Legal
Privacy
Policy
Last updated: April 2025 · New Sound Studio e.U., Vienna, Austria
01
Who We Are
New Sound Studio e.U. ("NSS", "we", "us") operates the website newsoundstudio.at. We are the data controller responsible for your personal data. You can reach us at nachorauscher@gmail.com.
This policy explains what data we collect, how we use it, and your rights under the General Data Protection Regulation (GDPR) and Austrian data protection law.
02
What Data We Collect
We collect the following categories of personal data:
- Account data: email address, username, and encrypted password when you register.
- Purchase data: order history, product licenses, and download activity.
- Payment data: your payment is processed by a certified third-party provider. We do not store card numbers, bank details, or CVV codes on our servers.
- Usage data: pages visited, products viewed, time on site, and browser/device type — collected anonymously for analytics.
- Community data: messages posted in the NSS Community forum, including username and timestamps.
- Communication data: emails you send us, support requests, and seller applications.
- Security data: short-lived two-factor authentication codes (auto-deleted within 24 hours of issue).
- Waitlist data: email addresses you provide to be notified about upcoming releases. Deleted on request or when the release is no longer relevant.
03
How We Use Your Data
We use your personal data for the following purposes:
- To process orders, deliver downloads, and manage your account.
- To send transactional emails (order confirmation, download links, password reset).
- To personalise product recommendations based on your browsing and purchase history.
- To maintain the security and integrity of the NSS Community.
- To analyse site usage and improve our platform.
- To comply with our legal obligations under Austrian and EU law.
The legal basis for processing is: contract performance (for orders), legitimate interest (for analytics and security), and consent (for optional marketing emails).
04
Third Parties
We share data only where necessary to operate our service:
- Payment processing: handled by a PCI-DSS Level 1 certified provider. Your payment data is governed by their privacy policy.
- Email delivery: transactional emails are sent via a trusted email provider. Only your email address is shared for delivery purposes.
- Hosting & infrastructure: our platform is hosted on servers within the European Economic Area (EEA).
- Analytics: we use privacy-respecting analytics tools. No personal data is shared with advertising networks.
We do not sell your data. We do not share data with advertisers. We do not use your data for profiling beyond product personalisation on our own platform.
05
Cookies & Local Storage
Our website uses browser local storage (not traditional cookies) to save your cart, language preference, and product recommendations. This data is stored entirely on your device and is not transmitted to our servers unless you make a purchase.
We do not use tracking cookies or third-party advertising cookies. If we introduce analytics cookies in future, we will request your explicit consent first.
06
Data Retention
- Account data is retained for the lifetime of your account, plus 3 years after deletion for legal compliance.
- Purchase records are retained for 7 years as required by Austrian tax law (§ 132 BAO).
- Community messages are retained until you request deletion or your account is banned.
- Usage data is anonymised after 12 months.
- 2FA codes are deleted automatically within 24 hours of issue (single-use, time-limited).
- Waitlist sign-ups are kept until the related release ships and notifications are sent, or until you ask to be removed — whichever is sooner.
07
Your Rights (GDPR)
Under GDPR, you have the right to:
- Access — request a copy of all personal data we hold about you.
- Rectification — correct inaccurate or incomplete data.
- Erasure — request deletion of your data ("right to be forgotten"), subject to legal retention requirements.
- Portability — receive your data in a machine-readable format.
- Objection — object to processing based on legitimate interest.
- Withdraw consent — at any time, for processing based on consent.
To exercise any of these rights, contact us at nachorauscher@gmail.com. We will respond within 30 days. If you are unsatisfied, you have the right to lodge a complaint with the Austrian Data Protection Authority (DSB) at dsb.gv.at.
08
Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (if you have an account) and update the "Last updated" date above. Continued use of NSS after changes constitutes acceptance of the updated policy.
09
Contact
New Sound Studio e.U.
Vienna, Austria
nachorauscher@gmail.com