Last Updated: 8th of June 2022
Utopia AG and Utopia group (Utopia AG and its affiliates and subsidiaries) ("Utopia", "we" or "us") strive to protect your privacy and to maintain a high level of data protection.
"Applicable legislation" means applicable laws, ordinances and regulations, including regulations issued by relevant supervisory authorities, concerning the protection of the fundamental rights and freedoms of natural persons and in particular the right to the protection of their personal data applicable to the processing in question; including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) ("GDPR") as well as laws, ordinances and regulations supplementing the GDPR and other legal requirements that may apply to us.
For the processing of personal data associated with Utopia’s websites, Utopia is the data controller. Where you have a business relationship with or otherwise have been in contact with another Utopia company, such Utopia company is the data controller relating to processing of personal data associated with fulfilment of e.g. contracts, engaging in regular business correspondence, maintaining records with regular details on business contact persons etc.
While the personal data we collect varies depending upon the circumstances, we may collect the following categories of personal data (subject to applicable legal requirements and restrictions):
We collect personal data from:
A. Fulfilment of contract with customers, suppliers and other business partners
If you represent or otherwise are associated with an organization or company that we do business with, we process your personal data as needed in order to fulfil the contract with such organization or company, that may be a customer, supplier, or other business partner.
We process personal data for general business purposes and in connection with the products and services that we offer customers, e.g. by way of processing personal data associated with prospective business relationships and personal data related to media/public relations.
We process personal data to manage and send out newsletters. These newsletters can e.g. contain information and updates regarding our business and our services and products. You can unsubscribe from our newsletter at any time by clicking on the unsubscribe link in the email or by contacting us on the contact details set out below.
Legitimate interest (Art. 6.1 f of the GDPR). The processing is necessary to fulfil our legitimate interest to send our newsletter.
Consent (Art. 6.1 f of the GDPR). Depending on applicable legal requirements, we may also rely on your consent for sending newsletters.
We will process personal data in connection with developing and improving our products, services and systems for customers in general and for business insights, statistics, forecasts, machine learning, and various algorithms. In connection with such purpose, we may, at our discretion and in certain circumstances, anonymize and/or de-identify such personal data.
Legitimate interest (Art. 6.1 f of the GDPR) The processing is necessary to fulfil our legitimate interests to develop and improve our products, services, and systems for the customers in general and for the production of statistics.
Legitimate interest. The processing is necessary to fulfil our legitimate interest in evaluating and monitoring the use of our websites.
Legitimate interest (Art. 6.1 f of the GDPR). The processing is necessary to fulfil our legitimate interest in improving your experience on our website and providing you with tailored content.
In order to manage and address any legal claims, e.g. in connection with a dispute or legal process, we process personal data (as applicable).
We process personal data in order to comply with legal obligations such as e.g. obligations regarding accounting and bookkeeping as well as any other applicable legal obligations.
We process personal data as necessary and required to evaluate or complete a business transaction, including, without limitation, a potential acquisition, merger, sale, or bankruptcy or in connection with providing various goods and services to you.
We process your personal data if necessary, in order to manage and protect our IT systems and services, e.g. in connection with logging, troubleshooting, backup, change and problem management in systems and in connection with any IT incidents.
We keep your personal data only for as long as is necessary for the relevant purpose identified above, or for any period of time required by applicable laws. We use a number of criteria for determining personal data retention period including our legal obligations, our need to defend or bring contractual claims within the statutory limitation period and consideration of the original purpose for which your personal data was collected.
When necessary, we share personal data with the recipients specified below. Unless otherwise stated, to the extent GDPR is applicable, named recipients are independent data controllers for their own processing of personal data.
Companies and providers of various services, including without limitation, customer relationship management (CRM) systems, payment solutions providers (e.g. banks and other payments services providers), marketing services (systems for sending newsletters) and IT services (companies that manage necessary operations, technical support and maintenance of our IT solutions and IT systems).
To enable the functioning of our products and services offered to consumers and customers.
Legitimate interest (Art. 6.1 f of the GDPR). The processing is necessary to fulfil our legitimate interest in disputes and cases being managed by competent courts and legal representatives.
Contract performance: (Art. 6.1 of the GDPR). The processing is necessary for the performance of a contract to which the data subject is party
Authorities (incl. courts) and legal representatives, as well as the Police, the Public Health Agency and the Tax Agency (as applicable)
To establish, exercise and defend legal claims; In order to fulfill any legal obligations to which we are subject, e.g. in connection with requests from authorities or other legal claims.
Legitimate interest (Art. 6.1 f of the GDPR). The processing is necessary to fulfill our legitimate interest in disputes and cases being managed by competent courts and legal representatives.
Legal obligation (Art. 6.1 c of the GDPR). The processing is necessary to fulfill legal obligations to which we are subject.
Buyers, sellers and external advisors/other parties involved
To enable business changes, e.g. sale or merger of the business or investments in general.
Legitimate interest(Art. 6.1 f of the GDPR). The processing is necessary to fulfill our legitimate interest in conducting and executing business changes.
We also share personal data internally with Utopia’s affiliated companies (such as its affiliates and subsidiaries) for the above purposes.
Appropriate safeguards for the transfer of personal data to third countries – where the GDPR applies.
If we transfer your personal data to a recipient in a country outside the UK/EU/EEA area (third country), we will ensure that appropriate safeguards have been taken (such as the EU Commission's or UK Information Commissioner’s standard contractual clauses and other necessary measures), as required under the GDPR.
Pursuant to Applicable Legislation, you may have the right, upon request, to receive a copy of the documentation demonstrating that the necessary protective measures have been taken in order to protect your personal data when transferring it to a third country. If you would like to know more about the processing of your personal data and if your personal data is transferred to a third country, please contact us by using the contact information below.
We take measures to ensure that your personal data is adequately protected from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access, when transmitted, stored or otherwise processed. The measures that we have implemented and take into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing, including associated risks. However, we cannot guarantee that unauthorized access, hacking, data loss, or other similar events will never occur. We urge you to take steps to keep your personal data safe, such as choosing a strong password and logging out of your account and closing your web browser when finished using our services.
This Policy is kept under regular review and may be updated from time to time. When we make changes to this Policy, we will change the "Last Updated" date above. If a material change is made to this Policy, we may choose to provide notice to you in advance of such change, such as by posting notice of that change on the first page of this Policy or on our homepage, or by emailing your email address of record with us.
Under California’s "Shine the Light" law (Cal. Civ. Code § 1798.83), California residents who provide us certain personal data are entitled to request and obtain from us, free of charge, information about the personal data (if any) we have shared with third parties during the immediately preceding calendar year for their own direct marketing use. Such requests may be made once per calendar year for information about any relevant third-party sharing in the prior calendar year. California residents who would like to make such a request may submit a request to the contact information provided below. The request should attest to the fact that the requester is a California resident and provide a current California address. We are only required to respond to a customer request once during any calendar year. Please be aware that not all information sharing is covered by California’s "Shine the Light" law and only information sharing that is covered will be included in our response.
If you are a resident of Nevada, you have the right to opt-out of the sale of certain Personal Information to third parties who intend to license or sell that Personal Information. You can exercise this right by contacting us at firstname.lastname@example.org with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account.
Individuals have certain additional rights where the UK/EU GDPR applies. You may, under certain conditions, exercise the following rights:
Access: You can request confirmation of whether or not your personal data is being processed and, if so, request access to your personal data and additional information such as the purpose of the processing. You also have the right to receive a copy of the personal data that is processed.
Rectification: If you notice that personal data about you is inaccurate or incomplete, you have the right to have your personal data rectified.
Object to specific processing: You can object to processing of your personal data if it is based on a legitimate interest, on grounds relating to your particular situation, or if the processing takes place for direct marketing purposes. If we are unable to demonstrate compelling legitimate grounds to continue processing, that override your interests, or if the processing is not necessary to establish, exercise and defend legal claims, we are obliged to cease the processing.
Erasure: You can have your personal data erased under certain circumstances, e.g. when the personal data is no longer needed to fulfill the purpose for which the personal data was collected or otherwise processed.
Restrict processing: Under certain circumstances, you can request that we restrict the processing of your personal data to only involve the storage of your personal data.
Withdraw consent: To the extent that the processing of personal data is based on your consent, you always have the right to withdraw your consent. Withdrawal of consent does however not affect the lawfulness of any processing that has been based on consent prior to its withdrawal.
Data portability: You have the right to request a copy of your personal data that you have provided to us, and which has been processed based on your consent (Art. 6.1 a of the GDPR) or on contractual necessity (Art. 6.1 b of the GDPR), in a structured, commonly used and machine-readable format. Moreover, you also have the right to transmit such data to another controller without hindrance from us. If technically feasible, you also have the right to request that such personal data should be transmitted from us to another data controller.
Complaints to the supervisory authority: Please contact us with questions or complaints regarding the processing of your personal data. You also have the right to lodge a complaint regarding the processing of your personal data with the data protection authority of the country in which you reside or work or where the alleged breach has occurred.
If you have any questions regarding the processing of your personal data or if you wish to exercise any of your rights, please contact us by reaching out to your regular contact person at Utopia or by using the contact details below.
Utopia Music AG