PRIVACY POLICY STATEMENT

Privacy policy statement for BMG e-license.


Welcome to the BMG’s mechanical licensing portal which BMG Rights Management GmbH, Germany (“BMG”, “we”, “us”, “our”) operates on behalf of all members of the BMG group of companies. Protecting our users’ personal data is an important concern for BMG. All of BMG’s activities on and in connection with this website (“our website”) comply with the applicable data protection legislation. This privacy policy informs you on how and for what purpose we process personal data in connection with your visit to, and use of, our website and services. Any changes that we make to our privacy policy in the future will be posted on this page. BMG employees accessing the site on the occasion of their employment will receive relevant information directly from BMG.


A. COLLECTION AND PROCESSING OF PERSONAL DATA

We collect and process personal data, i.e. information that identifies, or at least makes it possible to identify, you as a natural person (e.g. your name, your address and/or e-mail address) when you decide to actively communicate with us, when you subscribe to services we may provide, and when you use our online client platform (the “Platform”) as a Producer or other contracting partner of BMG (jointly “BMG Partner(s)”) on our website (see sections A.1 and A.2 below). Furthermore, we collect and process certain technical data that results from you visiting our website (see section B below) which is also considered personal data. Processing means any operation which is performed on personal data, such as collection, recording, organisation, structuring, storage, adaptation, retrieval, any kind of disclosure, erasure or destruction or other use.


1. The Public Section of the Website


1.1 There are certain data that you may – but by no means must – submit to us when using the public parts of our website.


1.2 When you subscribe to services that we may offer our users from time to time you will obviously have to submit your email address as well as any other data necessary for the provision of the service. Also, there are means on our website to get in touch with us directly, especially our contact form or webchat, which in turn requires you to submit personal data, such as your name and email address, but also the very content of your request.


Whenever you contact us, we collect, store and use such data to fulfil your corresponding request. For this, the legal basis is Article 6 sec. 1 sent. 1 lit. b GDPR. Your data will not be collected, stored or used in any other way or for any other purpose. Hence, as an example, if you submit your email address via our contact form with a request for certain information, we will use only your email address to get back to you with – so we hope – the information you requested. Hence, you fully control the information you provide BMG about yourself and how it may be used. We also provide you the opportunity to communicate with us via our webchat, which is hosted by a third-party provider. This provider may process your data as specified in Section B.


2. Our Online Client Platform


2.1 The Platform under bmg-e-license.com is a service for producers of media content (the “Producers”) to license music and keep track of their licensed products. For Producers we provide an online interface to our corresponding databases, to access sample music and to download tracks for their production. For this, the legal basis is the performance or the preparation of a contract, Article 6 sec. 1 sent. 1 lit. b GDPR.

To use our Platform you must register for our services by submitting the required personal information, including:

- Contact information (Email, Phone, Address)

- Business information

We use this information to create your account and to contact you regarding relevant licensing opportunities. Considering potential licensing contracts, this is based on Art. 6 sec. 1 lit. b GDPR. Upon registration, our team will evaluate the soundness of your business by matching it to additional data collected a public internet search. We use this information to prevent fraudulent behaviour on our platform to protect our and our client’s interests, Art. 6 sec. 1 lit. f GDPR.


2.2 We will collect and maintain a history of your use of our website, especially of your browsing of our music library, download and licensing history, we will use this information to assess and detect any case of possibly unlicensed use of our music products. For this purpose, we match your use of the website regarding browsing, listening and download history to our directory of anonymized download patterns of Producers. For this the legal basis is Article 6 sec. 1 lit. f GDPR, as it is in our legitimate interest to detect such use.


2.3 In case we directly license our music products to you we will further collect and maintain a record of any contractual information gathered upon closing a licensing agreement. For this, the legal basis is Article 6 sec. 1 lit. f GDPR.


2.4 While not being required to submit personal data through the Platform, you can edit certain personal data in the "Settings" section of the Platform. We will store and use edited personal data to, as applicable, continue providing the services of the Platform for you and/or to fulfil our obligations towards you. For example, by informing us of a new postal address, you allow us to send you any statements or other documents we may owe you to that address, unless stipulated otherwise in your contractual documentation. For this, the legal basis is Article 6 sec. 1 sent. 1 lit. b GDPR, as the data is used for the provision of our services


2.5 From time to time, we may send you playlists that may be interesting for your production projects. If you are interested, we will store and use this information to show you more relevant suggestions for future productions.


2.6 Personal data that is collected for our Platform is retained until you decide to close your account and properly erased afterwards.



B. LOG FILES, COOKIES, WEB ANALYTICS AND SOCIAL MEDIA PLUGINS


1 General and Error Log Files


When you visit our website, our webservers automatically store certain data in log files.


1.1 The general log files may tell us which Internet browser and operating system you were using, and which IP address was allocated to your Internet access when you were visiting the site, the URL of the internet page from which you arrived at our website, the exact time when you accessed and left our website, the amount of data transmitted, and the pages you accessed on our website. The last octet (8-bit byte) of the IP address in the general log files will be masked, thereby restricting our (or a third party’s) ability to connect the IP address to your specific Internet access. The personal data automatically collected is necessary for us to provide the website (Article 6 sec. 1 sent. 1 lit. f GDPR), and for our legitimate interest to guarantee the website’s stability and security (Article 6 sec. 1 sent. 1 lit. f GDPR). Personal data that is collected automatically is retained for 35 days and properly erased afterwards.


1.2 Should our web server(s) detect an error in processing requests, it will send the corresponding information to an error log file. Those log files for technical reasons also record the client IP address from which the request was sent, i.e. your IP address if your request caused the error.


1.3 We have no means, and no interest in, identifying you through the general or error log file data. We use the general log file data for statistical purposes. The information we can from time to time retrieve from the files relates to, for example, peak times of the use of our website, which information our users are most interested in on the website, how users navigate on our website and which browsers and operating system our users use. We use that information to improve the technical setup as well as the design of our website. The error log files are used to diagnose and fix the error. The personal data collected during this process is necessary for our legitimate interest to guarantee the website’s stability and security (Article 6 sec. 1 sent. 1 lit. f GDPR).


2 Platform Log Files


In addition to the general and error log files, we keep log files of all logins to and logouts from, and downloads of documents from, the Platform under bmg.com (http://bmg.com) to protect you and ourselves from any misuse of the service. For that purpose, we also display the exact time and date of your latest login in the "Settings" section of your account on the Platform, which we store in our database. The personal data collected during this process is necessary for our legitimate interest to guarantee the website’s security, Article 6 sec. 1 sent. 1 lit. f GDPR. Platform Log Files are retained for 35 days and properly erased afterwards.


3 Cookies


3.1 Our website uses http cookies. An http cookie is a piece of text stored on your computer by your web browser. Cookies are sent as a field in the header of the http response by our web server(s). It is then sent back by your browser every time it accesses the respective web server.

Our website uses session and persistent cookies to provide you with an easy and comfortable web service. They allow us to, for example, display the German contact information any time you visit our website if your first visit to the site came from Germany.

The Platform under bmg-e-license.com uses session cookies (which are automatically deleted at the end of each session) that, for example, allow us to identify you as the same user (but no more) over a session on our website and to “keep” certain data across more than one webpage so that you don’t have to reinsert the same data or set your personal settings over and over again.


3.2 Should you, however, wish to generally discontinue the use of cookies, you may use your browser settings to prevent the acceptance and storage of new cookies. To find out how this works with your browser, resort to the browser's help function or contact the manufacturer. However, we recommend leaving the cookies functions switched on as, only if you do, will you retain the full benefit of the high level of user comfort to which we strive. In addition, the use of the Platform requires us to be able to set cookies.


4 Google Analytics

Our website may use Google Analytics. Google Analytics is a web analytics service provided by Google, Inc., of Mountain View, CA 94043, U.S.A. („Google“). Google Analytics uses cookies (cf. section 3 above) that enable an analysis of your use of the website. The information generated by the cookie about your use of our website (such as when you visited the website, the referrer URL, details on the configuration of your operating system, your browser and your access provider) are generally transmitted to, and stored on, a server of Google located in the U.S.A. As we are using Google Analytics’ "_anonymizeIp()" function, your IP address will be shortened when you access our site from a member state of the European Union or from other states of the European Economic Area. It is only in exceptional circumstances that your IP address is transmitted to the U.S.A. and shortened there. Google will use the information on our behalf to analyse your use of the website, to compile reports on website activity, and to provide us with additional services related to the use of the website as well as Internet use. The IP address collected within the framework of Google Analytics will not be combined with other Google data.


We will use the Information gathered by cookies deployed by Google Analytics to analyse your use of our website, to generate reports on website activities and to perform other website related services to you.

The legal basis for this processing is Art. 6 sec. 1 sent. 1 lit. f GDPR and represents our legitimate interest to analyse our website’s traffic to improve the user’s experience and to optimize the website in general.

You will find further information on Google and Google Analytics:

(http://www.google.com), and Google’s Privacy Policy

(http://www.google.com/intl/en/privacy/) or here

(http://www.google.com/intl/de/privacypolicy.html#information).

As already explained above, you can use your browser settings to prevent the acceptance and storage of new cookies. Should you disagree with the analysis of your use of our website you can also deactivate Google Analytics and thus declare your objection to the collection and processing of the respective data.

To do this, please download and install the browser plugin that Google provides for this purpose. The plugin is available at [http://tools.google.com/dlpage/gaoptout?hl=en].

Once the plugin has been installed, it will prevent the recollection of the data related to your use of our website that has been generated by the cookie (including your IP address).


C. DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES


The data collected by us will only be transmitted if:

   

- you have given your express consent pursuant to Art. 6 sec. 1 sent. 1 lit. a GDPR,

   

- the disclosure pursuant to Art. 6 sec. 1 sent. 1 f GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,

   

- we are legally obliged pursuant to Art. 6 sec. 1 sent. 1 lit. c GDPR to pass on or

   

- this is legally permissible and is required under Art. 6 sec. 1 sent. 1 lit. b GDPR for the processing of contractual relationships with you or for the implementation of pre-contractual measures that are taken at your request.


Part of the data processing can be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, this may include data centres that store our website and databases, IT service providers that maintain our systems, and consulting firms. If we pass data on to our service providers, they may use the data exclusively for the fulfilment of their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound by our instructions, have appropriate technical and organisational measures in place to protect the rights of the persons concerned and are regularly monitored by us.

In addition, it may be disclosed in connection with official inquiries, court orders and legal proceedings if it is necessary for legal prosecution or enforcement.


D. TRANSFER OF PERSONAL DATA OUTSIDE EEA


The information we collect from you may be transferred to, processed and stored at a destination outside the European Economic Area (“EEC”), e.g. when we transfer data to third parties or members of BMG’s group of companies. The Recipients outside the EEA are either Privacy Shield certified or bound by Standard Contractual Clauses of the EU Commission for the protection of personal data, or they are located in countries in regard to which the EU Commission issued an adequacy decision according to Art. 45. GDPR.


E. SECURITY


BMG takes great care to ensure the security of personal data. Your data is conscientiously protected from loss, destruction, distortion/falsification, manipulation and unauthorized access or unauthorized disclosure through appropriate technical and organizational measures. However, due to the inherent nature of the Internet as an open global communications vehicle, we cannot guarantee that information, during transmission through the Internet or while stored on our system or otherwise in our care, will be safe from intrusion by others, such as hackers. You are responsible for maintaining the strict confidentiality of your account password, and you shall be responsible for any access to or use of the website by you or any person or entity using your password, whether such access or use has been authorized by you or on your behalf.


F. THIRD PARTY SITES


Third party sites linked to from this website may have different privacy policies and practices. We are not responsible for the information practices of third party sites, or channels or areas of this website, that are operated by third parties. You should carefully review these other privacy policies to determine how each third party may use any personal information you provide.


G. DATA RETENTION


We strive to keep our processing activities with respect to your personal data as limited as possible. Personal data provided by you upon using our services will be retained only for as long as we need it to fulfil the purpose for which we have collected it or as long as required by statutory retention requirements. Technical Data will be retained only as long as it is necessary to provide access to our site. However, we may retain Technical Data to enable us to engage in effective defense against attacks on our site, i.e. DDOS attacks. In no event will we retain your Technical Data longer than 90 days, provided storage of data is not required by statutory retention requirements. This may be the case as far as data collected during the use of the Platform is relevant for taxes or accounting reasons. In Germany, we are obliged to keep such data up to ten years according to German Tax and Trade Law.


H. YOUR RIGHTS


Right of access (Art. 15 GDPR);

You have the right to information regarding the data we process concerning you. Upon request we will provide you a copy of the data together with additional information to the extent defined in Art. 15 GDPR .


Right to rectification (Art. 16 GDPR);

You have the right to rectification of your data, wherever such data is incorrect or incomplete.


Right to erasure (Art. 17 GDPR);

You have a right to erasure regarding data that is no longer required for the original purposes or that is processed unlawfully, as described in Art. 17 GDPR. Wherever certain data is subject to retention periods, instead of deleting the data we will restrict processing to the duration and intended purposes of such period.


Right to restriction of processing (Art. 18 GDPR);

Upon your request, we will restrict processing of personal according to Art. 18, wherever there are uncertainties regarding our right to process such data or while a decision regarding your objection to such processing is pending. In such cases we will only retain data, restrict any processing to the minimal extent necessary and withdraw access to your data from our employees.


Right to data portability (Art. 20 GDPR);

Upon your request we will transfer any personal data you have provided to us during the use of our services based on consent or any contractual or pre-contractual relationship to you or any third party, provided secure communication with third party is technically feasible. We will provide the data in a structured and machine-readable format.


Right to object to processing based on Art. 6 Abs. 1 lit. f GDPR (Art. 21 GDPR);

Upon your objection we will cease any processing of your personal data based on Art. 6 lit. f. Wherever we have compelling legitimate grounds to process your data, we are allowed to further process such data, provided our interest in doing so prevails in a weighting against your interest against the processing activity. Therefore, to allow us to evaluate your request, please let us know the reason for your objection.

Wherever you gave consent to a data processing, in accordance with Article 7 (2) GDPR, you have the right to withdraw your consent to us at any time. As a result, we will not continue processing data based on this consent in the future. The withdrawal of consent does not affect the legality of the processing carried out based on the consent until the withdrawal.

Furthermore, you have the right to lodge a complaint with a data privacy supervisory authority.


I. YOUR CALIFORNIA PRIVACY RIGHTS


This section applies to any California residents about whom we, BMG Rights Management GmbH ("BMG"), have collected personal information from any source, including through your use of our website bmg-e-license.com (the "Website"), including by filling out a form on our Website, buying our products or services, or communicating with us electronically, in paper correspondence, or in person (collectively, "you").

For purposes of this section, “personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California consumer/resident or household. Personal information does not include publicly available information or information that has been de-identified.

    a. What Information We Collect

    We may collect the following categories of personal information about you:

    • Identifiers, which includes first and last name; postal address; Internet Protocol ("IP") address (for purposes of error log files only); email address; name, and password.

    • Information relating to Internet activity or other electronic network activity, which includes cookie identifiers (e.g. session and persistent); logins to and logouts from, and downloads of documents from, my.bmg; clear gifs (a.k.a. web beacons/web bugs or so-called pixels); log files; browser type; referring/exit pages; operating system; date/time stamp; device characteristics ; internet service provider (ISP); amount of data transmitted; pages accessed on the Website; clickstream data; device platform; device characteristics including your choice of settings such as Wi-Fi, Bluetooth, and Global Positioning System ("GPS") data.which includes cookie identifiers (e.g. session and persistent); logins to and logouts from, and downloads of songs / assets from the website; clear gifs (a.k.a. web beacons/web bugs or so-called pixels); log files; browser type; referring/exit pages; operating system; date/time stamp; device characteristics ; internet service provider (ISP); amount of data transmitted; pages accessed on the Website; clickstream data; device platform; device characteristics including your choice of settings such as Wi-Fi, Bluetooth, and Global Positioning System ("GPS") data.

    • Geolocation data, which includes Global Positioning System ("GPS") data; locational information based upon your IP address; cell network data; and/or other similar locational data; and which may be collected from various devices including your mobile device(s) or vehicle(s).

    • Credit Card number.

    b. What We Do With Your Information

    We may collect or use personal information from you for the following purposes:

    • Assessing third party vendors / service providers

    • Billing, payment, and fulfillment

    • Customer claims and fraud investigation and prevention

    • Customer communications (e.g. newsletter)

    • Customer relationship management

    • Financial reporting and accounting

    • General business administration

    • Internal analytics

    • Investigate, protect, enforce, or defend the legal rights, privacy, safety or property of us or others

    • Systems and data security

    • Website optimization and maintenance

    c. Sources of Collected Information

    We may collect personal information from the following categories of sources:

    • Our customers / prospective customers / users / members, including via our websites, the bmg-e-license.com platform, telephone, text message, postal mail, social media, forums, message boards, chatbot, or other means;

    • Our affiliates;

    • Our service providers, which includes customer relationship management providers, analytics providers, website hosting providers, systems administrators, and communications delivery services;

    • Our third party business partners ("BMG Partners");

    • Other third parties, which includes operators of other websites and mobile applications, online advertising partners, and other data suppliers;

    d. Who We Share Information With

    We do not sell personal information, or otherwise provide personal information to third parties, other than service providers receiving information to perform services for us on our behalf.

    We may share your personal information with the following categories of third parties:

    • Affiliates

    • Service providers

    • BMG Partners

    e. Your Privacy Rights

    If you are a California resident, subject to applicable law, you have the following rights under California law with respect to your personal information:

    • Right to Know. You have the right to request what personal information we collect, use, disclose, and/or sell, as applicable.

    • Right to Delete. You have the right to request the deletion of your personal information that is collected or maintained by us.

    • Right to Opt-Out of Sale. You have the right to opt-out of the sale of your personal information by us.

    • Right to Non-Discrimination. You have the right not to receive discriminatory treatment by us for the exercise of the privacy rights described above.

    You may also authorize someone to exercise the above rights on your behalf.

    The above rights are subject to our being able to reasonably verify your identity and authority to make these requests. These rights are also subject to various exclusions and exceptions under applicable laws.

    If you are a California resident and wish to seek to exercise these rights, please reach out to our Data Protection Officer (for details see section J).


J. CONTACTING US


The contact details of our data protection officer are:

data-protection@bmg.com.


January 2020