Privacy Policy – Elements Music
Last updated: 17.7.2024
Newsletter Registry
1. Data Controller and Contact Person for registry matters
Data Controller: Elements Music Oy, Address: Vanha Talvitie 13-15 A, 00580 Helsinki
Contact Person: Tommi Tuomainen, licensing@elementsmusic.fi
2. Legal Basis and Purpose of Processing Personal Data
We use the collected data to market music licensing and inform about our products and services. Additionally, the data is to maintain and develop B2B customer relationships. We regularly send newsletters containing updates on news and other services related to the data controller.
The data controller has obtained the registry information either from the data subject themselves, the entity represented by the data subject, mutual partners of the data controller, and the entity represented by the data subject, or from public sources such as websites. We process personal data for sending B2B marketing emails based on Legitimate Interest.
We have a legitimate interest in processing personal data for direct marketing to business contacts, which includes informing recipients about our products and services, as well as updates that may be relevant to their professional interests. We ensure that our marketing activities are proportionate and respect the privacy rights of individuals.
All our marketing communications include a clear option for recipients to opt-out or unsubscribe from future communications. We respect the preferences and privacy of all individuals we communicate with and comply with all relevant data protection laws. You have the right to withdraw your consent for the processing of your personal data and the receiving of electronic newsletters at any time by notifying the contact person mentioned in this privacy notice via email.
3. Collected Personal Data
We collect the following personal data: First name, last name, company email address, workplace, subscription status of the newsletter, newsletters opened and clicked by the data subject and last date of modification to the data.
4. Regular sources of information
Regular sources of information from which we collect personal data may include information provided by the inquiries to our customer service, and public registers. We commonly collect names, email addresses, and other necessary contact information to provide our services and maintain customer relationships.
5. Data Recipients
We may share your personal data with Service Providers. We engage third-party service providers to assist in providing and managing our services, including the email marketing platform Mailchimp. Email marketing is for sending newsletters. Personal data such as your email address may be shared with Mailchimp to facilitate these communications.
We may disclose personal data if required to comply with legal obligations or respond to lawful requests by public authorities. We ensure that any third parties with whom we share personal data are contractually obligated to handle the data securely and under applicable data protection laws.
6. Transfer of data outside the EU or EEA
As a business based in Finland, we utilize Mailchimp for our email marketing activities. This involves the processing and potential transfer of personal data to Mailchimp’s servers located outside of the European Economic Area, including the United States. Mailchimp acts as a data processor under the agreement with the data controller.
Mailchimp is obligated to comply with data protection legislation, including the EU General Data Protection Regulation, regarding data transfers. By using our services and providing your personal data, you consent to the transfer of your data to Mailchimp under our Privacy Policy and our commitment to ensuring compliance with data protection regulations.
7. Data Security
The company protects access to the newsletter subscriber lists with appropriate technical and organizational measures. Data stored electronically is secured with appropriate security measures, and access is restricted to those employees of the data controller whose job duties require the processing of such personal data. Mailchimp ensures that external access to the registers is restricted and complies with confidentiality obligations in data processing.
Even if you cannot access your data directly, you still have the right to request information about the personal data we hold about you and to request corrections or deletions where appropriate, as outlined in our Privacy Policy. We update our policies to reflect changes in practices or legal requirements.
8. Data Retention Period
The data collected in the register is retained only for as long and to the extent necessary concerning the original or compatible purposes for which the personal data was collected. Personal data stored in the register will be deleted when there is no longer a legal basis for processing.
In this case, the retention period is determined by the following principles:
Newsletter subscription information is retained as long as the person is subscribed to the newsletter. If the person unsubscribes, the information is deleted within a reasonable time after the unsubscription, within 14 days. Email address is retained to deliver the newsletter as long as the person has not unsubscribed or requested the deletion of their information.
If the newsletter subscriber does not open or interact with the newsletters for a certain period, for six months, their information may be deleted, or they may be sent a reminder asking them to confirm whether they still want to receive the newsletters.
9. Rights of the Data Subject
The data subject has the right to request the restriction of processing from the data controller by Article 18 of the General Data Protection Regulation. A request for restriction of processing can be made by sending an email to the contact person responsible for maintaining the register, and the request must be justified.
If the processing is based on consent, the data subject has the right to withdraw their consent at any time by notifying the contact person responsible for maintaining the register via email.
In some cases, the data subject may have the right to data portability. This means that the data subject has the right to receive their personal data in a commonly used and machine-readable format and may request that the data be transferred to another data controller, if technically feasible.
The data subject has the right to inspect the information stored about them in the register. Inspection is carried out by sending an inspection request from the email address registered in the register to the contact person responsible for maintaining the register. The identity of the requester is verified before providing the information.
Every data subject has the right to demand the correction of incorrect personal data. Correction is requested by sending a request to the contact person responsible for maintaining the register. The specific data requiring correction must be sufficiently identified to enable correction.
The data subject may at any time remove their information from the register using the Unsubscribe function provided in each message, or by sending a removal request via email to the contact person responsible for maintaining the register. The identity of the requester may be verified if necessary before any actions are taken.
10. Right to File a Complaint
If the data subject considers that the processing of personal data relating to them violates applicable data protection legislation, the data subject has the right to complain to a supervisory authority. The information stored in the register is not used for purposes other than those mentioned above.