Privacy Notice

SENTY Pty Ltd (ABN 62 652 427 579) ("Company") operates a web application located at the domain address huangdarren1106.github.io that allows users to analyse their listening history on their Spotify accounts ("Web Application").

Our Web Application is an independent application that uses the official Spotify API to provide our services and is not associated with the Spotify AB company, its partners or associates.

This Privacy Notice explains how we manage the personal data that we collect, hold, use and disclose and how to contact us if you have any further queries about our management of your personal data.

This Privacy Notice applies to you only to the extent that the collection and handling of your personal data is subject to the Privacy Act 1988 (Cth) ("Privacy Act").

The following Privacy Notice is intended to inform you in particular about the type, scope, purpose, duration, and legal basis for processing your Personal data under our control or in conjunction with others.

We also inform you below about the third-party components (referred below to as the "Third-party Cookies") we use to optimise our Web Application and improve the user experience, which may result in said third parties also processing data they collect and control.

This Privacy Notice has the following structure:

1. Definitions

2. Users' rights and data

3. Data processing

4. Contact us

5. How we handle complaints

6. Changes to our Privacy Notice

Definitions:

• Cookies are small text files or other storage technologies stored on your computer by your internet browser. These cookies process specific information about you, such as your browser version, location data, IP address, etc. For more information about cookies and disabling them, consult them at https://www.allaboutcookies.org/manage-cookies/.

• Personal data ("data") is information or an opinion about an identified individual or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not. The data will only be processed by us to the extent necessary and for the purpose of providing a functional and user-friendly Web Application, including its contents and services. Further information about the application of the Privacy Act can be found on the Office of the Australian Information Commissioner website at https://www.oaic.gov.au.

• Processing as per GDPR (The General Data Protection Regulation) as per Art. 4 No. 1 of Regulation (EU) 2016/679, refers to any operation or set of operations such as collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction performed on personal data, whether by automated means or not.

• Spotify Single Sign-On ("Spotify SSO") is a convenient and secure authentication method allowing users to access their Spotify account with a single login credentials. This improves security by reducing the risk of password-related vulnerabilities and enhances user experience.

Users' rights and data

Regarding the processing of data, users have the right to:

• Confirmation of whether data concerning them is being processed, information about the data being processed, further information about the nature of the data processing, and copies of the data (cf. also Art. 15 GDPR);

• Correct or complete incorrect or incomplete data (cf. also Art. 16 GDPR);

• Request an immediate deletion of data concerning them (cf. also Art. 17 DSGVO), or, alternatively, if further processing is necessary as stipulated in Art. 17 Para. 3 GDPR, to restrict said processing per Art. 18 GDPR;

• Receive copies of the data concerning them and/or provided by them and have the same transmitted to other providers (cf. also Art. 20 GDPR);

• File complaints with the supervisory authority if they believe the Company is processing data concerning them in breach of data protection provisions (see also Art. 77 GDPR).

In addition, the Company is obliged to inform all recipients to whom it discloses data of any such corrections, deletions, or restrictions placed on processing the same per Art. 16, 17 Para. 1, 18 GDPR.

However, this obligation does not apply if such notification is impossible or involves a disproportionate effort.

Nevertheless, users have a right to information about these recipients.

Likewise, under Art. 21 GDPR, users and data subjects have the right to object to the Company's future processing of their data pursuant to Art. 6 Para.1 lit. f) GDPR. In particular, an objection to data processing for the purpose of direct advertising is permissible.

Data processing

When using our Web Application, your data will be deleted or blocked as soon as the purpose for its storage ceases to apply, provided the deletion of the same is not in breach of any statutory storage obligations or unless otherwise stipulated below.

Server data

For the purpose of this Web Application, the Company does not use any servers.

We do not collect or store any user data. Your user's data is processed in your internet browser.

Session Cookies

For the purpose of this Web Application, there are no session cookies.

Third-party Cookies

Our Web Application may use cookies from companies with whom we cooperate for the purpose of improving our Web Application, advertising or analysing.

Disabling Cookies

You can decline the use of Cookies by changing the settings on your internet browser.

In addition, you can use your internet browser to delete cookies that have already been stored in it.

Please refer to the documentation of your internet browser to be able to do so.

User Account

You do not need to create a new account with our Web Application because we use the Spotify SSO.

When you log in with your Spotify account in our Web Application, we only use a limited set of data to provide our services, namely:

• Spotify Username

• Email used in your Spotify account

• Spotify user_id

• Spotify avatar

• Spotify Access token

• Spotify Refresh token

• Top artists from your listening history.

• Top tracks from your listening history.

Our Web Application will request data from Spotify in the background even if you are not actively using our web application to register the changes in your listening history.

During the login process, we obtain your consent to be able to access the above data from Spotify. The data retrieved from your Spotify account will be exclusively used to provide you with our services. 

You may revoke your prior consent to the processing of your personal data at any time under Art. 7 Para. 3 GDPR with future effect. All you have to do is inform us that you are revoking your consent.

The data previously collected will then be deleted as soon as processing is no longer necessary. However, we must observe any retention periods required under tax and commercial law.

You should log in with Spotify every time you wish to use our Web Application.

If you decide to revoke our application from the access to your Spotify account you should follow the process described here: https://support.spotify.com/au/article/spotify-on-other-apps/ .

Google Analytics

We use Google Analytics on our website. This web analytics service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

For more information about how Google uses data when you use our Web Application, please refer to https://policies.google.com/technologies/partner-sites.

Through certification according to the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

Google Analytics guarantees it will follow the EU's data protection regulations when processing data in the United States.

The Google Analytics service is used to analyse how our website is used. The legal basis is Art. 6 Para.1 lit. f) GDPR. Our legitimate interest lies in our Web Application's analysis, optimisation and economic operation.

Usage and user-related information, such as IP address, place, time, or frequency of your visits to our Web Application, will be transmitted to a Google server in the United States and stored there. However, we use Google Analytics with the so-called anonymisation function, whereby Google truncates the IP address within the EU or the EEA before it is transmitted to the US.

Google Analytics uses the data collected in this way to provide us with an evaluation of visits to our Web Application and what visitors do once there.

This data can also be used to provide other services related to the use of our website and of the internet in general.

Google Analytics states that it will not connect your IP address to other data.

In addition, Google Analytics provides further information with regard to its data protection practices at https://policies.google.com/technologies/partner-sites?hl=en, including options you can exercise to prevent such use of your data.

In addition, Google Analytics offers an opt-out add-on at https://tools.google.com/dlpage/gaoptout?hl=en in addition to further information.

This add-on can be installed on the most popular web browsers and offers further control over the data that Google Analytics collects when you visit our Web Application.

The add-on informs Google Analytics JavaScript (ga.js) that no information about the website visit should be transmitted to Google Analytics.

However, this does not prevent information from being transmitted to us or other web analytics services we may use as detailed herein.

Plausible Analytics

We use Plausible Analytics on our website. This web analytics service is provided by Plausible Insights OÜ, Västriku tn 2, 50403, Tartu, Estonia, Registration number 14709274.

Plausible Analytics is privacy-friendly web analytics that does not track, collect cookies or store personal data or personally identifiable information and is fully compliant with GDPR, CCPA and PECR.

We use a self-hosted version of Plausible Analytics hosted on Linode cloud infrastructure in Dallas, US.

For further information on Plausible Analytics's GDPR, CCPA and cookie law compliance and all the data points they collect, please refer to their data policy at https://plausible.io/data-policy.

Third-Party Ad Servers and Ad Networks

We may use third-party advertising companies to serve programmatic ads when you visit our Web Application.

These advertising companies may use information about your visits to our Web Application and other websites in order to provide advertisements about goods and services of interest to you.

These advertising advertisements may appear on our Web Application and on other websites. These companies may employ cookies, clear GIFs and other tracking technologies to cause relevant ads to be displayed to you.

Contact us:

For purposes of the Privacy Act and data protection laws, the Company's data protection officer, Elena Osipova.

Company's Email address: apps@senty.com.au

Company's Postal address:

ATTN: SENTY Pty Ltd

173A Melbourne Road, Rippleside VIC 3215, Australia.

How we handle complaints

If you have any concerns or complaints about the manner in which we have collected or handled your personal data, please advise us of your concern or complaint in writing and send it to apps@senty.com.au.

Your concern or complaint will be considered or investigated, and we will endeavour to respond to your complaint within 30 days.

It is our intention to use our best endeavours to resolve any complaint to your satisfaction.

However, if you are unhappy with our response, contact the Office of the Australian Information Commissioner, who may investigate your complaint further.

Changes to our Privacy Notice

This Privacy Notice is effective from the 12th of November, 2023. This Privacy Policy may be updated from time to time. You can obtain a copy of the latest version at any time at https://huangdarren1106.github.io/privacy