Tom Hess Music Corporation (the “Controller”) collects personal data from customers, partners, data subjects and other individuals including individuals interested in receiving more information about products offered by Tom Hess Music Corporation. The following personal information is collected: email address, first name, last name, and, where applicable, phont number, shipping address and/or billing address. The Controller does NOT store credit card information. Certain of this data may constitute protected “personal data” as that term is defined in the E.U. General Data Protection Regulation (“GDPR”).1
The following disclosures concerning the Controller’s compliance with GDPR are presented for informational and compliance purposes only. Nothing in these disclosures constitutes a representation that any particular data or service is governed or subject to GDPR, nor do these disclosures represent or constitute any contract or undertaking with any customer, partner or data subject.
Effective Date of GDPR
GDPR is set to take effect on May 25, 2018. On and after that date, the Controller will comply with GDPR to the extent applicable.
Utilization of Data
The Controller utilizes personal data including the information provided by you to market products, and provide notifications to you in areas in which you have indicated interest. The Controller processes this data to notify you of resources and offers. The Controller does not sell or make this data available to other parties.
Bases for the Processing of Data
Where you have entered into an agreement with the Controller, or purchased a good or service from the Controller, the Controller requires this data as a condition of the contract between you and the Controller. In other circumstances, the Controller may process data because it has a legitimate interest in marketing or apprising you of offers or services, or because you have consented to receive such offers and services.
Recipients of Personal Data
Recipients of personal data may include employees and contractors. All employees of the Controller who receive or review personal data have received training concerning maintaining the confidentiality of such data and committed themselves to confidentiality. Where appropriate, the Controller will enter into written agreements governing the processing and confidentiality of personal data by third parties.
Storage of Data
The Controller will retain data only so long as is necessary.
Your Rights Under GDPR
If the GDPR applies to retention of your personal data, you have several rights including (i) the right to request access, rectification or erasure of your data, (ii) the right to lodge a complaint with the appropriate European Union supervisory authority, and (iii) to the extent processing of data is based on consent, you have the right to withdraw your consent at any time.
Transfer of Data to United States
To the extent applicable, for transfers from the EEA to countries not considered adequate by the European Commission, the Controller has put in place adequate measures, such as the standard contractual clauses adopted by the European Commission to protect personal data. You may obtain a copy of these measures by following this link: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en. You hereby acknowledge that you are transferring personal data to the United States.
Should you have any questions or require any additional information, please contact firstname.lastname@example.org.
1. A copy of the GDPR is available here (last retrieved: April 10, 2018).