Privacy Policy for Soul

Our website address is: https://soul-ams.com.

We also have a mobile android app: Soul.

Soul website and SoulApp (“we,” “us,” or “our”) is committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our mobile application, SoulApp (“the App”), which allows you to view dance class schedules and book classes. We collect only the minimum personal data necessary to provide our services: your email, first name, and last name.
By using the Website and App, you agree to the collection and use of your personal data as described in this Privacy Policy. If you do not agree, please do not use the Website and App.

Data controller

The data controller responsible for your personal data is:
Soul
Haparandaweg 67E-1, 1013BD Amsterdam, Netherlands
Email: support@soulapp.com
For any questions about this Privacy Policy or your personal data, please contact us at the above email address.

Personal data we collect

We collect the following personal data when you use the App:
Email: To identify you, communicate booking confirmations, and manage your account.

First Name and Last Name: To personalize your experience and confirm bookings.

We do not collect any other personal data, such as location, device information, or behavioral data, nor do we use cookies, analytics, or tracking technologies.

We collect your personal data directly from you when you:
Register or create an account in the App.

Book a dance class through the App.

Contact us via email for support.

We process your personal data for the following purposes and legal bases under GDPR:
Purpose

Personal Data Used

Legal Basis (GDPR Article 6)

To provide and manage your account

Email, First Name, Last Name

Contract (Article 6(1)(b)) – Necessary to fulfill our agreement with you to use the App.

To process and confirm dance class bookings

Email, First Name, Last Name

Contract (Article 6(1)(b)) – Necessary to deliver the booking service.

To communicate with you (e.g., booking confirmations, support)

Email, First Name, Last Name

Legitimate Interests (Article 6(1)(f)) – Necessary to provide customer support and ensure service quality.

To comply with legal obligations (e.g., tax or accounting)

Email, First Name, Last Name

Legal Obligation (Article 6(1)(c)) – Necessary to meet EU legal requirements.

We do not use your data for marketing, profiling, or automated decision-making.

Cookies

If you visit our site you may opt-in to saving your name, email address in cookies. These are for your convenience so that you do not have to fill in your details again when you fill in our contact form. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

Embedded content from other websites

Suggested text: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

We do not share your personal data with third parties except in the following limited cases:
Service Providers: We use a server-side proxy to fetch Google Calendar events for display in the App. This server, hosted by [e.g., Heroku, AWS, or your hosting provider], processes your email, first name, and last name to link bookings to calendar events. The server does not store your data beyond the duration of the request.

Legal Requirements: We may disclose your data if required by law, such as to comply with a court order or tax authority request.

We ensure that any third-party service providers comply with GDPR through data processing agreements (Article 28). Your data is not shared with Google directly, as API calls are made via our server.

Data storage and security

Storage Location: Your personal data is stored on secure servers located in the European Economic Area (EEA). If any data is transferred outside the EEA (e.g., to a server hosted in the US), we ensure compliance with GDPR through Standard Contractual Clauses or other safeguards (Article 46).

Retention Period: We retain your email, first name, and last name for as long as your account is active or as needed to provide services (e.g., bookings). If you delete your account, we will delete your data within 30 days, except where required to retain it for legal obligations (e.g., tax records for 7 years under Dutch law).

Security Measures: We protect your data with industry-standard measures, including encryption in transit (HTTPS), secure server configurations, and access controls. However, no system is completely secure, and we cannot guarantee absolute security.

What rights you have over your data

As an EU resident, you have the following rights under GDPR (Articles 15–22):
Access: Request a copy of your personal data.

Rectification: Correct inaccurate or incomplete data.

Erasure: Request deletion of your data (subject to legal obligations).

Restriction: Limit how we process your data in certain cases.

Portability: Receive your data in a structured, machine-readable format.

Objection: Object to processing based on legitimate interests.

Withdraw Consent: Not applicable, as we do not rely on consent.

To exercise these rights, contact us at support@soulapp.com (mailto:support@soulapp.com). We will respond within one month, free of charge, unless the request is complex or repetitive. You may need to verify your identity.
If you are unsatisfied with our response, you can lodge a complaint with a supervisory authority, such as the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local authority.

Data Transfers Outside the EEA

If we transfer your data outside the EEA (e.g., to a server hosted by Heroku in the US), we use GDPR-compliant safeguards, such as Standard Contractual Clauses, to ensure your data is protected. No data is transferred directly to Google, as API calls are proxied through our server.

The App is not intended for users under 16. We do not knowingly collect personal data from children. If we learn that a user under 16 has provided data, we will delete it immediately.

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of significant changes via email or an in-app notice. The updated policy will be posted in the App with a revised effective date.

For questions, concerns, or to exercise your GDPR rights, contact:
Soul
Haparandaweg 67E-1,
Houthavens, Amsterdam
Email: support@soulapp.com