We hereby inform you about how we will process your Personal Data in accordance with the European Data Protection Regulation (EU Regulation 2016/679 of the European Parliament and of the Council - GDPR).
This information notice applies to the contractual relationships that the Company maintains with phonogram users to the extent necessary for the administration of neighbouring rights performed by SCF and for payment of the fees required by articles 72, 73 and 73 bis of the Italian copyright law (Law no. 633/1941).
The information below illustrates to individuals, who have business relations with SCF, the methods of processing of personal data operated by our Company and the rights guaranteed to the data subjects by the laws on the protection of personal data. We use personal data to manage commercial and contractual relations, or when their collection is required by law.
What Data do we collect (hereinafter, collectively, the “Data”)?
We process personal data provided to us by users of phonogram licenses in the context of the business relationship that has been or is to be established. The Data are collected directly from the data subjects.
We also process personal data obtained from public sources (e.g., insolvency registers, business registers and association registers, press, media, Internet), which we obtain by legitimate means and which the law allows us to process.
The Data processed may be:
- biographical data and contact details;
- payment data;
- information on the activity carried out;
- information on the use of the phonograms (broadcast music, organized events);
- solvency and reliability data.
For what purposes and based on what legal grounds will we use your Data?
We may use your Data by electronic means:
- for the fulfillment of contractual and pre-contractual obligations Your Data will be used for purposes relating to the administration of neighbouring rights performed by SCF and for payments of fees under Articles. 72, 73 and 73 bis of the Italian Copyright Law (Law 633/1941), to provide any ancillary services and to meet your specific requests and, more generally, to manage the contractual relationship established or its negotiation. Any refusal to provide, in whole or in part, the Data may prevent us from correctly executing the contractual relationships and/or evade the specific requests.
In the case of payments made online, the communicated payment data (e.g. credit card number) will be used exclusively for the purposes of order processing and will be transmitted in a safe way that prevents others from reading.
- to enable SCF to enforce its rights. For example, your Data may be used to recover unpaid amounts.
- for the fulfilment of legal obligations. For example, we may process your Data for accounting and tax purposes.
How long will we store your Data?
Your Data will be processed for no longer than it is strictly necessary to achieve the purposes for which they were collected, except for any specific legal obligations on the retention of accounting documents or for public security purposes.
Who do we share your Data with?
For the fulfilments related to the processing purposes mentioned above, your Data may be disclosed to third parties, including service providers (e.g. providers of electronic communications services, payment service providers, debt collection companies), as well as to other external parties, where there is a legal obligation or an option to do so. Furthermore, the data may be communicated to the companies that have entrusted SCF with the management of their rights, which may consult the Data through reserved access to a specific area on our site (limited to: company name; address; issuer; type of contract).
A complete list of such companies will be made available by sending a written request to the following contacts.
What rights are you entitled to?
You have the right to request access to, rectification or erasure of your Data, restriction of processing and object to the processing of your Data by us, as well as the right to request the delivery of some of such Data.
Data subject’s rights:
Right of access
The data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
- (a) the purpose of processing;
- (b) the categories of personal data concerned;
- (c) the recipients or categories of recipients to whom the Personal Data have been or will be disclosed, in particular recipients of third-party countries or international organizations, with confirmation as to whether adequate safeguards are in place;
- (d) where possible, the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine that period;
- (e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing concerning the data subject or to object to such processing;
- (f) the right to lodge a complaint with a Supervisory Authority;
- (g) Where the personal data have not been collected from the data subject, any available information on their source;
- (h) the existence of an automated decision-making process, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her and, at least in those cases, meaningful information about the rationale, the significance and the envisaged consequences of such processing for the data subject.
Right to rectification
The data subject has the right to obtain from the data controller without undue delay the rectification of inaccurate personal data concerning him or her.
Right to erasure
The data subject has the right to obtain from the data controller the erasure of personal data concerning him or her without undue delay and the data controller has the obligation to erase personal data without undue delay where one of the following grounds applies:
- (a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- (b) the data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing;
- (c) the data subject objects to the processing and there are no overriding legitimate grounds for the processing;
- (d) the personal data have been unlawfully processed;
- (e) the personal data have to be erased for compliance with a legal obligation under the European Union or Member State law to which the data controller is subject.
Right to restriction of processing
The data subject has the right to obtain from the data controller restriction of processing where one of the following applies:
- (a) the accuracy of the personal data is contested by the data subject. Data processing will be restricted for a period enabling the data controller to verify the accuracy of such personal data;
- (b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use;
- (c) the data controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims;
- (d) the data subject has objected to processing pending the verification whether the legitimate grounds of the data controller override those of the data subject.
Right to object
The data subject has the right to object at any time to the processing of personal data concerning him or her which is based on the data controller’s legitimate interest, including profiling. The data subject has the right to object at any time to the processing of personal data concerning him or her for direct marketing purposes, including profiling to the extent that it is related to such direct marketing.
Right to data portability
The data subject has the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format, and has the right to transmit those data to another data controller without hindrance from the data controller to which the personal data have been provided, where the:
- (a) processing is based on consent or on a contract; and
- (b) processing is carried out by automated means.
In exercising his or her right to data portability, the data subject has the right to have the personal data transmitted directly from one data controller to another, where technically feasible.
How to contact SCF S.r.l. in order to exercise your rights?
You may exercise your rights by writing to the data controller, SCF S.r.l., to the following addresses:
Via Leone XIII, 14 | 20145 Milano (MI)
Phone (+39) 02 4654751
Certified email address: firstname.lastname@example.org
How to contact the relevant Supervisory Authority to lodge a complaint?
Any complaint may be lodged with the relevant Supervisory Authorities
Garante per la Protezione dei Dati Personali (Italian Data Protection Authorithy)
Piazza di Monte Citorio n. 121 | 00186 Roma
Phone (+39) 06 696771
Fax (+39) 06 69677 3785
Certified email address: email@example.com
Any changes to this Privacy Notice
This Privacy Notice may be subject to changes and updates, in whole or in part, due to changes in applicable law; if substantial changes are made to the way in which your Data is processed, we will inform you of such changes.