Privacy Policy

This Privacy Policy explains how Seren Void ("we", "us", "our") collects, uses, and stores personal data when you visit or interact with this website (serenvoid.com). We are committed to handling your data in accordance with the EU General Data Protection Regulation (GDPR) and applicable data protection law.

1. Data Controller

The data controller responsible for this website is Seren Void. For any privacy-related enquiries, please use the contact form on this website.

2. What Data We Collect and Why

We process personal data for the following specific purposes:

a) Contact form

When you submit the contact form we collect your name, email address, and message content. This data is used solely to respond to your enquiry.

Legal basis: Legitimate interests (GDPR Art. 6(1)(f)) — responding to unsolicited enquiries sent to us.

Retention: Messages are retained for up to 12 months and then deleted, unless an ongoing correspondence or legal obligation requires longer retention.

b) Newsletter subscriptions

If you subscribe to our newsletter we collect your email address. You may unsubscribe at any time via the link included in every email.

Legal basis: Consent (GDPR Art. 6(1)(a)). You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

Retention: Your email is stored until you unsubscribe or request deletion.

c) Pre-saves

When you pre-save a release via Spotify, we receive your Spotify account email address through the Spotify OAuth flow. This is used only to complete the pre-save action and notify you when the release goes live.

Legal basis: Consent (GDPR Art. 6(1)(a)) given at the point of authorising the Spotify connection.

Retention: Pre-save records are kept until the release is live and notifications have been sent, after which email addresses are no longer required.

d) Anonymous usage analytics

When you click a streaming link or interact with the site, our server logs the following for each event: the page visited, the element clicked, device type (mobile / tablet / desktop), and approximate location (country and city — derived from your IP address).

Your IP address is used only to derive the approximate country and city via a third-party geolocation service and is not stored in our database. No cookies, local storage, or persistent identifiers are used for analytics. The data collected is not linked to any individual user.

Legal basis: Legitimate interests (GDPR Art. 6(1)(f)) — understanding how the website is used in order to improve it.

Retention: Analytics records are retained for up to 24 months.

3. Cookies and Similar Technologies

This website does not use cookies for analytics or tracking. The only cookies set are strictly necessary session cookies for the password-protected admin area, which is not accessible to the public. No consent is required for these cookies under the ePrivacy Directive.

4. Third-Party Processors

We use the following third-party services that may process personal data on our behalf:

• Render (hosting) — our website and database are hosted on Render's infrastructure. Render processes server logs and request data as part of hosting.
• Brevo (Sendinblue) — used to manage newsletter subscriptions and send emails. Email addresses of newsletter subscribers are stored on Brevo's servers. Brevo is GDPR-compliant and acts as a data processor under a Data Processing Agreement.
• ipinfo.io — used to convert visitor IP addresses into approximate country and city. IP addresses are sent to ipinfo.io under a Data Processing Agreement. IP addresses are not stored by us after geolocation. See ipinfo.io/privacy-policy.
• Spotify — used for the pre-save feature. By authorising the Spotify connection you agree to Spotify's own privacy policy. We receive only your email address from Spotify for the purpose of completing the pre-save.

We do not sell, rent, or share your personal data with any third party for marketing purposes.

5. International Data Transfers

Some of the third-party processors listed above may process data outside the European Economic Area (EEA). Where this is the case, we rely on appropriate safeguards (such as Standard Contractual Clauses) or the adequacy decisions of the European Commission.

6. Your Rights Under GDPR

If you are located in the EU/EEA you have the following rights:

• Right of access — to obtain a copy of the personal data we hold about you.
• Right to rectification — to have inaccurate data corrected.
• Right to erasure — to request deletion of your personal data ("right to be forgotten").
• Right to restriction — to request that we limit how we use your data.
• Right to object — to object to processing based on legitimate interests.
• Right to data portability — to receive your data in a structured, machine-readable format.
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting prior lawful processing.
• Right to lodge a complaint — you have the right to lodge a complaint with your national data protection supervisory authority. In Ireland this is the Data Protection Commission (dataprotection.ie). In the UK this is the ICO (ico.org.uk).

To exercise any of these rights, please contact us via the contact form on this website. We will respond within 30 days.

7. Third-Party Links

This website contains links to third-party platforms (Spotify, Apple Music, etc.). Clicking these links may take you to sites with their own privacy policies. We are not responsible for the data practices of those platforms.

8. Changes to This Policy

We may update this policy from time to time. The date at the top of this page reflects when it was last revised. Continued use of the website after changes constitutes acceptance of the updated policy.

9. Contact

For any questions about this policy or to exercise your data rights, please use the contact form on this website.