A. COLLECTION AND PROCESSING OF PERSONAL DATA
We collect and process personal data, i.e. information that identifies, or at least makes it possible to identify, you as a natural person (e.g. your name, your address and/or e-mail address) when you decide to actively communicate with us, when you subscribe to services we may provide, and when you use our online client platform (the “Platform”) as a writer, publisher or other contracting partner of Alchemy/BMG (jointly “Alchemy/BMG Partner(s)”) in the “my.Alchemy/BMG” section of our website (see sections A.1 and A.2 below). Furthermore, we collect and process certain technical data that results from you visiting our website (see section B below) which is also considered personal data. Processing means any operation which is performed on personal data, such as collection, recording, organisation, structuring, storage, adaptation, retrieval, any kind of disclosure, erasure or destruction or other use.
1. The Public Section of the Website
There are certain data that you may – but by no means must – submit to us when using the public parts of our website.
1.1 When you subscribe to services that we may offer our users from time to time you will obviously have to submit your email address as well as any other data necessary for the provision of the service. Also, there are means on our website to get in touch with us directly, especially our contact form, which in turn requires you to submit personal data, such as your name and email address, but also the very content of your request.
1.2 We collect, store and use such data in order to fulfil your corresponding request. For this, the legal basis is Article 6 sec. 1 sent. 1 lit. f GDPR, as it is in our mutual interest to handle your requests. Your data will not be collected, stored or used in any other way or for any other purpose. Hence, as an example, if you submit your email address via our contact form with a request for certain information, we will use only your email address to get back to you with – so we hope – the information you requested. Hence, you fully control the information you provide Alchemy/BMG about yourself and how it may be used.
2. Our Online Client Platform
The Platform under “my.Alchemy/BMG.com” is a service for Alchemy/BMG Partners who wish to stay fully informed and up to date on their royalty earnings. For Alchemy/BMG Partners we provide an online interface to our corresponding databases. For this, the legal basis is the performance or the of a contract or pre-contractual measures, Article 6 sec. 1 sent. 1 lit. b GDPR.
2.1 To ensure that only you as a Alchemy/BMG Partner may gain access to the corresponding information we conduct an offline registration process. If you have decided to get in touch with the designated contact person and have received your login data, you may login to your account on the Platform.
2.2 You are not required to submit any extra personal data before or while using the Platform (see section 2.3, though). Please, be aware, however, that the data you can retrieve on the Platform is personal and confidential. If you pass on your login data to anyone else, or if it gets passed on to anyone else, that person can access the data just as you can, unless and until you tell us to block your login data.
2.3 While not being required to submit personal data through the Platform, you can edit certain personal data in the “Settings” section of the Platform. We will store and use edited personal data to, as applicable, continue providing the services of the Platform for you and/or to fulfil our obligations towards you. For example, by informing us of a new postal address, you allow us to send you any statements or other documents we may owe you to that address, unless stipulated otherwise in your contractual documentation.
2.4. Personal data that is collected for our Online Client Platform is retained until you decide to close your account and properly erased afterwards (see below, Data Retention)
When you subscribe to our newsletter by contacting our personnel, we use the so-called double opt-in procedure, i.e. we will only send you newsletters by e-mail if you confirm in our notification e-mail by clicking on a link that you are the owner of the e-mail address provided. If you confirm your e-mail address, we will store your e-mail address, the time of registration and the IP address used for registration until you unsubscribe from the newsletter. The sole purpose of the storage is to send you the newsletters and to be able to prove your registration. You can unsubscribe from the newsletter at any time. A corresponding unsubscribe link can be found in every newsletter. A message to the contact data given below or in the newsletter (e.g. by e-mail or letter) is of course also sufficient. The legal basis of the processing is your consent pursuant to Art. 6 sec. 1 lit. f GDPR.
In our newsletters we use commercially established technologies, enabling us to measure interactions with the newsletters (e.g. opening of the e-mail, clicked links). We use this data in pseudonymous form for general statistical evaluations as well as for the optimisation and further development of our content and customer communication. This data is collected using small graphics embedded in the newsletter (so-called pixels), which can also collect Technical Data regarding the device you use. The data is collected exclusively pseudonymised and is not linked to your other personal data. The legal basis for this is our aforementioned legitimate interest, Art. 6 sec. 1 lit. f GDPR. Through our newsletter we want to share content that is as relevant as possible for our customers and better understand what readers are actually interested in. If you do not wish the analysis of usage behaviour, you can unsubscribe the newsletter or deactivate graphics in your e-mail program by default. The data on the interaction with our newsletters is stored pseudonymously for 30 days and subsequently made completely anonymous.
C. LOG FILES, COOKIES, WEB ANALYTICS AND SOCIAL MEDIA PLUGINS
1. General and Error Log Files
When you visit our website, our webservers automatically store certain data in log files.
1.1 The general log files may tell us which Internet browser and operating system you were using and which IP address was allocated to your Internet access when you were visiting the site, the URL of the internet page from which you arrived at our website, the exact time when you accessed and left our website, the amount of data transmitted, and the pages you accessed on our website. The last octet (8-bit byte) of the IP address in the general log files will be masked, thereby restricting our (or a third party’s) ability to connect the IP address to your specific Internet access. The personal data automatically collected is necessary for us to provide the website (Article 6 sec. 1 sent. 1 lit. f GDPR), and for our legitimate interest to guarantee the website’s stability and security (Article 6 sec. 1 sent. 1 lit. f GDPR). Personal data that is collected automatically is retained for 35 days and properly erased afterwards.
1.2 Should our web server(s) detect an error in processing requests, it will send the corresponding information to an error log file. Those log files for technical reasons also record the client IP address from which the request was sent, i.e. your IP address if your request caused the error.
1.3 We have no means, and no interest in, identifying you through the general or error log file data. We use the general log file data for statistical purposes. The information we can from time to time retrieve from the files relates to, for example, peak times of the use of our website, which information our users are most interested in on the website, how users navigate on our website and which browsers and operating system our users use. We use that information to improve the technical setup as well as the design of our website. The error log files are used to diagnose and fix the error. The personal data collected in the course of this process is necessary for our legitimate interest to guarantee the website’s stability and security (Article 6 sec. 1 sent. 1 lit. f GDPR).
2. Platform Log Files
In addition to the general and error log files, we keep log files of all logins to and logouts from, and downloads of documents from, the Platform under Alchemy/BMG.com in order to protect you and ourselves from any misuse of the service. For that purpose, we also display the exact time and date of your latest login in the “Settings” section of your account on the Platform, which we store in our database. Platform Log Files are retained for 35 days and properly erased afterwards.
3.1 Our website uses http cookies. An http cookie is a piece of text stored on your computer by your web browser. Cookies are sent as a field in the header of the http response by our web server(s). It is then sent back by your browser every time it accesses the respective web server.
• Our website uses session and persistent cookies in order to provide you with an easy and comfortable web service. They allow us to, for example, display the German contact information any time you visit our website if your first visit to the site came from Germany. It is our legitimate interest (Art. 6 sec 1 lit. f) to provide you a comfortable web service.
4. Web Analytics
We will use the Information gathered by cookies deployed by Google Analytics to analyse your use of our website, to generate reports on website activities and to perform other website related services to you.
As already explained above, you can use your browser settings to prevent the acceptance and storage of new cookies. Should you disagree with the analysis of your use of our website you can also deactivate Google Analytics and thus declare your objection to the collection and processing of the respective data.
To do this, please download and install the browser plugin that Google provides for this purpose. The plugin is available here.
Once the plugin has been installed, it will prevent the recollection of the data related to your use of our website that has been generated by the cookie (including your IP address).
5. Social Media Plugins
On certain webpages of our website we may implement so-called social media plugins, in particular Facebook, Inc.’s “like” button and Twitter, Inc.’s Twitter buttons. When you visit a page that displays one or more of such buttons your browser will establish a direct connection to the respective Facebook, Google and/or Twitter server and load the button from there. At the same time Facebook, Google and/or Twitter will know that the respective page on our website has been visited. This processing is based on Article 6 sec. 1 sent. 1 lit. f GDPR and represents our legitimate interest to improve your website experience and to optimize our services.
We have no influence on the data that Facebook, Google and Twitter collect on the basis of the buttons. According to the available information, however, if you do not click on the respective buttons no personal data will be collected and stored unless you have logged onto to your Facebook, Google or Twitter account. In that case certain user data (including your IP address at the time) may be collected and linked to the account information already present at Facebook, Google or Twitter, respectively. If you wish to prevent this, please log out of your social media accounts before visiting our website.
In addition, clicking a button may also lead to a collection of certain data, such as the user’s IP address. Facebook, Google or Twitter may set cookies as well, unless you have disabled the acceptance and storage of cookies in your browser settings (see above).
We receive no information from Facebook, Google or Twitter about which social media buttons you may have clicked or seen on our website, but, if at all, we may receive a summarized, non-person-related statistical report on the use of the buttons.
If you wish to obtain more information on the subject go to:
D. NO DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
We will not disclose your personal data, be it by transmission or otherwise, to third parties except where:
• such disclosure is necessary to fulfil existing obligations towards, or assert and enforce claims against, you;
• you consented to such disclosure;
• federal or competent state authorities, in particular law enforcement and/or data protection supervisory agencies, request such disclosure on the basis of the applicable laws, if and inasmuch as such disclosure is necessary to counter dangers to public safety and order or for the investigation and persecution of criminal acts;
• we are otherwise bound to do so by law.
E. TRANSFER OF PERSONAL DATA OUTSIDE EEA
The information we collect from you may be transferred to, processed and stored at a destination outside the European Economic Area (“EEC”) when we transfer data to third parties or members of Alchemy/BMG’s group of companies. Recipients outside the EEA are either Privacy Shield certified or bound by Standard Contractual Clauses draft by the EU Commission for the protection of personal Data.
Alchemy/BMG takes great care to ensure the security of personal data. Your data is conscientiously protected from loss, destruction, distortion/falsification, manipulation and unauthorized access or unauthorized disclosure through appropriate technical and organizational measures. However, due to the inherent nature of the Internet as an open global communications vehicle, we cannot guarantee that information, during transmission through the Internet or while stored on our system or otherwise in our care, will be safe from intrusion by others, such as hackers.
You are responsible for maintaining the strict confidentiality of your account password, and you shall be responsible for any access to or use of the website by you or any person or entity using your password, whether or not such access or use has been authorized by you or on your behalf.
G. THIRD PARTY SITES
Third party sites linked to from this website may have different privacy policies and practices. We are not responsible for the information practices of third party sites, or channels or areas of this website, that are operated by third parties. You should carefully review these other privacy policies in order to determine how each third party may use any personal information you provide.
H. DATA RETENTION
We strive to keep our processing activities with respect to your personal data as limited as possible. Personal data provided by you upon using our services will be retained only for as long as we need it to fulfil the purpose for which we have collected it or as long as required by statutory retention requirements. Technical Data will be retained only as long as it is necessary to provide access to our site. However, we may retain Technical Data to enable us to engage in effective defense against attacks on our site, i.e. DDOS attacks. In no event will we retain your Technical Data longer than 90 days, provided storage of data is not required by statutory retention requirements. This may be the case as far as data collected during the use of the Platform is relevant for taxes or accounting reasons. In Germany, we are obliged to keep such data up to ten years according to German Tax and Trade Law.
I. YOUR RIGHTS
Under the legislation applicable to you, you may be entitled to exercise some or all of the following rights:
- Right of access (Art. 15 GDPR);
You have the right to information regarding the data we process concerning you. Upon request we will provide you a copy of the data together with additional information to the extent defined in Art. 15 GDPR.
- Right to rectification (Art. 16 GDPR);
You have the right to rectification of your data, wherever such data is incorrect or incomplete.
- Right to erasure (Art. 17 GDPR);
You have a right to erasure regarding data that is no longer required for the original purposes or that is processed unlawfully, as described in Art. 17 GDPR. Wherever certain data is subject to retention periods, instead of deleting the data we will restrict processing to the duration and intended purposes of such period.
- Right to restriction of processing (Art. 18 GDPR);
Upon your request, we will restrict processing of personal according to Art. 18, wherever there are uncertainties regarding our right to process such data or while a decision regarding your objection to such processing is pending. In such cases we will only retain data, restrict any processing to the minimal extent necessary and withdraw access to your data from our employees.
- Right to data portability (Art. 20 GDPR);
Upon your request we will transfer any personal data you have provided to us during the use of our services on the basis of consent or any contractual or pre-contractual relationship to you or any third party, provided secure communication with third party is technically feasible. We will provide the data in a structured and machine-readable format.
- Right to object to processing based on Art. 6 sec. 1 lit. f GDPR
Upon your objection we will cease any processing of your personal data based on Art. 6 lit. f. Wherever we have compelling legitimate grounds to process your data, we are allowed to further process such data, provided our interest in doing so prevails in a weighting against your interest against the processing activity.
Therefore, to allow us to evaluate your request, please let us know the reason for your objection.
- Right to withdraw consent
Where a processing is based on your consent, you have the right to withdraw your consent at any time by sending an email to email@example.com, without affecting the lawfulness of processing based on consent before its withdrawal.
You may (i) exercise the rights referred to above or (ii) pose any questions or (iii) make any complaints regarding our data processing by contacting us under the contact details set out below. Additionally you have the right lodge a complaint with a supervisory authority.
J. Your California Privacy Rights
This section applies to any California residents about whom we, Alchemy/BMG Rights Management GmbH (“Alchemy/BMG”), have collected personal information from any source, including through your use of our website https://www.Alchemy/BMG.com/us/ (the “Website”), including by filling out a form on our Website, buying our products or services, or communicating with us electronically, in paper correspondence, or in person (collectively, “you”).
For purposes of this section, “personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California consumer/resident or household. Personal information does not include publicly available information or information that has been de-identified.
a. What Information We Collect
We may collect the following categories of personal information about you:
- Identifiers, which includes first and last name; postal address; Internet Protocol (“IP”) address (for purposes of error log files only); email address; name, and password.
- Information relating to Internet activity or other electronic network activity, which includes cookie identifiers (e.g. session and persistent); logins to and logouts from, and downloads of documents from, my.Alchemy/BMG; clear gifs (a.k.a. web beacons/web bugs or so-called pixels); log files; browser type; referring/exit pages; operating system; date/time stamp; device characteristics ; internet service provider (ISP); amount of data transmitted; pages accessed on the Website; clickstream data; device platform; device characteristics including your choice of settings such as Wi-Fi, Bluetooth, and Global Positioning System (“GPS”) data.
- Geolocation data, which includes Global Positioning System (“GPS”) data; locational information based upon your IP address; cell network data; and/or other similar locational data; and which may be collected from various devices including your mobile device(s) or vehicle(s).
b. What We Do With Your Information
We may collect or use personal information from you for the following purposes:
- Customer claims and fraud investigation and prevention
- Customer communications (e.g. newsletter)
- Customer relationship management
- Financial reporting and accounting
- General business administration
- Internal analytics
- Investigate, protect, enforce, or defend the legal rights, privacy, safety or property of us or others
- Systems and data security
- Website optimization and maintenance
c. Sources of Collected Information
We may collect personal information from the following categories of sources:
- Our users / members, including via our websites, the my.Alchemy/BMG.com platform, mobile applications, telephone, text message, postal mail, social media, forums, message boards, chatbot, or other means;
- Our affiliates;
- Our service providers, which includes customer relationship management providers, analytics providers, website hosting providers, systems administrators, and communications delivery services;
- Our third party business partners (“Alchemy/BMG Partners”);
- Other third parties, which includes operators of other websites and mobile applications, online advertising partners, and other data suppliers;
d. Who We Share Information With
We do not sell personal information, or otherwise provide personal information to third parties, other than service providers receiving information to perform services for us on our behalf.
We may share your personal information with the following categories of third parties:
- Service providers
- Alchemy/BMG Partners
e. Your Privacy Rights
If you are a California resident, subject to applicable law, you have the following rights under California law with respect to your personal information:
- Right to Know. You have the right to request what personal information we collect, use, disclose, and/or sell, as applicable.
- Right to Delete. You have the right to request the deletion of your personal information that is collected or maintained by us.
- Right to Opt-Out of Sale. You have the right to opt-out of the sale of your personal information by us.
- Right to Non-Discrimination.You have the right not to receive discriminatory treatment by us for the exercise of the privacy rights described above.
You may also authorize someone to exercise the above rights on your behalf.
The above rights are subject to our being able to reasonably verify your identity and authority to make these requests. These rights are also subject to various exclusions and exceptions under applicable laws.
If you are a California resident and wish to seek to exercise these rights, please reach out to our Data Protection Officer (for details see section K).
K. CONTACTING US
The contact details of our group data protection officer are:
Alchemy/BMG Rights Management GmbH
Data Protection Department
Effective Date: 27 December 2019