Recognition.

GDPR

Last Updated: 24 May 2024

1. Policy Overview

Recognition Group (Pty) Ltd. (“we,” “us,” or “our”) is committed to protecting the privacy and security of personal data for all users, including EU residents, in compliance with the General Data Protection Regulation (GDPR). This policy outlines how we collect, process, store, and safeguard personal data.

Scope: Applies to artists, labels, subscribers, and visitors interacting with our services (e.g., website, distribution platform).

2. Data We Collect

Types of Personal Data

We collect and process:

  • Artist/Label Data: Names, email addresses, phone numbers, ID/passport numbers (for royalty payments), bank details, IPI/ISNI codes.
  • Music Metadata: Track titles, contributor splits, copyright ownership details.
  • Technical Data: IP addresses, device information, browser type, website usage analytics.

How We Collect Data

  • Directly from you (e.g., account registration, music submissions).
  • Automatically via cookies (see our Cookie Policy).
  • From third parties (e.g., DSPs like Spotify reporting streaming data).

3. Legal Basis for Processing

We process data only when lawful, including:

  • Contractual Necessity: To fulfill distribution/publishing agreements (e.g., paying royalties).
  • Consent: For marketing emails or non-essential cookies (you may withdraw consent anytime).
  • Legal Obligation: To comply with South African and EU laws (e.g., tax reporting).

4. Data Use & Sharing

Purpose of Processing

  • Distributing music to DSPs and administering publishing rights.
  • Calculating and disbursing royalties.
  • Communicating service updates or promotional offers (if consented).

Third-Party Sharing

We share data only with:

  • DSPs (e.g., Spotify, Apple Music) for music delivery.
  • Payment Processors (e.g., PayPal, local banks) for royalty payouts.
  • Legal Authorities if required by law (e.g., fraud investigations).

5. Data Subject Rights

Under GDPR, you have the right to:

  1. Access: Request a copy of your personal data.
  2. Rectification: Correct inaccurate data.
  3. Erasure: Delete data (unless legally required to retain it).
  4. Restrict Processing: Limit how we use your data.
  5. Data Portability: Receive your data in a machine-readable format.
  6. Object: Opt out of processing for direct marketing.

To exercise these rights:
Email support@recognitiongroup.co.za with proof of identity and request details.
Response time: 30 days.

6. Data Security

We implement safeguards to protect your data:

  • Encryption: SSL/TLS for data transfers.
  • Access Controls: Limited to authorized personnel.
  • Regular Audits: Vulnerability assessments and penetration testing.

7. Data Retention

We retain personal data only as long as necessary:

  • Active Accounts: Until termination + 6 years (legal/tax compliance).
  • Inactive Accounts: 2 years after last activity.
  • Royalty Records: 10 years (audit purposes).

8. International Data Transfers

  • Data may be transferred outside the EU (e.g., to SA servers or DSPs).
  • We ensure safeguards like Standard Contractual Clauses (SCCs) or DSP GDPR compliance.

9. Breach Notification

  • In the event of a data breach risking your rights, we will notify you and relevant EU authorities within 72 hours.

10. Contact Information

Data Protection Officer (DPO):
Email: support@recognitiongroup.co.za
Postal Address: 214 Peter Booysens Terrace, Klipriviersoog Estate, Soweto, 1811, South Africa

11. Updates to This Policy

We may update this policy periodically. Changes will be posted on our website with a revised “Last Updated” date.

By using Recognition Group’s services, you acknowledge you have read and agree to this policy.