed, and any feedback from our visitors. We then aggregate this information with other pieces of information to improve our Service and make your experience on the Service as valuable and efficient as possible. We may also collect and accumulate anonymous data that will help us understand and analyse the online experience of our users. For instance, we may accumulate visitor data relating to referring domain names, the type of browsers used, operating system software, screen resolutions, colour capabilities, browser plug-ins, language settings, cookie preferences, search engine keywords and JavaScript enablement.

2.2 Direct interactions

We collect information from you when you voluntarily submit information directly to us or via our Service. For members, this refers to personal data you provide when, for example, you create an account, complete a profile, or correspond with us via phone, email or live chat.

If you connect to the Service using credentials from a third party application (e.g., Facebook), you authorise us to collect your authentication information, such as your username and encrypted access credentials. We may also collect other information available on or through your third party application account, including, for example, your name, profile picture, country, hometown, email address, date of birth, gender, friends’ names and profile pictures, and networks.

You may decide to provide us with another person's contact information so that person may be invited to download the Application or so that we may facilitate your communication with other people through the Service (such as when you upload an address book or a contact list). You may also provide us with another person's contact information for purposes of delivering information through social networking applications. We store the information that you provide so that the respondents may be added to your network, and also to send reminders of the invitations. All invitees are provided with the option not to receive further invitations from us.

In addition to the information we may collect upon your initial registration, we may ask you for personal information at other times. We will not share that information in a manner that identifies you as an individual with any other entity unless we have your permission.

2.3 Information submitted by you for inclusion on the Service

Information and media files you may upload to the Service will be posted on the Service, subject to our Terms of Service and accessible to all our users; we have no control over how such users will use such materials. Please remember that if you post any of your personal information in public areas of the Service, such as in online forums or chat rooms, such information may be collected and used by others over whom we have no control. We are not responsible for the use made by third parties of information you post or otherwise make available in public areas of the Service. You should take care to not use personal information in your screen name or other information that might be publicly available to other users.

2.4 Tracking technologies

We use “cookies” and similar tracking technologies (as described in Section 5 below and in our Cookie Policy) to track your activities on our Service, and may also receive data about you if you visit other websites employing our cookies. When we send you emails that include a link to the Website, that link may contain an alphanumeric identifier that allows us to identify the person to whom we sent the message so that we can personalise our content for that individual.

2.5 Automated technologies or interactions

As you interact with our Service, we may automatically collect technical and usage data about your device, browsing actions and patterns. For example, we collect information which may include your IP address, browser type, your location, language preferences, device information and access times. While an IP address does not identify an individual by name, it may, with the cooperation of the ISP, be used to locate and identify an individual. Your IP address can reveal what geographic area you are connecting from, or which ISP you are using. Finally, other websites you visit have IP addresses, and we may collect the IP addresses of those websites and their pages. We also collect IP addresses for system administration and to report aggregate information to any sponsors. We may also receive information from our web logs, which automatically record anything a web server sees, which may include email addresses you enter into a form or pages viewed by a user at a particular IP address. We collect this personal data by using cookies, pixel tags and other similar tracking technologies. The sole purpose of passively collecting your information is to improve your experience when using our Service.

2.6 Promotions and surveys

From time to time, we may offer you the opportunity to participate in promotions such as sweepstakes, contests, offers and/or surveys (“Special Promotions”) through the Service. A Special Promotion may be governed by a privacy policy and/or terms and conditions that are additional to, or separate from, this Privacy Policy and our Terms of Service. If the provisions of the Special Promotion’s privacy policy or terms and conditions conflict with this Privacy Policy or our Terms of Service, those additional or separate provisions shall prevail. If you participate in a Special Promotion, we may ask you for certain information in addition to what is stated in this Privacy Policy, including personal information. That additional information may be combined with other account information and may be used and shared as described in this Privacy Policy or in the Special Promotion.

2.7 Information received from our service providers and partners

We may also receive information about you from our service providers and partners, which we use to personalise our Service, and to offer you opportunities to purchase products or services that we believe may be of interest to you.

2.8 Payment data

If you purchase a subscription to our Service or make other purchases through the Service, your credit or debit card information (such as card type and expiration date) and other financial data that we need to process your payment may be collected and stored by us and/or the payment processors with which we work. We may also collect some limited information, such as your postal code, mobile number and details of your transaction history, if such data are necessary to process your purchase. In addition, the payment processors generally provide us with some limited information related to you, such as a unique token that enables you to make additional purchases using the information they’ve stored, and your card’s type, expiration date and certain digits of your card number.

3. How we use the information we collect

We have set out below, in a table format, a description of all the ways we process your personal data, and the legal basis we rely on to do so.

Purpose/Activity

Type of Data

Legal Basis

To allow you to use the Service

Technical Data

Usage Data

Image Data

Consent

To allow you to create an account

Identity Data

Usage Data

Consent

To register you as a paid member and process renewal of your membership

Identity Data

Usage Data

Financial Data

To register you as a paid member and process renewal of your membership

To manage our relationship with you, for example general enquiries such as how the Service works, complaints and payment queries

Any data you choose to share with us or request us to view

Consent

To administer and protect the Service (including troubleshooting, fraud prevention, spam prevention, security incident prevention and correction, data analysis, testing, system maintenance, support, reporting and hosting of data), operate the Service (including notifying you of any changes), optimise your user experience, and send you service and support messages such as updates, patches and security alerts

Financial Data

Identity Data

Usage Data

Technical Data

Image Data

Consent

To send you promotional messages, marketing, and other such information we think may be of interest to you, either directly or through one of our partners; you may opt out from receiving certain messages, as described in Section 7 of this Privacy Policy

Financial Data

Identity Data

Usage Data

Technical Data

Consent

To enable you to partake in a prize draw, competition, referral scheme, rewards programme, promotional activities, events, complete a survey or invite you to participate in Application testing

Financial Data

Identity Data

Technical Data

Consent

To analyse your use of the Service and deliver relevant content, for example by providing customised, personalised, or localised content, recommendations and features

Usage Data

Consent

To enable third parties to advertise products or services in which you may be interested, including via emails

Identity Data

Usage Data

Technical Data

Consent

To enforce this Privacy Policy, our Terms of Service, and any other terms that you have agreed to, including to protect the rights, property, or safety of our users, or any other person

Identity Data

Usage Data

Technical Data

Image Data

For purposes of legitimate interests

To maintain and retain records in connection with actual and potential legal claims and regulatory investigations, and for governance and compliance purposes

Financial Data

Identity Data

Usage Data

Technical Data

Necessary for compliance with a legal obligation to which we are subject


We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason, and that reason is compatible with the original purpose.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

4. How we share the information we collect

This section describes how the information collected or generated through your use of the Service may be shared by us with third parties.

4.1 Service providers

We may from time to time share your information with third party service providers to perform functions and process user data and help provide our Service, in a manner consistent with this Privacy Policy.

For example, we work with analytics providers to help us understand the use of our Service.

Where a third party processes user data on our behalf, it is subject to security and confidentiality obligations consistent with this Privacy Policy and applicable law; we only permit them to process your personal data for specified purposes and in accordance with our instructions. Where a third party processes user data on its own behalf, its processing is subject to its own Privacy Policy and applicable law.

To provide you with the best experience, we use third parties who automatically process your Usage Data on our behalf. Where possible, we will make sure this data is anonymised.

4.2 Promotions and surveys

When one or more of our business partners co-sponsor a service, promotion, contest/sweepstake, or survey, we may share some or all of the information collected in connection with such service, promotion, contest/sweepstake, or survey with the co-sponsor(s). If we intend to share such information, you will be notified prior to the collection of that information. If you do not want your information to be shared, you will be able to choose not to allow the transfer by not using or signing up for that particular service, promotion, contest/sweepstake, or survey.

4.3 Marketing and advertising

Our policy is not to disclose personal information collected online to a third party for direct marketing purposes without your opt-in. We may share information with advertising partners in order to send you promotional communications about our Service or to show you more tailored content, including relevant advertising for third party products and services that may be of interest to you, and to understand how users interact with advertisements. The information we share is in a de-identified format (for example, through the use of hashing) that does not personally identify you. We may also share aggregate user information in a non-personally identifiable manner with advertisers and other third parties in order to present to users more targeted advertising, products and services. We do not provide any personally identifiable information to third party advertising companies without your approval. Note, however, that if an advertiser asks us to show an advertisement to users with certain characteristics (for example, women ages 18-24) or a segment of that group (for example, women ages 18-24 who have viewed certain categories of content) and you respond to that advertisement, the third party advertising company may conclude that you have the characteristics of the audience that they are trying to reach.

4.4 Affiliate networks

If you access our Service through an offer that you received or purchased from a third party, we may also share information with that third party about your use of the Website, such as whether and to what extent you have used the offer, activated an account, or actively used our Service.

We may also share aggregated data relating to video views with our partners.

5. Cookies and other tracking technologies

A cookie is a small text file that is placed on your computer, mobile phone, or other device when you visit a website. The cookie will help website providers to recognise your device the next time you visit their website. There are other similar technologies such as pixel tags (transparent graphic images placed on a web page or in an email, which indicate that a page or email has been viewed), web bugs (similar to pixel tags) and web storage, which are used in desktop software or mobile devices.

There are also technologies such as mobile device identifiers and SDK integrations to help companies recognise your device when you return to an app or otherwise use a service.

Our policy regarding cookies can be found here.

6. Information collected by third parties

Some entities that have links on our Service may collect personally identifying information about you when you access or utilise those links. We do not control the collection or use of such information, and the practices of those entities are not covered by this Privacy Policy. Links can be from content providers and/or partners who may use our logo and/or style as a result of a co-branding agreement, yet they may still not follow the same policies as this Privacy Policy with respect to collection of your personal information. In addition, our Service includes social media features, such as the TikTok, Facebook or Instagram ‘Like’ button. These features may collect your IP address, which page you are visiting on our Service, and may set a cookie to enable the feature to function properly. Social media features and related widgets are either hosted by a third party or hosted directly on our Service. Your interactions with these features are governed by the privacy policy of the company providing them.

Please read these third parties’ privacy policies to find out how they collect and process your personal information.

7. Email opt-out

Users who no longer wish to receive email updates or other notifications may opt out of receiving these communications by following the instructions contained in the applicable email.

Please know that such a decision will not stop advertising or content that is generated prior to the time when we can accomplish the removal of your information.

8. Credit card processing

Credit card transactions are handled by a third party processor that receives credit card numbers and other personally identifying information only to verify credit card accounts and process transactions.

Credit card security is an important aspect of the online experience. We use encryption technology to keep your credit card information safe. To ensure that your information is even more secure, once we receive your credit card information, it is stored on a server that isn't accessible from the Internet.

BY ACCEPTING THE PRIVACY POLICY, YOU EXPRESSLY AUTHORISE US TO USE AND SHARE WITH CERTAIN TRUSTED BUSINESS PARTNERS AND SERVICE PROVIDERS, WHICH MAY BE LOCATED OUTSIDE OF THE COUNTRY OF YOUR RESIDENCE (INCLUDING COUNTRIES WHICH DO NOT PROVIDE THE SAME LEVEL OF PROTECTION FOR THE PROCESSING OF PERSONAL DATA AS THE COUNTRY OF YOUR RESIDENCE), THE INFORMATION PROVIDED BY YOU TO US, EVEN IF SUCH INFORMATION IS COVERED BY LOCAL BANKING SECRECY LAWS. YOU ACKNOWLEDGE AND AGREE TO THE IMPORTANCE OF SHARING SUCH INFORMATION FOR THE PROCESSING OF YOUR PURCHASE(S) AND ALSO AGREE THAT, BY ACCEPTING THIS PRIVACY POLICY, WHERE APPLICABLE AND TO THE EXTENT PERMITTED BY APPLICABLE LAW, YOU EXPRESSLY WAIVE YOUR RIGHTS UNDER SUCH BANKING SECRECY LAWS WITH REGARD TO US AND ANY TRUSTED BUSINESS PARTNERS AND SERVICE PROVIDERS, WHICH MAY BE LOCATED OUTSIDE YOUR COUNTRY OF RESIDENCE. THIS CONSENT IS GIVEN FOR THE DURATION OF YOUR RELATIONSHIP WITH US.

9. Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, altered or disclosed, used or accessed in an unauthorised way. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who need to know it. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. However, the transmission of data via the Internet is not completely secure and we cannot guarantee that unauthorised parties will not be able to defeat those measures; unauthorised entry or use, hardware or software failure and other factors may compromise the security of our user information at any time.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

10. Children and privacy compliance

Our Service is not directed to children under the age of 16 years. However, in some countries, stricter age limits may apply under local law. We do not knowingly collect personal data from children under 16 years or under the applicable age limit (the “Age Limit”). If we obtain actual knowledge that we have collected personal information about a child under the Age Limit, that information will be immediately deleted from our database. Because we do not collect such information, we have no such information to use or to disclose to third parties. If a parent believes that his or her child has submitted personal information to us, he or she can contact us via email or postal mail as listed below. We will promptly delete the information upon learning that it relates to a child under the Age Limit. Please note that it is possible some of this information may remain archived in web logs and back-up archives after we delete the information from our active database. We believe that parents should supervise their children’s online activities and consider using parental control tools available from online services and software manufacturers that help provide a kid-friendly online environment. These tools can also prevent children from otherwise disclosing their name, address and other personal information online without parental permission.

11. Business transitions

In the event we go through a business transition, such as a merger, acquisition by another company, or sale of a portion of our assets, users' personal information will, in most instances, be part of the assets transferred. In such instances, the new owners may use your personal data in the same way as set out in this Privacy Policy.

12. Territorial

We make an effort to protect the personal information of all users of our Service. If you are unsure whether this Privacy Policy is in conflict with the rules applicable where you are located, you should not submit your personal information.

13. EU users’ rights under the GDPR

If you are located in the European Union, or if the EU’s General Data Protection Regulation (“GDPR”) otherwise applies to your data as processed by us, you have the right to:

1. Request access to your personal data. This enables you to receive a copy of the personal data we hold about you and our full list of third parties who process your data, and to check that we are lawfully processing it.

2. Request confirmation as to whether or not your personal data is being processed.

3. Request the correction of your personal data that you consider to be inaccurate. This enables you to have any incomplete or inaccurate data we hold about you corrected. However, we may need to verify your identity and the accuracy of the new data you provide to us.

4. Request erasure of your personal data. This enables you to ask us to delete or remove personal data, for example: i) where there is no good reason for us continuing to process it; ii) where you have successfully exercised your right to object to processing (see below); iii) where we may have processed your information unlawfully; iv) where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request for erasure for specific legal reasons and our need to keep appropriate archives for our business operations. These reasons will be notified to you at the time of your request. In addition, as explained in Section 2.3 of this Privacy Policy, certain information may always be publicly available to others and other information is made publicly available to others by default.

5. Object to processing of your personal data. This enables you to object to the processing of your personal data if you feel it impacts on your fundamental rights and freedoms. For example, this can be where we are processing your personal data for direct marketing purposes. In some cases, we may have compelling legitimate grounds to process your information which can override your right to object.

6. Request restriction of processing of your personal data. This gives you the option to ask us to suspend the processing of your personal data in the following scenarios: i) if you want us to establish the accuracy of the data; ii) where our use of the data is unlawful but you do not want us to erase it; iii) where you need us to hold the data, even if we no longer require it, e.g. to establish or defend legal claims; or iv) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

7. Request transfer of your personal data. If you request us to do so, we will provide to you, or a third party of your choice, your personal data in a commonly used, machine readable format. Note that this right only applies to automated information which you initially provided consent for us to use, or where we have used the information to perform a contract with you.

8. Withdraw consent to the processing of your data. If you request us to do so, we will no longer process your data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide our Service for you. We will also advise you of this at the time you withdraw your consent.

9. Not have a decision made about you based solely on automated processing.

If you wish to exercise any of the rights set out above or request details about the specific legal basis we are relying on to process your personal data, please fill in the request form which you can find on the Support page of this website.

We will respond to you within 30 days of receipt of your request. Occasionally, it may take us longer than 30 days if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise your other legal rights). This is a security measure to ensure that your personal data is not disclosed to any person who does not have the right to receive it. We may also contact you to ask you for further information, in relation to your request, to speed up our response.

You will not have to pay a fee to access your personal data (or to exercise any of your other legal rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

You have the right to make a complaint at any time to the Dutch Privacy Authority (DPA), the Dutch supervisory authority for data protection issues (https://autoriteitpersoonsgegevens.nl/en). We would, however, appreciate the chance to deal with your concerns before you approach the DPA, so please fill in the request form which you can find on the Support page of this website.

14. Data retention

If you are located in the European Union, or if the GDPR otherwise applies to your data as processed by us, we will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or internal reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, as well as the applicable legal requirements.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for compliance, governance, legal and/or regulatory purposes, in which case we may use this information indefinitely without further notice to you.

15. Cooperation with law enforcement; fraud protection

We fully cooperate with law enforcement agencies in identifying those who use our Service for illegal activities. We reserve the right to disclose information about users or members who we believe are in violation of applicable laws or regulations, or as required to respond to a subpoena, court orders or other legal process requiring such disclosure. We also reserve the right to report to law enforcement agencies any activities that we reasonably believe to be unlawful and to exchange information with other companies and organisations for fraud protection.

16. Changes to this Privacy Policy

Occasionally we may, at our discretion, make changes to this Privacy Policy. When we make material changes to this Privacy Policy, we will provide you with prominent notice as appropriate under the circumstances, e.g. by displaying a prominent notice within the Application and Website, or by sending you an email. In some cases, we will notify you in advance, and your continued use of the Service after the changes have been made will constitute your acceptance of the changes. Please, therefore, make sure you read any such notice carefully. If you object to any of the changes, you have the opportunity to delete your account and any associated information. Once deleted, your details will be non-recoverable.

Please note that if you opt out of receiving notices from us, change notices will still govern your use of the Service, and you are responsible for reviewing such legal notices for changes, as posted on the Application and Website.

17. Who we are

For the purposes of the GDPR, HYMN B.V., a limited liability company under Dutch law, with its office address at Doctor Kuyperstraat 1, 2514 BA Den Haag, The Netherlands, is the Data Controller and is responsible for your personal data.