Privacy Policy - Musimap
Privacy Policy

PRIVACY POLICY

Musimap SA and Utopia group (Utopia AG and its subsidiaries) ("Musimap", "we" or "us") strive to protect your privacy and to maintain a high level of data protection.

This Privacy Policy describes our privacy practices as a data controller, including how we collect and use personal data, that are provided to us via our websites, either by way of direct contact with us or by visiting these websites, as applicable. It also contains descriptions of rights associated with personal data that you may have under Applicable legislation, and how such rights can be exercised. If you have any questions, you are always welcome to contact us.

"Applicable legislation" means applicable laws, ordinances and regulations, including regulations issued by relevant supervisory authorities, concerning the protection of the fundamental rights and freedoms of natural persons and in particular the right to the protection of their personal data applicable to the processing in question; including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) ("GDPR") as well as laws, ordinances and regulations supplementing the GDPR and other legal requirements that may apply to us.

Where terms like "processing", "personal data", "data subjects" etc. that are defined in the GDPR are used in this Privacy Policy, they shall have the same meanings in this Privacy Policy as those ascribed to them in the GDPR.

WHO IS THE DATA CONTROLLER FOR THE PROCESSING OF PERSONAL DATA?

For the processing of personal data associated with this Musimap’s websites, Musimap SA is the data controller. Where you have a business relationship with or otherwise have been in contact with another Utopia group company, such Utopia group company is the data controller relating to processing of personal data associated with fulfillment of e.g. contracts, engaging in regular business correspondence, maintaining records with regular details on business contact persons etc.

FROM WHERE DO WE COLLECT PERSONAL DATA?

We collect personal data from:

  • You, that you either provide to us yourself or that we collect from you based on your website activity.

  • The organization that you represent or are associated with, in the context of conducting our business, we process personal data in the ways that companies normally do to run business.

Such personal data may be provided by the organization that you represent or are associated with.

  • Publicly available sources, e.g. business related personal data, such as non-sensitive information related to individuals in their professional capacity, for the purposes of maintaining our business or to identify new business opportunities.

WHEN AND WHY DO WE PROCESS PERSONAL DATA?

Fulfilment of contract with customers, suppliers and other business partners If you represent or otherwise are associated with an organization that we do business with, we process your personal data as needed in order fulfil the contract with such organization, that may be a customer, supplier or other business partner.

Categories of personal data Legal basis
  • Identity information (first and family name, position)
  • Contact information (business email address, business phone number, business postal address)
  • Business correspondence data (personal data contained in emails and information on time of correspondence).
Legitimate interests (Art. 6.1 f of the GDPR). The processing is necessary for our legitimate interests to fulfil our contract with the business that individuals represent or otherwise are associated with.
Retention period: Personal data is retained during the business relationship.

General business purposes

We process personal data for general business purposes, e.g. by way of processing (business) personal data associated with prospective business relationships and personal data related to media/public relations.

Categories of personal data Legal basis
  • Identity information (first and family name, position)
  • Contact information (business email address, business phone number, business postal address)
  • Business correspondence data (personal data contained in emails and information on time of correspondence).
Legitimate interests (Art. 6.1 f of the GDPR). The processing is necessary to run our business.
Retention period: We will retain the personal data for as long as it may be relevant, which may be up to one (1) year following our latest contact. Where the contacts have led to a business relationship, the personal data will be processed as described in the previous section, i.e. Fulfilment of contract.

Provide you with information about our business via newsletters

We process personal data to manage and send out newsletters. These newsletters can e.g. contain information and updates regarding our business and our services and products. You can unsubscribe from our newsletter at any time by clicking on the unsubscribe link in the email or by contacting us on the contact details set out below.

Categories of personal data Legal basis
  • Identity information (first and family name, position)
  • Contact information (business email address, business phone number, business postal address)
  • Business correspondence data (personal data contained in emails and information on time of correspondence).
Legitimate interest (Art. 6.1 f of the GDPR). The processing is necessary to fulfill our legitimate interest to send our newsletter.

Consent (Art. 6.1 f of the GDPR). Depending on applicable legal requirements, we may also rely on your consent for sending newsletters.
Retention period: Your personal data is retained for this purpose until you unsubscribe from the newsletter or after 12 months of inactivity.

Where you subscribe, we will process personal data about your choice to unsubscribe to comply with such request.

Develop and improve our products, services and systems for the customers in general and for the production of

statistics

We will anonymize personal data for the purposes of subsequently using the anonymized data to develop and improve our products, services and systems for customers in general and for the production of statistics.

Categories of personal data Legal basis
  • Identity information (first and family name, position)
  • Contact information (business email address, business phone number, business postal address)
  • IPI number, ISNI number
  • Payment transaction data
Legitimate interest (Art. 6.1 f of the GDPR) The processing is necessary to fulfill our legitimate interests to develop and improve our products, services and systems for the customers in general and for the production of statistics.
Retention period: Statistics and other information at the aggregate level that cannot identify you as an individual are saved for the time being.

Evaluate and monitor the use of our website

In order to analyze and better understand how our websites are used, we process your personal data, which we e.g. have collected by using cookies and similar technologies. This is done by e.g. collecting visitor and click statistics, from which website you came from, which pages you visited on our website and for how long time/number of times. Please read more in our Cookie Policy.

Categories of personal data Legal basis
  • User-generated data
  • Geographical information, based on IP address
Legitimate interest (Art. 6.1 f of the GDPR). The processing is necessary to fulfill our legitimate interest in improving your experience on our website and providing you with tailored content.
Retention period: Non-personal data that are processed at an aggregate level are stored for an indefinite period.

Manage and address legal claims

In order to manage and address any legal claims, e.g. in connection with a dispute or legal process, we process personal data (as applicable).

Categories of personal data Legal basis
All information necessary to manage and address the legal claim.Legitimate interest (Art. 6.1 f of the GDPR). The processing is necessary to fulfill our legitimate interest in managing and addressing legal claims, e.g. in connection with a dispute or legal process.
Retention period: Personal data is retained during the period necessary to manage and address the legal claim.

Comply with other legal obligations

We process personal data in order to comply with legal obligations such as e.g. obligations regarding accounting and bookkeeping as well as any other applicable legal obligations.

Categories of personal data Legal basis
All information that is necessary to fulfill the respective legal obligation.Legal obligation (Art. 6.1 c of the GDPR). The processing is necessary to fulfill legal obligations to which we are subject.
Retention period: Personal data is retained for the period necessary in order for us to fulfill legal obligations to which we are subject.

Manage and protect systems and services

We process your personal data if necessary in order to manage and protect our IT systems and services, e.g. in connection with logging, troubleshooting, backup, change and problem management in systems and in connection with any IT incidents.

Categories of personal data Legal basis
All information listed above.Legitimate interest (Art. 6.1 f of the GDPR). The processing is necessary to fulfill our legitimate interest in managing and protecting our IT systems and services.
Retention period: Personal data is retained for the same period as stated in relation to the respective purpose above.

WITH WHOM DO WE SHARE PERSONAL DATA?

When necessary, we share personal data with the recipients specified below. Unless otherwise stated, named recipients are independent data controllers for their own processing of personal data.

Recipient Purpose Legal basis
Companies that offer payment solutions (e.g. banks and other payments services providers) To enable payments for our products or services. Legitimate interest (Art. 6.1 f of the GDPR) to enable processing of payments.
Authorities (incl. courts) and legal representatives To establish, exercise and defend legal claims. Legitimate interest (Art. 6.1 f of the GDPR). The processing is necessary to fulfill our legitimate interest in disputes and cases being managed by competent courts and legal representatives.
Buyers, sellers and external advisors/other parties involved To enable business changes, e.g. sale or merger of the business or investments in general. Legitimate interest(Art. 6.1 f of the GDPR). The processing is necessary to fulfill our legitimate interest in conducting and executing business changes.
Authorities (e.g. the Police, the Public Health Agency and the Tax Agency) In order to fulfill any legal obligations to which we are subject, e.g. in connection with requests from authorities or other legal claims. Legal obligation (Art. 6.1 c of the GDPR). The processing is necessary to fulfill legal obligations to which we are subject.

Suppliers acting as data processors

Similar to most businesses, we engage suppliers to process personal data on our behalf, for the purposes set out above. Such suppliers include e.g. providers of customer relationship management (CRM) systems, marketing services (systems for sending newsletters) and IT services (companies that manage necessary operations, technical support and maintenance of our IT solutions and IT systems). We conclude contracts with such suppliers as required under Applicable legislation.

Appropriate safeguards for the transfer of personal data to third countries – where the GDPR applies

If we transfer your personal data to a recipient in a country outside the EU/EEA area (third country), we will ensure that appropriate safeguards have been taken (such as the EU Commission's standard contract clauses and other necessary measures), as required under the GDPR.

Pursuant to applicable data protection legislation, you have the right, upon request, to receive a copy of the documentation demonstrating that the necessary protective measures have been taken in order to protect your personal data when transferring it to a third country. If you would like to know more about the processing of your personal data and if your personal data is transferred to a third country, please contact us by using the contact information below.

TECHNICAL AND ORGANIZATIONAL MEASURES TO PROTECT PERSONAL DATA

We take measures to ensure that your personal data is adequately protected from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access, when transmitted, stored or otherwise

processed. The measures that we have implemented take into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing, including associated risks.

INDIVIDUALS' RIGHTS UNDER THE GDPR

In connection with our processing of your personal data, you may, under certain conditions, exercise the following rights:

Access

You can request confirmation of whether or not your personal data is being processed and, if so, request access to your personal data and additional information such as the purpose of the processing. You also have the right to receive a copy of the personal data that is processed.

Rectification

If you notice that personal data about you is inaccurate or incomplete, you have the right to have your personal data rectified.

Object to specific processing

You can object to processing of your personal data if it is based on a legitimate interest, on grounds relating to your particular situation, or if the processing takes place for direct marketing purposes. If we are unable to demonstrate compelling legitimate grounds to continue processing, that override your interests, or if the processing is not necessary to establish, exercise and defend legal claims, we are obliged to cease the processing.

Erasure

You can have your personal data erased under certain circumstances, e.g. when the personal data is no longer needed to fulfill the purpose for which the personal data was collected or otherwise processed.

Restrict processing

Under certain circumstances, you can request that we restrict the processing of your personal data to only involve the storage of your personal data.

Withdraw consent

To the extent that the processing of personal data is based on your consent, you always have the right to withdraw your consent. Withdrawal of consent does however not affect the lawfulness of any processing that has been based on consent prior to its withdrawal.

Data portability

You have the right to request a copy of your personal data that you have provided to us, and which has been processed based on your consent (Art. 6.1 a of the GDPR) or on contractual necessity (Art. 6.1 b of the GDPR), in a structured, commonly used and machine-readable format. Moreover, you also have the right to transmit such data to another controller without hindrance from us. If technically feasible, you also have the right to request that such personal data should be transmitted from us to another data controller.

Complaints to the supervisory authority

Please contact us with questions or complaints regarding the processing of your personal data. You also have the right to lodge a complaint regarding the processing of your personal data with the data protection authority of the country in which you reside or work or where the alleged breach has occurred.

CONTACT US

If you have any questions regarding the processing of your personal data or if you wish to exercise any of your rights, please contact us by reaching out to your regular contact person at Musimap or by using the contact details below.

Musimap SA
Address:
Rue de Harlez 51
4000 Liège
Belgium
Email: compliance@utopiamusic.com

We may update this Privacy Policy from time to time. We recommend that you visit this page on a regular basis to get the latest information regarding our processing of personal data. This Privacy Policy was last updated 24 January 2022.