effective May 25, 2018
2. Who We Are
Here are the details that the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regards to the processing of personal data and on the free movement of such data, known as General Data Protection Regulation (GDPR) says we have to give you as a ‘data controller’:
3. What we may collect
We may collect and process the following personal data about you:
Under GDPR we will ensure that your personal data is processed lawfully, fairly, and transparently, without adversely affecting your rights. We will only process your personal data if at least one of the following basis applies:
(a) you have given consent to the processing of your personal data for one or more specific purposes;
(b) processing is necessary for the performance of a contract to which you are a party or in order to take steps at the request of you prior to entering into a contract;
(c) processing is necessary for compliance with a legal obligation to which we are subject;
(d) processing is necessary to protect the vital interests of you or of another natural person;
(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; and/or
(f) processing is necessary for the purposes of the legitimate interests pursued by us or by our third party supplier, such as our website host or technology providers, except where such interests are overridden by the fundamental rights and freedoms o f the data subject which require protection of personal data.
In most cases we or our third parties will be processing your personal data under basis (f) above for the legitimate interest of operating, managing and promoting our business as a provider of PR services to the music and media industry or under basis (b) if we have a contract with you personally or basis (c) when we need to comply with legal requirements and requests. In rare, emergency situations we may use your data under basis (d). In some cases there may be overlap between these different basis. If we rely on consent under basis (a) we will inform you specifically when we obtain this and of your ability to withdraw that consent at any time.
All Cookies used by and on our website are used in accordance with current English and EU Cookie Law.
A few of the cookies we use last only for the duration of your web session and expire when you close your browser. Other cookies are used to remember you when you return to the website and will last for longer.
Most computer and some mobile web browsers automatically accept cookies but, if you prefer, you can change your browser to prevent that or to notify you each time a cookie is set. You can prevent the setting of cookies by adjusting the settings on your browser. Please note however, that by blocking or deleting cookies you may not be able to take full advantage of the site.
Our cookies will be used for:
Essential session management
Performance and measurement
5. How we use what we collect
We use personal data about you to operate and promote our business and in particular to:
If you are a customer, journalist, publisher, editor, blogger or other media contact and you do not want to receive our communications about the artists and labels we represent then contact us at any time to opt out at firstname.lastname@example.org
In addition, if you don’t want us to use your personal data for any of the other reasons set out in this section 5, you can let us know at any time by contacting us at email@example.com, but this may will limit our ability to provide the best possible services to you.
In some cases, the collection of personal data may be a statutory or contractual requirement, and we will be limited in the services we can provide if you don’t provide your personal data in these cases.
6. Disclosing your information
We may disclose your information in the following cases:
Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under the GDPR and the law.
7. Transfers outside the European Union (EU)
If you are in the EU, please note that we may need to transfer your data outside of the EU (where data protection law may not provide an equivalent level of protection to the GDPR) in order to provide our services to media or customers based outside the EU including on our or other websites and in social media and therefore this will be necessary for the purposes of our contract with you or a contract from which you benefit or it will be with your consent.
We only keep your personal data for as long as we need to in order to use it as described above in section 5, and/or for as long as we have your permission to keep it. In any event, we will conduct an annual review to ascertain whether we need to keep your personal data. Your personal data will be deleted if we no longer need it.
9. Your rights
You can ask us not to use your data for marketing. You can do this contacting us at any time at firstname.lastname@example.org.
Under the GDPR, you have the right to:
10. Links to other sites
Please note that our terms and conditions and our policies will not apply to other websites that you get to via a link from our site. We have no control over how your data is collected, stored or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.
When we act as data processors
In cases where we act as a data processor (as defined in the GDPR) on behalf of our label or other client (the Client) under our services agreement with the Client (the Client Agreement) in respect of personal data provided to us by or on behalf of them (the Data), we will comply with the following obligations which shall be deemed incorporated into the Client Agreement:
Subject to the condition that the Client has all necessary and appropriate consents and/or notices in place and is otherwise able to enable lawful transfer of the Data to us for the necessary duration and purposes, we shall in relation to any Data processed by us in connection with the performance of the Client Agreement:
(a) process that Data only on the written and lawful instructions of the Client unless we are required by the laws of any member of the European Union or by the laws of the European Union applicable to us to process Personal Data (Applicable Laws). Where we are relying on laws of a member of the European Union or European Union law as the basis for processing Personal Data, we shall promptly notify the Client of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit us from so notifying the Client;
(b) ensure that we have in place appropriate technical and organisational measures, reviewed and approved by the Client, to protect against unauthorised or unlawful processing of the Data and against accidental loss or destruction of, or damage to, the Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting the Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to the Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it);
(c) ensure that all personnel who have access to and/or process the Data are obliged to keep the Data confidential;
(d) assist the Client, at the Client’s cost, in responding to any request from a data subject (as defined by the GDPR) and in ensuring compliance with its obligations under the Applicable Laws with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
(e) notify the Client without undue delay on becoming aware of a Personal Data Breach (as defined by the GDPR);
(f) at the written direction of the Client, delete or return the Data and copies thereof to the Client on termination of the Client Agreement unless required by Applicable Laws to store the Data; and
(g) maintain complete and accurate records and information to demonstrate its compliance with the above (and allow for audits by the Client or the Client’s designated auditor).
The Client authorises us to appoint third-party processors of the Data under the Client Agreement on terms which are substantially similar to those set out here.
In respect of the Data: (a) the scope, nature, purpose and duration of processing; (b) the types of personal data and (c) the categories of data subject; are as set out in, or agreed under, the Client Agreement.