Privacy Policy

Controller / Business

Controller (EU/EEA): David Domingo (Cosmic Sound, small business registered in Germany).
We are not registered in the United States. U.S. notices below are provided for transparency for U.S. visitors only and apply only insofar as required by their jurisdiction.
Contact: info@cosmicsound.rocks
Postal address: Finther Landstrasse 69B, 55124 Mainz, Germany.

What data we collect

• Technical and usage data: IP address, device/browser info, pages visited, timestamps, referrers (server logs for security and to operate the site).
• Cookies: Strictly necessary cookies for basic functionality; optional preferences, analytics, and marketing cookies only with your consent.
• Communication data: If you contact us, we process the information you provide to respond.

Purposes and legal bases (GDPR)

• Operate and secure the website (server logs, necessary cookies) – Art. 6(1)(f) GDPR (legitimate interests) and, where required, Art. 6(1)(c) GDPR (legal obligations).
• Preferences (remembering settings) – Art. 6(1)(a) GDPR (consent).
• Analytics (improve our website) – Art. 6(1)(a) GDPR (consent).
• Marketing – Art. 6(1)(a) GDPR (consent).
• Communications – Art. 6(1)(b) GDPR (contract) and/or Art. 6(1)(f) GDPR (legitimate interests).

Cookies and similar technologies

We use strictly necessary cookies to provide the site. Optional categories (Preferences, Analytics, Marketing) are disabled by default and will only run after you give consent in the Cookie Settings. You can withdraw consent at any time.

• Strictly necessary: required for basic functionality; cannot be disabled.
• Preferences: store your choices (e.g., language or theme).
• Analytics: help us understand and improve usage of the site.
• Marketing: personalized advertising; disabled by default.

Retention periods vary by cookie purpose and are outlined in the settings interface where available.

Data sources and recipients

We receive data directly from you (e.g., when contacting us) and indirectly via your device when you access the site. We may share data with service providers acting on our behalf (hosting, content delivery, security) under data processing agreements. Currently the site loads some resources from content delivery networks (CDNs), which may receive your IP address to deliver content:

• IONOS SE (Germany) – website hosting, domain and DNS services; processes server and error logs for operation and security

Note: All fonts are hosted locally on our server. We do not use external font services (such as Google Fonts) to ensure full GDPR compliance and data privacy.

Server and error logs (hosting): When you visit the site, our hosting provider IONOS processes technical log data (e.g., IP address, date/time, URL, referrer, user agent, status code) to operate and secure the service (Art. 6(1)(f) GDPR). Retention and deletion follow the provider’s standard periods and statutory obligations. A data processing agreement is in place with IONOS.

Where these providers are outside the EEA/UK, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) where applicable. You can request copies of relevant safeguards using the contact above.

International transfers

Our website is hosted by IONOS in the EU/EEA (typically Germany). For hosting, no international data transfers are intended. When using providers outside the EEA/UK (e.g., certain CDNs), we implement appropriate safeguards (Art. 46 GDPR). Nevertheless, residual risks may exist; we review providers and minimize data processed.

Retention

We keep personal data only as long as necessary for the purposes outlined, or as required by law. Server logs are typically kept for a short period for security and troubleshooting, unless an incident requires longer retention.

Your rights (GDPR)

• Access, rectification, erasure, restriction, portability, and objection (Art. 15–21 GDPR).
• Withdraw consent at any time (without affecting prior processing).
• Lodge a complaint with a supervisory authority in the EEA/UK.

U.S. privacy disclosures

We are not a U.S.-registered entity and, to our knowledge, do not meet the thresholds that define a “business” under the California CPRA or similar state laws (e.g., revenue, number of consumers, or data-sharing volume). These disclosures are provided for transparency for U.S. visitors. Where feasible, we will honor comparable requests (access, deletion, correction, opt-out) voluntarily.

Depending on your U.S. state, you may have rights to know/access, correct, delete, opt-out of “sale”/“sharing”/targeted advertising, and non-discrimination (e.g., California CPRA, Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA).

• We do not sell personal information for monetary consideration. We also do not knowingly “share” personal information for cross-context behavioral advertising. If we introduce such processing in the future, we will update this notice and provide a “Do Not Sell or Share My Personal Information” mechanism.
• You may exercise your rights by emailing info@cosmicsound.rocks. For cookie-based opt-outs, use the Cookie Settings.
• Authorized agent requests (California): please provide signed permission and sufficient information to verify your identity.

Security

We implement technical and organizational measures to protect personal data appropriate to the risk. No method of transmission or storage is 100% secure.

Children

Our site is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided data, contact us to delete it.

Changes to this Policy

We may update this Privacy Policy from time to time. We will post the updated version here and adjust the "Last updated" date above.

Last updated: 2025-11-06