Privacy policy

DDEX Privacy Policy

Updated March 2020

Your privacy is important to us at DDEX and so is being transparent about our data protection practices. This Privacy Policy (“Policy”) applies to the personal data we collect from our member organisations, their representatives, our licensees, our website visitors and all other individuals who interact with us. This Policy describes the types of personal data we collect, the purposes for which it is used, and the choices you have with respect to your data.

Personal data DDEX collects

We may collect your personal data when you or your organisation provide it to us, you join one of our working group communications lists, you complete an application form on one of our websites, or you choose to subscribe to one or more of our contact lists.

Examples of such personal data may include:

  • Your contact information and other personal data you provide to us through our websites, applications, use of DDEX digital value chain standards, discussions, events or through other means of your choosing;
  • Affiliations, employment relationships and other professional interests you may provide when you seek DDEX membership, attend a DDEX hosted or sponsored meeting or event;
  • Your input into DDEX matters, professional interests and positions or other information you choose to provide when you join or attend meetings or discussion groups convened by DDEX, including any committees, ad hoc groups, workshops and member, board or standards setting meetings related to DDEX digital value chain standards;
  • Information you provide when you subscribe to or participate in our project management, social media and communications activities or tools.
  • Information you provide on application forms, when you request allocation of a DDEX Party Identifier (DPID) or interact with our knowledge base tools;
  • When you visit our website, we may collect information from and about your visit such as the device used, your operating system, IP addresses or browser type and version;
  • When you navigate through pages on our website, we may also collect analytics and other data from your browsing session through cookies, web beacons and similar tracking technologies.

Cookies are small data files that store information, including your personal data, on the browser of your device and enable us to analyse trends and track activity or interactions with our websites, save your preferences and improve your overall browsing session. Similarly, web beacons (also known as gifs, pixels or tracking tags) are electronic images that we may use on our website or emails to, for example, determine effectiveness, information delivery or understand usage.

Purposes for which DDEX uses your information

DDEX may use the personal information we collect about you for our legitimate interest needs in furtherance of our mission and digital standards licensing activities. Such legitimate interest processing needs include activities described above and related to the following:

  • To engage, interact and communicate with you regarding DDEX and DDEX’s standards, notices, activities and services;
  • To provide, operate, maintain, improve and promote our standards setting services and other services related to our mission;
  • To provide you with relevant information, updates, surveys, transactions or instructions;
  • To research, plan, analyse and facilitate new, revised or existing standards;
  • To assess the capability, functionality, quality and efficacy of our standards and the process by which such standards are planned, created and released;
  • To manage our membership needs including to assess/collect membership fees, operate our governance structure and interview and assess prospective members.
  • To satisfy members’ and other users’ customer support needs and to improve our service delivery, product development and user engagement functions;
  • To provide planning and administrative information regarding our membership meetings, events and benefits;
  • To send newsletters, announcements and provide other news or information to you;
  • To send promotional outreach and other marketing announcements to you if you have chosen to receive such communication. Please note that you have the right to withdraw or change your preferences for marketing communications at any time.

Data retention

We will retain your information only as long as we have an ongoing business need for it in order to carry out DDEX operations, to fully satisfy our mission and to enforce our rights. Subject to applicable law, such retention needs may continue even after you choose to cancel your membership or stop receiving ongoing communications from us.

Instances where DDEX may share your information

DDEX may share your information in the course of services we provide. We will consider and prioritise your rights and interests and limit the sharing of your personal information to the minimum necessary required in order to carry out our mission and business needs. We may disclose information, including your personal data, in the following instances:

  • With DDEX partners for operational and business needs including the DDEX secretariat, member organisations and other third party organisations charged with management and leadership activities of DDEX and its mission as directed through the DDEX Board of Directors, committees and working groups;
  • As a digital value chain standards setting body, we may share information with third parties in the media and music industries as necessary to create, implement, revise, use, enforce and otherwise advance our policies and mission;
  • We may share information related to users of our standards to enable management and interaction of and amongst other users of our standards. For example, if you choose to register to obtain a DPID number, your identifier will be accessible in the DPID registry;
  • With DDEX vendors, consultants or service providers when they carry out services on our behalf. We will only provide personal information to these organisations where required for them to provide their services, or to improve products or services for members and users of our digital value chain standards. These organisations are contractually required to protect your information and limit its uses to the purposes for which it was shared;
  • Where required or permitted by law to comply with a legal mandate, law enforcement request, subpoena or similar legal process;
  • Where disclosure is reasonably necessary in our good faith belief to protect DDEX rights and interests, physical or intellectual property, safety of our personnel, members, vendors or others, or to investigate or prevent fraud or pursuant to a governmental or regulatory request; or
  • For preparation or consideration of a merger, acquisition, sale or possible dissolution of all or a part of our organisation or assets.

International transfers

In order to establish, support and carry out our operations and mission, we may transfer and store your information outside your country of residence, including to the United States and the United Kingdom. We may also transfer or store your information outside your country of residence in order to create new or existing services and better serve you as a member or user of our digital value chain standards. Not every country where we may transfer or store your personal data will have the same data protection laws as the country in which you provided your personal data or in which you reside. You should also be aware that the European Union does not consider the United States to provide adequate levels of data protection.

However, we take appropriate measures to protect and secure your information. To achieve appropriate standards for the transfer of data, we use the European Commission standard contractual clauses when we transfer information from the European Economic Area (EEA) to the United States.

Your rights and choices

DDEX respects your choices and preferences regarding the communications you wish to receive from us.

  • Membership communications: You may request that DDEX cancel your DDEX membership, and no longer receive membership related information or communications.
  • Marketing communications: With your consent, we may contact you by email to inform you of updates, programs or new initiatives at DDEX. You have the right to choose whether you receive such marketing communications, and to withdraw your consent at anytime. If you choose not to receive ongoing marketing communications from us, you can do so by following the unsubscribe instructions provided at the bottom of a message you’ve received or by contacting privacy@ddex.net

Security

The security of your personal information is very important to us.  We maintain appropriate administrative, technical, and physical safeguards designed to protect your personal information and to prevent loss, misuse or unauthorised access.  We also require our vendors with whom we share personal information to apply appropriate protections to such information. Although we implement such controls designed to protect your information, it is impossible to guarantee against every security compromise. If you have a security concern or believe there has been some misuse of your data, please contact us at privacy@ddex.net.

For EU Residents

Lawful basis for processing personal data

If you are an individual residing in the EU or the EEA, we collect and process your personal data only where we have a lawful basis for doing so under the General Data Protection Regulation (GDPR) and applicable member state laws. The lawful basis for our data processing needs is DDEX’s legitimate interest or the legitimate interests of our membership. We scrutinise our data processing needs so that we only process data where the processing is not overridden by your data protection rights and freedoms.

We may also process data where you have provided consent, specifically in the context of receiving marketing communications. Please note that you may withdraw your consent at any time by contacting us at privacy@ddex.net.

EU data subject rights

As required by law, you have the right to:

  • Access and receive a copy of your personal data within our systems.
  • Update, amend, or correct incomplete or inaccurate data.
  • Object to further processing of your personal data, under applicable law.
  • Deletion of personal information. You may request that we erase your personal data where we no longer have a lawful basis under applicable law for continued processing.
  • Restrict our processing of your personal information under applicable law.
  • Data portability-request to receive your personal information and to have us transfer it in a structured, commonly used and machine-readable format.
  • Withdraw your consent to our processing your data where we rely on consent as the lawful basis.

Before we can correct, delete, or provide a copy of your information, we will request necessary information to verify your identity. If you wish to exercise these rights, email us at privacy@ddex.net. We will respond to your request and work to process it within 30 days. We may limit your access if such access would adversely affect the rights and freedoms of others. Please note that we may continue to retain and process your information in certain instances, in accordance with applicable law, for purposes of our legitimate interests, such as compliance with our legal obligations and enforcement of our agreements.

If you have concerns or are unsatisfied with our implementation of your rights, you also have a right to lodge a complaint with a competent supervisory authority.

For California residents

If you are a California resident, you have the right to obtain information about the ways in which we share certain categories of your personal information with third parties for those third parties’ direct marketing purposes. DDEX does not share personal information as defined under California’s “Shine the Light” law with third parties for those third parties’ direct marketing purposes.

Personal information from children

DDEX does not knowingly collect personal information from or about children.  Our business activities and mission are not geared towards children and we do not provide any content directed at them. If you have reason to believe that anyone under the age of sixteen (16) has provided personal information to DDEX, please contact us at privacy@ddex.net and we will delete all such data.

Changes to this policy

This Policy may be updated from time to time to reflect changing legal, regulatory or operational requirements. We encourage you to periodically review this page for the latest information on our privacy practices. When we make changes, we will revise the date at the top of this policy or notify you through membership announcements or email communications.

For questions and information

If you have any questions about our privacy practices, wish to access your personal data or to exercise your data protection rights, please contact us at privacy@ddex.net.

Keep up-to-date by joining our mailing list

  • This field is for validation purposes and should be left unchanged.

Join us online