Gültig ab 10. Oktober 2023
Dieses Dokument ist momentan nur in Englisch vorhanden. Wir danken für Ihr Verständnis.
-------------
Your privacy and protection of Your data is important to Zink Media, LLC (d/b/a Discogs) and Discogs B.V., as well as our affiliates (collectively, “We”, “Our”, “Us” or “Discogs”) and this Privacy Policy (the “Policy”) represents Our commitment to care for Your “personal information” (includes “personal data” and similar terms to describe the data about You as defined by various domestic/international regulations). This Policy applies to the personal information We collect, use, disclose, and sell via Our websites, discogs.com and nearmint.io, other websites that We may publish from time to time, and through any associated service, including Application Program Interfaces (“APIs”), (collectively, the “Service”). Privacy-related information specific to Our mobile applications can be found in Our Discogs App Privacy Policy.
This Policy does not apply to personal information collected by or through any other online or offline sites, applications, products, or services not controlled by Us. When You use third party sites, applications, products, or services, You are subject to those third parties’ policies. In addition, this Policy does not cover personal information You independently disclose to other users of the Service. Disclosure of personal information to buyers, sellers, contributors, or other users (collectively, “Other Users”) outside of disclosure to Us should be discussed with those Other Users prior to providing such information. We are not responsible for the privacy or data protection processes of any Other Users of Our Service.
By using Our Service, You confirm that You have read and agree to abide by the terms of this Policy, Our Terms of Service, and other applicable policies found on Our Service. You acknowledge that We will process Your information in the United States, the Netherlands, Japan and any other country where We or Our service providers/processors operate. If You fail to provide certain information required by Discogs or withdraw Your consent to processing of Your personal information, including where applicable to this Policy (by closing Your account, if any, and/or disabling cookies), then You may not have access to certain portions of the Service, including the benefits of membership, buying and selling options, language preferences, etc. In certain cases, We may continue to process Your personal information, but only if We have a legal basis to do so.
We encourage You to review the entire Policy. For quick access to a particular Policy section, click on the desired link below:
GENERAL PRIVACY AND DATA PROTECTION INFORMATION
INFORMATION SHARING AND DISCLOSURE
TRANSFER OF PERSONAL INFORMATION
PERSONALLY-IDENTIFIABLE INFORMATION SUBMITTED BY CHILDREN
ADDITIONAL U.S. STATE LAW DISCLOSURES
NOTIFICATION AND OTHER PRIVACY PREFERENCES
ANALYTICS & DISPLAY ADVERTISING, COOKIES
YOUR PERSONAL INFORMATION RIGHTS
General Privacy And Data Protection Information
We are committed to complying with applicable privacy and data protection laws and regulations designed to protect Your personal information, including, but not limited to, both of the European Union (“EU”) and United Kingdom (“UK”) versions of the General Data Protection Regulation ("GDPR"), the UK Data Protection Act of 2018, the California Privacy Rights Act, the Act on the Protection of Personal Information (Japan), the Privacy Act 1988 (Australia), the Lei Geral de Proteção de Dados (Brazil), the Colorado Privacy Act, the Connecticut Data Privacy Act, and other applicable current or future regional, national and state privacy and data protection laws and regulations worldwide as they become effective and are amended. Additional details about the information We collect, the purpose of collection, Your rights, and how to contact us are provided in detail within this Policy.
Data Controller: If You are an EU or UK citizen or You are accessing our Services from within the European Economic Area (“EEA”) or UK and You provide Personal Information to Us, the Personal Information provided to Us in connection with the Service is controlled and processed by Discogs B.V., located at Keizersgracht 555, 1017 DR, Amsterdam, the Netherlands.
Personal Information provided to Us from anywhere outside the EEA or by non-EU citizens in connection with the Service or otherwise is controlled and processed by Zink Media, LLC (d/b/a Discogs), 4145 SW Watson Avenue, Suite 350, Beaverton, Oregon, USA 97005.
Our privacy team can be contacted at privacy [at] discogs [dot] com.
Data Protection Officer:
- Our global Data Protection Officer (HewardMills) can be contacted at dpo [at] discogs [dot] com, by mail to 77 Farringdon Rd, London ECIM 3JU, United Kingdom, or by phone to +44 20 4540 5853.
- Our Data Protection Representative in the UK (DPO Consultancy Limited) can be contacted at ukdpr [at] discogs [dot] com.
EU-U.S. and Swiss-U.S. Data Privacy Frameworks: Zink Media, LLC (d/b/a Discogs) and its holding company, Meta Zink Corporation, comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Zink Media, LLC (d/b/a Discogs) and its holding company, Meta Zink Corporation have certified to the U.S. Department of Commerce that We adhere to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Zink Media, LLC (d/b/a Discogs) and its holding company, Meta Zink Corporation have certified to the U.S. Department of Commerce that We adhere to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view Our certification, please visit https://www.dataprivacyframework.gov/.
Information Collected
We practice privacy by design and only collect and process that information which is necessary to provide the Service or meet Our legitimate business needs. We conduct risk assessments on Our processing activities to ensure they do not cause undue harm to individuals. Generally, We collect the following categories of personal information from Service users:
|
Category of Information |
Description |
Source of Information |
Purpose |
Information Shared With |
|---|---|---|---|---|
|
Identity and Contact Information |
Identifiers such as a real name, alias, username, gravatar, postal address (shipping), unique personal identifier, online identifier, Internet Protocol address, Session ID (SSID), email address, account name, or other similar identifiers, information submitted on webforms, and information contributed to forums. Additional identifiers including identification number or beneficiary information as it relates to employee benefits and obligations. |
Consumer (User) |
To provide the Service, including account registration, buying, selling, contributing, etc.; When provided with a job application, it is used to consider Your employment with Us or, if employed, to provide benefits or comply with legal reporting obligations |
Operating Systems and platforms; Email service providers; Parties to a transaction (if using the marketplace); Job application information is not shared; Employee benefit information is shared with benefits providers and regulators, as applicable |
|
Personal and Company Information, Contact Information, Bank Details and Commercial Information |
We are required to process some or all of the following information from sellers that meet requirements of specific laws and regulations: full name, primary address, photo identification (selfie), government ID, date of birth, bank account details, tax identification number (TIN), place of birth (if You do not have TIN), VAT identification number, if available, as well as the existence and location of a permanent establishment through which the business activities are carried out, if and as applicable. Refer to Everything You Need to Know About Seller Account Identification for additional information. |
Seller (User) |
For legal purposes, to report Your taxpayer information to relevant tax authorities and comply with Our tax obligations, as well as to reduce the risk of fraud on Discogs marketplace platform and subsequent financial and personal data losses that users / buyers may experience |
Tax authorities and regulators, as applicable; and Seller Verification Service Providers |
|
Commercial Information |
Records of products or services purchased, obtained, or considered, other purchasing or consuming histories or tendencies, or financial identifier (i.e., PayPal ID). |
Consumer (User) |
To provide the Service related to transactions |
Operating Systems and platforms; Email service providers; Parties to a transaction (if using the marketplace) |
|
Technical Information |
Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding Your interaction with the Service or marketing materials, operating systems and other technology used on Your devices to access the Service. |
Consumer (User); User Device |
To provide the Service, including personalization and performance/ analytics to improve the Service. |
Operating Systems and platforms |
|
Geolocation Information |
Non-precise geolocation data based on Your IP address or other analytics tools. |
Consumer (User); User Device |
To provide the Service, including personalization and targeted advertising |
Operating Systems and platforms *Analytics and advertising networks (if You allow performance, targeting, or social media cookies - this constitutes a “sale” or "sharing" under California Privacy Rights Act) |
|
Professional Information |
Prior work and other related information provided to Us if You apply for a job with Us |
Consumer (User) |
To consider Your employment with Us |
Not shared |
|
Educational Information |
Education information provided to Us if You apply for a job with Us |
Consumer (User) |
To consider Your employment with Us |
Not shared |
|
Inferred Information |
Inferences drawn from any of the information identified above reflecting the Your preferences, behavior, and interests. |
Consumer (User); User Device |
To provide the Service, including personalization and targeted advertising |
Operating Systems and platforms *Analytics and advertising networks (if You allow performance, targeting, or social media cookies - this constitutes a “sale” or "sharing" under California Privacy Rights Act) |
|
Browsing Information |
Browsing data collected via cookies, such as page URL or page metadata |
User Device |
To personalize targeted advertising |
Analytics and advertising networks (if You allow performance, targeting, or social media cookies - this constitutes a “sale” or "sharing" under California Privacy Rights Act) |
|
Contest and Giveaway Contact Information |
Contact information such as name, email, address, and other identifiers depending on the contest or giveaway type |
Consumer (User) |
To provide contests and giveaways |
Not shared unless explicitly disclosed in contest or giveaway terms, in which case information may be shared with disclosed partners supplying the prizes |
We may collect any other biometric personal data for the purpose of uniquely identifying a natural person, in the form of facial pictures of Sellers to compare them against government ID as a part of the seller verification process. We would collect this data for the purpose of fraud prevention only upon Your explicit consent as the legal basis. You have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
We do not collect sensitive personal information, such as information about users’ race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health data, genetic data, other biometric data, or any other protected classes of information. We do not collect any information about criminal convictions and offenses unless such information is surfaced in a job application. Please see California Employees, Contractors, and Job Applicants for additional information about data collected for employment purposes.
We rely on the following lawful bases to collect and process personal information based on the EU and UK versions of the General Data Protection Regulation (“GDPR”):
- Consent: use for a specific purpose based on Your clear consent. Article 6(1)(a) GDPR.
- Contract: use to provide the Service to You pursuant to Our policies or taking steps at the request of the data subject prior to entering into a contract. Article 6(1)(b) GDPR.
- Legal Obligation: use is necessary for Us to comply with the laws in the EEA. Article 6(1)(c) GDPR.
- Legitimate interests: use is necessary for Our legitimate interests that are not overridden by Your personal information protection interests or fundamental rights and freedoms. Article (6)(1)(f) GDPR.
In the case the Personal Data is collected and processed under the California Privacy Rights Act (“CPRA”), We rely on the following legal grounds:
- Business: use by Our or Our service provider’s/processor’s operational purposes that is reasonable and necessary to provide the Service. Section 1798.140(e) CPRA.
- Commercial: use by Us to increase Our revenue, such as by encouraging transactions through the marketplace or user subscriptions to marketing-related emails. Section 1798.140(g) CPRA.
More specifically, Our basis for collecting and using the personal information described will depend on the portion(s) of the Service utilized:
|
Service |
Personal Information Collected |
Purpose of Collection |
Basis for Use |
|---|---|---|---|
|
Browsing |
Cookie-based information related to browsing, Your device, and IP address. Depending on Your jurisdiction, cookies may only be placed with Your consent. |
Analytics (Service health, usability, etc.) and advertising (with consent, as applicable) |
GDPR: Legitimate Interest; Consent CPRA: Commercial purpose |
|
Account registration for discogs.com |
Username, email address, SSID, IP address, geolocation, browser type/version, and operating system |
Verification of Your identity when You access Our Service, fraud prevention, communication with You, and customization of certain aspects of Your visits, such as language. Registration also allows You to list or purchase items for sale, contribute to the catalogue, build a collection and wantlist, and participate in forum discussions. |
GDPR: Contract, Legitimate Interest; CPRA: Business purpose |
|
Selling on discogs.com |
We are required to process some or all of the following information from sellers that meet requirements of specific laws and regulations: Full name, primary address, PayPal Account Name, photo identification (selfie), date of birth, government ID, bank account details, tax identification number (TIN), place of birth (if You do not have TIN), and VAT identification number, if available, as well as the existence and location of a permanent establishment through which the business activities are carried out, if and as applicable. Refer to Everything You Need to Know About Seller Account Identification for additional information. |
Use of the marketplace to engage in transactions with purchasers, and for legal purposes, to report Your taxpayer information to relevant tax authorities and comply with Our tax and fraud prevention obligations. |
Contract, Legitimate Interest, and Legal Obligation; |
|
Shipping Labels Service |
Address and phone number |
Population of shipping label(s) on Your behalf |
GDPR: Contract; CPRA: Business purpose |
|
Third Party Payment Services |
1. Depending on whether You are a business or individual: name, date of birth, email address, phone number, company name, tax identification number, bank account information, government issued photo identification, and bank statement or voided check. 2. Username, account creation date, IP address and email address |
1. Identity verification (per financial regulations) - this information is required by Our third party payment processor(s). 2. Fraud review for accounts. |
GDPR: Contract; CPRA: Business purpose |
|
Purchasing |
Full name, address, and phone number (optional) |
To complete transaction shipping from seller. We do not collect or store any purchaser payment information, such as credit card information. Such information is provided directly to the seller by the purchaser with no interaction by or through Us. Depending on Your payment option selection, certain third parties may have access to such information (i.e., PayPal, Inc.) |
GDPR: Contract; CPRA: Business purpose |
|
Registration for NearMint |
Email address, name, address, username |
Inventory management service |
GDPR: Contract; CPRA: Business purpose |
|
Marketing Emails |
Email address |
Some countries require that We obtain Your explicit consent (opt in) to send You marketing-related emails, while other countries do not require express consent. In all cases, You may opt out from receiving marketing-related emails in the notification preferences within Your account settings or from within the email messages themselves. |
GDPR: Consent; CPRA: Business purpose, Commercial purpose |
|
Registration to receive Media Kit |
Name, company name, title and email address |
Providing You a copy of the media kit. We collect Your information so that We can communicate with You about potential advertising opportunities. |
GDPR: Consent; CPRA: Business purpose |
|
User Support |
Email address, username (if registered) and other information You provide for the purpose of responding to Your question or concern, including information submitted to Us to make a valid copyright claim, such as name and contact information. |
Reviewing Your questions/concerns and responding to You. We ask that You do not submit any information to Us that is not absolutely necessary for Us to assist You. |
GDPR: Contract, Legal Obligation; CPRA: Business purpose |
|
Error Reporting |
Username, email address, IP address, device information |
Reviewing errors or issues with the Service reported by you directly |
GDPR: Contract; CPRA: Business purpose |
|
Recruitment |
Name and email address, may also include postal address and professional and education history if provided by applicant |
To consider Your employment with Us |
GDPR: Contract; CPRA: Business purpose
|
|
Surveys and Research |
May include username, email address, IP address, device information, some of which is optional dependent on the survey type |
Service improvements (surveys are always optional and subject to consent) |
GDPR: Consent; CPRA: Business purpose, Commercial purpose
|
|
Contests and Giveaways |
Name, email, address, other identifiers dependent on the contest or giveaway type |
Participation in contests and giveaways, including winner selection, notification, and delivery of prizes |
GDPR: Consent; CPRA: Business purpose
|
Cookies : We may use cookies and other technology to keep track of Your online interaction with Our site. Please see the Cookie and Internet Advertising Policy for more information about Your cookie options. We do not participate in any cookie-related automated decision making, such as profiling (other than for cookie-based targeted marketing), with regards to the Service and Your personal information.
Information Sharing And Disclosure
We share personal information with service providers (processors) that act as an agent to perform tasks on Our behalf and under Our instructions. Examples include providers that assist with payment processing (i.e., PayPal), shipping (i.e., USPS), or providers that We contract with to send emails on Our behalf (i.e., HubSpot). This information is limited only to the information needed to perform the tasks. If certain cookies are enabled on Your device, then We may also share cookie-related information with related service providers, such as analytics and advertising providers or social media companies. Additional information about the service providers/processors We use to support delivery of Our Service is set forth on our Processors List. All service providers/processors are subject to Our ongoing due diligence reviews for compliance with privacy and data protection requirements, as well as contractual terms. For additional information about service provider (processor) and third party privacy practices, please review those partes’ privacy policies and notices.
We will provide You with notice and obtain Your consent, where applicable, in the event We intend to share Your information with a third party (other than as described above) or for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by You. Prior to sharing such information, You will be provided with clear, conspicuous, and readily available mechanisms to opt in or out of such sharing, as required by applicable laws and regulations. Except as described in this Policy, We do not otherwise share Your information with any third parties without Your consent or other legitimate basis. We do not provide or sell email addresses or collection/wantlist information to any third party without Your consent. Registered users can control the public availability of their collection/wantlist information in the account settings. Please see “Notification and Other Privacy Preferences” below for additional information on limiting the sharing of Your information.
Affiliates : We may share information within our network of affiliated companies, including Zink Media, LLC, Discogs B.V., and Discogs G.K., in order to provide the Service. Each of Our affiliated companies is subject to the terms of this Policy and follow the same privacy practices. All sharing among affiliates is subject to appropriate documentation and risk assessments.
Cookies : We may share information with advertising companies to serve You targeted advertisements, analytics providers, or social media providers. This sharing is considered a “sale” or "sharing" under the California Privacy Rights Act. Targeted advertisements are considered a “sale” under the Virginia Consumer Data Protection Act, the Colorado Privacy Act, and the Connecticut Data Privacy Act. You must be 16 years of age or older, depending on your jurisdiction’s minimum age requirements, to use the Service. As a result, We do not sell personal information of consumers under 16 years of age. The information is sourced from cookies/tags placed on Your device. The categories of information shared include:
- Geolocation Information: Non-precise geolocation data based on Your IP address or other analytics tools.
- Inferred Information: Inferences drawn from Your online activities reflecting Your preferences, behavior, and interests.
Depending on Your location, You may need to opt in/consent to the placement of these and other cookies or You may have the option to opt out of these and other cookies. Please see the Cookie and Internet Advertising Policy for additional information about controlling cookies.
In addition to the above cookie-related actions, California consumers may select the “Do Not Sell or Share My Personal Information” link, which has been included on Our properties as a component of California Privacy Rights Act compliance to block targeted advertising, analytics, and social media cookies upon Your request. See “California Disclosures” below for additional information. Further, Virginia, Colorado, and Connecticut consumers may select the “Opt out of sale of personal data and Targeted Advertising” link, which has been included on Our properties as a component of U.S. state laws compliance to block targeted advertising upon Your request. See “Additional U.S. State Law Disclosures” below for additional information.
Other Sharing: We may share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of Our Terms of Service, or as otherwise required by law enforcement or national security requirements. We may also disclose information when requested to comply with a court order, regulatory investigation, or governmental request.
Sensitive/Protected Information: We do not currently collect or process sensitive, special, or protected information except in the employment context and if You are a seller on the Website with affirmative and explicit express consent. If You are a seller on the website, please refer to the Information Collected section for more information. In the event We decide to collect sensitive, special, or protected categories of information (i.e., personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, information specifying the sex life of the individual, genetic data, or biometric data for the purpose of uniquely identifying a natural person) from users or business partners, We will first obtain affirmative and explicit express consent (opt in) from You (Article 9[2][a] GDPR) if We intend such information to be collected, processed or disclosed to a third party. In addition to consent, We perform risk assessments on any processing involving sensitive data. In the event that the legal basis for collection or processing (Article 9[2] GDPR) has changed, We will inform You of the change prior to collection or processing.
Nevada, United States, Residents: We do not sell Your personal information for monetary consideration as set forth in Nevada Senate Bill 220. If We change this practice in the future, We will obtain affirmative express consent (opt in) from You before taking any such action. You can write to Us at Our Help Center to add Your email address to a “do not sell” list. Please note that You are responsible for updating Us in the event that You need to change Your email address on file.
Mobile Devices: You may choose not to provide information related to Your mobile devices. Information on disabling device location permissions can generally be found in Your device settings or by contacting Your carrier or device manufacturer.
Opt-out Preference Signals: You may opt out of online tracking technologies by broadcasting an Opt-Out Preference Signal, such as the Global Privacy Control (GPC) (on the browsers and/or browser extensions that support such a signal). This opt out method is honored for the specific device You are using that includes the opt-out preference signal. To download and use a browser supporting the GPC browser signal, click here: https://globalprivacycontrol.org/orgs. If You choose to use the GPC signal, You will need to turn it on for each device and supported browser or browser extension you use.
Retention And Storage
We retain Your personal information only as long as it is reasonably necessary to provide You the Service and as required by applicable laws and regulations. This includes maintaining and improving the performance of Our Services, keeping Our Services secure, and maintaining appropriate business and financial records. For example, if You register for an account, but do not activate Your account in the following 14 days, then We will automatically delete Your registration information. If You otherwise use Our Service via Your account without activation in the following 14 days, then We will retain Your registration information.
If We process Your personal data on the basis of consent, then We will retain the data for as long as necessary in order to process it according to Your consent or until You withdraw Your consent. For example, We will retain Your email address related to Your consent to receive marketing-based emails only so long as You are opted-in to receive those emails. When You unsubscribe or opt-out, then We no longer use Your email address for marketing-based emails.
We may keep the minimal necessary personal information about You after You have deactivated Your account for the period of time needed for Us to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce Our agreements. For example, We may be required to retain Your information to comply with applicable tax/revenue laws or our Know Your Customer (“KYC”) obligations.
Information submitted to or obtained via Our Service is maintained on secure servers and cloud platforms in the United States. We work with third parties to deliver the Service, most of which are also located within the United States. Please see our Processors List for details about the third parties that help us deliver the Service to You.
Safeguarding Your Information
The security of Your Data is of utmost importance to us. Therefore, We have implemented the following technical and organizational measures to ensure the required level of security to protect Your Personal Data:
Physical Security:
- We use secure facilities by preventing unauthorized persons from access to personal information, and ensuring that off-site data centers and server facilities adhere to similar appropriate controls.
- Our off-site data centers and servers are locked with Radio Frequency ID badges.
Data and Network Security:
- Our internal teams ensure We follow industry best practices for monitoring and maintaining data center firewalls and authentication via hashed and salted passwords.
- We ensure personal information is accessible and manageable only by properly authorized staff, including restricted catalogue query and application access, need-to-know access restrictions, and restrictions on the personal information that can be read, copied, modified and/or removed.
- We use encryption of data residing on off-site backup tapes and data residing on servers at drive level.
- We use encrypted data transfer over SSL and other controls to ensure that personal information cannot be read, copied, modified or removed without authorization during external electronic transmission or transport.
- We maintain full disk encryption of all employee issued laptops.
- We encrypt all data before disposal and/or deletion.
- We vet vendors that process Your data on an ongoing basis for compliance with applicable laws and regulations.
- We use logical separation to ensure that personal information is only processed per the terms of this Privacy Policy and the privacy settings selected by You.
- We utilize input controls to ensure that any personal information is provided and edited by You or by Us at Your direction.
Vulnerability Management:
- Our servers are patched regularly, and critical vulnerabilities are patched as soon as possible.
- We routinely engage third parties to run penetration tests against our system.
Data Backup and Recovery:
- We maintain appropriate contingency plans and data backups in the event of a data loss.
- Data backups are taken on a regular basis, and are secured and encrypted.
- Our backup systems are designed to backup site data regularly.
- We maintain emergency and contingency plans for various systems.
- Our data centers have committed to maintaining SSAE 18 SOC 1 and SSAE SOC2 certifications, which We review on an ongoing basis.
Data Resilience:
- Your data is stored on servers located in the United States.
- We utilize a worldwide CDN of 20+ edge data centers. These data centers provide routing as well as data caching, which helps Us reduce latency and improve the performance of Our network.
Compliance Certifications:
- We are certified under the EU-U.S. Data Privacy Framework,the Swiss-U.S. Data Privacy Framework, and the UK-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce.
Data Breach Notification:
- Upon awareness and/or discovery of a breach involving Your data, We will contact appropriate regulators, and if deemed appropriate, will notify You directly.
Despite Our efforts, no security measure can be absolute, and there can be no guarantee that Your personal information will not be accessed through malicious means, inadvertent disclosure, or mistake.
Transfer Of Personal Information
Privacy and data protection laws and regulations and their associated transfer requirements vary by location (state, country and region). We strive to comply with transfers of personal information under these laws and regulations by ensuring transfer is made under an appropriate legal basis. We only transfer personal information to those parties that act as service providers or processors with respect to the Service We provide to You, with Your consent, or under a legitimate interest or business, or commercial purpose, as described in this Policy. We may also transfer personal information if required to do so by other applicable laws and regulations, including those related to criminal or civil matters.
Our technical infrastructure is located in the United States. If You choose to use the Service, You agree to Our Terms of Service which states that Your personal information will be hosted within Our United States infrastructure and Your personal information is required to be transferred to the United States as a result. We work with third parties to deliver the Service, most of which are also located within the United States. We conduct risk assessments and require additional contractual requirements where the third parties We work with are located outside of the United States. Please see our Processors List for details about the third parties that help us deliver the Service to You and the locations of those parties.
To the extent that We transfer Your personal information outside of Your country of residence, We rely on the following types of mechanisms to ensure the security of that information:
- Data Processing Agreements
- Model Clauses (i.e., EU standard contractual clauses and jurisdictional amendments), found here.
- EU Adequacy Decisions, found here.
- Risk Assessments (i.e., data transfer risk assessments, processing activity risk assessments)
- Ongoing monitoring of recipient country’s personal information protection systems
In the event that We go through a business transfer such as a consolidation, merger, restructuring, acquisition, or sale of part or all of Our assets, We will obtain Your consent to the transfer of Your information as permitted by law and to the continued use of Your information by the recipient following the transfer so long as they comply with this Policy.
Personally-Identifiable Information Submitted By Children
The Service is not intended for use by children under 16 years of age in the United States. Please consult local laws for age restrictions in additional jurisdictions. IF YOU ARE UNDER THE MINIMUM AGE FOR YOUR JURISDICTION, DO NOT USE OR ACCESS THE SERVICES AT ANY TIME OR IN ANY MANNER. If We determine that personally-identifiable information of children under the minimum age has been collected, We will remove the information from the Service. If You are a parent or guardian and learn that a child under the minimum age has created an account, You may contact Us and request that the information be removed from the Service at privacy [at] discogs [dot] com.
California Disclosure
The following disclosures are required for California consumers.
If You are a seller on the Website, with Your explicit and express consent, Our third party identification provider may process biometric data (“selfie”) and personal identification numbers (social security number, drivers license, passport, or state ID card numbers) to determine Your identity, which is considered “Sensitive Personal Information” as defined in California Civil Code Section 1798.140 of the California Privacy Rights Act of 2020. The information will not be used for any other purposes other than to verify Your identity. This information is kept on file for up to seven years depending on the applicable regulation pursuant to which it was obtained.
Right to Know About Personal Information Collected
Please refer to the “Information Collected” and “Information Sharing and Disclosure” sections above.
Do Not Sell or Share My Personal Information/Notice of Right to Opt-Out of Sale or Sharing of Personal Information
We allow targeting, performance, and social media cookies to be placed on Our sites by third parties for other valuable consideration for the purpose of targeted advertising by programmatic advertisers, analytics for Service performance reviews and improvements, and social media interactions, respectively. These third parties use information from cookies, such as Your geolocation and browsing behavior to serve You personalized advertisements. We do not otherwise “sell” or "share" (as defined by the California Privacy Rights Act) any personal information. We only share Your personal information with others for the limited purpose of providing the Service to You. If You are a Virginia, Colorado, or Connecticut site visitor or user, then You must select the “Reject all" or "Opt out of sale of personal data Targeted Advertising (depending on your jurisdiction) link available on the Service to block (opt out of) all targeting, performance, and social media cookies from Our Service on Your device. Opting out via the link will place a strictly necessary cookie on Your device to identify You in future interactions with Our Service so that targeting, performance, and social media cookies are not placed during those subsequent interactions. Since this action must be performed by a person using Your device, We do not conduct any identity verification with respect to Your exercise of this right. We also honor opt-out preference signals as discussed above under “Opt-out Preference Signals.” You may contact Us at privacy [at] discogs [dot] com for additional information about Your opt out rights. Please see the Cookie and Internet Advertising Policy for additional information about cookies on or related to Our Service and steps You can take with respect to those cookies.
Right to Know, Right to Correct, and Right to Delete
You may submit a request for the categories and specific information that We have collected about You, request correction of Your information, or request that We delete any personal information about You that We have collected, subject to certain exceptions. Refer to Your Personal Information Rights section below for information on submitting requests regarding Your rights.
Information Submitted by Minors under 18 in California
If You are a minor under the age of 18 residing in the State of California, United States, You have additional rights under California law. You may request removal of any information or content You posted while under the age of 18. We cannot ensure that removal of information You provided to the Service will be complete or comprehensive (i.e., information posted to public groups and forums that may be accessed by non-users) but it will be complete and comprehensive on Our part (i.e., user account information). In addition, if at any time You delete Your account, We will remove Your information from the Service. Deletion and removal of information is subject to exceptions to maintain certain information as described in the “Retention and Storage” section of this Policy.
Your California Privacy Rights (Shine the Light Law)
We do not share personal information as defined by California Civil Code Section 1798.83 (“Shine The Light law”) with third parties for their direct marketing purposes absent Your consent. If You are a California resident, You may request information about Our compliance with the Shine the Light law by contacting Us by email to privacy [at] discogs [dot] com or by sending a letter to Zink Media, LLC (d/b/a Discogs), 4145 SW Watson Avenue, Suite 350, Beaverton, Oregon, USA 97005. Any such request must include "California Privacy Rights Request" in the first line of the description and include Your name, street address, city, state, and ZIP code. Please note that We are only required to respond to one request per user each year, and We are not required to respond to requests made by means other than through this email address or mail address.
Additional U.S. State Law Disclosures
The following disclosures are required for Virginia, Connecticut, and Colorado consumers.
Right to Know Categories of Personal Data Processed by Us
Please refer to the “Information Collected” and “Information Sharing and Disclosure” sections above. You may submit a request for the categories that We have processed about you, subject to certain exceptions. Refer to the “Your Personal Information Rights to Access, Alter, or Erase Your Personal Information” section below for information on submitting requests regarding Your rights pursuant to Your Right to Know under various U.S. state laws and regulations.
If You are a seller on the Website, with Your explicit and express consent, Our third party identification provider may process biometric data (“selfie”) to determine Your identity, which is considered “Sensitive Personal Information” pursuant to Virginia, Connecticut and Colorado privacy laws. The information will not be used for any other purposes other than to verify Your identity. This information is kept on file for up to seven years depending on the applicable regulation pursuant to which it was obtained.
Right to Know the Purpose of Processing
Please refer to the “Information Collected” and “Information Sharing and DIsclosure” sections above regarding Your right to know purposes of processing.
Right to Know Categories of Personal Data Shared with Third Parties and the Categories of Third Parties
Please see Our Processors List for details about the third parties that help Us deliver the Service to You.
Do Not Sell My Personal Information/Notice of Right to Opt-Out of Sale of Personal Information
We allow cookies to be placed on Our sites by third parties for monetary consideration for the purpose of targeted advertising by programmatic advertisers. These third parties use information from cookies, such as Your geolocation and browsing behavior to serve You personalized advertisements. We do not otherwise “sell” (as defined by the Virginia Consumer Data Protection Act, the Colorado Privacy Act, and the Connecticut Data Privacy Act) any personal information. We only share Your personal information with others for the limited purpose of providing the Service to you. If You are a Virginia, Colorado, or Connecticut site visitor or user, then You must select the "Reject all" link available on the Service to block (opt out of) targeted advertising cookies from Our Service on Your device. Opting out via the link will place a strictly necessary cookie on Your device to identify You in future interactions with Our Service so that targeted advertising cookies are not placed during those subsequent interactions. Since this action must be performed by a person using Your device, We do not conduct any identity verification with respect to Your exercise of this right. We also honor opt-out preference signals as discussed above under “Opt-out Preference Signals.” You may contact Us at privacy [at] discogs [dot] com for additional information about Your opt out rights. Please see the Cookie and Internet Advertising Policy for additional information about cookies on or related to Our Service and steps You can take with respect to those cookies.
How to Exercise Your Rights and Appeal
Please refer to “Your Personal Information Rights” on how to exercise Your Rights and how to appeal.
Notification And Other Privacy Preferences
We do not send spam and do not permit spam on or through Our Service. We comply with the CAN-SPAM Act of 2003 (US) and applicable international anti-spam regulations. Access to certain portions of Our Service include account registration or consent. We may send you marketing-related email upon Your express opt-in, making a purchase through Our Service, or by registering for Our Service, depending on Your jurisdiction. You may opt out of those portions at any time. Information about privacy and notification preferences within the Service, including opt in and opt out settings, can be found in Our How To Adjust Account, Notification & Other Privacy Preferences help document.
Public Groups & Forums
You must be registered on the Site in order to post on the forum. Information You post to the public areas of the Service (groups / forums / searchable catalog) is not private, and is not protected under this Policy. Please exercise caution when disclosing Your information in these areas. You acknowledge that Other Users and the public, in general, not covered by this Policy will have access to Your public postings and We cannot be responsible for any subsequent use of personal information contained in Your public postings.
Analytics & Display Advertising, Cookies
We use cookies to provide the Service for functional reasons (such as personalisation), to measure performance (analytics), and for targeting online advertisements. Depending on Your location, You may have the ability to control certain cookie settings available on the Service. Our Service will respect browser settings as “do not track,” “private,” "opt-out preference signals" (as discussed above), or the like from supported browsers. Not allowing cookies may affect certain functionality of the Service. See Our Cookie and Internet Advertising Policy for more information about how cookies are used with the Service.
Your Personal Information Rights
Identity Verification and Authorized Agents
If You submit a request to exercise Your rights under any privacy or data protection law and regulation, We will need to verify Your identity prior to complying with Your request. We verify requests by confirming the email address that sent the request is attached to a registered account on Our system. Erasure/Deletion requests include a second verification from the user sending the request. If You do not have an account with Us the only data We collect and process is (i) made available via cookies as allowed by law or regulation, which You can manage via Your “Cookie Settings” or “Manage Preferences” link on the Service in applicable jurisdictions, or (ii) any email address and country (as applicable) that You provide when signing up for Our email subscriptions and You may unsubscribe via the email links at any time.
Your authorized agent may be able to make a request to exercise Your rights on Your behalf. Please contact Us at privacy [at] discogs [dot] com to do so.
Consent
Where You have provided Your consent to any part of the Service, You may withdraw that consent at any time. To withdraw Your consent to Our policies in their entirety, You must cease using the Service. You may also withdraw Your consent to certain processing activities within the Service within Your account settings. Finally, You may withdraw Your consent to marketing-related email using the “unsubscribe” button found in those emails and, in some cases, within Your account settings.
Automated Decision Making
If You complete the “seller settings” within Your account, indicating a desire to sell through Our Service, You will undergo an automated assessment of Your email address to verify its validity. Such assessment amounts to email address profiling and will result in an automated decision regarding Your ability to sell through Our Service. The assessment results in a risk rating of the email address and higher risk email addresses may not be granted the ability to sell through Our Service. In addition, as part of Our seller verification process, We may conduct facial cross-checks of identity cards, and photos or video selfies, uploaded by You to our identity verification provider’s platform. This process is completed solely through automated means and results in profiling. Both of these assessments could impact You financially if You are not eligible to sell through Our Service as a result. We do not otherwise participate in any automated decision making other than cookie-based programmatic advertising (see “Information Collected - Cookies” above).
You have the right to obtain human intervention, express your point of view and contest the outcome of these assessments by contacting Us at privacy [at] discogs [dot] com.
Access
You have a right to access Your personal information that We collect/process/store or personal information that We “sell” or "share". Personal Data We “sell” or "share" (as defined by various U.S. State privacy laws and regulations) is limited to information generated by cookies and tags related to targeted advertising, analytics and social media. See Our Cookie and Internet Advertising Policy for more information.
Other than Your IP address, geolocation, SSID, device information and operating system (collected when You access the Service), information collected via cookies (with your consent, as applicable), and information that You provide to Us in Your support requests, all personal information We collect from registered users can be found in Your user profile by reviewing:
- Discogs.com accounts: Your User Profile Settings and the additional settings noted in the menu on the left side of the page (i.e., Notification, Privacy, Buyer, Seller, etc.).
- Nearmint.io accounts: Your Account page.
In addition,
- We offer email subscription services available to both registered and non-registered users that collect only an email address provided directly by the user.
- For those jurisdictions where We provide a cookie banner, cookie settings specific to Your device can be viewed via the “Cookie Settings” or “Manage Preferences” links located on Our Service.
Additional information about privacy and notification preferences within the Service, including opt in and opt out settings, can be found in Our How To Adjust Account, Notification & Other Privacy Preferences help document.
You may also access Your personal information and how it is used and shared by completing the Request Access of Data form in Our Help Center. We will comply with Your request within 30 days, unless a shorter time period is required by local laws and regulations, and if permitted by law. Additional questions may be submitted to privacy [at] discogs [dot] com.
Rectification, Restriction, and Objection
We want to make sure that Your personal information is accurate and up to date. Information within the Services is limited to that information that You have provided directly. If You would like to rectify personal information that You have previously provided to Us and are unable to do so using the How To Adjust Account, Notification & Other Privacy Preferences instructions, then please contact Us through Our Help Center. In Your request, please make clear what information You would like to have changed, whether You would like to have Your personal information suppressed from Our catalog or otherwise let Us know what limitations You would like to put on Our use of Your personal information that You have provided to Us. Some portions of Our Service may no longer be available if You request that We restrict processing or if You object to the processing of certain information.
If You would like to restrict or object to the processing of personal information that You have previously allowed by Us and are unable to do so using the How To Adjust Account, Notification & Other Privacy Preferences instructions, then please contact Us through Our Help Center. In Your request, please make clear what information You would like to restrict or object, or otherwise let Us know what limitations You would like to put on Our use of Your personal information that You have provided to Us. Some portions of Our Service may no longer be available if You object or request that We restrict processing of certain information.
If You would like to object to the processing of personal information that You have previously allowed by Us and are unable to do so using the How To Adjust Account, Notification & Other Privacy Preferences instructions, then please contact Us through Our Help Center. In Your request, please make clear what processing You would like to object or otherwise let Us know what limitations You would like to put on Our use of Your personal information that You have provided to Us. Some portions of Our Service may no longer be available if You object to the processing of certain information.
In all cases, We will comply with Your request within 30 days, unless a shorter time period is required by local laws and regulations, and if permitted by law. In the event that this time period needs to be extended, We will comply with applicable laws or regulations when it comes to notifying You of such an extension and reason for the extension. Additional questions may be submitted to privacy [at] discogs [dot] com.
Erasure/Deletion
You have a right to obtain erasure or deletion of the personal information You have provided to Us related to Your use of the Service. Exercising this right will result in closure of any account You have opened and removal of any items You have listed in Your collection, wantlist or for sale in the Marketplace. In addition, exercising this right will impact certain functionality of the Service available to You online. If You request erasure or deletion, pursuant to the Terms of Service, (i) Your user-generated content contributions will be anonymized by having the user name replaced by a generic term (i.e., "previous user1234" or simply "anonymous1234"), and (ii) We are entitled to continue using this anonymized user-generated content. We cannot guarantee that Your username as associated with any information You posted in public forums and discussions will be fully erased as Other Users have access to those portions of Our Service and may have used or republished such information, including Your username, subject to Our Terms of Service, prior to the time of Your request. We will comply with Your request within 30 days, unless a shorter time period is required by local laws and regulations, and if permitted by law or as set forth below. We may need to maintain certain information for additional days in order to carry out Our contractual obligations to You. For example, We provide support for transaction disputes for 90 days following the date of transaction. In addition, We may maintain minimal personal information on You for a reasonable period of time if You have violated the Terms of Service resulting in an account suspension or ban in order to protect other users or pursuant to any regulatory or legal exceptions allowing Us to maintain the information. You may submit a request for erasure or deletion by completing the Request Erasure of Data form in Our Help Center. Additional questions may be submitted to privacy [at] discogs [dot] com.
Human Intervention
Under various data protection regulations, You have a right to not be subjected to a decision that produces legal or significant effects on You, and is based solely on automated processing, including profiling. This means that You have a right to human intervention in processing activities, express Your point of view, obtain an explanation of the decision reached after such assessment and challenge that decision. Outside of cookie-based targeted marketing, facial identification verification, and email verification, We do not conduct any processing activities where Your data is processed based solely on automated decision-making (including profiling). If We consider using automated decision-making for additional processing activities in the future, this Policy will be updated and We will provide additional notification to You when required.
Portability
You have a right to receive the personal information concerning You, which You have provided to Us, in a structured, commonly used and machine-readable format and You have the right to transmit those data points to another controller where Our processing is based on Your consent or any contract You have with Us and the processing is carried out by automated means. You may submit a request for portability by completing the Request Portability of Data form in Our Help Center. Additional questions may be submitted to privacy [at] discogs [dot] com.
Appeal
If We are unable to fulfill Your request, You may formally appeal the action by contacting Us at privacy [at] discogs [dot] com. We will respond to Your appeal within required time frames outlined by the privacy and data protection laws of Your jurisdiction. U.S.-based individuals may contact their state Attorney General if they have concerns about the result of an appeal.
Non-Discrimination Policy
We do not discriminate against users of Our Service, whether You use the Service without incident or choose to exercise Your rights under any applicable laws or regulations.
Complaints
If You believe that Your privacy rights have been breached or that Your personal information has been compromised as a result of using Our Service, please contact Us via the Help Center or at privacy [at] discogs [dot] com. We may ask for additional information to confirm Your identity prior to assisting with Your complaint. We will respond to Your complaint within 30 days of receipt, unless a shorter time period is required by local laws and regulations, if permitted by law and may request additional information from You to complete Our investigation. You may also contact us as follows:
- Our global Data Protection Officer in the EU (HewardMills) can be contacted by email at dpo [at] discogs [dot] com, by mail to 77 Farringdon Rd, London ECIM 3JU, United Kingdom, or by phone to +44 20 4540 5853.
- Our Data Protection Representative in the UK (DPO Consultancy Limited) can be contacted at ukdpr [at] discogs [dot] com.
If You are a resident of the EU or EEA and feel that Your privacy has been infringed by Our Service or practices, You have the right to lodge a complaint directly with a supervisory authority in Your member state of residence, place of work or place of the alleged infringement. The name and contact details of the Data Protection Authorities in the European Union can be found here. Our lead supervisory authority is Autoriteit Persoonsgegevens (The Netherlands).
If You are a resident of the UK and feel that Your privacy has been infringed by Our Service or practices, You have the right to lodge a complaint directly with the UK Information Commissioner’s Office (ICO).
U.S.-based users may submit complaints directly to their state’s Attorney General. Connecticut-based users may submit complaints directly to the Connecticut Attorney via the forms located at: https://portal.ct.gov/AG.
For complaints about content users or We have added to Our Service or items listed for sale through the marketplace that relate to the Digital Millennium Copyright Act or other copyright laws and regulations, please review the How Do I Report Copyright Infringement information documentation.
Dispute Resolution
In the event that We are unable to resolve any complaint or dispute that You bring to Our attention, You may contact an independent dispute resolution body free of charge. We have chosen JAMS as Our independent recourse mechanism. You can file a claim with JAMS at the following website: https://www.jamsadr.com/eu-us-data-privacy-framework. Under certain conditions, You may invoke binding arbitration for complaints regarding EU-U.S. DPF compliance not resolved by any EU-U.S. DPF mechanism. For more information, please visit: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.
General
We may amend this Policy at any time by posting the amended terms on this site and notifying You of material changes to the Policy along with an opportunity to opt in to changes that require Your consent by law or regulation or to opt out of any changes that decrease Your rights under this Policy. All non-material changes to Our terms are effective on the effective date of the Policy. We encourage You to review this Policy from time to time. By continuing to use the Service after non-material changes are effective, or after being notified of a material change, You will be deemed to have accepted the changes.
We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission in connection with Our EU-U.S. DPF, Swiss-U.S. DPF, and the UK-U.S. DPF compliance. Notwithstanding any language to the contrary in this Privacy Policy, in cases of onward transfers to third parties of personal data of individuals received pursuant to the EU-U.S. DPF, Swiss-U.S. DPF, or UK-U.S. DPF, We are potentially liable.
Contact Us
- You can contact Us about this Policy and Our practices via Our Help Center or at privacy [at] discogs [dot] com.
- Our global Data Protection Officer (HewardMills) can be contacted by email at dpo [at] discogs [dot] com, by mail to 77 Farringdon Rd, London ECIM 3JU, United Kingdom, or by phone to +44 20 4540 5853.
- Our Data Protection Representative in the UK (DPO Consultancy Limited) can be contacted at ukdpr [at] discogs [dot] com.