Protecting our users' personal data is an important concern for BMG Rights Management (UK) Limited ("we", "us" or "our").
We explain below how and why we and our third-party service providers process personal data in connection with your use of the Site.
A. COLLECTION AND PROCESSING OF PERSONAL DATA
B. USE OF PERSONAL INFORMATION
D. DISCLOSURE OF YOUR INFORMATION TO THIRD PARITIES AND OUR AFFILIATESWe may share your personal information as far as it is required for the above mentioned purposes from time to time with:
(c) As far as transfer to above mentioned recipients is required for any of the purposes mentioned in Section B, the transfer of data is based on our legitimate interests as specified in Section B or on your consent. This includes our interest to host the Website for informational and marketing purposes and to improve our services and products.
(d) We disclose your personal data to any person where necessary: (i) under any applicable laws or regulations of any jurisdiction of the EU or any member state for any purposes required by such person under those laws or regulations, Art. 6 sec. 1 lit. c GDPR; (ii) to enforce or apply our Site's terms and conditions or other contracts, Art. 6 sec. 1 lit. f GDPR; and/or (iii) to protect our, our users' or any other third parties' rights, property or safety, Art. 6 sec. 1 lit d and f GDPR.
(e) We anonymize your personal data, as it is in our legitimate interest to use aggregated, non-personal information to analyse our target audience and web traffic. We may publish, or share with affiliates and/or business partners, aggregated non-personal data, which will not identify you individually.
TRANSFER OF DATA TO OUTSIDE EEA
The information we collect from you may be transferred to, processed and stored at a destination outside the European Economic Area ("EEC"), e.g. when we transfer data to third parties or members of BMG's group of companies. The Recipients outside the EEA are either Privacy Shield certified or bound by Standard Contractual Clauses of the EU Commission for the protection of personal data, or they are located in countries in regard to which the EU Commission issued an adequacy decision according to Art. 45. GDPR.
E. INFORMATION SECURITY
Unfortunately, the transmission of information via online or mobile networks is not completely secure. You acknowledge and accept that others may intercept personal information you provide to us, and that any such transmission is at your own risk. Once we have received your information, we use set procedures and security features to try to prevent unauthorised access.
F. DATA RETENTION
We strive to keep our processing activities with respect to your personal data as limited as possible. Personal data provided by you upon using our services (Service Data as described in Section A.1.) will be retained only for as long as we need it to fulfil the purpose for which we have collected it or as long as required by statutory retention requirements. Technical Data (as described in Section A.2.) will be retained only as long as it is necessary to provide access to our site. The IP-Address will be retained for 7 days to enable us to engage in effective defense against attacks on our site, i.e. DDOS attacks. However, we may retain Technical Data as long as certain marketing purposes require. In no event will we retain your Technical Data longer than 35 days, provided storage of data is not required by statutory retention requirements, as may be the case regarding data that is relevant for obligations under tax and commercial law.
G. YOUR RIGHTS
Right of access (Art. 15 GDPR);
You have the right to information regarding the data we process concerning you. Upon request we will provide you a copy of the data together with additional information to the extent defined in Art. 15 GDPR.
Right to rectification (Art. 16 GDPR);
You have the right to rectification of your data, wherever such data is incorrect or incomplete.
Right to erasure (Art. 17 GDPR);
You have a right to erasure regarding data that is no longer required for the original purposes or that is processed unlawfully, as described in Art. 17 GDPR. Wherever certain data is subject to retention periods, instead of deleting the data we will restrict processing to the duration and intended purposes of such period.
Right to restriction of processing (Art. 18 GDPR);
Upon your request, we will restrict processing of personal according to Art. 18, wherever there are uncertainties regarding our right to process such data or while a decision regarding your objection to such processing is pending. In such cases we will only retain data, restrict any processing to the minimal extent necessary and withdraw access to your data from our employees.
Right to data portability (Art. 20 GDPR);
Upon your request we will transfer any personal data you have provided to us during the use of our services on the basis of consent or any contractual or pre-contractual relationship to you or any third party, provided secure communication with third party is technically feasible. We will provide the data in [a structured and machine-readable format]
Right to object to processing based on Art. 6 Abs. 1 lit. f GDPR (Art. 21 GDPR);
Upon your objection we will cease any processing of your personal data based on Art. 6 lit. f. Wherever we have compelling legitimate grounds to process your data, we are allowed to further process such data, provided our interest in doing so prevails in a weighting against your interest against the processing activity. Therefore, to allow us to evaluate your request, please let us know the reason for your objection.
Wherever you gave consent to a data processing, in accordance with Article 7 (2) GDPR, you have the right to withdraw your consent to us at any time. As a result, we will not continue processing data based on this consent in the future. The withdrawal of consent does not affect the legality of the processing carried out based on the consent until the withdrawal.
Furthermore you have the right to lodge a complaint with a data privacy supervisory authorities.
The contact details for both are:
BMG Rights Management GmbH
Data Protection Department