Data Protection Declaration
Summary of Changes (Revision 2025.11.03)
- Added encryption, verification, and signing to the production workflow.
- Expanded legal basis to include Art. 6(1)(c) GDPR (legal obligation).
- Defined retention for cryptographic/verification logs (up to five years).
- Clarified breach notification procedures and amendment policy.
1. Purpose of This Declaration
This document explains how Binary Pulse Project (“Binary Pulse”, “we”, “our”, or “us”) processes and protects personal and pseudonymous data in connection with our operations within the Second Life® virtual world and related services.
2. Scope
- All participants in Binary Pulse Project activities (performers, DJs, hosts, venue partners)
- All users who receive or use Binary Pulse content (e.g., licensed music files, streams, or in-world media)
- All communication through Second Life, the official project email, and the project’s website
3. Data Controller
Binary Pulse Project is represented for data protection purposes by Leah (lady.beaumont), Creative Director & Data Controller, responsible for GDPR compliance.
4. Data We Process
- Operational Data: Second Life usernames, avatar names, license IDs, watermark identifiers, event participation logs.
- Communication Data: IMs, Notecards, or emails exchanged with project management.
- Technical Metadata: Non-personal watermark identifiers for authenticity verification only.
- Cryptographic key identifiers, signature hashes, and verification log entries associated with encrypted batches (2025.11 update).
5. Legal Basis for Processing
- Art. 6(1)(b) GDPR – Contractual Necessity
- Art. 6(1)(f) GDPR – Legitimate Interest
- Art. 6(1)(a) GDPR – Consent (for voluntarily shared contact data)
- Art. 6(1)(c) GDPR – Legal obligation (verification, signing, and audit retention)
No automated decision-making or profiling is performed.
6. Data Retention
Communication records are retained only as long as needed for event or compliance purposes. License and watermark data remain archived pseudonymously after expiration or revocation.
Verification and signature logs are retained for up to five years to ensure contractual traceability and integrity verification (2025.11 update).
7. Data Access and Recipients
Access to data is limited to Torvis (raven.surtees) and designated internal managers. Data is never sold, rented, or disclosed to third parties. No transfers occur outside the EU, except platform-based Second Life data flow.
Encrypted batch logs are digitally signed and stored locally on internal systems operated by Binary Pulse Music; no external cloud transfer occurs.
8. Your Rights
Under GDPR, you may request access, correction, deletion, or restriction of your data via admin@binarypulse-project.org. Requesting deletion or objection for active licenses terminates the license automatically.
9. Security Measures
- AES-256-GCM file encryption for production assets.
- Automated post-verification after each encryption to validate integrity.
- Digital signing of verification logs with the Binary Pulse Music key.
We use encrypted local storage, password-protected systems, and restricted communication channels (Second Life IM/Notecards and official email only).
All encryption keys used for production are managed through the Binary Pulse Key Manager and stored locally in encrypted form; no cloud storage is used.
10. Data Breach Notification
In case of a data breach, affected users and relevant EU supervisory authorities will be notified in compliance with Articles 33 and 34 GDPR. Binary Pulse Music will notify affected performers and the competent supervisory authority within 72 hours of discovery, in accordance with Art. 33 GDPR.
11. External Links and Platforms
The website is informational only and uses no cookies or analytics. External links (e.g., Second Life) follow their own privacy policies.
12. Amendments
This declaration may be updated to reflect new technical or legal requirements. The latest version always replaces prior ones upon publication.
13. Contact and Complaints
Contact: admin@binarypulse-project.org
You may also contact your local EU Data Protection Authority or the Landesbeauftragte für Datenschutz und Informationsfreiheit (Germany).
14. Closing Note
Binary Pulse Project values privacy, respect, and creative freedom. All data is handled with confidentiality and transparency to support our collective mission of bringing quality music to the virtual world.