GDPR / Data Handling Procedures

Home GDPR / Data Handling Procedures

Policies for data handling concerning individuals rights under the GDPR

 

The right to be informed

Our privacy policy must include information on what personal data is processed and why, along with details of any third parties that information is shared with, in an easy to understand language for the end user.

 

The following information must be maintained on the privacy policy and be available at the time the data is obtained:

 

  • SyncCloud contact details
  • Purpose of the processing and the lawful basis for the processing
  • The legitimate interests of the controller or third party, where applicable
  • Categories of personal data
  • Any recipient or categories of recipients of the personal data
  • Details of transfers to third country and safeguards
  • Retention period or criteria used to determine the retention period
  • The existence of each of data subject’s rights
  • The right to withdraw consent at any time, where relevant
  • The right to lodge a complaint with a supervisory authority
  • The source the personal data originates from and whether it came from publicly

accessible sources

  • Whether the provision of personal data is part of a statutory or contractual requirement

or obligation and possible consequences of failing to provide the personal data

  • The existence of automated decision making, including profiling and information about

how decisions are made, the significance and the consequences

 

The right of access

Individuals are able to access a large portion of their stored information via the SyncCloud platform, if they have created an account with a set password. This includes (but is not limited to) historic order data, contact information. Users can access and view this data by logging into their SyncCloud account.

 

People wanting information that is not available via the website will need to submit information requests via the Contact page on SyncCloud.

 

General user and related information will be provided by SyncCloud free of charge, however requests for excessive data or repeat requests will be subject to charge in proportion to the administrative costs incurred by SyncCloud. In extreme cases the request may be refused.

 

Within 28 days of the request, SyncCloud must have either:

 

Provided the data requested

Requested an administration fee

Communicated a refusal of the data

 

The right to rectification

For the most part users are able to self-rectify data via the SyncCloud website. When this is not possible, contacting SyncCloud directly will be necessary at which point our systems will be updated by staff.

 

Requests for data rectification can only be invoked by the individual or registered guardian of the individual which the data pertains to. The identity of this individual must be confirmed either over telephone or by direct email before requests are escalated.

 

Where possible, systems are in place to automatically update recipients of individual data when said data changes.

 

The right to erasure

Individuals may request for their data to be erased from SyncCloud’s systems via the Contact page on SyncCloud.

 

Erasure of details related to order information will be handled on a per-case basis, due to SyncCloud needing to retain and process records related to financial transactions.

 

Data erasure can be requested by any individual user, but only invoked by the administrator of the system. 

 

Individuals must be advised that transactional data can only be anonymised and it’s at SyncCloud’s discretion to do so, due to our lawful basis for processing data.

 

Any data erasures need to be authorised by management and then submitted to IT within 14 days of submission to allow ample time for the request to be processed.

 

The right to restrict processing

Individuals can request for processing restrictions to be put in place for them by contacting SyncCloud.

 

We endeavour to restrict processing of data wherever possible, however, any information related to financial processing may not be able to be restricted. Not all restrictions will be technically possible.

 

Any processing restrictions need to be authorised by management and then submitted to IT, within 14 days of submission to allow ample time for the request to be processed.

 

The right to data portability

Individuals may request an export of all held personal data via the SyncCloud platform. This export is in the format of a spreadsheet split into categories of data. Proof of identification may be required. 

 

The right to object

Individuals have the right to object to the processing of their personal data. To do so would mean opting out of using the SyncCloud platform. To exercise the right to object, individual users should contact SyncCloud via the support page from the platform to discuss making arrangements to be excluded.

 

Administrators should then notify SyncCloud managers, who can suspend or erase user data on a case by case basis.

 

The right not to be subject to automated decision-making including profiling

 

SyncCloud does not use any personal data for automated decision making or profiling.

About SyncCloud

SyncCloud provides music for the global creative community. A unique platform that entices the best music creators from across the globe by giving them what they want – freedom! Users have the ability to licence incredible, pre-cleared* music for their project with one of our 3 simple licences starting at £9.99 per track!

We plant trees with Ecologi
The Paperless Logo

Follow us!

YouTube
General Terms & ConditionsCookie PolicyPrivacy PolicyGDPR / Data Handling Procedures
Copyright SyncCloud Ltd. 2021