Posted: 27th October, 2022
Effective: 1st of November 2022. Updated to reflect our new contracting entity, S-Wave International Corp, which will now be responsible for collecting your personal data. We have also included more detail on how we collect and use personal data, and now have included additional information about the choices you can make and the rights you have to protect your privacy.
Welcome to the Privacy Policy of S Wave International Corp and subsidiaries d/b/a DISCO. DISCO provides a digital platform for professionals to upload, manage and share music and other files. This Privacy Policy applies to the following services operated by DISCO (collectively, the “Service” or “Services”):
This Privacy Policy explains what personal data we collect, how we use and share that data, and individuals’ choices concerning our data practices.
Before using the Service or submitting any personal data to DISCO, please review this Privacy Policy carefully and contact us if you have any questions.
This Privacy Policy describes our data handling practices with respect to the three types of users who may engage with our Services:
- “Business Users” – Employees and representatives of our business customers, as well as artists using the Service in their professional capacity.
- “Account holders” – Any user, including artists, may create an account on our Services. Some users may be prompted to create an account after they receive access to view and edit another user’s DISCO catalog.
- “Recipients” – Users with accounts on our Services may share music or other content with third parties who may not have an account on our Services. These “Recipients” will have limited access and control regarding the content on our Services that has been shared with them, and they will not be required to create an account on our Services to listen to content that has been shared with them.
These three types of users may have different privacy choices, as we explain in the “Your Choices“ section of this Policy. This is because our business relationships with these users are also different. However, we use, share and process personal data of all users to provide and improve our Services, to facilitate our business operations and as required by applicable law.
1. Personal data we collect
Personal Data You May Provide to Us Through the Services Includes:
- Identification Data: We collect your name, email address, phone number, country, mailing/billing addresses, company/artist name and job title, if you provide it to us.
- Financial Data: Our payment processor(s) will collect the financial information necessary to process your payments, such as your payment card number and authentication details. Please note, however, that we store only a tokenized version of such information and do not maintain payment card information on our servers.
- Communication Data: We may collect information when you contact us with questions or concerns and when you voluntarily respond to questionnaires, surveys or requests for market research seeking your opinion and feedback. Providing communication data is optional to you.
- Engagement Data: Information and statistics regarding the artists, titles, songs, and files that a user engages with.
Personal Data We Receive From Third Parties:
- Social Media Data: We have pages on social media sites like Instagram and Twitter (“Social Media Pages”). When you interact with our Social Media Pages, we will collect personal data that you elect to provide to us, such as your contact details. In addition, the companies that host our Social Media Pages may provide us with aggregate information and analytics regarding the use of our Social Media Pages.
Personal Data Collected by Automated Means:
When you visit, use, and interact with the Service, we may receive certain information about your visit, use, or interactions. For example, we may monitor the number of people that visit the Service, peak hours of visits, which page(s) are visited, the domains our visitors come from (e.g., google.com, yahoo.com, etc.), and which browsers people use to access the Service (e.g., Chrome, Firefox, Microsoft Internet Explorer, etc.), broad geographical information, and navigation pattern. In particular, the following information is created and automatically logged in our systems:
- Log Data: Information that your browser automatically sends whenever you visit the Site or access a file through the Site or a DISCO app. Log Data includes your Internet Protocol address, browser type and settings, the date and time of your request, and how you interacted with the Site.
- Cookies Data: Please see our Cookie Policy, which forms part of this Privacy Policy, to learn more about how we use cookies and similar technologies.
- Device Data: Includes name of the device, operating system, and browser you are using. Information collected may depend on the type of device you use and its settings.
- Usage Data: We collect information about how you use our Service, such as the types of content that you view or engage with, the features you use, the actions you take, and the time, frequency, and duration of your activities.
- Location Data: We derive a rough estimate of your location from your IP address when you use the Site.
- Email Open/Click Data: We use pixels in our email campaigns that allow us to collect your IP address as well as the date and time you open an email or click on any links in the email.
- Identifiable Access Statistics (i.e., statistics showing the date and time a particular Recipient accessed a song, file or playlist) will only be available to customers who used the Recipient’s name and/or email address to share music with that Recipient.
Online Tracking and Do Not Track Signals: We and our third party service providers, including Facebook, may use cookies, pixels, or other tracking technologies to collect information about your browsing activities over time and across different websites following your use of the Site and use that information to send targeted advertisements. We currently do not respond to “Do Not Track” (“DNT”) signals. If we do respond to DNT signals in the future, we will update this Privacy Policy to describe how we do so.
2. How we use personal data
We use personal data to provide the Service and help you manage and share music and other files. This processing is necessary to perform our contract with you.
We may use personal data as necessary for the following legitimate business interests:
- To communicate with you and respond to your inquiries, comments, feedback, or questions;
- To send administrative information to you, for example, information regarding the Service and changes to our terms, conditions, and policies;
- To analyze how you interact with our Service and provide, maintain and improve the content and functionality of the Service and our customer relationships and experiences – for example, we analyze the way you interact with the Service (such as the links you click on and the pages you visit) in order to improve the design and layout of the Service;
- To enable us to enhance and personalize the experience we offer to our users. For example, we may combine the information that we collect and hold about you for the purposes of creating insights about you and customer segmentation;
- To develop our products and services and inform our marketing strategy, through the use of cookies and similar technologies as described in our Cookie Policy;
- To maintain and improve the Service;
- To prevent fraud, criminal activity, or misuses of our Service, and to ensure the security of our IT systems, architecture, and networks; and
- To comply with legal obligations and legal process and to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other third parties.
In some cases, we process your personal data based on your consent, for example when your consent is needed under the applicable law before setting certain cookies on your computer or other device (pursuant to our Cookie Policy), when you grant us access to your location or as otherwise provided in this Privacy Policy.
Aggregated Information. We may aggregate personal data and use the aggregated information to analyze the effectiveness of our Service, to improve and add features to our Service, and for other similar purposes. In addition, from time to time, we may analyze the general behavior and characteristics of users of our Service and share aggregated information like general user statistics with prospective business partners. We may collect aggregated information through the Service, through cookies, and through other means described in this Privacy Policy.
Marketing. We may use your personal data to contact you to tell you about products or services we believe may be of interest to you. For instance, if you elect to provide your email, we may use that information to send you special offers. You may opt out of receiving emails by following the instructions contained in each promotional email we send you. In addition, if at any time you do not wish to receive future marketing communications, you may contact us. If you unsubscribe from our marketing lists, you will no longer receive marketing communications but we will continue to contact you regarding management of your account, other administrative matters, and to respond to your requests.
3. Sharing and disclosure of personal data
In certain circumstances we may share the categories of personal data described above without further notice to you, unless required by the law, with the following categories of third parties:
- Vendors and Service Providers: To assist us in meeting business operations needs and to perform certain services and functions, we may share personal data with vendors and service providers, including providers of hosting services, cloud services, and other information technology services providers, email communication software and email newsletter services, advertising and marketing services, payment processors, payroll processors, customer relationship management and customer support services, and analytics services. Pursuant to our instructions, these parties will access, process, or store personal data in the course of performing their duties to us.
- Business Transfers: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider (collectively a “Transaction”), your personal data and other information may be shared in the diligence process with counterparties and others assisting with the Transaction and transferred to a successor or affiliate as part of that Transaction along with other assets.
- Legal Requirements: If required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, including to meet national security or law enforcement requirements, (ii) protect and defend our rights or property, (iii) prevent fraud, (iv) act in urgent circumstances to protect the personal safety of users of the Service, or the public, or (v) protect against legal liability.
4. Data retention
We retain personal data for as long as appropriate to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of personal data, the purposes for which we process personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
5. Your choices
Access or Update Your Information. Users may themselves update their personal data in their accounts by logging in and editing their information.
Opt Out of Marketing Communications. You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email. You may continue to receive service-related and other non-marketing emails.
Online Tracking Opt-out. There are a number of ways to limit online tracking, which we have summarized below:
- Blocking Cookies In Your Browser. Most browsers let you remove or reject cookies, including cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org.
- Blocking Advertising ID Use in Your Mobile Settings. Your mobile device settings may provide functionality to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.
- Using Privacy Plug-ins or Browsers. You can block our Services from setting cookies by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, DuckDuckGo, Ghostery or uBlock Origin, and configuring them to block third party cookies/trackers.
- Google Analytics. We use Google Analytics to collect and summarize information about how individuals engage with the Services. For more information on Google Analytics, click here. For more information about Google’s privacy practices, click here. You can opt out of Google Analytics by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout.
- Platform Opt Outs. The following advertising partners offer opt out features that let you opt out of use of your information for interest-based advertising:
- TikTok
- Advertising Industry Opt Out Tools. You can also use these opt out options to limit use of your information for interest-based advertising by participating companies:
- Digital Advertising Alliance for Websites: https://optout.aboutads.info/?c=2&lang=EN
- Digital Advertising Alliance for Mobile Apps: https://youradchoices.com/appchoices
- Network Advertising Initiative: https://optout.networkadvertising.org/?c=1
Note that because these opt-out mechanisms are specific to the device or browser on which they are exercised, you will need to opt out on every browser and device that you use.
Privacy Rights. Users have the right to submit requests about their personal data, depending on their location and the nature of their interactions with the Service.
- Access. Request that we provide the individual with information about our processing of the individual’s personal data and give the individual access to their personal data;
- Deletion. Request that we delete the personal data that we maintain about the individual;
- Correction. Request that we update or correct inaccuracies in the individual’s personal data;
- Transfer. Request that we transfer a machine-readable copy of the individual’s personal data to the individual or a third party the individual designates;
- Restriction. Request that we restrict the processing (including sharing) of the individual’s personal data;
- Objection. Object to our reliance on our legitimate interests as the basis of our processing of the individual’s personal data that impacts their rights; and
- Opt Out of the Sale or Sharing of Your Personal Data and Opt Out of the Processing of Your Personal Data for Targeted Advertising. We do not sell personal data in the traditional sense. Like many businesses, we use services that display interest-based ads to users around the web. To exercise these rights, follow the instructions in the “Online tracking opt-out” section above, which explain how to modify the use of advertising cookies on your device. You may also click the link at the bottom of our website that reads: “Do Not Sell or Share My Personal Data.”
If we receive a request from a Business User, we will coordinate our response with the business customer with which the Business User is associated.
To make privacy-related requests, please email us at privacy@disco.ac. We reserve the right to confirm the identity of the individual making a request before we respond to the request and to assess whether these rights apply to you. Additionally, applicable law can limit these rights, for example, by prohibiting businesses from providing certain sensitive information in response to an access request and limiting the circumstances in which they must comply with a deletion request. If we decline a request, we will explain why we took that action, subject to legal restrictions. You are entitled to exercise the rights described above free from discrimination.
Please note that the law of your state may limit these rights by, for example, prohibiting us from providing certain sensitive information in response to an access request and limiting the circumstances in which we must comply with a deletion request. If we deny your request, we will communicate our decision to you.
California residents can empower an “authorized agent” to submit requests on their behalf. We will require the authorized agent to have a written authorization confirming that authority.
Recipient Choices: If you are an artist or Recipient and would no longer like your information to be used by our customers or you would like to access, correct, or request deletion of your personal data, please contact the customer that you interact with directly. Please note, however, that if a Recipient creates an account on the Service, that user automatically becomes an Accountholder as described above, and we will process personal data relating such Accountholders pursuant to this Privacy Policy.
6. Children
Our Service is not directed to children who are under the age of 16. DISCO does not knowingly collect personal data from children under the age of 16. If you have reason to believe that a child under the age of 16 has provided personal data to DISCO through the Service please contact us and we will endeavor to delete that information from our databases.
7. Cross-border processing of personal data
If you provide us with your personal data when using the Services, then please note that we are headquartered in Australia, with offices in the United States and the United Kingdom. To provide and operate our Services, it is necessary for us to process personal information in the United States and other countries
If we transfer personal data across borders such that we are required to apply appropriate safeguards to personal data under applicable data protection laws, we will do so. Please contact us for further information about any such transfers or the specific safeguards applied.
8. Links to other websites
The Service may contain links to other websites not operated or controlled by DISCO, including social media services (“Third Party Sites”). The information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of the Third Party Sites and not by this Privacy Policy. By providing these links we do not imply that we endorse or have reviewed these sites. Please contact the Third Party Sites directly for information on their privacy practices and policies.
9. Security
You use the Service at your own risk. We implement commercially reasonable technical, administrative, and organizational measures to protect personal data both online and offline from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or e-mail transmission is ever fully secure or error free. In particular, e-mail sent to or from us may not be secure. Therefore, you should take special care in deciding what information you send to us via the Service or e-mail. Please keep this in mind when disclosing any personal data to DISCO via the Internet. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Service, or third party websites.
10. Changes to the privacy policy
The Service and our business may change from time to time. As a result we may change this Privacy Policy at any time. When we do we will post an updated version on this page, unless another type of notice is required by the applicable law. By continuing to use our Service or providing us with personal data after we have posted an updated Privacy Policy, or notified you by other means if applicable, you consent to the revised Privacy Policy and practices described in it.
11. Contact us
If you have any questions about our Privacy Policy or information practices, please feel free to contact us at our designated request address: privacy@disco.ac.
If you are an individual in the EU, you can also contact EDPO, who has been appointed as Company’s representative in the EU pursuant to Article 27 of the GDPR on matters related to the processing of personal data activities that take place in the EU. To make such an inquiry, please contact EDPO by using EDPO’s online request form or by writing to EDPO UK at 8 Northumberland Avenue, London WC2N 5BY, United Kingdom.