Last updated Nov 1, 2019
Music Aggregation Services Finland Oy
User register for Escobar.Digital
Processing ground and use of personal data
Our processing ground in compliance with EU legislation is personal consent.
Personal data is used to enable logging in to the service, using it, and any communication related to the service. Metadata is also collected to maintain service quality and prevent misuse.
No data is used for automatic decision making or profiling.
This data is used by the registrar (Music Aggregation Services Finland Oy).
Data content of the register
The following information can be stored: name, email address, postal address, bank account number and PayPal account name for royalty payments, social security number for tax purposes, photo, web usage related information such as an IP address or browser identification.
All credit card information we collect is passed directly to the payment service provider (Stripe), and it will not be stored by us.
Information is stored 2 years from the user's last login or subscription expiration, whichever comes last.
Data is submitted by the user as they register to the service and continue to use it.
Transfer of data
When publishing works to nkoda.com, a limited subset of user information is submitted to nkoda.
Protection of the registry
Processing of data is done using good practices, and data is secured appropriately. Registrar and supplier ensure that stored data, access permissions and other measures critical to data protection are handled confidentially and only by employees who need it to do their job.
Right of verification, correction and removal
Every person in the registry have the right to verify their data and request corrections in case of incorrect or missing information. A person in the registry also has the right to request removal of their personal data, along with other rights granted by EU GDPR, such as limiting processing of personal data. Requests must be sent in writing to the registrar.
The registrar may ask requesters for additional verification of identification. The registrar will reply within the limit set by GDPR (typically within a month).