Privacy Policy
Last updated Nov 1, 2019

This policy follows Finnish Personal Data Act (10 and 24 ยง) and EU's GDPR. We strive to keep this privacy policy up to date as legislations change. We will inform people in the registry if there are significant changes.


Music Aggregation Services Finland Oy

Register's name

User register for Escobar.Digital

Processing ground and use of personal data

Our processing ground in compliance with EU legislation is personal consent.

Personal data is used to enable logging in to the service, using it, and any communication related to the service. Metadata is also collected to maintain service quality and prevent misuse.

No data is used for automatic decision making or profiling.

This data is used by the registrar (Music Aggregation Services Finland Oy).

Data content of the register

The following information can be stored: name, email address, postal address, bank account number and PayPal account name for royalty payments, social security number for tax purposes, photo, web usage related information such as an IP address or browser identification.

All credit card information we collect is passed directly to the payment service provider (Stripe), and it will not be stored by us.

Information is stored 2 years from the user's last login or subscription expiration, whichever comes last.

Information sources

Data is submitted by the user as they register to the service and continue to use it.

Transfer of data

No data is disclosed to a third party that has not been mentioned in this privacy policy. Data can be disclosed to authorities to the extent required by law, eg. in case of a criminal investigation. Data can be transferred to United States according to Privacy Shield. The following third party services are used to provide this service: Amazon Web Services (cloud provider), Mailgun (email provider), MailChimp (email provider), Stripe (payment provider).

When publishing works to, a limited subset of user information is submitted to nkoda.

Protection of the registry

Processing of data is done using good practices, and data is secured appropriately. Registrar and supplier ensure that stored data, access permissions and other measures critical to data protection are handled confidentially and only by employees who need it to do their job.

Right of verification, correction and removal

Every person in the registry have the right to verify their data and request corrections in case of incorrect or missing information. A person in the registry also has the right to request removal of their personal data, along with other rights granted by EU GDPR, such as limiting processing of personal data. Requests must be sent in writing to the registrar.

The registrar may ask requesters for additional verification of identification. The registrar will reply within the limit set by GDPR (typically within a month).