For the purposes of this section, ADME (CY) Ltd (“ADME) is the “Data Controller” pursuant to the EU General Data Protection Regulation 2016/679 (“GDPR”), and the Republic of Cyprus’ related laws on processing of personal data. The main establishment and the central administration of ADME is 62 Agiou Athanasiou, BG Waywin Plaza, 1st Floor, Office 101, 4102, Limassol, Cyprus. If you leave in a country outside the European Economic Area (EEA), collection and processing of your data shall be governed in accordance with the privacy laws of the state of California and where applicable Brazilian related General Data Protection Law.

Should you require any further clarifications or information as to how ADME processes your personal data, you may do so by sending an email at privacy@thesoul-publishing.com.

You can manage and revoke our access to your data at any time by visiting the Google Security Page at https://security.google.com/settings/security/permissions

We will collect, store, use and overall process the following categories of data:

• Information, statistical and analytic data from YouTube channels; and
• YouTube channel ID data and information, which will include but not limited to number of views, likes, comments, revenue data, languages, and localization data.
• YouTube channel general data, including but not limited to browser name and type, operating system, IP address and device details.

Any collected personal data of yours, including any special categories of personal data (where applicable) shall be processed solely by us for the purposes and for operating the YT Analytics application and carry out the statistical analysis, to comply with our legal and statutory obligations, as well as for the purposes of the legitimate interests pursued by ADME.

We understand the importance of transparency in the use of your personal data. Therefore, we ensure that you can always see how your data is used, manage your information, and request the deletion of your data on our dedicated management page at https://analytics.thesoul-publishing.com/docs/manage-data

We will only use the data for the purposes mentioned above. Your data may be processed through our secure computer network systems and accessed only by authorised persons of ADME. Data processing may be carried out on behalf of us by third party data processors which may be located in the European Economic Area (EEA) or in other third countries, pursuant to written and express authorisation for specific purposes contained in the relevant authorisation. We have taken all necessary steps, including the implementation of appropriate legal, technical and organisational measures, to ensure that the data processing meets all applicable statutory requirements, thus safeguarding your rights.

We may operate within the European Union (EU), the European Economic Area (EEA) and other third countries, and therefore your personal data or part of them may have to be transferred overseas.

We have taken all reasonable steps to ensure that your personal data are provided with adequate protection based on international protection frameworks and that all transfers of data are conducted pursuant to our written agreements and the supervisory authorities’ guidelines (if required) and/or other legal and/or regulatory requirements.

In line with our data retention policy, we ensure the deletion of a user's data within 30 days after confirming a deletion request.

You will not be subject to decisions that will produce legal effects or have a significant impact on you, based solely on automated decision making.

You have the right to request access, rectification, to restrict the processing of your personal data, to object, to request erasure as well as the right to data portability. Where the data processing is taking place solely pursuant to your express consent, you have the right to withdraw such consent at any given moment. Such consent withdrawal will not affect the lawfulness of any data processing based on that ground prior to your withdrawal.

Any personal data related requests shall be processed within reasonable time and in any case within 1 (one) month from your written request. This period of time may be extended under certain circumstances by further 2 (two) months.

You will not have to bear any cost to exercise any of your rights. We may though charge a reasonable fee should your requests be clearly unfounded or excessive, due to their repetitive character, or refuse to comply with such requests.

If and as applicable, we may request specific information to assist us confirm your identity and ensure your capacity to enforce your rights. This is part of our security measures to certify that personal information is not disclosed to any person who has no right to receive it.

We will retain your refresh token data for a period of 7 (seven) days from the date of collection and any other statistical non-identifiable or personal related data for as long as required to reach statistical results, plus a period of time corresponding to the applicable statute of limitations for any kind of claims, or legal or regulatory obligations.

For both hard and electronic copy processing (where and as applicable) we have data management systems which are periodically updated in accordance with technological development and a framework of multilevel security policies to hold data confidential and secure. Security measures have also been taken to prevent your data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

Moreover, we have procedures to deal with suspected data security breaches or threats and should a breach ever materialise, you will be notified accordingly, along with the supervisory authority, if we are required to do so.

We keep our policy under regular review and we reserve the right to update the same at any time. If we make changes to this policy during our contractual relationship with you which, in our sole discretion, has a material impact on your rights with respect to how we process your personal data, we will notify you via email to the email address you provided us.

Complaints relating to the processing of any data may be communicated electronically at privacy@thesoul-publishing.com.

Complaints may also be lodged before the supervisory authority responsible for the protection of personal data, in the country of your habitual residence, place of work, or place of the alleged infringement of your personal data. More information about how to contact the supervisory authorities across the EEA, can be found in the European Data Protection Board’s website here