Last updated: 01-10-2025. Controller: NOBETA (sole proprietorship)

Address: Noorderweg 15, Soest, Netherlands KvK: 70770115 Privacy contact / complaints: noah@nobeta.nl

1. Introduction This Privacy Policy explains how NOBETA collects, uses, stores and discloses personal data when you use our services and website (www.nobeta.nl). NOBETA provides music production and composition services and online production courses. We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Dutch law.

2. Data we collect: We may collect and process the following categories of personal data:

• Identity and contact data: name, email address, billing address (if provided), telephone number.
• Account data: username, password (securely stored), profile information and course account details.
• Payment and transaction data: payment references and transaction details processed via Mollie. NOBETA does not store full card details; Mollie processes payment information.
• Technical data: IP address, browser type and version, operating system, device identifiers, timestamps.
• Usage data: pages visited, time spent, course progress and activity within course platform.
• Communication data: emails, messages and other correspondence with NOBETA.
• Voluntary data: portfolio material, preferences, comments, and any other information you submit.
• Cookie and similar data: see section 6 (Cookies).

3. Legal bases for processing: We process personal data on the following legal bases:

• Performance of a contract: processing necessary to provide services (course access, delivery of commissioned music, billing).
• Legal obligation: processing required to comply with legal obligations (e.g., tax and accounting records).
• Consent: where required (e.g., marketing emails, non-essential cookies/analytics). You may withdraw consent at any time.
• Legitimate interest: for security, fraud prevention, service improvement and internal business operations, provided your rights and freedoms do not override those interests.

4. Purposes of processing We use personal data for:

• Providing and managing services (music production, composition, course access).
• Enabling account registration and authentication.
• Processing payments and invoicing via Mollie.
• Communicating about orders, developments and support requests.
• Improving our website and services (analytics) — only if you consent to analytics cookies.
• Sending newsletters and marketing communications (only with your consent).
• Complying with legal and tax obligations.

5. Retention periods

• Tax and accounting records: retained in line with Dutch legal requirements (typically up to 7 years). Please confirm with your accountant.
• Customer and contract data: retained for the duration of the business relationship and afterwards as required to meet legal obligations or to defend legal claims.
• Course account and progress data: retained as long as necessary to provide the service, or until you request deletion, subject to legal retention obligations.
• Contact and support correspondence: retained as necessary to resolve matters and maintain records.

6. Cookies and similar technologies Cookie default: non-essential cookies are disabled by default. We only activate Google Analytics or other non-essential cookies after you give explicit consent.

Categories:

• Essential cookies: required for the website and course platform to function (session cookies, authentication).
• Preferences cookies: remember user settings and preferences.
• Analytics cookies: Google Analytics — only active after explicit consent.
• Marketing cookies: none are active unless you give consent.

7. Data sharing and processors We share personal data only to the extent necessary and with appropriate safeguards:

• Hosting provider: TransIP (website and file hosting). TransIP acts as a processor under a Data Processing Agreement.
• Payment provider: Mollie (payment processing).
• Analytics: Google Analytics — only activated with your consent; Google may process data outside the EEA. Appropriate safeguards (e.g., standard contractual clauses) are applied where required.
• Email and course platform providers: if used, they process personal data under contract as processors.
• Legal or regulatory authorities: if required by law or to protect our legal rights.

International transfers When personal data is transferred outside the EEA (for example, if Google transfers data to servers in the United States), we implement appropriate safeguards such as EU Standard Contractual Clauses or rely on another lawful mechanism.

8. Your rights You have the following rights under applicable data protection laws:

• Right of access: obtain confirmation whether we process your personal data and request a copy.
• Right to rectification: correct inaccurate or incomplete data.
• Right to erasure (“right to be forgotten”): request deletion when lawful grounds apply.
• Right to restriction of processing: request limitation of processing in certain circumstances.
• Right to object: object to processing based on legitimate interests or direct marketing.
• Right to data portability: receive personal data in a structured, commonly used and machine-readable format where applicable.
• Right to withdraw consent: withdraw consent for processing where processing is based on consent (this does not affect processing performed before withdrawal).
• Right to lodge a complaint with a supervisory authority (in the Netherlands: Autoriteit Persoonsgegevens — autoriteitpersoonsgegevens.nl).

To exercise any right or for privacy inquiries, contact: noah@nobeta.nl. We will respond within the statutory period (normally one month). We may request information to verify your identity.

9. Security We take technical and organizational measures to protect personal data, including:

• HTTPS/SSL encryption for the website.
• Secure hosting and backups with TransIP.
• Access control: only authorized personnel have access to personal data on a need-to-know basis.
• Regular software updates and security practices.
• Recommendations for users: choose strong passwords and enable two-factor authentication where available.

10. Minors Our services are not intended for children under 16. If you are under 16, do not provide personal data without parental consent. If you believe we have collected data from a minor without required consent, please contact noah@nobeta.nl.
11. Changes to this Privacy Policy We may update this policy to reflect changes in our practices or legal requirements. The date at the top indicates the latest revision. For material changes we will notify users by email or via the website.
12. Contact Privacy enquiries, requests and complaints: noah@nobeta.nl

Short summary: NOBETA collects personal data necessary to provide music production services and online courses, process payments via Mollie, and operate the website hosted at TransIP. Non-essential tracking is disabled by default and only enabled with your consent. You can request access, correction or deletion of your personal data by emailing noah@nobeta.nl.