Privacy Policy — iLyrics.net

1. Who we are

Website owner and operator: iLyrics.net . Contact person for privacy and data protection: ilyrics.net@yandex.com .

2. Scope

This Policy applies to all personal data that we receive from visitors and users of the site, including through web forms, email, cookies, analytical and service tools. The Policy is universal in nature and takes into account the requirements of the main international data protection regimes (GDPR, CCPA/CPRA, LGPD, PIPEDA, Russian and other applicable national legislation).

3. What data do we collect

Depending on your interactions with the site, we may collect the following categories of data:

• Contact data: e-mail, name, organization (if you provide it when contacting us).
• Technical data: IP address, browser type and version, operating system, device identifiers, server log data, referrer.
• Usage data: page views, site search queries, interactions with content (including download requests and form submissions).
• Cookies and tracking: cookie identifiers and similar technologies (more details in the Cookies section).
• Data related to complaints and violations: correspondence, provided documents on rights (agreements, licenses), IP and metadata of messages, when copyright holders contact.
• Other data: Any other personal data that you voluntarily provide (for example, when subscribing to a newsletter or leaving a comment).

4. How we collect data

We receive data:

1. Directly from you, when you contact us, send requests or post comments.
2. Automatically when visiting the site (logs, cookies, analytics services).
3. From third parties and service providers (analytics platforms, hosting, CDN, mail services, etc.), when necessary to provide services.

5. Processing purposes and legal bases

We process data for the following purposes and on the following grounds (universally across jurisdictions):

• Provision and support of the service: processing is necessary to provide services and maintain the website (ground: performance of the contract/necessary to provide the service).
• Communication and support: responding to inquiries, processing complaints from copyright holders and other requests (ground: legitimate interest/fulfilment of the request).
• Analytics and service improvement: analytics on the use of the website to improve functionality (ground: legitimate interest or your consent, depending on the jurisdiction).
• Security and fraud prevention: protecting the website, investigating security incidents (ground: legitimate interest/compliance with legal obligations).
• Legal and regulatory requirements: fulfilment of obligations under the law or at the request of authorized bodies (basis: compliance with legal obligations).
• Marketing (with consent): newsletters and personalized communications — only with explicit consent, where required.

6. Cookies and similar technologies

We use cookies and similar technologies for the correct functioning of the site, analytics, and (subject to consent) for personalization and advertising. Cookie categories:

• Necessary cookies: without them, the site will not work correctly.
• Functional: memorizing settings.
• Statistical/analytical: collecting anonymous information about user behavior.
• Advertising/targeting: used by partners to personalize advertising (only enabled with your consent in jurisdictions where required).

You can manage cookie settings through your browser settings or through the consent management tool if available on the site. Disabling some cookies may result in limited functionality.

7. Transfer of data to third parties

We may transfer data to third parties in the following cases:

• Technical service providers (hosting, CDN, mail services, payment providers, analytics providers).
• Copyright holders and their representatives in the context of considering complaints and requests.
• In compliance with legal procedures and requirements of law enforcement and government agencies.
• In the event of a merger, purchase or other reorganization of a business - provided that the confidentiality of the data is maintained.

We use trusted providers and conclude appropriate confidentiality and data protection agreements with them (including standard contractual clauses, if required for cross-border transfers).

8. Cross-border data transfers

Since the website operations may be performed using services located in different countries, your data may be transferred to and processed outside your country. In such cases, we take measures to ensure an adequate level of protection (adequacy according to the EU/UK decision, standard contractual clauses, encryption and other technical and organizational measures).

9. Data retention periods

We retain personal data only for as long as necessary for the purposes described in this Policy or for the period required by law. Examples of typical retention periods:

• Server logs and technical data: up to 12 months (or otherwise as required by law).
• Analytics data: up to 24-26 months, after which it is anonymized.
• Correspondence and requests (complaints): up to 3-7 years, depending on applicable retention requirements and possible disputes.
• User data with an account (if applicable): while the account is active and then as required by law.

10. Your Rights

Depending on your jurisdiction, you may have the following rights in relation to your personal data:

• Access: the right to request a copy of the data we hold about you.
• Rectification: the right to request that inaccurate or incomplete data be corrected.
• Erasure (correction): the right to request that data be deleted ("right to be forgotten"), to the extent permitted by law.
• Restriction of processing: the right to request that processing be restricted in certain cases.
• Objection: right to object to processing based on legitimate interests or direct marketing.
• Portability: right to receive data in a structured, common and machine-readable format.
• Withdrawal of consent: if the processing is based on consent, you can withdraw it (this does not affect the lawfulness of the processing before the withdrawal).
• Specific rights (CCPA/CPRA): right to know what categories of data are collected, right to request erasure, right to object to the sale/transfer of personal data.

To exercise your rights, please contact us by e-mail: ilyrics.net@yandex.com . If necessary, we may request additional information to verify your identity to prevent unauthorized access.

11. Procedure for verifying requests and confirming identity

We take reasonable steps to verify the identity of the applicant. To do this, we may request a copy of the identity document and other information necessary to establish the legitimacy of the request. We will store such verification information only for the time necessary for the verification and then delete it.

12. Children

The Site is not intended for children under 13 (or such other age as may be established in your jurisdiction). We do not knowingly collect personal information from children. If you believe that personal information from a child has been provided to the Site, please contact us to have it removed.

13. Data Security

We use technical and organizational measures to protect personal data from unauthorized access, destruction, modification or dissemination. These measures include: encryption during transmission (TLS/HTTPS), need-to-know access restrictions, regular updates and backups, security audits. Despite these efforts, an absolute guarantee of security cannot be provided.

14. Notification of Security Breaches

In the event of a personal data breach, we act in accordance with applicable law: we will notify the relevant supervisory authorities and affected persons within the timeframes required by law (e.g. in the EU - without undue delay and, if there is a risk, within 72 hours of discovery).

15. Third-Party Sites and Embedded Content

Our site may contain links to external resources, plugins, and embedded content (videos, cards, etc.). We do not control the privacy practices of such third-party sites. We recommend that you review their privacy policies before transferring data.

16. Sale of Personal Data

We do not sell personal data to third parties. If our business model changes in the future to include the sale of personal data, we will ensure that we comply with all applicable requirements (including notification and the ability to opt-out for residents of relevant jurisdictions).

17. Contacts and Exercise of Rights

For all questions related to the processing of personal data, requests for access, correction, deletion, portability or other privacy issues, write to:

Email: ilyrics.net@yandex.com

In the letter, indicate the subject of the request (for example, "Request: Access under GDPR" or "CCPA: Do not sell my personal information") and, if possible, the information necessary to process the request (e-mail, description of the requested data, links).

18. Complaints to Supervisory Authorities

If you believe that your rights have been violated and we have not been able to resolve the issue directly, you have the right to lodge a complaint with the relevant data protection supervisory authority in your country (e.g. the EU/member state data protection authority, Roskomnadzor for Russia, the FTC/state regulator for the US, etc.).

19. Changes to the Privacy Policy

We may update this Policy from time to time. Whenever significant changes are made, we will publish a new version with an effective date and, where appropriate, notify users. The current version is effective from "01.01.2025" (specify date).

20. Legal Disclaimers

This Policy does not constitute legal advice. For specific legal advice, please consult a qualified professional in your jurisdiction. We strive to comply with legal requirements in different countries, but the specific implementation of rights and procedures may vary depending on local laws.