MusoMind / Data Processing Agreement
Date: August 10th, 2020
MusoMind empowers artists on our platform ("Artists") to receive and manage the personal, communication and location details of fans ("Fans") who support them, insofar the Fans choose to share those details with those Artists.
To facilitate this direct connection with Fans, MusoMind provides the personal data of Fans ("Fan Data") to Artists. Artists then may process the Fan Data solely for the purposes of communicating with Fans about relevant Artist contents and news, for the purposes of relevant direct marketing and sales by the Artist and for the purpose of understanding Fans communication preferences (all collectively "Communications"). MusoMind requires all Artists to agree to this Data Processing Agreement (DPA) to ensure that Artists respect the privacy rights of Fans when processing Fan Data.
This Data Processing Agreement is between MusoMind and Artists, taking effect from the moment a MusoMind account is created and applies exclusively to the Fan Data collected by MusoMind and provided to Artists for the purposes set forth in it.
1. "Data Protection Legislation" means all applicable laws and regulations relating to privacy and the processing of Fan Data that may exist in any relevant jurisdiction, including, where applicable, the guidance and codes of practice issued by the supervisory authorities. Data Protection Legislation includes, but is not limited to, European Directives 95/46/EC and 2002/58/EC (as amended by Directive 2009/136/EC) and any legislation and/or regulation implementing or made pursuant to them, or which amends, replaces, re-enacts or consolidates any of them, including the General Data Protection Regulation (Regulation (EU) 2016/279).
2. "Good Industry Practice" means exercising the same skill, expertise and judgement and using facilities and resources of a similar quality as would be expected from a person who: (a) is skilled and experienced in providing the services in question, seeking in good faith to comply with its contractual obligations and seeking to avoid liability arising under any duty of care that might reasonably apply; (b) takes all proper and reasonable care and is diligent in performing its obligations; and (c) complies with the Data Protection Legislation.
3. The terms "data controller", "data processor", "subprocessor", "data subject", "Fan Data"/"personal data", "processing", and "appropriate technical and organizational measures" shall be interpreted in accordance with Directive 95/46/EC, or other applicable Data Protection Legislation, in the relevant jurisdiction.
II. Scope. The parties agree that MusoMind is a data controller and that Artist is the a data processor in relation to Fan Data that Artist processes in the course of Communications. The subject matter of the data processing, the types of Fan Data processed, and the categories of data subjects will be defined by, and/or limited to, those necessary to carry out the the Communications. The processing to which this DPA applies will be carried out by Artist upon leaving the MusoMind platform. The subject matter, duration, nature, and purpose of the processing of the Fan Data as well as the type of Fan Data and categories of data subjects covered by this DPA are as follows:
- The subject matter of the data processing is Fan Data.
- The duration of the processing is for as long as the Artist holds the Fan Data.
- The nature and purpose of the processing under this DPA is limited to an Artist's communication with the Fan and understanding the Fan's preferences.
- The type of Fan Data covered by this agreement is personal information, contact information and location, including but not limited to full name, email address, country, state, place of residence, postal code, support amounts and supports history.
- The category of the data subjects are website or mobile app users who sign up as Fans on MusoMind.
III. Data Protection. Artist shall adhere to the following requirements:
- Extent of Processing. Artist will process the Fan Data only to the extent, and in such manner, as is necessary for the provision of the Communications.
- Appropriate Technical and Organizational Measures. Artist will implement and maintain appropriate technical and organizational measures designed to protect the Fan Data against unauthorized or unlawful processing and against accidental loss, destruction, damage, theft, alteration or disclosure. The measures shall be appropriate to the harm which might result from any such events happening to Fan Data, and having regard to the measure of the Fan Data which is to be protected and as a minimum shall be in accordance with the Data Protection Legislation and Good Industry Practice.
- Reliability and Competence of Artist Personnel. Artist will take reasonable steps to ensure the reliability and competence of any Artist personnel who have access to the Fan Data. Artist will ensure that all Artist personnel required to access the Fan Data are informed of the confidential nature of the Fan Data and comply with the obligations set out in this DPA.
- Acknowledgement of Data Protection Legislation and Assistance. Artist will take all reasonable steps to assist MusoMind in complying with applicable Data Protection Legislation. For example, Artist will promptly inform MusoMind in writing if it receives: (i) a request from a data subject concerning any Fan Data; or (ii) a complaint, communication or request relating to the Fan's or Artist's obligations under Data Protection Legislation.
- Destruction or Return of Property Upon Ceasing Communications. Artist will not retain any of the Fan Data for longer than is necessary to perform the Communications. At a request made by a Fan to cease Communications in any way, including but not limited to opting-out on or via direct message, Artist is obliged to immediately cease all communications with the Fan and completely erase any and all copies of the Fan Data from Artist records and any third party records.
- Loss or Security Breach. If Artist becomes aware of any accidental, unauthorized or unlawful destruction, loss, alteration, or disclosure of, or access to Fan Data processed by Artist, it will do the following:
- Provide notice to MusoMind. Artist shall promptly and without undue delay notify MusoMind and provide MusoMind with: a detailed description of the Loss or Security Breach; the type of data that was the subject of the Loss or Security Breach; the identity of each affected person if known, and the steps Artist has taken or will take in order to mitigate and remediate such Security Breach, in each case as promptly as such information can be collected or otherwise becomes available (as well as periodic updates to this information and any other information MusoMind may reasonable request relating to the Loss or Security Breanch); and
- Investigate the Matter promptly. Artist shall promptly take action, at its own expense, to investigate the Loss or Security Breach and to identify, prevent and mitigate the effects of the Loss or Security Breach and to carry out appropriate recovery actions to remedy the Loss or Security Breach.
- Compliances with Data Protection Legislation. Artist shall comply at all times with and assist MusoMind in complying with its applicable obligations under Data Protection Legislation. Artist shall provide reasonable information requested by MusoMind to demonstrate compliance with the obligations set out in this DPA. Artist will notify MusoMind immediately if, in Artist's opinion, an instruction for the processing of Fan Data given by MusoMind violates any country's data privacy legislation.
- END OF DATA PROCESSING AGREEMENT -