BELIEVE is a French simplified joint stock company (société par actions simplifiée) registered with the Paris Trade and Companies Register (RCS) under number 481 625 853, whose registered office is located at 24 rue Toulouse Lautrec 75017 PARIS, acting as data controller.
I – THE CONTENT OF THE DATA
BELIEVE may collect and process in connection with the activities of the Sites and Services, personal data and other information as listed below (collectively referred to as the “Data“).
BELIEVE draws the attention of its Users to the fact that it does not collect or process any sensitive personal data, i.e. data which directly or indirectly reveals racial or ethnic origins, political, philosophical or religious opinions or the trade union membership of Users, as well as genetic, biometric data for the purpose of identifying a single natural person User or which relate to the health or sexual life of the User, and to any such purpose. Within the framework of the Sites or Services, BELIEVE does not collect any of this data and asks its Users not to send such data under any pretext.
1.1 Personal data
Personal data (hereinafter “Personal Data“) means information that directly (e.g. surname, first name) or indirectly (e.g.: telephone number, location data, bank account, IP address, voice, image, etc.) relates to an identified or identifiable natural person. This may concern depending on the Sites, the status of the User and/or the means of collection, the following Personal Data:
- first name;
- for performing artists or their representatives only: their stage name;
- postal address (invoicing or delivery);
- fixed or mobile telephone number;
- email address;
- bank information (bank account, PayPal or other accounts, RIB [bank account details], or credit card number, expiry date, visual cryptography);
- languages spoken or languages of use of the Sites or Services;
- any personal information enabling Users to remember their personal identifiers and passwords attached to their personal account on the Sites when registration for the Services so provides in case the information is forgotten or lost;
- for minors under the age of 15 the last name, first name, email address of their parents or their legal representative;
- for performing artists or their representatives only: textual, graphic, photographic or video elements or sound related to a sound recording reproducing the performance by a performing artist (hereinafter a “Recording“) or videos reproducing an audiovisual work produced by setting images to illustrate the interpretation of a musical work that is the subject of a Recording (hereinafter a “Music Video“);
- for performing artists or their representatives only: sleeves, words, videos, titles of works (compositions with or without words), names, stage names, pseudonyms, biographies, videos and photos of performing artists, names of songs and albums and associated artists, the year of release of songs and albums and the name of the person or entity that holds the rights to album songs, arrangements, and/or illustrations;
- for performing artists or their representatives only: metadata necessary for the identification of the works fixed on the Recordings and Music Videos, and their assigns, in particular the names of authors, composers, publishers, ISWC codes of the works, the names of all assigns, ISRC, UPC codes, etc.
- for performing artists or their representatives only in case of registration for Services requiring the collection of such information: the tax identification number;
- content of the purchase basket of Products or Services;
- IP address (the number automatically assigned by your Internet Access Service Provider or the MAC address of your electronic devices from which access to the Site(s) is made and which are the subject of automatic identification and recording for each use of the Site(s);
- demographic data on Users (e.g. age, sex, place of residence);
- data on the tastes, musical preferences (playlists) of Users or other shared data collected from music platforms;
- the technical information of the cookie type referred to in point VII below;
- geographical geolocation data, in particular through GPS signals sent by mobile telephony devices: when Users use geolocation services offered by the Sites for example to offer them personalised advertisements, BELIEVE will first collect their express authorisation (opt-in). Users may in this case, at any time, return revoke said authorisation (opt-out);
- third party data (contacts, friends) provided by Users. BELIEVE reminds Users that they warrant to BELIEVE that they have obtained the express consent of said third parties to communicate their data to BELIEVE.
The mandatory Personal Data to be provided by the User to benefit from the Services or to order the Products are specified in the registration forms on the Sites.
1.2 Other information
BELIEVE also collects other data that does not necessarily lead directly or indirectly to the identification of Users in their capacity as a natural person (hereinafter the “Other Information“). If applicable law or regulations require the processing of the Other Information as Personal Data, it shall be used in accordance with the conditions described and for the purposes set out in III below:
- information on the Internet browser and the devices used by Users to access the Sites such as the type of device used, screen resolution, version of operating system, type and version of the Internet browser used, as well as the type and version of the Service used. A unique identifier may be assigned to the device from which users access the Service(s) by BELIEVE or its service providers;
- data relating to the use of widgets, mobile applications or other communication services: within this context BELIEVE may likely to collect the unique identifier, as well as other information relating to the device concerned so it can provide content and advertising to the devices. It may also collect the date and time of access to the servers, as well as the files and information downloaded;
- server Log files to calculate the rate of use of the Services, to enable the management of the Services, to diagnose problems affecting the servers, or to determine your geolocation data;
- information collected using cookies, web beacons, pixel tags or other similar technologies;
- demographic or other information where it does not permit the identification of a person;
- information on the use of the Services via analytical tools to enable BELIEVE to provide Users with enhanced services. The information thus collected may provide BELIEVE with information concerning the services and functions most used in connection with the Sites or Services, the type of equipment used, its characteristics, country and download language;
- information cross-referencing to create user profiles;
- responses to a survey or questionnaire submitted by BELIEVE on the use of the Services or the Sites.
Mandatory Other Information to be provided by the User to benefit from the Services or to order the Products will be specified in the registration forms on the Sites.
II – DATA COLLECTION METHODS
2.1 BELIEVE is required to collect the Personal Data of Users of the Site(s) or the Service(s) depending on their use, particularly in the following frameworks:
- the opening of an account on the Sites;
- viewing a Site;
- subscription to Services;
- creating a user account;
- downloading or using a Site (including mobile application, widget or API);
- the purchase of Products;
- subscription to newsletters or other types of communications;
- sending a complaint on a Product or Service;
- public concerts or events;
- publicly available databases;
- commercial or media partners in marketing or promotional operations related to BELIEVE’s activity;
- use of the User’s personal account via one of the social networks, a platform or a third party service to connect to one or more of its accounts on the Sites: in this case, certain Personal Data from the User’s personal account on the social network or other third party service may be shared with BELIEVE (e.g.: the name, e-mail address, photos, contact list, listening history, songs or favourite artists, and any other information to which BELIEVE has access when the User logs on through his or her personal account on a social network or on any other third party service);
- the User’s participation via their personal account at a social network a third party platform or service, or directly on Sites for games, competitions, draws, quizzes or any other promotional operation organised by BELIEVE.
2.2 BELIEVE is required to collect the Other Information of Users of the Sites or Services depending on their use, particularly in the following frameworks:
- via browsers, devices, and uses by Users of widgets and other digital applications on these devices;
- via server log files;
- via geolocation when Users have given their express consent to BELIEVE;
- through the sharing of information and data.
III – PURPOSES OF PROCESSING
BELIEVE collects and processes User Data, according to their status, to provide Products or Services to them, in particular for:
- creating a personal account for the User to provide the Service(s) or to purchase a Product(s);
- distributing music, collecting royalties and paying performing artists who have subscribed to the Services;
- providing and delivering the Products purchased by the User(s);
- responding to questions from the User(s) via our contact forms for information or complaints;
- optimising the use of the Site(s);
- providing new Services and improving them;
- providing quality customer experience for Users;
- conducting payment transactions in the event of purchase of Products or Service(s);
- sending, purchasing or sharing gift cheques, messages, links to albums or songs, music information or clips or other BELIEVE Services with contacts, friends, members of their families of Users or other BELIEVE Users. In this case, Users must necessarily have obtained the express consent of the recipient of the message and communicate to BELIEVE their name, first name, email address and/or postal address in the event of sending by mail. The personal data provided by the Users in this context will only be processed in the context of the purposes for which they were collected;
- sending Users newsletters or other types of commercial or promotional communications from BELIEVE or third party partners or service providers with whom they intentionally registered according to the chosen means of communication (post, e-mail, SMS or any other digital messaging tool). For SMS messages sent to the telephone number provided by the User, specific fees may apply. Users should check the applicable rates with their mobile phone operator. Users may, however, at any time state they no longer wish to receive SMS communications by sending STOP via SMS after receiving the message. They will then be de-registered;
- facilitating sharing functions on social networks used by Users;
- analysing User Data with a view to establishing internal reports or other internal studies to improve the operation and/or personalisation of the Services offered;
- personalising Users’ experience using the IP address, by offering appropriate content, Products and Services;
- conducting anonymous aggregate statistical studies. Users’ Data rendered anonymous will no longer be considered personal data enabling Users to be identified;
- combating fraud, ensuring the security of the Sites, and preventing data security breaches as defined by the General Data Protection Regulation (GDPR)
- identifying and understanding the trends in the use of the Services, and preferences;
- determining and improving the effectiveness of marketing and promotion techniques and promotional and advertising campaigns to be able to adapt them to the users’ purposes and needs;
- offering personalised content or advertisements when the User has expressly so consented, in particular through geolocation;
- providing or improving the operation or promptness of technical support services for the Sites and the Services or associated customer services.
IV – LEGAL BASES FOR DATA PROCESSING
The legal basis for the Processing of User Data as referred to in point III above may be, as appropriate and in the context in which they are collected:
- the consent of the User;
- the performance of an agreement stipulated between BELIEVE and the User;
- a legal obligation when processing is required by law;
- BELIEVE’s legitimate interest, for example, in improving its offers of Products and Services, preventing fraud, securing Sites and Services, or personalising communications.
V – RECIPIENTS OF THE DATA
The User Data is intended for the BELIEVE Sites and Services to which the Users have subscribed or the purchase of Products made on the BELIEVE Sites. BELIEVE shall ensure that only authorised persons can access your personal data when necessary for the purposes referred to in point III above. The communication of User Data is made by BELIEVE only when necessary and in compliance with the security measures implemented by BELIEVE.
The User Data Recipients may be:
- BELIEVE’s subsidiaries;
- third party providers with whom BELIEVE works to facilitate the provision of the Services or access to SITES, such as hosting, data analysis, processing of payment transactions and repayment of royalties, processing of orders for the Products and Services, providing infrastructure, information technology services, customer services, e-mail distribution, audit services or any other similar services;
- for performing artists or their representatives only: the information provided may, among other things, be used to track how certain albums and/or songs sell for their ranking. By using BELIEVE Services, Users agree that BELIEVE may provide information relating to the sale of Records or Music Videos to third parties (e.g. platforms), to aggregate this information in diagrams and/or other comparative information support materials, and also to disseminate it in accordance with the General Terms and Conditions of Sale of the Services;
- third-party providers or performing artists or labels or customers of BELIEVE who may send advertising and promotional communications to Users who so consent via traditional or digital media or means of communication;
- third party organisers or administrators of game operations, competitions, draws or any other similar promotion.
BELIEVE may also communicate User Data to duly authorised persons, in the following cases:
- to comply with applicable legislation, including that of countries other than your country of residence;
- to respond to injunctions or requests from public or governmental authorities, including those of public or governmental authorities based in countries other than the country of residence of the User;
- to apply or enforce the general terms and conditions of sale and use of the BELIEVE Services, to protect the activities of BELIEVE or its subsidiaries or performing artists, labels and producers;
- to protect the rights, security and property of BELIEVE or its subsidiaries or artists, labels or producers;
- for the recognition, exercise or defence of BELIEVE’s legal rights;
- to make any necessary recourse or to limit damages as well as any other sentences that may be pronounced against BELIEVE or its subsidiaries;
- in the event of reorganisation, merger, acquisition, joint venture or any other form of transfer of all or part of BELIEVE or its assets to the third parties in question;
- in the event of explicit consent of the specific Users for the proposed data transfers;
- the transfer is necessary for important reasons of public interest;
Information, documents or Data published or communicated by Users in connection with the Services becomes public domain information and may therefore be made available to other users of the Services or generally distributed on the Internet or on other communication networks. Under no circumstances will BELIEVE be liable for the consequences arising from the use or communication of any information or data that has been the subject of voluntary communication by Users through any of the Services.
BELIEVE may use and communicate such Data in accordance with the General Terms and Conditions of Use of the Services or sale of the Products in question.
VI – DATA RETENTION PERIOD
BELIEVE only retains User Data for the time necessary to achieve the objective pursued by the purpose of processing, to meet the needs of Users or to meet its legal obligations.
The data retention criteria established by BELIEVE include:
- term of the agreement between BELIEVE and the User;
- retention period required by applicable regulations (accounting obligations, archiving obligations);
- duration of the User’s consent for certain uses;
- for prospects (in the absence of any subscription to a Service or purchase of Products) for a maximum period of 1 year from the collection of the Data;
- for a maximum period of 13 months for cookies.
When BELIEVE no longer needs to use the User Data, it is deleted from its systems and databases or anonymised so that Users can no longer be identified.
VII – DATA COLLECTED BY THE INTERMEDIARY OF COOKIES
7.1 Definition of cookies and collection of consent
Cookies are computer files containing a number of items of information downloaded from Users’ devices when they visit a website. At each subsequent visit, cookies will be transmitted either to the original website or to any other site that recognises them. Cookies are useful because they allow a site to recognise the User’s device without, however, allowing the user to be identified.
Cookies allow BELIEVE to improve its Sites and offer a better, more personalised service, for example by storing information about User preferences and to recognise Users during their subsequent visits.
Cookies can be configured by Users in their browser and in the window displayed by BELIEVE on the Sites intended for this purpose. Users will have the opportunity to configure cookies, accept those they wish or refuse to manage their preferences, in the configuration window provided for this purpose. However, the modification of certain parameters may have an impact on the proper functioning of the Sites. Users have the option of accepting or refusing cookies or modifying their settings at any time. Acceptance of cookies constitutes consent by the User.
7.2 Cookies used on the Sites
BELIEVE may be required to use the following categories of cookies on the Sites:
- strictly necessary cookies: These cookies are essential and necessary to allow users to browse the Sites, use Site functionalities, and access secure areas (e.g. accounts). Without these cookies, certain features or Services cannot be provided. These cookies are not used to target Users, advertise, or memorise their browsing on the Internet;
- performance cookies: These cookies collect information about how Users or simple visitors use the Sites (e.g. which pages are visited most often or whether an error message is displayed on the site). These cookies do not collect information identifying Users as a visitor. All information collected by cookies is aggregated and therefore anonymous. Cookies are only used to improve the functioning of the website;
- functional cookies: These cookies remember user settings such as the country from which the site was visited, the language used or the region in which the User is located. This information may then be used to provide an experience better adapted to User choices to make their visits more appropriate. Information collected by these cookies may be made anonymously. Cookies may not be used to trace browsing activity on other sites;
- targeting or advertising cookies: These cookies collect information about users’ browsing habits in order to make the advertising proposed more relevant to their interests. They are used to limit the number of times an advertisement or advertising campaign is displayed as well as to measure its effectiveness. Cookies are generally placed by a third-party advertising system with the agreement of the website operator. They remember the websites consulted and this information can be shared with third parties such as advertisers. Often, these cookies will be linked to a functionality of the site provided by a third party organisation;
- cookies of social networks and/or music platforms: These cookies allow Users to share their experience on the Sites on social networks and/or musical platforms. These cookies are not controlled by BELIEVE. The collection of information may be linked to advertising or targeting activities in accordance with the privacy or confidentiality policy specific to each social network.
In the event that Users do not wish information to be collected through cookies, they may, in addition to the configuration options offered by BELIEVE Sites, follow the procedure for objecting to the use of certain cookie files specific to their device. For more information: http://www.allaboutcookies.org/. BELIEVE reminds its Users that in the event of opposition to the use of certain cookie files specific to the User’s connection device by the User, access to certain promotions or functionalities of the Sites or the Services may not be possible.
BELIEVE Sites and Services are not necessarily compatible with signals from browsers and allow for not being traced. These signals are called “ Browser-based do-not-track-signals ”.
7.3 Internet Beacons or “Invisible Pixels”
Some of the web pages may contain electronic images called “invisible pixels” (or web Bugs, web beacons, etc.), which allow calculating the number of users who visited the web pages. These internet beacons only collect a limited number of items of information including the number of cookies, the time and date of visit of the web page, and the description of the page visited. The internet beacons do not collect personal information but are only used to verify the effectiveness of an advertising campaign.
VIII – HOSTING-STORAGE AND TRANSFER OF DATA OUTSIDE THE EUROPEAN UNION
Due to BELIEVE’s presence in many countries around the world, certain Data may be collected, transferred, hosted and/or more generally processed outside the User’s country of residence. Data protection and data security requirements differ from place to place and may not offer the same level of protection as those of the country of residence or origin of the Users. However, BELIEVE and its subsidiaries shall take appropriate measures such as controlling transfers on the basis of written agreements to ensure an adequate level of data protection regardless of the location, e.g. using data transfer methods approved by the European Commission (where data protection legislation is considered to be the most effective in the World). We also ask our third party partners to comply with the applicable data transfer obligations with respect to the personal data they receive on our behalf.
BELIEVE may, as specified in point V above, disclose User Data to third party partners in order, in particular, to ensure the maintenance and security of the Sites and Services to offer certain features, or to improve the functioning and appearance of the Sites and Services and to create new features.
We require these third parties to provide adequate confidentiality and security guarantees and to take the necessary physical, organisational and technical measures to protect and secure User Data, in accordance with applicable legislation. Any transfers of data outside the European Union shall be governed by guarantee mechanisms validated by the European Commission or the competent local authorities.
IX – SECURITY MEASURES
BELIEVE shall implement appropriate physical, technical, administrative and organisational security measures in order to protect under optimum conditions, the User Data collected and processed against their loss, theft, misuse, abusive use and against fraudulent access, disclosure, alteration and destruction.
No data transmission on the Internet can be 100% secure but BELIEVE is committed to implementing the security standards recognised in its sector and designed to protect and prevent unauthorised access, disclosure and use of your Personal Data.
These measures include, but are not limited to:
- storage on secure servers within the European Union;
- protection, including through data encryption processes such as Secure Sockets Layer (“SSL”) for credit card transactions and other bank payment transactions that require the use by Users of an SSL-enabled browser such as Safari, Netscape Navigator 3.0 (or later version), Chrome, Firefox or Internet Explorer;
- limited access of employees or third party staff to databases containing the Data;
- the establishment of contractual obligations for BELIEVE staff handling Data which impose confidentiality requirements they must fulfill.
In addition, Users have the opportunity to create on the Sites or when using the Services an access account or user account containing an identifier and password that only said Users are deemed to know to protect access to their account, to the Sites and Services. In order to further protect their Data, BELIEVE recommends that its Users periodically modify their password and do not disclose their identifiers to third parties under any pretext.
X – USER RIGHTS
Users who reside in France benefit from the protection of the law of 6 January 1978, known as the French Data Protection Act and residents of the European Union/European Economic Area have specific and complementary protection of the other measures implemented by BELIEVE of their Data under the EU General Data Protection Regulation (hereinafter the “GDPR“) 2016/679.
In this respect, the Users have the following rights:
- right of access: Users have the right to access the Personal Data held by BELIEVE about them;
- right of rectification: Users have the right to have their Personal Data corrected if they are inaccurate or incorrect and/or to complete them;
- right to erasure / right to forget: Users have the right to request the erasure or deletion of their Personal Data. This right may, however, be limited by BELIEVE by legal grounds or legitimate interest in maintaining said Personal Data. Such a request will result in the termination of the User’s customer/user account and the User will no longer be able to access the Sites or Services;
- right to object to direct marketing: Users may at any time request to no longer receive communications relating to the offers of Services, Products, news or events of BELIEVE or third party partners. In this case, they may use the hyperlink provided for this purpose in each email or promotional communication received or the STOP SMS which appears in each promotional SMS received. Users may also request to receive non-personalised communications on the Products and Services. BELIEVE will use its best efforts to communicate to each third party partner to which BELIEVE has communicated such User Personal Data, Users’ request for de-registration/ unsubscribing/ withdrawal, unless such communication proves impossible or requires disproportionate efforts. In this case, the Users will be responsible for contacting the third party in question directly in order to request de-registration/ unsubscribing/ withdrawal from receipt of said communications.
- right to withdraw consent at any time for consent-based data processing: Users may withdraw their consent to the processing of their Personal Data when such processing is based on consent;
- right to data portability: Users have the right to request copying, transferring their Personal Data to another database. This right applies only to Personal Data provided by Users, and provided that the processing is based on an agreement or consent and made using automated processes. BELIEVE will return to the User, Data in a structured manner and in a legible format.
If BELIEVE fails to respond or to respond satisfactorily, any complaint concerning BELIEVE’s use of Personal Data may be addressed directly to the competent supervisory authority which is, for Europe, the CNIL “Commission Nationale de l’Informatique et des Libertés” on its website www.cnil.fr or at the following address:
3 Place de Fontenoy
75334 Paris Cedex 07
XI – SECURITY BREACHES
In accordance with articles 33, 34 and 55 of the GDPR, if BELIEVE is the victim of a breach of the security system or is aware of a breach thereof, it is obliged to report it within 72 hours to the competent European local authority when the breach concerns Personal Data.
Users will not be informed of this breach if:
- BELIEVE has implemented appropriate technical and organisational protection measures and these measures have been applied to the Personal Data affected by such breach, in particular those measures which render the Personal Data incomprehensible for any person who is not entitled to access it, such as encryption;
- BELIEVE has implemented subsequent measures that ensure that the high risk to the rights and freedoms of Users is no longer likely to occur or;
- it would require disproportionate efforts. In this case, public communication or similar measures are instead carried out to inform Users as efficiently as possible.
If the breach of Personal Data is likely to result in a high risk to the rights and freedoms of Users, BELIEVE will notify them of the breach as soon as possible, in clear and simple terms.
The communication shall include at least:
- a description of the nature of the personal data breach, including (to the extent possible) the categories and approximate number of persons affected by the breach and the categories and approximate number of personal data records concerned;
- the name and contact details of the contact point from which additional information can be obtained;
- a description of the likely consequences of the personal data breach; and
- a description of the measures taken or envisaged by BELIEVE to remedy the breach of Personal Data, including, where appropriate, the measures taken to mitigate its potential adverse effects.
XII – TO CONTACT BELIEVE
You can contact BELIEVE by sending an e-mail to the following address: email@example.com.