Posted: 26 October 2022
Effective: 1st of November 2022. Updated to reflect our new contracting entity, SWIC, which will now be responsible for collecting your personal data. We have also included more detail on how we collect and use personal data, and now have included additional information about the choices you can make and the rights you have to protect your privacy.
- “Business Users” – Employees and representatives of our business customers, as well as artists using the Service in their professional capacity.
- “Account holders” – Any user, including artists, may create an account on our Services. Some users may be prompted to create an account after they receive access to view and edit another user’s DISCO library.
- “Recipients” – Users with accounts on our Services may share music or other content with third parties who may not have an account on our Services. These “Recipients” will have limited access and control regarding the content on our Services that has been shared with them, and they will not be required to create an account on our Services to listen to content that has been shared with them.
These three types of users may have different privacy choices, as we explain in the “Your Choices“ section of this Policy. This is because our business relationships with these users are also different. However, we use, share and process personal data of all users to provide and improve our Services, to facilitate our business operations and as required by applicable law.
1. PERSONAL DATA WE COLLECT
Personal Data You May Provide to Us Through the Services Includes:
- Identification Data: We collect your name, email address, phone number, country, mailing/billing addresses, company/artist name and job title, if you provide it to us.
- Financial Data: Our payment processor(s) will collect the financial information necessary to process your payments, such as your payment card number and authentication details. Please note, however, that we store only a tokenized version of such information and do not maintain payment card information on our servers.
- Communication Data: We may collect information when you contact us with questions or concerns and when you voluntarily respond to questionnaires, surveys or requests for market research seeking your opinion and feedback. Providing communication data is optional to you.
- Engagement Data: Information and statistics regarding the artists, titles, songs, and files that a user engages with.
Personal Data We Receive From Third Parties:
- Social Media Data: We have pages on social media sites like Instagram and Twitter (“Social Media Pages”). When you interact with our Social Media Pages, we will collect personal data that you elect to provide to us, such as your contact details. In addition, the companies that host our Social Media Pages may provide us with aggregate information and analytics regarding the use of our Social Media Pages.
Personal Data Collected by Automated Means: When you visit, use, and interact with the Service, we may receive certain information about your visit, use, or interactions. For example, we may monitor the number of people that visit the Service, peak hours of visits, which page(s) are visited, the domains our visitors come from (e.g., google.com, yahoo.com, etc.), and which browsers people use to access the Service (e.g., Chrome, Firefox, Microsoft Internet Explorer, etc.), broad geographical information, and navigation pattern. In particular, the following information is created and automatically logged in our systems:
- Log Data: Information that your browser automatically sends whenever you visit the Site or access a file through the Site or a DISCO app. Log Data includes your Internet Protocol address, browser type and settings, the date and time of your request, and how you interacted with the Site.
- Device Data: Includes name of the device, operating system, and browser you are using. Information collected may depend on the type of device you use and its settings.
- Usage Data: We collect information about how you use our Service, such as the types of content that you view or engage with, the features you use, the actions you take, and the time, frequency, and duration of your activities.
- Location Data: We derive a rough estimate of your location from your IP address when you use the Site.
- Email Open/Click Data: We use pixels in our email campaigns that allow us to collect your IP address as well as the date and time you open an email or click on any links in the email.
- Identifiable Access Statistics (i.e., statistics showing the date and time a particular Recipient accessed a song, file or playlist) will only be available to customers who used the Recipient’s name and/or email address to share music with that Recipient.
2. HOW WE USE PERSONAL DATA
We use personal data to provide the Service and help you manage and share music and other files. This processing is necessary to perform our contract with you.
We may use personal data as necessary for the following legitimate business interests:
- To communicate with you and respond to your inquiries, comments, feedback, or questions;
- To send administrative information to you, for example, information regarding the Service and changes to our terms, conditions, and policies;
- To analyze how you interact with our Service and provide, maintain and improve the content and functionality of the Service and our customer relationships and experiences – for example, we analyze the way you interact with the Service (such as the links you click on and the pages you visit) in order to improve the design and layout of the Service;
- To enable us to enhance and personalize the experience we offer to our users. For example, we may combine the information that we collect and hold about you for the purposes of creating insights about you and customer segmentation;
- To maintain and improve the Service;
- To prevent fraud, criminal activity, or misuses of our Service, and to ensure the security of our IT systems, architecture, and networks; and
- To comply with legal obligations and legal process and to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other third parties.
Marketing. We may use your personal data to contact you to tell you about products or services we believe may be of interest to you. For instance, if you elect to provide your email, we may use that information to send you special offers. You may opt out of receiving emails by following the instructions contained in each promotional email we send you. In addition, if at any time you do not wish to receive future marketing communications, you may contact us. If you unsubscribe from our marketing lists, you will no longer receive marketing communications but we will continue to contact you regarding management of your account, other administrative matters, and to respond to your requests.
3. SHARING AND DISCLOSURE OF PERSONAL DATA
In certain circumstances we may share the categories of personal data described above without further notice to you, unless required by the law, with the following categories of third parties:
- Vendors and Service Providers: To assist us in meeting business operations needs and to perform certain services and functions, we may share personal data with vendors and service providers, including providers of hosting services, cloud services, and other information technology services providers, email communication software and email newsletter services, advertising and marketing services, payment processors, payroll processors, customer relationship management and customer support services, and analytics services. Pursuant to our instructions, these parties will access, process, or store personal data in the course of performing their duties to us.
- Business Transfers: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider (collectively a “Transaction”), your personal data and other information may be shared in the diligence process with counterparties and others assisting with the Transaction and transferred to a successor or affiliate as part of that Transaction along with other assets.
- Legal Requirements: If required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, including to meet national security or law enforcement requirements, (ii) protect and defend our rights or property, (iii) prevent fraud, (iv) act in urgent circumstances to protect the personal safety of users of the Service, or the public, or (v) protect against legal liability.
4. DATA RETENTION
We retain personal data for as long as appropriate to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of personal data, the purposes for which we process personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
5. YOUR CHOICES
Access or Update Your Information. Users may themselves update their personal data in their accounts by logging in and editing their information.
Opt Out of Marketing Communications. You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email. You may continue to receive service-related and other non-marketing emails.
Online Tracking Opt-out. There are a number of ways to limit online tracking, which we have summarized below:
- Blocking Cookies In Your Browser. Most browsers let you remove or reject cookies, including cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org.
- Blocking Advertising ID Use in Your Mobile Settings. Your mobile device settings may provide functionality to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.
- Using Privacy Plug-ins or Browsers. You can block our Services from setting cookies by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, DuckDuckGo, Ghostery or uBlock Origin, and configuring them to block third party cookies/trackers.
- Google Analytics. We use Google Analytics to collect and summarize information about how individuals engage with the Services. For more information on Google Analytics, click here. For more information about Google’s privacy practices, click here. You can opt out of Google Analytics by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout.
- Platform Opt Outs. The following advertising partners offer opt out features that let you opt out of use of your information for interest-based advertising:
- Advertising Industry Opt Out Tools. You can also use these opt out options to limit use of your information for interest-based advertising by participating companies:
Note that because these opt-out mechanisms are specific to the device or browser on which they are exercised, you will need to opt out on every browser and device that you use.
Privacy Rights. Users have the right to submit requests about their personal data, depending on their location and the nature of their interactions with the Service.
- Access. Request that we provide the individual with information about our processing of the individual’s personal data and give the individual access to their personal data;
- Deletion. Request that we delete the personal data that we maintain about the individual;
- Correction. Request that we update or correct inaccuracies in the individual’s personal data;
- Transfer. Request that we transfer a machine-readable copy of the individual’s personal data to the individual or a third party the individual designates;
- Restriction. Request that we restrict the processing (including sharing) of the individual’s personal data;
- Objection. Object to our reliance on our legitimate interests as the basis of our processing of the individual’s personal data that impacts their rights; and
- Opt Out of the Sale or Sharing of Your Personal Data and Opt Out of the Processing of Your Personal Data for Targeted Advertising. We do not sell personal data in the traditional sense. Like many businesses, we use services that display interest-based ads to users around the web. To exercise these rights, follow the instructions in the “Online tracking opt-out” section above, which explain how to modify the use of advertising cookies on your device. You may also click the link at the bottom of our website that reads: “Do Not Sell or Share My Personal Data.”
If we receive a request from a Business User, we will coordinate our response with the business customer with which the Business User is associated.
To make privacy-related requests, please email us at firstname.lastname@example.org. We reserve the right to confirm the identity of the individual making a request before we respond to the request and to assess whether these rights apply to you. Additionally, applicable law can limit these rights, for example, by prohibiting businesses from providing certain sensitive information in response to an access request and limiting the circumstances in which they must comply with a deletion request. If we decline a request, we will explain why we took that action, subject to legal restrictions. You are entitled to exercise the rights described above free from discrimination.
Please note that the law of your state may limit these rights by, for example, prohibiting us from providing certain sensitive information in response to an access request and limiting the circumstances in which we must comply with a deletion request. If we deny your request, we will communicate our decision to you.
California residents can empower an “authorized agent” to submit requests on their behalf. We will require the authorized agent to have a written authorization confirming that authority.
Our Service is not directed to children who are under the age of 16. DISCO does not knowingly collect personal data from children under the age of 16. If you have reason to believe that a child under the age of 16 has provided personal data to DISCO through the Service please contact us and we will endeavor to delete that information from our databases.
7. CROSS-BORDER PROCESSING OF PERSONAL DATA
If you provide us with your personal data when using the Services, then please note that we are headquartered in Australia, with offices in the United States and the United Kingdom. To provide and operate our Services, it is necessary for us to process personal information in the United States and other countries
If we transfer personal data across borders such that we are required to apply appropriate safeguards to personal data under applicable data protection laws, we will do so. Please contact us for further information about any such transfers or the specific safeguards applied.
8. LINKS TO OTHER WEBSITES
You use the Service at your own risk. We implement commercially reasonable technical, administrative, and organizational measures to protect personal data both online and offline from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or e-mail transmission is ever fully secure or error free. In particular, e-mail sent to or from us may not be secure. Therefore, you should take special care in deciding what information you send to us via the Service or e-mail. Please keep this in mind when disclosing any personal data to DISCO via the Internet. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Service, or third party websites.
11. CONTACT US
If you are an individual in the EU, you can also contact EDPO, who has been appointed as Company’s representative in the EU pursuant to Article 27 of the GDPR on matters related to the processing of personal data activities that take place in the EU. To make such an inquiry, please contact EDPO by using EDPO’s online request form or by writing to EDPO UK at 8 Northumberland Avenue, London WC2N 5BY, United Kingdom.