Privacy Policy

Last updated: 03 August 2025

1. Introduction

This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit our website or use our services. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Controller: Bandier Labs
Contact Email: hello@bandierlabs.com
Website: https://bandierlabs.com

2. Information We Collect

2.1 Information You Provide Directly

  • Email Marketing Subscription: When you subscribe to our mailing list, we collect your email address and any additional information you voluntarily provide (such as your name)
  • Contact Forms: Information you submit through our contact forms, including your name, email address, and message content
  • Comments: If you leave comments on our website, we collect the information you provide in those comments

2.2 Information Collected Automatically

  • Website Analytics: Through Google Analytics, we collect information about your visit including IP address, browser type, device information, pages visited, time spent on pages, and referring websites
  • Security Monitoring: Through Wordfence, we collect IP addresses, user agent strings, and other technical data for security purposes
  • Hosting Data: Our hosting provider (Hostinger) may collect technical information necessary for website operation and security

2.3 Cookies and Similar Technologies

We use cookies and similar technologies to improve your experience on our website. For detailed information about our use of cookies, please see our Cookie Policy.

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Consent: For email marketing subscriptions and non-essential cookies
  • Legitimate Interests: For website analytics, security monitoring, and improving our services
  • Contract Performance: When responding to your inquiries or providing requested services

4. How We Use Your Information

4.1 Email Marketing

  • Send you newsletters, updates about our music, tour dates, and promotional content
  • We use Omnisend as our email marketing platform
  • Double Opt-in Required: You must confirm your subscription via email before being added to our mailing list

4.2 Website Analytics

  • Understand how visitors use our website
  • Improve website performance and user experience
  • Analyze traffic patterns and popular content

4.3 Security and Technical Operations

  • Protect our website from spam, malware, and security threats
  • Monitor for suspicious activity
  • Ensure website functionality and performance

4.4 Communication

  • Respond to your inquiries and messages
  • Provide customer support when needed

5. Data Sharing and Third Parties

We share your data with the following third-party service providers who process data on our behalf:

5.1 Service Providers

  • Hostinger: Website hosting and technical infrastructure
  • Google Analytics: Website analytics and performance monitoring
  • Omnisend: Email marketing platform and campaign management
  • Wordfence: Website security and threat protection

5.2 Data Transfers

Some of our service providers may process data outside the European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place, including:

  • Adequacy decisions by the European Commission
  • Standard Contractual Clauses (SCCs)
  • Other approved transfer mechanisms

5.3 Legal Disclosure

We may disclose your information if required by law, court order, or to protect our rights, safety, or the rights and safety of others.

6. Data Retention

We retain your personal data for the following periods:

  • Email Marketing Data: Until you unsubscribe or withdraw consent, plus up to 2 years for legitimate business purposes
  • Analytics Data: Google Analytics data is automatically deleted after 26 months
  • Security Logs: Wordfence security data is typically retained for 30 days
  • Contact Form Data: Up to 2 years or until deletion is requested
  • Website Comments: Indefinitely unless deletion is requested

7. Your Rights Under GDPR

You have the following rights regarding your personal data:

7.1 Right of Access

You can request a copy of the personal data we hold about you.

7.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data.

7.3 Right to Erasure (“Right to be Forgotten”)

You can request deletion of your personal data in certain circumstances.

7.4 Right to Restrict Processing

You can request that we limit how we use your personal data.

7.5 Right to Data Portability

You can request a copy of your data in a structured, machine-readable format.

7.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

7.7 Right to Withdraw Consent

You can withdraw consent at any time where processing is based on consent.

7.8 Right to Lodge a Complaint

You can file a complaint with your local data protection authority.

8. How to Exercise Your Rights

To exercise any of your rights or if you have questions about our data processing:

Email us at: hello@bandierlabs.com

Include the following information in your request:

  • Your full name
  • Your email address
  • Specific details about your request
  • Proof of identity (if required)

We will respond to your request within 30 days of receipt.

9. Email Marketing Opt-Out

9.1 Unsubscribing

You can unsubscribe from our email marketing at any time by:

  • Clicking the “unsubscribe” link in any marketing email
  • Emailing us at hello@bandierlabs.com with “UNSUBSCRIBE” in the subject line

9.2 Double Opt-In Process

When you subscribe to our mailing list:

  1. You enter your email address on our website
  2. We send you a confirmation email
  3. You must click the confirmation link to complete your subscription
  4. Only then will you receive marketing emails from us

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • SSL/TLS encryption for data transmission
  • Secure hosting infrastructure
  • Regular security monitoring and updates
  • Access controls and staff training
  • Regular security assessments

However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

11. Children’s Privacy

Our website is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes:

  • We will post the updated policy on this page
  • We will update the “Last updated” date
  • For significant changes, we may notify you by email or website notice

13. International Users

If you are visiting our website from outside the European Union, please note that your information may be transferred to, stored, and processed in countries that may not have the same data protection laws as your jurisdiction.

14. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: hello@bandierlabs.com
Data Controller: Bandier Labs

For complaints or concerns about our data processing that we cannot resolve, you may contact your local data protection authority.

This Privacy Policy is effective as of 03 August 2025 and applies to all information collected by us on or after this date.