Musaic, Inc.

PRIVACY NOTICE

Our contact details

Name: Musaic, Inc.

Address: 2093 Philadelphia Pike #5168, Claymont, DE 19703, United States

Website: https://www.musaic.co

Email: feedback@musaic.co

Introduction

This privacy notice relates to data collected via our websites, apps and communications with you. We believe that fan feedback is a crucial ingredient in helping artists optimize the journey for their fans. Musaic is a platform helping artists and fans better engage with one another.  In order to achieve this, we will be processing personal data of artists, fans and other users. This privacy notice explains what data we use and how we use it to provide the services offered through our website and apps.

From time to time, we may develop new or offer additional services. If the introduction of these new or additional services results in any material change to the way we collect or process your personal data, we will provide you with more information or additional terms or policies. Unless otherwise stated, when we introduce these new or additional services, they will be subject to this privacy notice.

What type of information we collect from you

We have set out in the tables below the categories of personal data we collect and use about you and how we collect it.

1. The personal data collected when you sign up for Musaic services, either as an artist or a fan is set out below:

User Data

This is the personal data that is collected about you when you sign up to our services and may include:

  • Email address
  • First and last name
  • Phone number
  • Bio and user name
  • Background photo
  • Social media user names and handles
  • Messaging app usernames
  • PayPal and other financial details

Some of the data we will ask you to provide is in order to create an account. You also have the option to provide us with additional data in order to make your account more personalised.

The exact data we collect depends on how you create your account and whether you use third party services (such as Instagram, Spotify, Google, and Apple) to sign up and use the services. If you use a third party service to create an account, we will receive personal data via that third party service, but only if you consent to that third party sharing data with us.

2. The personal data collected through your use of the services is set out below:

Usage Data

This is the personal data that is collected about you when you use our services and includes:

  • Information about your interactions with the service (including the date and time of your interactions), both qualitative and quantitative data such as your search results, which features you use and frequency of use, which ones you avoid, which posts and content are most and least viewed, what your usage history is
  • Inferences drawn about your interests and preferences and aggregated feedback of this
  • User content you post such as photos, videos, music, file uploads, form submissions, user questions, comments and likes etc
  • Certain technical data, which may include page views, clicks, scrolls, IP addresses and device type
  • Feedback you provide
  • Support queries
  • Information we receive from you in connection with facilitating the sale or merchandise and processing returns of merchandise

[Payment tokens/confirmation]

3. Data we may collect from third party sources is set out below:

Authentication partners

  • If you register for or log into our services using third party credentials (e.g. Google, Apple, Facebook, Instagram, Spotify etc), we will import your information from such third party to help create your account with us

Payment partners

  • If you choose to pay for a service or feature by invoice, we may receive data (such as a payment token) from our payment partners such as PayPal and Stripe to enable us to send you invoices, process payment and provide you with what you’ve purchased

Aggregated data

  • We may obtain certain analytical data, such as cookie id or other analytics that enables us to provide dashboard and overview information to our artists

What we use your information for

In general, we use your information for the following purposes:

  • Refine products via usage data: We take a data-driven approach to decision-making around our product. In order to build the world’s best tools for independent musicians, we collect qualitative as well as quantitative data around which features they prefer and use, as well as which ones they avoid. All of these data points inform our process for planning, prioritizing, as well as iterating for the products we build.
  • Empower creators with fan behavioural data: We believe that fan feedback is a crucial ingredient in helping artists optimize the journey for their fans. Thus, we plan to publish fan engagement data to artists via a web-based dashboard so that they can better understand how their fans perceive their online presence.
  • Report to current and prospective company stakeholder: In our efforts to attract investors or manage stakeholders of the business, we will present data to help these parties better understand the business we are in as well as the traction we have.
  • Establish thought leadership: As we grow, we may identify interesting trends within the data that we believe, if published, would benefit the greater creator community. In these instances, we may publish aggregated, anonymized data in order to support a certain narrative.
  • Facilitate sales and purchases of artists’ merchandise: We believe that providing interactions and other merchandising opportunities for fans and artists is a vital way of helping fans and artists connect.

Under GDPR we are required to give you a lawful basis for our processing of your data. We can outline this as follows:

1.

Description of why we process your personal data (“purpose”)

To register you for and to provide the services, personalised if applicable

Legal basis for the purpose

  • Performance of a contract
  • Legitimate interest
  • Consent

Categories of personal data used by Musaic for the purpose

  • User Data
  • Usage Data

2.

Description of why we process your personal data (“purpose”)

To understand, diagnose, troubleshoot and fix issues with the service

Legal basis for the purpose

  • Performance of a contract
  • Legitimate interest

Categories of personal data used by Musaic for the purpose

  • User Data
  • Usage Data

3.

Description of why we process your personal data (“purpose”)

To analyse use of the service

Legal basis for the purpose

  • Performance of a contract
  • Legitimate interest

Categories of personal data used by Musaic for the purpose

  • Third Party Data
  • User Data
  • Usage Data

4.

Description of why we process your personal data (“purpose”)

To evaluate and develop new features, technologies, and improvements

Legal basis for the purpose

  • Legitimate interest

Categories of personal data used by Musaic for the purpose

  • Third Party Data
  • User Data
  • Usage Data

5.

Description of why we process your personal data (“purpose”)

For marketing and promotion purposes and help users navigate and discover content on the platform

Legal basis for the purpose

  • Consent
  • Legitimate interest

Categories of personal data used by Musaic for the purpose

  • User Data
  • Usage Data

6.

Description of why we process your personal data (“purpose”)

To comply with legal obligations and law enforcement requests and establish exercise or defend legal claims

Legal basis for the purpose

  • Compliance with legal obligations
  • Legitimate interest

Categories of personal data used by Musaic for the purpose

  • Third Party Data
  • User Data
  • Usage Data

7.

Description of why we process your personal data (“purpose”)

To fulfil licensing/contractual obligations to third parties

Legal basis for the purpose

  • Compliance with legal obligations
  • Legitimate interest

Categories of personal data used by Musaic for the purpose

  • Third Party Data
  • Usage Data

8.

Description of why we process your personal data (“purpose”)

To facilitate the sale/purchase of artists’ merchandise

Legal basis for the purpose

  • Compliance with legal obligations
  • Legitimate interest

Categories of personal data used by Musaic for the purpose

  • Third Party Data
  • Usage Data

Sharing Your Data

The following personal data will be shared with the categories of recipient outlined below where consent is given

Categories of Recipient

Your fans and other users

  • Reason for sharing: Our services enable you to share and/or view clips, videos, music, Q&As, events and other content with your fans and other users of our services.  If you provide a testimonial then we may also post that on our app and website. If you communicate with your fans via our interactive tool, DisQus, your fans and DisQus will also receive information via this media

Artists

  • Reason for sharing: Our services enable you to communicate with your favourite artists, listen to content, ask them questions, see information and other content posted by them, book events with them. Your user ID would be shared with the artists in this context, together with any likes you post, questions and comments you post.
  • We also provide our artists with an overview of the interaction with their posts and page, to give them feedback on the popularity of the content

Service providers

  • Reason for sharing: We work with service providers that work on our behalf which may need access to certain personal data in order to provide their services to us. These companies include those we've hired to provide customer service support, operate the technical infrastructure that we need to provide the services and store data, provide a discussion tool enabling artists and fans to communicate, assist in protecting and securing our systems and services, providers of analytics and help market our own products and services.  All these service providers are currently based in the United States.

Web shop service providers

  • Reason for sharing: We will work with service providers in connection with orders and dispatch of artists’ merchandise, including warehouse dispatch and couriers. Couriers involved in the delivery of any merchandising goods act as data controllers in respect of the data you provide them and their own privacy terms will apply to their use of any data. These are [currently based in the United States]

Payment processors and providers

  • Reason for sharing: We handle payments to and from you through a third party provider, such as PayPal, based in the United States. We do not share personal data with them and the services are subject to their terms and conditions and privacy policy. We will receive a payment token or confirmation from them when payment has been processed.

Law enforcement authorities

  • Reason for sharing: If we receive a court order, for example that confirms you’re a terrorist or engaged in criminal activities, we may disclose your IP address and phone number to the relevant authorities.  So far this has never happened.

Data retention and deletion

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

We retain your personal data as follows:

  1. Account registration and maintenance, managing our relationship with you such as request feedback, review or survey and review responses  - Once you have registered an account with the platform, your account details will be kept in our database, unless deleted by you or if you ask us to delete the details. We will also delete your account, approximately two years after the account was last active.
  2. Marketing – We will retain your personal data that we process with your consent for marketing purposes until such time as your consent is withdrawn. Two (2) years after you give consent for marketing purposes, we will ask you to re-confirm your consent. If consent is not re-confirmed, then within three (3) months, your personal data will be deleted from our marketing database. If we become aware that an email address is not current or functional, we will remove that email address from the database and then delete it within three (3) months. For avoidance of doubt, if you withdraw your consent or your consent is not re-confirmed, we will not conduct any marketing that is necessary for our legitimate interests.
  3. Handling queries/complaints relating to your account  - we will retain all data relating to your account, and associated queries for the applicable limitation period under applicable national laws relevant for claims for breach by us of any contract between you and us. Please contact us for further information on limitation period.
  4. To keep records of transactions and processing activities - we will retain all financial data provided or generated in connection with your orders for the legal retention period for tax, audit and associated reports/accounting.
  5. To operate the platform, provide support, deliver web content to fans etc  - we will maintain this data for the duration of the platform and the applicable limitation period relevant for claims for breach of contract.
  6. To use data analytics and map data flows to improve the platform, products/services, marketing, customer relationships and experiences  –this data will be retained in accordance with our cookie policy [LINK]

At the end of each retention period we will delete your personal data (for example deleting your account or the data held in the applicable database).  However, if such data is necessary to fulfil other purposes, we will keep your personal data but only to process it for such other purposes. Where we rely on the legal retention period, at the end of the legal retention period personal data held in databases will be deleted, paper documents containing personal data will be securely shredded by a certified third party service provider and personal data stored in other electronic documents will be deleted.

International transfers

Musaic is based in the United States and our service provider partners involved in the provision of storage facilities are all headquartered in the San Francisco Bay area. Other service providers, used in connection with the hosting of our website code, customer support, discussion forums or mailing services are based in other parts of the United States. For users of our services and website based in the UK and European Economic Area, this means that your data will be transferred outside of the EEA in connection with the services. We will make sure that this is done in accordance with GDPR and will implement standard contractual clauses and/or other measures to this end.

The list of processors we use is available at any time on request by emailing us using the contact details above.

Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. These include encryption of sensitive information and database security rules to limit access to those who have access rights. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable supervisory authority of a breach where we are legally required to do so.

Children

Our services are not aimed at children under [16] years old and we do not knowingly collect data from children under [16].  If you are under [16] we will require parental consent to process your data.

Your rights

Under certain circumstances, you have rights under EU data protection laws in relation to your personal data. If you wish to exercise any of the rights set out above, please contact us.

Marketing

We will inform you (before collecting your data) if we intend to use your data for marketing purposes. We will only use your data for this if you have opted in.  You have the right to opt out at any time.

Correction of information

If you notify us that the personal data we hold is incomplete or inaccurate we will correct or complete the information as soon as possible.

Deletion of personal data

You have the right to request that your personal data be deleted in certain circumstances including if we no longer need it for the purpose we collected it, or, where our legal basis for processing is that you have given consent, you withdraw your consent.

Following such a request we will erase your personal data without undue delay unless continued retention is necessary and permitted by EU data protection laws.

Object to processing

You have the right to object to us processing your personal data where we are relying on our legitimate interest on grounds of your particular situation. In some cases, we will demonstrate that we have compelling legitimate grounds to process your information which override your interests, rights and freedoms, such as our interest to keep the data for the establishment, exercise or defence of legal claims. You also have the right at any time to object to our processing of your personal data for direct marketing purposes.

Restriction on processing

You have the right to request that we suspend processing your personal data, but hold it for you, in the event the personal data we hold is inaccurate, the processing is unlawful or we no longer need the personal data. Once the processing is restricted, we will only continue to process your personal data by storing it and if you consent or we have another legal basis for doing so, for example when it is necessary to establish, exercise or defend legal claims.

Access to information

You have the right to obtain confirmation from us as to whether we are processing any of your personal data and, if so, details of the personal data and how we are processing it. In addition, you have the right to request a copy of the information held about you. Any such request will usually be free of charge. We will endeavour to provide information in a format requested, but we may charge you a reasonable fee for additional (duplicate) copies based on our administrative costs.

Data Portability

You have the right, in certain circumstances, to receive a copy of your personal data which you gave to us digitally. The copy will be provided in a commonly used and machine-readable format. You can also have it transmitted directly from us to another data controller, where reasonably technically possible. If you wish to exercise any of the rights set out above, please contact us.

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

Withdraw consent at any time

You may withdraw your consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

The right to complain to your supervisory authority

You have the right to complain to the supervisory authority if you believe we are in breach of our data protection obligations. You may complain to the supervisory authority of your habitual residence, place of work or of an alleged infringement of our data protection obligations.  You can find information about the relevant supervisory authority here: [https://edpb.europa.eu/about-edpb/board/members_en].

What we need from you when you exercise your rights

We will request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We will respond to all requests without undue delay and in any event within one month of receiving your request. However, occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

EEA Representative

If you live in a country in the European Economic Area (EEA), the Services are provided by Musaic, which for the purposes of applicable data protection legislation is the data controller responsible for your personal data when you use our services. However, as Musaic is located outside the EEA, we have designated our [EEA-based group company [                 ], as a representative to whom you may direct any issues you have relating to our processing of your personal data.

Additional Information for users based in the United States

Users of the Services who are California residents and are under 18 years of age may request and obtain removal of user content they posted by contacting us at: [ADDRESS]. All requests must be labelled “California Removal Request” on the email subject line. All requests must provide a description of the user content you want removed and information reasonably sufficient to permit us to locate that user content. We do not accept California Removal Requests via postal mail, telephone, or facsimile. We are not responsible for notices that are not labelled or sent properly, and we may not be able to respond if you do not provide adequate information. Please note that your request does not ensure complete or comprehensive removal of the material. For example, materials that you have posted may be republished or reposted by another user or third party.

We have not sold any PII in the last 12 months and except as described in this policy, we will not give, sell, rent or loan any personal information to any third party, unless: (1) it is necessary to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Service, or as otherwise required by law; (2) we are acquired by or merged with another company; or (3) we are required to disclose personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. In this event, we may notify you before information about you is transferred and becomes subject to a different privacy policy.  

Under California Civil Code sections 1798.83 – 1798.84, California residents who have an established business relationship with us are entitled to ask us for a notice describing what categories of personal customer information we share with third parties for those third parties’ direct marketing purposes and to opt-out of sharing your personal information with third parties for direct marketing purposes. That notice will identify the categories of information shared and will include a list of the third parties with which it was shared, along with their names and addresses. If you choose to opt-out or would like a copy of this notice, please submit a written request to the following address: 2093 Philadelphia Pike #5168, Claymont, DE 19703, United States. Please allow 30 business days for a response.