GDPR Data Processing Policy (DPA)1. GDPR Data Processing Policy
Odradek Records LLC (“ODRADEK”) recognizes that the European Economic Area (the “EEA”) has established strict protections regarding the handling of EEA personally identifiable information, in particular the EU General Data Protection Regulation (“GDPR”). In recognition of the importance of GDPR, ODRADEK has adopted the following GDPR Data Processing Policy (the “Policy”).
This Policy is intended to ensure that you understand the following: (a) the entity that is collecting your personal data; (b) the purposes for which your personal data is collected; (c) how and why your personal data will be used; (d) the period during which your data will be retained; and (e) how you can contact ODRADEK regarding your data.
2. Entity/Data Controller
Any data collected through odradek-records.com, anonymuze.com, and b.io (collectively the “ODRADEK Websites”) or any other website associated with, or related to, the ODRADEK Websites will be collected by Odradek Records, LLC which is a limited liability company formed in Lawrence, Kansas USA with its principal place of business located at 1040 New Hampshire Street, Lawrence, KS 66044.
3. Lead Data Protection Authority
The ODRADEK Websites' lead data protection authority is:
Garante per la protezione dei dati personali Piazza di Monte Citorio, 121 00186 Roma ITALY
Phone: +39-06-6967 71 Fax: +39-06-6967 73785
You may lodge any complaints about ODRADEK’s data processing with this Lead Data Protection Authority.
4. Data Processing Officer
You can contact the ODRADEK Data Processing Officer by emailing email@example.com.
5. Categories of Data Subjects and Data Collected
ODRADEK only collects data from users who either join, or engage with, the ODRADEK Websites. ODRADEK is committed to only collecting data that is necessary for ODRADEK to provide the content and services on the ODRADEK Websites.
Depending on which services you choose to use, ODRADEK may require additional information, such as billing information (including billing address, phone number, credit card information), a mobile telephone number, a physical mailing address, and/or payment information. In order to receive payments from ODRADEK, ODRADEK may require information such as your social security number, or the equivalent, applicable tax ID, date of birth, bank account information and/or credit card information.
You may also provide information to ODRADEK such as the following: (a) information that you provide by filling in forms; (b) information provided at the time of registering to use ODRADEK Websites; (c) information when you enter a promotion sponsored by ODRADEK; (d) information when you report a problem with ODRADEK Websites; (e) records and copies of your correspondence (including email addresses), if you contact ODRADEK; (f) your responses to surveys that we might ask you to complete for research purposes; (g) details of transactions you carry out through the ODRADEK Websites and of the fulfillment of your orders; (h) financial information before placing an order through the ODRADEK Websites; and (i) your search queries on the ODRADEK Websites.
6. Basis for Processing
ODRADEK processes data based on (a) consent of the user; and (b) the necessity of the data for providing the services that users are contracting for when they become members of the ODRADEK Websites. IF YOU DO NOT CONSENT TO THE PROCESSING OF YOUR DATA IN ORDER TO ACCESS AND USE THE ODRADEK WEBSITES, PLEASE DO NOT USE, OR ENGAGE WITH, THE ODRADEK WEBSITES.
7. Cross-Border Transfer
Some data centers hosting ODRADEK’s data, including user data, are located outside of the European Union. Accordingly, as an EU citizen, in order to access the services and content provided by ODRADEK, your data may be transferred outside of the EU. By using the ODRADEK Websites, you consent to the cross-border transfer of your data in order to receive access to the ODRADEK Websites.
8. Potential Recipients & Sub-Processors
ODRADEK does not provide your data to third party recipients who are not necessary to the services and content provided on the ODRADEK Websites without your permission. Third parties who may receive your data so that ODRADEK can provide the services and content on the ODRADEK Websites include ODRADEK’s cloud infrastructure providers and ODRADEK’s third party marketing cloud provider.
You acknowledge and agree that: (i) Subsidiaries of ODRADEK may be used as Sub-processors; and (ii) ODRADEK and its Subsidiaries respectively may engage Sub-processors in connection with the provision of the Services.
All Sub-processors who process Personal Data in the provision of the Services to you shall comply with obligations similar to those set out in this DPA.
Where Sub-processors are located outside of the EEA, the Processor confirms that such Sub-processors: (i) are located in a third country or territory recognised by the EU Commission to have an adequate level of protection; or (ii) have entered into Standard Contractual Clauses with the ODRADEK; or (iii) have other legally recognised appropriate safeguards in place, such as the EU-US Privacy Shield or Binding Corporate Rules.
ODRADEK shall make available the current list of Sub-processors (at http://odradek-records.com/dpa/subprocessors) which shall include the identities of Sub-processors and their country of location. During the term of this DPA, ODRADEK shall post any changes to the list of Sub-processor(s) who may process Personal Data before authorising any new or replacement Sub-processor(s) to process Personal Data in connection with the provision of the Services.
If you object to a new or replacement Sub-processor you may terminate the Customer Terms with respect to those Services which cannot be provided by the Processor without the use of the new or replacement Sub-processor. ODRADEK will refund any prepaid fees covering the remainder of the Term of the Customer Terms following the effective date of termination with respect to such terminated Services.
9. Use of Data
10. Data Retention Period
ODRADEK will retain your information for as long as your account is active or as needed to provide you services. If you no longer want ODRADEK to use your information to provide you services, you may follow the “Withdrawal of Consent/Erasure” provision below. After closing your account, ODRADEK will solely use your information as necessary to comply with any applicable legal obligations.
11. Security Policies for Data
The safety and security of your information also depends on you. Where ODRADEK has given you (or where you have chosen) a password for access to certain parts of the ODRADEK Websites, you are responsible for keeping this password confidential. ODRADEK asks you not to share your password with anyone.
12. Withdrawal of Consent/Erasure
If, at any point, you no longer wish to have your personal data processed by ODRADEK, wish to be forgotten, or wish to have your data erased, simply send an email to firstname.lastname@example.org with the phrase “consent withdrawn” or “erase” in the subject line. Your request should include your name and email address. ODRADEK will move expeditiously to stop the processing of your personal data and to remove your personal data from its systems. Please understand that, without access to your personal data, ODRADEK may not be able to provide certain services. For example, ODRADEK will not be able to send you communications, payments, offers, or newsletters.
13. Right to Correct, Access or Portability of Data and Associated Procedure
You have the right to have any inaccurate data corrected by a data controller. You also have the right to request access to your data or request that ODRADEK make your data portable to another data controller. In order to effect any such request, you should send the request to email@example.com. Your request should include your name and email address. ODRADEK will endeavor to correct the data or to provide you your data in a simplistic and easily readable format as quickly as possible, but in no more than thirty (30) days.