Bandcamp

Bandcamp is an American online music company

This page is not published. While you can access it via its direct link, it is not yet displayed on the website.

Handling

Does the policy allow personally-targeted or behavioral marketing? Yes, but you can opt-out

3.5/10

Decided May 19, 2020 (revision history). This question accounts for 12% of the final score.

Possible Options

Yes0/10
Yes, but you can opt-out3.5/10
Yes, but you must opt-in7/10
No10/10

Citation

To provide, administer, and communicate with you about products, services, offers, programs, and promotions of Bandcamp and its partners (including surveys and any other marketing activities). If required under applicable law, we will only send you promotional communications with your consent;

[...]

Where required by law, we obtain your prior opt-in consent at the time of collection for certain processing of Personal Data, such as for direct marketing purposes. If we rely on consent for the processing of your Personal Data, you have the right to withdraw your consent at any time and, when you do so, this will not affect the lawfulness of the processing before your consent withdrawal.

You can opt out of the collection and use of certain information, which we collect about you by automated means, when you visit our website. Your browser may tell you how to be notified and opt out of receiving certain types of cookies and similar technologies. Please note, however, that without cookies you may not be able to use all of the features of our website.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service allow third-party access to private personal data? Yes, not all parties specified

0/10

Decided May 19, 2020 (revision history). This question accounts for 12% of the final score.

The policy allows sharing personal data with third-parties (not just critical service providers), and does not explicitly list the third-parties.

This may come in the form of outright data sharing or by using local third-party analytics software (such as Google Analytics, which collects a plethora of user information).

Note that whether the policy allows sharing aggregated user data does not affect this question.

If the personal data is encrypted when it passes through the third-party, it does not count as third-party access (as the data is inaccessible to that party).

If personal data has been made public by, for example, posting it to a blog, it does not count as private personal information (and is therefore not considered by this question).

Possible Options

Yes, not all parties specified0/10
Yes, all parties specified (including non-critical service providers such as advertisers)3/10
Yes, not all parties specified (but only to critical service providers)7/10
Yes, all parties specified (only to critical service providers)8/10
No10/10

Citation

Personal Data about our customers is an integral part of our business. We neither rent nor sell your Personal Data to anyone. We share your Personal Data only as described below.

We may share your Personal Data with any members of our group, which includes our affiliates, employees, subsidiaries and branch offices, to which it is reasonably necessary or desirable for us to disclose your data in order to carry out the above-mentioned data processing purposes.

We are affiliated with a variety of businesses and work closely with them. In certain situations, these businesses sell items to you through Bandcamp's Service. In other situations, Bandcamp provides services, or sells products jointly with affiliated businesses. You can easily recognize when an affiliated business is associated with your transaction, and we will share your Personal Data that is related to such transactions with that affiliated business.

We employ other companies and people to perform tasks on our behalf and need to share your information with them to provide products or services to you. Examples may include sending postal mail and email, analyzing data, providing marketing assistance, providing search results and links (including paid listings and links), processing credit card payments, and providing customer service. Unless we tell you differently, Bandcamp’s agents do not have any right to use Personal Data we share with them beyond what is necessary to assist us. You hereby consent to our sharing of Personal Data for the above purposes.

When you use certain functionality or services, we may provide certain Personal Data to bands, such as your email address, country of residence and zip/postal code ("Fan Information"), and you can opt-in to be added to the relevant band’s mailing list. Bands are only authorized by us to use the Fan Information to send email to you and may not share, rent, or sell the information with others for any other purpose.

User profile information including users’ name, email address, purchase history and other information you enter (“User Submissions”) may be displayed to other users in certain cases to facilitate user interaction within the Service. Email addresses are used to add new User Submissions to user profiles and to communicate through User Submissions. Users’ email addresses will not be directly revealed to other users by us, except, when the user is “connected” to another user via a shared group membership, or an invitation, or if the user has chosen to include their email address in their User Profile. You may designate certain User Submissions, including individual items in your purchase history, as private, in which case they will not be displayed to other users.

We may provide aggregate information to our partners about how our customers, collectively, use our site. We share this type of statistical data so that our partners also understand how often people use their services and our Service, so that they, too, may provide you with an optimal online experience. Bandcamp never discloses aggregate information to a partner in a manner that would identify you personally.

As part of the Service and Services, you will receive from Company email and other communication relating to your User Submissions. You acknowledge and agree that by posting such User Submissions, Company may send you email and other communication that it determines in its sole discretion relate to your User Submissions.

In these types of transactions, customer information is typically one of the business assets that is transferred. Moreover, if Bandcamp, or substantially all of its assets were acquired, or in the unlikely event that Bandcamp goes out of business or enters bankruptcy, customer information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of Bandcamp may continue to use your Personal Data as set forth in this policy.

We may access, preserve, and disclose collected information, if we believe doing so is required or appropriate to: comply with law enforcement requests and legal process, such as a court order or subpoena; enforce or apply our conditions of use and other agreements; or protect the rights, property, or safety of Bandcamp, our employees, our users, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction.

Except as set forth above, you will be notified when your Personal Data may be shared with third parties, and will be able to prevent the sharing of this information.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service allow you to permanently delete your personal data? Yes, by contacting someone

3/5

Decided May 19, 2020 (revision history). This question accounts for 6% of the final score.

Even if there is a reasonable delay before the data is fully deleted (as is common), the data still counts as "permanently deleted" and satisfies the parameters for this question.

Possible Options

No0/5
Yes, by contacting someone3/5
Yes, using an automated mechanism5/5
N/A (no personal information collected)5/5

Citation

Subject to applicable law, you may have the right to: obtain confirmation that we hold Personal Data about you, request access to and receive information about the Personal Data we maintain about you, receive copies of the Personal Data we maintain about you, exercise your right to data portability, update and correct inaccuracies in your Personal Data, object to or restrict the processing of your Personal Data, and have the information blocked, anonymized or deleted, as appropriate. These rights may be limited in some circumstances by local law requirements. You may also have the right to lodge a complaint with your local data protection authority.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


When does the policy allow law enforcement access to personal data? When reasonably requested

3/5

Decided May 19, 2020 (revision history). This question accounts for 6% of the final score.

Possible Options

Always0/5
Not specified0/5
When reasonably requested3/5
Only when required by a court order or subpoena4/5
N/A (no personal data to share)5/5
Never (special legal jurisdiction)5/5

Citation

We may access, preserve, and disclose collected information, if we believe doing so is required or appropriate to: comply with law enforcement requests and legal process, such as a court order or subpoena; enforce or apply our conditions of use and other agreements; or protect the rights, property, or safety of Bandcamp, our employees, our users, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Transparency

Does the policy require users to be notified in case of a data breach? No

0/7

Decided May 19, 2020 (revision history). This question accounts for 8% of the final score.

Note that all companies operating in the EU are subject to Art. 33 of the GDPR, which requires companies to notify their data protection authority of a data breach within 72 hours of discovering it.

Possible Options

No0/7
Yes, eventually5/7
Yes, within 72 hours7/7
N/A (the service collects so little personal data that notification would not be possible)7/7

Note

There is no requirement to disclose data breaches to users

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Will affected users be notified when the policy is meaningfully changed? Yes

5/5

Decided May 19, 2020 (revision history). This question accounts for 6% of the final score.

Possible Options

No0/5
Yes5/5
N/A (no personal data—or contact information—collected)5/5

Citation

Bandcamp may amend this Privacy Policy from time to time. Use of information we collect now is subject to the Privacy Policy in effect at the time such information is used. If we make changes in the way we use Personal Data, we will notify you by posting an announcement on our Service or sending you an email. Users are bound by any changes to the Privacy Policy when they use the Service after such changes have been first posted.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Is the policy's history made available? Only the date it was last modified

3/5

Decided May 19, 2020 (revision history). This question accounts for 6% of the final score.

Possible Options

No0/5
Only the date it was last modified3/5
Yes, with revisions or a change-log5/5

Citation

Effective Date: May 25, 2018

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the policy outline the service's general security practices? Somewhat

1/3

Decided May 19, 2020 (revision history). This question accounts for 4% of the final score.

The policy provides only a very vague overview of its security practices.

Possible Options

No0/3
Somewhat1/3
Yes2/3
Yes, including audits2.5/3
N/A (no personal data collected)3/3
Yes, including independent audits3/3

Citation

Bandcamp endeavors to protect user information to ensure that your Personal Data is kept private. We use physical, managerial, and technical security measures to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. In particular, we take steps to ensure that our employees and service providers who have access to your Personal Data only process it upon our instructions, unless otherwise required by law.

However, no measures are 100% secure and unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of your Personal Data. To protect the security of your data, you need to select and protect your password appropriately and limit access to your computer and browser by signing off after you have finished accessing your account.

The Service may contain links to other sites. Bandcamp is not responsible for the privacy policies and/or practices on other sites. When linking to another site you should read the privacy policy stated on that site. This Privacy Policy only governs information collected by Bandcamp.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Collection

Is it clear why the service collects the personal data that it does? Yes

10/10

Decided May 19, 2020 (revision history). This question accounts for 12% of the final score.

This question deals with transparency. Even if the service uses data for reasons that aren't ideal for privacy, provided they list all of those uses, the service can still receive full credit for this question. However, if they are not explicit about their uses (by employing language like "such as"), a lower score is assigned.

Possible Options

No0/10
Somewhat4/10
Mostly7/10
Yes10/10
No personal data is collected10/10

Citation

The Personal Data collected by Bandcamp is used for the following purposes: To allow you to use the Service, to set up a user account and profile that can be used to interact with other users, and to allow users to identify each other by displaying Personal Data to other users and visitors of the Service; To provide, administer, and communicate with you about products, services, offers, programs, and promotions of Bandcamp and its partners (including surveys and any other marketing activities). If required under applicable law, we will only send you promotional communications with your consent; To operate, evaluate and improve our business, including developing new products and services; managing our communications; determining the effectiveness of, and optimizing the content you see; analyzing our products, services, website, mobile application, and any other digital assets; facilitating the functionality of our website, mobile application, and any other digital assets; To process sales and purchases, to transfer money, and to provide the expected receipts, statistics, and reports to the band and its customers; To perform accounting, auditing, billing, reconciliation, and collection activities; To respond to your inquiries; To perform data analyses and data aggregation (including anonymization of Personal Data); In connection with prospective service engagements, partnerships or vendor relationships; To comply with law enforcement requests and other legal obligations; To apply and enforce our Terms of Use and other agreements; To protect the rights, property, or safety of Bandcamp, our employees, our users, or others, including by taking measures to prevent fraud and reduce credit risk; To comply with industry standards and our policies. We also may use the information in other ways for which we provide specific notice at the time of collection.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the policy list the personal data it collects? Yes, generally

7/10

Decided May 19, 2020 (revision history). This question accounts for 12% of the final score.

All general categories of collected personal data are listed, though not all types of personal data are explicitly mentioned (for example, the list might use a phrase like 'such as' when listing types of personal data).

Possible Options

No0/10
Only summarily3/10
Yes, generally7/10
Yes, exhaustively10/10
N/A (no personal information is collected)10/10

Citation

User information, such as the name, username, password, email address, photograph or other likeness, settings, associations with bands and fans, purchase history, and any other information you provide in connection with your user account. User financial information, such as your credit or debit card number, bank account number, and billing and shipping address. This information is collected and processed by our payment processor, as necessary to complete your purchase. We do not receive your credit card information directly, but we may receive information about the transaction, such as the date and time it occurred. This information may or may not be associated with an existing user or fan account on the website. Band information, such as user-provided biography, location, and tags. Band financial information, such as Paypal account(s), Stripe account(s), Pro/label subscriptions, and payouts. Fan information, such as the user-provided name, email address, country of residence, zip/postal code, picture, location, and biography. Emails and messages, including receipts, newsletters, and support contact. This information consists of the emails we send to individuals, and the messages that users may send to one another.

In addition to the above, we may automatically collect the following types of information:

Website activity information, such as application logs, data files, information collected by cookies, IP address, browser information, and metrics generated in the normal operation of a website. “Application logs” are text files in which are recorded most of the activities on a website, including page visits, payments, and usage. Website activity information is sometimes associated with an IP address or other Personal Data. Third parties may also collect information about your website activity over time and on other websites or mobile applications. Information collected via cookies. Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your browser to enable our systems to recognize your browser and tell us how and when pages in our site are visited and by how many people. Bandcamp cookies do not collect Personal Data, and we do not combine the general information collected through cookies with other Personal Data to tell us who you are or what your screen name or email address is. Most browsers have an option for turning off the cookie feature, which will prevent your browser from accepting new cookies, as well as (depending on the sophistication of your browser software) allowing you to decide on acceptance of each new cookie in a variety of ways. We strongly recommend that you leave the cookies activated, however, because cookies enable you to take advantage of some of Bandcamp’s most attractive features. If you choose to disable cookies or similar technologies, some parts of our Service may not work properly. We use Google Analytics to collect and process analytical data about users of Bandcamp’s website. Google Analytics tracks your interaction with the Site and stores information about IP address, operating system, web browser, pages visited, information about demographics of our website users, the device used, and where the visit originated. You can learn about Google’s practices by going to https://www.google.com/policies/privacy/partners/, and opt out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout. We may use software tools such as JavaScript to collect page interaction information such as clicks, drags, and hover-overs, response times, errors, and length of visits to certain pages.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service collect personal data from third parties? Yes

0/10

Decided May 19, 2020 (revision history). This question accounts for 12% of the final score.

This includes the use of data brokers and independent verification authorities (such as background check providers).

Possible Options

Yes0/10
Only for critical data7/10
No10/10

Citation

We may receive Personal Data relating to you from:

You directly when you provide us with information about you; Your use of Bandcamp’s Service; Third parties that provide us with information about you.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service allow the user to control whether personal data is used or collected for non-critical purposes? On an opt-out basis, for all non-critical data/uses

3/5

Decided May 19, 2020 (revision history). This question accounts for 6% of the final score.

Some services allow users to opt-out or opt-in to of non-critical collection or use of personal data, such as collecting data for personalized advertisements.

Possible Options

No0/5
On an opt-out basis, but only for some non-critical data/uses1.5/5
On an opt-out basis, for all non-critical data/uses3/5
N/A (no data used for non-critical purposes)5/5
On an opt-in basis5/5

Citation

Where required by law, we obtain your prior opt-in consent at the time of collection for certain processing of Personal Data, such as for direct marketing purposes. If we rely on consent for the processing of your Personal Data, you have the right to withdraw your consent at any time and, when you do so, this will not affect the lawfulness of the processing before your consent withdrawal.

You can opt out of the collection and use of certain information, which we collect about you by automated means, when you visit our website. Your browser may tell you how to be notified and opt out of receiving certain types of cookies and similar technologies. Please note, however, that without cookies you may not be able to use all of the features of our website.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.



Warnings

Bandcamp has no warnings published on PrivacySpy. PrivacySpy publishes warnings when it learns a service has announced a data breach or is found misusing user data. If you believe a warning should be published for Bandcamp, submit one here.


Highlighted Policy Snapshot ALPHA

No highlighted policy snapshot has been created for this privacy policy. To view the policy at its original location, click here.

4.5/10

How we calculate ratings →


Version Added

May 19, 2020

Ratings Updated

May 19, 2020

Warnings

0

Maintained by

doamatto

Original Location
Open in New Tab
Other Versions