Privacy Notice

RRK APPS Limited

Revised on: 22 May 2019


RRK APPS Limited (‘‘RRK’’) is a company duly incorporated under the laws of the Republic of Cyprus, with registration number HE395525, whose registered office is at 5, Esperidon Street, Floor 4, 2001 Nicosia –Cyprus, and is the exclusive owner of various mobile Applications, including MuzArt Beats and MuzArt 8 Bit. RRK offers to its Clients unique mobile Applications specifically developed and designed by a team of experienced professionals, which can be found at (the ‘‘Applications’’). In the course of the provision of services, RRK is entrusted with personal data and is dedicated to protecting the confidentiality and privacy of any such data, and for this reason, RRK has implemented and maintains policies relevant to the appropriate use, processing and storing of the personal data. The present Privacy Notice (“the Privacy Notice”) aims at informing our Clients or other Individuals which entrust us with their personal data as to our relevant policies which are part of our overall Policy on Data Protection Security and Confidentiality Policy. Please review this Privacy Notice to learn more about how we collect, use, share and protect the personal information we obtain. In particular, the Privacy Notice contains information on: • The personal information we collect about you (What we Need) • What we do with your information (Why we Need it and What we Do with it), • Who your information might be shared with, and • What your rights are. Do not hesitate to contact us if you have any questions or in doubt about any of the information we provide with the Privacy Notice. The Privacy Notice and any updates hereof may be found at our Privacy Notice is amended, we will ensure that we update our website accordingly in a clear manner to enable you to access it.

Data Protection

Policy Details

This Privacy Notice was last updated on 22 May 2019.

Notice applicability

This Privacy Notice applies to RRK and to all the Applications which are exclusively developed and/or owned by RRK. This Privacy Notice applies to individuals ("Individuals") that fall within the following groups: • clients ("Clients") of RRK and, users of RRK’s Applications • service providers, business associates, or other third parties (collectively, "Third Parties") with whom RRK need to come to contact with, including third party service providers of RRK, with whom RRK need to exchange data for the purpose of servicing the Clients. (collectively, "Parties")

Scope of Notice

This Privacy Notice is relevant to all aspects of data protection including the protection and security of personal data (as defined by the General Data Protection Regulation (EU) 2016/679 ("GDPR")) of Parties that are Individuals. Data covered under this Data Protection, Security and Confidentiality Policy include: • information recorded electronically and/or by automated means; • information forming part of a filing system or intended to form part of a filing system as defined in the GDPR.

General Policy Statement

We will: • follow good practice; • protect your personal data; • respect your rights under the GDPR; • be open and honest in our communications with you with regards to your personal data; • ensure that we comply with all laws applicable from time to time in respect of personal data we hold; • respect the rights of Clients and Third Parties; • ensure that we comply with data protection, security and confidentiality legislation.

Policy Statement for Client Individuals

RRK recognises that its first priority under the GDPR is to avoid causing harm to individuals. In the main this means: • keeping information securely in the right hands, provided that at least one of the following legal grounds of processing applies: • the Individuals have granted their consent to the processing of their personal data for specific purposes to be identified in advance; • Processing is necessary for the performance of a contract to which the Individuals are party or in order to take steps at the request of the Individual prior to entering into a contract; • Processing is necessary where RRK has a legal obligation; • Processing is necessary to protect the Client Individual’s vital interests or of another natural person; • Processing is necessary for the purpose of a legitimate interest pursued by RRK, but we recognise that we shall not pursue any such legitimate interests if these are overridden by the Individuals interests or fundamental rights. • holding good quality information; and, • communicating with the Individuals in a concise, transparent, intelligible and easily accessible form, using clear and plain language, facilitating the Individuals’ rights to access, rectification and erasure, restriction of processing, data portability, objection to processing in general, and objection to automated processing, including profiling Types and uses of Individuals’ sensitive personal data RRK will not require to collect from their Clients any sensitive personal data, since this is not necessary for the purpose of performing their contract with RRK. The eight categories of sensitive personal data as defined by GDPR are: • The racial or ethnic origin of data subjects; • Their political opinions; • Their religious beliefs, philosophical beliefs or other beliefs of a similar nature; • Whether they are a member of a trade union; • Their physical or mental health or condition; • Their sexual life and orientation; and, • Their genetic and biometric data. Types and uses of Individuals’ personal data RRK collects the minimum amount of Individual Clients data, as follows: • name; • address; • telephone contact; • email address; This information is used: • To create and maintain account with RRK; • To enable the Clients download RRK’s Applications following (a) above; • To facilitate provision of our services where necessary. Payments’ Data RRK will not retain any data relevant to the Clients’ purchase transactions. The Clients’ payment transaction data is stored only as long as is necessary to complete their purchase transaction. After that is complete, the purchase transaction information is deleted. All direct payment gateways adhere to the latest security standards. Sensitive and private data exchange happens over a SSL secured communication channel and is encrypted and protected with digital signatures.

Retention of Personal Data

We will keep your personal data for the whole period during the duration of the service agreement with the Client, unless otherwise agreed between the Client and RRK and unless as provided below. In the event that legal proceedings or other investigations from a public office or a supervisory authority have commenced, we shall retain the personal data for such time until the date of resolution and/or completion of any such legal proceedings or investigations. Then, we shall irreversibly destroy any such personal data we have in our possession.

Storage of Personal Data

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (EEA). The data may also be processed by staff operating outside of the EEA who work for RRK or for one of our sub-processors. Such staff may be engaged in, among other things, the fulfilment of your order to download and/or install the Application, the processing of your payment details and the provision of support services. By submitting your data, you agree to this transfer, storing and/or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with our Privacy Policy. We maintain reasonable security standards and procedures with a view to preventing unauthorized access to data by anyone, including our staff. We use technologies (e.g. data encryption, firewalls) to protect the security of data by following a risk based approach.

Sharing of Personal Data

RRK shall not share any information with unaffiliated third parties, except as necessary for their legitimate professional and business needs, to carry out the Client’s requests, and/or as required or permitted by law or professional standards. These include: • Service providers: RRK work only with reputable partners and service providers to process personal information where required. RRK will only transfer personal information to them when they meet our standards on the processing of data and security. We only share personal information that allows them to provide their services. • Reorganized or sold to another organization: RRK may also disclose personal information in connection with the sale, assignment, or other transfer of the business of the site to which the data relates; • Courts, law enforcement or regulatory bodies: RRK is subject to the law like everyone else and may be required to give information to legal authorities if they so request or if they have the proper authorisation such as a search warrant or court order. • Audits: disclosures of personal information may also be needed for data privacy or security audits and/or to investigate or respond to a complaint or security threat. In addition, RRK may transfer certain personal information outside of the EEA to outside companies working with us or on our behalf for the purposes described in this Privacy Notice (e.g. in order to provide you with services requested, or due to public or legal duty to do so). If we do this your personal information will continue to be protected by means of contracts we have in place with those organizations outside the EEA, in line with the European Commission requirements. RRK will not transfer the personal information you provide to any third parties for their own direct marketing use. However we note that RRK’s Applications contain links to other mobile applications that are not owned or controlled by us. Please be aware that we are not responsible for the privacy practices of such other mobile applications or third-parties. We encourage you to be aware and to read the privacy notices of each and every mobile application that may collect Personal Data.

Automatic Collection Cookies & IP addresses

Use of Cookies and Location Based Tools RRK or a designated service provider may use “cookies” or similar electronic tools to collect information for user-identification purposes only. A cookie is a small text file that is placed on your computer and is used to identify your browser but not you. You can set your browser to notify you before you receive a cookie, giving you the chance to decide whether to accept it. You can also set your browser to turn off cookies. We shall not use any of the information collected for any commercial purposes or the compilation of statistical data on your browsing actions and patterns. Cookies may be placed on your computer or internet-enabled device whenever you visit RRK’s site online. This allows the site to remember your computer or device. Usually, a notification banner will appear requiring your consent to collect cookies. If you do not provide consent, your computer or internet-enabled device will not be tracked. A secondary type of cookie referred to as "user-input" cookies may still be required for necessary functionality. Such cookies will not be blocked through the use of this notification banner. Your selection will be saved in a cookie and is valid for a short period (e.g. 90 days). If you wish to revoke your selection, you may do so by clearing your browser's cookies. Although most browsers automatically accept cookies, you can choose whether or not to accept cookies via your browser's settings (often found in your browser's Tools or Preferences menu). You may also delete cookies from your device at any time. BY NAVIGATING ON OUR WEB SITES OR ENTERING YOUR LOGIN DETAILS TO ACCESS AREAS RESERVED FOR REGISTERED USERS, YOU SHALL BE ASKED TO AGREE THAT WE CAN PLACE THESE COOKIES ON YOUR COMPUTER OR INTERNET ENABLED DEVICE. IP Addresses An IP address is a number assigned to your computer whenever you access the internet. It allows computers and servers to recognize and communicate with one another. IP addresses from which visitors appear to originate may be recorded for IT security and system diagnostic purposes. This information may also be used in aggregate form to conduct web site trend and performance analysis. Your rights as a data subject RRK may ask for your permission for certain uses of your personal information, and you can agree to or decline those uses. As described in "Cookies" above, if you wish to prevent cookies from tracking you as you navigate our sites, you can reset your browser to refuse all cookies or to indicate when a cookie is being sent. Note, however, that some portions of our sites may not work properly if you elect to refuse cookies. In general if you have submitted personal information to RRK, you have the following rights: • The right to access information about you and to obtain information about how it is processed. • The right to request that your information is corrected if it is inaccurate or incomplete. • The right to request that your information is erased (depending on the circumstances and agreements in place). We may continue to retain your information if another legitimate reason for doing so exists. • The right to object to, and to request that we restrict, our processing of your information (depending on the circumstances and agreements in place). We may continue to process your information if another legitimate reason for doing so exists. • The right to withdraw your consent to our processing of your information (depending on the circumstances and agreements in place). We may continue to process your information if another legitimate reason for doing so exists. • The right to receive certain information you have provided to us in an electronic format and / or request that it is transmitted to a third party. • The right to ask us not to process your personal data for marketing purposes. Prior to collecting data, we will usually inform you if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can exercise your rights by contacting us using the details set out in the “Questions and Enforcement” section. We will make all reasonable and practical efforts to comply with your request, if it is consistent with applicable law and professional standards.

Security Measures

RRK has reasonable security policies and procedures in place to protect personal information from unauthorized loss, misuse, alteration, or destruction. Despite RRK's best efforts, however, security cannot be absolutely guaranteed against all threats. To the best of our ability, access to your personal information is limited to those who have a need to know. Those individuals who have access to the data are required to maintain the confidentiality of such information. A series of technology and Cyber Security platforms and solutions are utilized to protect data within RRK’s environment including, but not limited to perimeter security mechanisms, end point security mechanisms, encryption, etc.

Your Responsibilities

You are responsible for ensuring that the information provided to RRK on your behalf is accurate and up to date, and you must inform us if anything changes as soon as possible. If you provide information for another person on your account, you must direct them to this policy and ensure they also agree to us using their information as described in it. Questions and enforcement RRK is committed to protecting the online privacy of your personal information. If you have questions or comments about our administration of your personal information, please contact us at (Contact info – Phone and Email). You may also use this contact information to communicate any concerns you may have regarding compliance with our Privacy Notice.


Any notice ("Notice") required to be given under this Data Protection, Security and Confidentiality Policy must be addressed to RRK in writing and must be (a) delivered in person, (b) sent by first class registered mail, or air mail, as appropriate, (c) sent by overnight courier, in each case properly posted and fully prepaid to the appropriate address set forth below, (d) sent by facsimile, or, (e) sent by electronic mail (email). Notices will be considered to have been given when RRK acknowledges receipt of such Notice. RRK’s contact details for Notices is as follows: Address: Facsimile: Email:


We reserve the right to modify this Policy Notice relating to RRK and its Applications at any time, effective upon posting of an updated version of this Policy in RRK’s site and a relevant notification to all the Applications owned and controlled by RRK. By continue using RRK’s site and its Applications after any such changes, shall constitute your consent to such changes.